Config network for SAN traffic

Similar Questions

• HA and SAN traffic on dedicated NIC port

  Hello

  We have a small vmware network 2 HP servers and a SAN. We buy ESS Vsphere with HA.

  If I understand correctly, it is considered preferable for HA and SAN traffic on a port on the network adapter.

  What I need is help with how to implement that.

  We will have 2 spare nic per server ports dedicate to this, one for HA and one for SAN traffic.

  Currently, we use 2 ports per server in swarming mode connected to a subnet and two ports more connected to another subnet, for a total of 4 ports per server. We will buy a 6 port of HP network card very soon, it is most important that they do for our DL 365 HP. This will give us the extra 2 ports per server, to devote to SAN and HA traffic.

  OR should we just use the spare ports 2 Teemed in the SAN and forget to devote to the HA.

  Thank you!!!

  Peter

  HA the traffic runs on the service console / management network. It is advisable to separate, but it is not a must. I will say if you don't have enough NIC to use the grouping of network cards to introduce redundancy, it is more important than anything else, when you run HA.

  Duncan

  VMware communities user moderator | VCP | VCDX

  -

• Config network initial ESX with iSCSI SAN

  Hi all

  I want to install 2 ESX 3.5 servers which will be connected to an EqualLogic iSCSI SAN.

  The SAN is on a VIRTUAL, 10.x.x.200 with a 255.255.255.224 LAN Gateway.  This VLAN is not routable, DNS servers, etc.

  What I am trying to understand, it's for the initial setup of ESX, when I set the config network (console), should I register the IP address for the VIRTUAL LAN, example was:

  IP address: 10.x.x.201

  Gateway: 255.255.255.224

  Primary DNS: white

  Secondary DNS: white

  Or, for example B, should I use our 'public' speaking:

  IP Adress:129.x.x.201

  Gateway: 255.255.255.0

  Primary DNS:129.x.x.1

  Secondary DNS: 129.x.x.2

  I know that with the VIC, I can later add vSwitches, etc., but at least for the initial installation, I want the configuration to provide smoother operation. Thanks for any idea that you can provide!

  Chad

  Hello and welcome to the forums.

  What I am trying to understand, it's for the initial setup of ESX, when I set the config network (console), should I register the IP address for the VIRTUAL LAN, example was:

  Use example B (129.x.x.x) for the Service Console (management functions), and after that the system is in place to add an another vSwitch used to connect to the SAN VLAN.

  Good luck!

• How to view traffic on the network for window icon 7?

  In XP, whenever there is network traffic, the network icon flashes, but it does not Flash in Windows 7.

  I would like to know how do network icon flashes on window 7.

  Does anyone have any suggestions?

  Thanks in advance for your suggestions

  This is a small app that will do it for you.  It does not need to be installed, just 'run' or 'open' the file and you will see the icon.

  I keep in my folder of OneDrive public to share with others.  You can get it here:

  Indicator of status bar of the network for Windows 7, 8 and 8.1

• What Oracle network uses for CAR traffic? where you get the Info?

  Hello
  
  I use two-node RAC on Oracle 10 g R2 (10.2.0.3.0) version on SUN Solaris 10. I want to know "what Oracle network uses for CAR traffic? where you'll Info»
  
  -Kumar

  Hi Kumar,

  In 10g, you can query x$ ksxpia. If the cluster_interconnect is stored in the OCR (by default), you will get

  SQL > select INST_ID select, PUB_KSXPIA, PICKED_KSXPIA, NAME_KSXPIA, IP_KSXPIA, x$ ksxpia;

  If you have specified the cluster_interconnects parameter in your init.ora:

  Columns to look in: INST_ID select PICK NAME_KSXPIA IP_KSXPIA P

  And also you can use 'CPI oradebug' to see who connects the database uses:

  SQL > setmypid oradebug
  SQL > oradebug CPI

  It could be that useful...

  Thank you
  LaserSoft

• is it an effective solution for SAN Extension in terms of Cisco?

  Hello

  I was looking for a solution for developing/Piazza SAN and connect two to SAN located in the different data center which are in a separate physical location of each other, a solution such as FCIP and iSCSI Cisco documents, but unfortunately there isn't any configuration example or case study on the use of this technology to extend SAN traffic via links of Wan between different data centers I need to know if anyone had a successful experience on a situation like this.

  Hi Amir

  The solution is really depends on your situation; for example.

  -distance between sites

  -Black fibers available

  -bandwidth requirement

  -the requirement of redundancy

  The solution could be CWDM, DWDM on dark fiber (usually without the active optical amplifiers up to 80 +-10 km and typical speeds 8 G FC); BB (buffer) credit per port is a key factor

  FCIP is a nice solution, ranging almost unlimited distance; Type 1 or 10 G a Ethernet connectivity.

  iSCSI; No, this isn't a SAN extension technology.

  The flagship for the FCIP is Cisco MDS switch fabric Multiservice 9250i:

  http://www.Cisco.com/c/en/us/products/collateral/storage-networking/MDS-...

  A few old doc of explaining installation FCIP:

  http://www.Cisco.com/c/en/us/support/docs/storage-networking/fiber-Chann...

  http://www.Cisco.com/c/en/us/TD/docs/switches/Datacenter/MDS9000/SW/5_0/...

  http://www.ccierants.com/2013/06/CCIE-DC-advanced-FCIP.html

• NATting for VPN traffic only

  I have a client with an ASA 5505 who has several networks, he tries to communicate via a VPN tunnel with a desktop remotely. One of the networks does not work because it is also used on the other side of the tunnel management interface, and none of both sides seem ready to re - IP their interior space.

  Their proposed solution is to NAT the contradictory network on this side to a different subnet firewall before passing through the tunnel. How to implement a NAT which only uses the VPN tunnel while the rest of the traffic that comes through this device of the United-NATted Nations?

  The network in question is 192.168.0.0/24. Their target you want the NAT is 172.16.0.0/24. Config of the SAA is attached.

  Hello

  Basically, the political dynamic configuration PAT should work to connect VPN L2L because the PAT political dynamics is processed before PAT/NAT dynamic configurations.

  Only NAT configurations that can replace this dynamic NAT of the policy are

  • NAT0 / exempt NAT configuration
  • Strategy static NAT/PAT
  • Public static NAT/PAT

  And because we have determined that the only problem is with the network 192.168.0.0/24 and since there is no static configuration NAT/PAT or static policy NAT/PAT, then PAT political dynamics should be applied. Unless some configurations NAT0 continues to cause problems.

  The best way to determine what rules are hit for specific traffic is to use the command "packet - trace" on the SAA

  Packet-trace entry inside tcp 192.168.0.100 12345 10.1.7.100 80

  For example to simulate an HTTP connection at random on the remote site

  This should tell us for example

  • Where the package would be sent
  • He would pass the ACL interface
  • What NAT would be applied
  • It would correspond to any configuration VPN L2L
  • and many others

  Then can you take a sample output from the command mentioned twice and copy/paste the second result here. I ask get exit twice because that where the actual VPN L2L negotiations would go through the first time that this command would only raise the L2L VPN while the second command could show already all the info of what actually passed to the package simulated.

  In addition, judging by the NAT format you chose (political dynamics PAT), I assume that only your site connects to the remote site? Given that the political dynamics PAT (or dynamic PAT) normal does not allow creating a two-way connection. Connections can be opened that from your site to the remote site (naturally return traffic through automatically because existing connections and translations)

  -Jouni

• How a policy without moving can be configured for iSCSI traffic in Nexus 5548UP? Are there side effects?

  How a policy without moving can be configured for iSCSI traffic in Nexus 5548UP? Are there side effects?

  Hello

  Side effect depends on your network config, but I can tell you how config no iscsi traffic reduction policy...

  We have three-stage configuration in link below is image...

  1. QOS class - for the first traffic ranking

  2 queue (INPUT/OUTPUT) - this is where you book or traffic police

  3 Netwrok QOS - where you key or setting MTU for classified traffic at the bottom of the basket which tissue in the nexus program

  

  (config) # class-map type qos myTraffic / / traffic ISCSI of Match
  (config-WCPA-qos) # match iscsi Protocol

  #policy - type myQoS-QoS policy map / / qos Set group 2 ISCSI traffic so that it can be recognized
  class myTraffic
  the value of qos-Group 2

  (config-WCPA-may) # class-map type networks myTraffic
  (nq-WCPA-config) # match qos-Group 2

  (nq-WCPA-config) # type network-qos policy-map myNetwork-QoS-policy
  (nq-pmap-config) # class type networks myTraffic
  (config-pmap-nq-c) # break without moving
  (config-pmap-nq-c) # mtu 2158
  (config-pmap-nq-c) # sh type of network-qos policy-map myNetwork-QoS-policy

  (config-pmap-c-qos) # class-map type myTraffic queues
  (config-WCPA-may) # match qos-Group 2

  (config-pmap-nq-c) # policy - map type queues myQueuing-policy
  (config-pmap-may) # class type myTraffic queues
  % of bandwidth (config-pmap-c-only) # 50
  (config-pmap-c-only) # class type class default queues
  % of bandwidth (config-pmap-c-only) # 25
  (config-pmap-c-only) # sh policy-map type myQueuing-policy Queuing

  (config-sys-qos) # type of service-QoS policy entry strategy myQoS
  (config-sys-qos) # type of service-network-qos myNetwork-QoS-policy policy
  -service policy (qos-sys-config) # type myQueuing-policy input queues
  (config-sys-qos) # type of service-policy output myQueuing-policy queuing

  Let me know your concerns

• ESXi 5.1 separating SAN traffic w / VLAN

  So I learned this week that vSphere 5.1 VmKernels no longer support multiple gateways.  This causes me some confusion with how to properly configure my for my SAN.  I thought it was best practice to separate traffic, so I created VLANS separated for management and for data traffic (SAN).  Since they are in different subnets, they have their own front door.  When you try to configure it I started having a few problems before I realized that the gateway that must remain the same.  I contacted VMware and initially they said gateways may be changed before finally stating that they were incorrect and that there may be 1 door entry.  The answer I got on their part at this time there is that I don't in fact want to split the VLAN and leave the front door on my vmkernel for only san traffic they stated that both that my VLAN was correctly setup that vmware if you just know where to send data and it wouldn't matter.  When this 'magic' was not they told me I must have a problem of vlan and they couldn't help me.

  Could someone give me an idea as to what the best method is to do this?  I found an article that says you can manually add a second gateway via the CLI, but when I tried I received an error message indicating that the route existed.

  VLAN 18 (172.27.18.x/24 w/gw 172.27.18.1) - management

  VLAN 40 (172.27.40.x/24 w/gw 172.27.40.1) - data/SAN

  Any help would be greatly appreciated.

  Hi Greg,.

  Here is an example of configuration using VSS;

  -vSwitch0 = management is on VLAN130 (port, no VLAN ID configured access)

  -vMotion = vSwitch1 is on VLAN131 (port, no VLAN ID configured access)

  -vSwitch2 = IPStorage is on VLAN132 (access port, no configured VLAN ID) - L2 subnet gateway disabled

  -vSwitch3 = comments Networking (ports of junction, tagging VLAN)

  

  In this example, management and IPStorage be separated on different VLAN and for more security VLAN IPStorage has the gateway disabled (so traffic can be routed elsewhere).

  From the storage point of view, simply presented in your storage space (NFS exports for example) on the same VLAN as your port IPStorage kernel VM (or VLAN132 in this example).

  See you soon,.

  Jon

• Installation of physical switches for ISCSI traffic

  Is that all I need to know from a networking perspective to configure ISCSI switches dedicated to support my ISCSI SAN on the left?

  I do not plan on switches connected to the prod network. I only plan on using these switches for ISCSI traffic.

  LeftHand supports LACP, if your supprt of switches that you should consider using the trunk mode. In my SAN P4300, I have two 3750's stacked. Each SAN node will connect to each switch and is located in a LACP/etherchannel link. All this is condensed to a single virtual IP address which is presented to ESX/i. don't forget to create a vmk for each dedicated vmware iscsi connection and bind according to this pdf.

• Network for NFS

  Hello

  I have infrastructure as follows;

  2 welcome each containing 6 1Gig speed NIC each.

  A NAS storage with 4 NIC

  Two L2 Switches (managed HP).

  Planning to run it by the best recommendations and requirements, so that there should not be a SPOF any level.

  So keeping this in mind, we have designed to use ports on each server as follows:

  2 for the NFS storage, 2 for Production management and 2 others for vMotion on each server.

  A cable from each port configured for respective roles goes uplink switch1 and switch2, so if a switch goes down we still have the other switch support.

  Separated VLAN is configured by the switch to different types of traffic.

  My question as below;

  Should I team two ports on each vSS.If so that what should be the parameters for NETWORK adapters for the production, storage, and vMotion network grouping (keeping in mind cables going to switch uplink separated).

  Should I keep adapter in active-standby or active-active mode.

  I didn't think any specific settings to link pass that one cable by a single port is to go there and I don't have the choice of the channel of the ether or LACP.

  In addition, vmware license is essential and having therefore no possibility to use dynamic switches.

  Consider using 5.5.0.

  Also do you propose to use frames as well in the present.

  Kind regards

  Sushil

  Hello

  I suggest always you put management and vMotion on the same set of natachasery management and workloads. It makes no difference where they are subnet a perspective.  I also suggest to read the following:

  • The great debate VSwitch (old writings but still VERY there, let not the age fool you on this one)
  • VMware Virtual networking concepts
  • Networking for administrators of virtualization

  Who should you get.

  natachasery have no IP address in a vSphere environment, they act as a link between a physical and virtual switch. According to the way which you the trunk your VLAN Trunk ends pSwitch (external switch tagging) or the virtual switch (switch virtual tagging). Most people master their VLAN to the virtual switch.

  You want something like the following:

  pSwitch <->pNIC0 <->[ <->Portgroup vSwitch0] <->management (subnet1)

  pSwitch <->pNIC1 <->[ <->Portgroup vSwitch0] <->vMotion (subnet2)

  When switching between pNIC0 and pNIC1 management and vMotion end up on the same bear but when normally run that they remain separated. It is the recommended method. In this case you would master the VLAN to the vSwitch. I know some people who just do not use VLANs, but who use only separate subnets and it works as well.

  pSwitch <->pNIC2/pNIC3 <-> <->Portgroup vSwitch1 (s) <->of workloads (subnet1)

  If you use VLANs (except for vMotion) you're trunking to vSwitch1 (virtual switch tagging). If subnet1 is on the same vSwitch and the trunk is correct via pSwitch ports so he can talk to management on vSwitch0 effortlessly. Switches know how to route traffic to VLAN.

  pSwitch <->pNIC4/pNIC5 <->vSwitch2 <->Portgroup <->NFS (subnet3)

  Here we link pNIC4 and pNIC5 together or use them as a pair of failover for NFS on its own subnet / VLAN itself. This VLAN can end the pSwitch if you wish or terminate once again to the vSwitch.

  In this configuration you have 3 VLAN and 3 subnets (subnets use by VLAN are also recommended)... for example:

  VLAN100-> subnet1-> workload management

  VLAN200->-> vMOtion subnet2

  VLAN300->-> NFS subnet3

  Let the pSwitches any 'movement' of traffic for each VLAN. You need only a routing device if you want TO cross borders VLAN and there is absolutely no need to do it in this configuration.

  Best regards
  Edward L. Haletky
  VMware communities user moderator, VMware vExpert 2009, 2010, 2011,2012,2013,2014

  Author of the books ' VMWare ESX and ESXi in the business: Planning Server Virtualization Deployment, Copyright 2011 Pearson Education. ' Of VMware VSphere and Virtual Infrastructure Security: securing the virtual environment ', Copyright 2009 Pearson Education.

  Virtualization and Cloud Security Analyst: The Practice of virtualization, LLC - vSphere Upgrade Saga - virtualization security Table round Podcast

• Best options .vmx and config.ini for maximum security of the host

  Hello.  The most effective way to keep your private data is by keeping it on a separate computer that is not connected to the internet.  Better yet, only transfer files to and from this computer using usb flash drives, not network.  I would do the same thing with vmware player.  The guest would be used for navigation and connected to the internet via a usb cable rather than fill the host's ethernet card.  The host would be the private computer that has a connection to the internet.  It will have all the tcp/ip or other network completely removed features.

  The only means of communication between the host and the guest will be a usb flash drive.  The guest would be without a hard drive, a liveCD of linux, which would only have a disc temporarily when you connect the USB flash for it.  It goes without saying that you should not connect usb flash to the guest after navigation in a dangerous site.  Or even any site unrelated to download just one you want to record to the host.

  But I've heard there are always ways to invade privacy, something to do with the Clipboard, pagefile, exploits, etc., and most can be combated by configuring the .vmx or config.ini for maximum security options.

  Does anyone know what are the options in the .vmx or the config.ini file should be used for maximum security, to complete isolation of the host?

  It is good to hear Hat based project.

  The problem with the on-board unit is often a wrong configuration (such as keeping the default values). These devices can be operated directly from distance or indirectly via a host operated on the local network. Otherwise, the router is vulnerable directly from outside, a host on the local network can for example be targeted by an xss attack that targets more your router. SPI Dynamics from their publication a portscanner of javascript for the local network (search google for it). At www.gnucitizen.org, they have a lot of router base articles (some of them mention mesing with dns via upnp (scary stuff). Some links on this stuff;

  http://SecLists.org/fulldisclosure/2006/Aug/0097.html

  http://www.shoaibyousuf.com/2009/04/ciscos-Linksys-router-is-vulnerable-to.html

  http://www.packetstormsecurity.org/0801-advisories/HomeHub-UPnP.txt

  A misconfigured host on the local network can be devastating too. Remember a few years ago when the DreamBox became popular (it's actually a GNU / linux). No one hardly changed passwords by default and where wide open to the internet on port 21,22,23,80. Now connect to port 22 (ssh), meant you can use it as a proxy in the local network (to log into the router and do whatever, or target other hosts on the lan). Google search for it also.

  On MOA, it didn't is nothing other than a server stripped 2003 running as LocalSystem. It means that it is not patched and can be exposed to exploits more than servers entirely patches. It will, also, a pain in the back to add patches to such an MOU. Ulli you agree? However, given that the system is a version of server, there also fewer services that may be potentially vulnerable to exploits. If you have two vectors in the opposite direction, such a system could be on the vulnerability. To run patched systems entirely in the eye of the ram at http://www.disklessangel.com . By passing as LocalSystem, means that once exploitet, the operator can make preatty although, as opposed to less than a user of privilged in expoitet. Also ongoing execution in a State without drive, limit significantly impact the feat will do for your system (at least to vm (with bootkits in head)) that the malware disappeared on restart. However, if you where exploitet in ram, the attacker could still get all your personal information that you presentation while boot (just like as if you where linking the local hard disk (only difference don't have the disk in the next startup).) Once the network connection is cut off, even attach flash drives, will leave malware what what to do for your flashdisk, as always, there are in ram, expect that connect the disc (but is resolved naturally if reboot before you connect the flash). How would you be able to download and save a file in such a case?

  The next thing to worry about is the type of connection to your router. If through wireless it is a whole new world of expoits (xss for free/airpwn, breaking encryption, mitm, operator chipsets, etc.), so definitely go for ethernet cable.

  The decision of virtualized or not, my vote would go to non-virtual, as there is at least an attack vector less to worry about IE EP-mode pure diskless as MOA.

  BTW, what kind of project is this?

  Joakim

• Is there a correct configuration of network for the ESX host computers

  Have a VC server and 2 ESX 3.5 hosts. Each host is filled with 6 cards.

  Three VLANs are created:

  The VM network for traffic Server

  Vmotion: for Vmotion traffic

  Management VLan: For traffic management

  The network adapters on each host have been assigned as follows:

  2 network cards - the VM network

  2 NICs - Vmotion & Service Console

  2 NICs - ? How can I use them for? Service console?

  What I am doing wrong?

  Yes, #3 is required for vmotion vmkernel type. Then that VLAN allows them to route in the end, it is not necessary for them to communicate. and Yes, SC is the management network

• What wireless network for Time Capsule backups?

  Just installed a new Capsule of time at home. The time Capsule is a wireless router, and I can connect all my devices wirelessly to the Network Time capsule wireless. I still 2 other active wireless networks because I use 2 additional wireless routers for access anywhere in the House. All three of my wireless networks are created from the same internet modem. I want to confirm is whether or not my Mac can be connected to one of the 3 networks for automatic backups on the Time Capsule wireless? Or is the Mac must be connected to the network of the time Capsule for automatic backups to time capsule wireless? Thanks in advance for your help.

  The same as the TC.

  Set the other to extend the network of transport CANADA instead of create a network.

• HP Pavilion dv6 Notebook pc: pilot network for Hp x 16-96084

  I installed the windows 64-bit OS on my laptop and I do not have the network for x 16-96084 anywhere driver (product no: LS371EAHABV), please help me.

  Thanks in advance,

  Hello:

  You need these drivers wireless and bluetooth for this model of the wlan card.

  This package contains drivers for the Broadcom Wireless LAN Server supported in models cards mobile supported and operating systems.

  File name: sp57965.exe

  This package contains the Broadcom Bluetooth driver and software for models supported that are running a supported operating system. Broadcom Bluetooth 4.0 driver is required to enable the Broadcom Bluetooth 4.0 devices and is compatible with Broadcom Bluetooth 3.0 and earlier versions.

  File name: sp61617.exe