Network design

Similar Questions

• What layer are FI in the Cisco hierarchical network design model?

  What layer are FI in the Cisco hierarchical network design model?

  Is this a straigh question? We have a Nexus 7 k for our heart and Port-channel of the FI for them. So for me it layer distribution.

  But when we attach to the NAS. Isilon devices we use between the FI and N7K N3K. This would make the N3K and FI both part of the Distribution layer? Would not be considered layer. However, it does not ACL etc. which usually belong to the Distribution layer.

  I was wondering thoughts people on it. Is the UCS FI and 'One Off' in the model of 3 layer?

  Thank you!

  Craig

  FI can sit to your dist layer. or access.  I've seen deployments where they are deployed at the same time, depending on the size of the cluster of the UCS and band network bandwidth. The distribution layer is usually to be where all the magic of layer 3 arrives (routing, ACL, QoS, FW, application of strategies etc.) and UCS being strictly Layer 2, it could be classified as a device to access-layer.

  Designs are flexible and as long that you consider oversubscription adjusted, you should be fine with the deployment option.

  I hope that others will share their ideas

  Kind regards

  Robert

• Load pull to the output corresponding to network design

  Hello

  I tried to design the entrance and exit of the matching networks for a power amplifier using the traction load script and the elements of HBTUNER2. According to the contours of traction load, the optimal point impedance is 15.37 - j21.99 (I chose a compromise between EAP, DCRF and PGain). Now my question is when I use the wizard iMatch to convert this to a 50 ohm termination impedance, use 15.37 - j21.99 or the conjugate 15.37 + j21.99? Otherwise, what is the reason? I always thought that load a script pull gave the impedance looking into the port of the active peripheral side. How did the point impedance suggested by loading a script pull to interpret?

  Thank you much in advance.

  
  

• New AD Network Design

  Asked me to design a new network of Active Directory for my business. Where should I start?
  I am looking for a kind of map of Q and A questions about the types of users and of their functions, etc that I can use to make you to configuration etc group.
  Y at - it guides for this kind of thing?

  Hello Mark,

  Your question is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please post your question in the following forum:

  http://social.technet.Microsoft.com/forums/en-us/categories/

• DMZ virtualization and network design. UCS + VMWARE

  Until now, we had a network physically segmented with internal and external vtp different areas/zones. Keys "inner area" hear a VLAN and keys "outer zone" along a VLAN different. VLANs are not propagated between different areas for security reasons, are isolated.

  Currently, we started to work with UCS + VMWARE, and we are facing difficulties. According to the previous model, if virtualize us servers within the internal battery of the UCS area, we cannot not virtualize servers within the outer external in the same UCS, since I wish to propagate VLAN switches area internal as well as for the farm of the UCS, mix. As a result, the isolation would be lost.

  I'm reviewing my network base, in order to adapt current infrastructure to the new with UCS + VMWARE, without missing any point security.

  My main point, is whether it is possible to virtualize external virtual machines and internal area in the same UCS, without compromising the security of my network.

  Could you give me some advice or design guide?

  Kind regards

  Hello-

  You are right that upward through UCS 1.4 all them VLAN should be available on the switches upstream.  However, UCS 2.x introduced a feature named "Disjoint L2."  By using this feature, you will be able to connect interconnect fabric to your internal network and the DMZ, then configure the VLANs to blades.

  http://www.Cisco.com/en/us/docs/unified_computing/UCS/SW/GUI/config/Guide/2.0/b_UCSM_GUI_Configuration_Guide_2_0_chapter_010101.html

  Matthew

• vSwitch Network Design - sharing adapters

  I looked at the design of Kendrick and many other models, but I've not seen anyone share network cards between exchanges.

  Download

  I often use the approach of active / standby for a vSwitch with for example the Group of ports management and VMotion. This allows to have the traffic on the network interface cards dedicated (if both network adapters work) and adds also the redundancy for groups of ports.

  On question 4, you are right.

  André

• iSCSI Network Design

  Hello

  I read the guides to good practice and familiarize themselves with VAAI vStorage API allowing integration of table, but remained little clear on the two designs I am currently working on. Can someone provide suggestions for the following configurations? Thanks,-Jeff

  CONFIG HAS

  ESX 3.5

  Two network ports available for iSCIS traffic on physical servers

  two controllers Server - NetApp 2040 - iSCSI - each controller can only see the LUNS on this controller

  The controller has two network cards configured in a high HEAT

  Ports switch Cisco 24 in the interval configured for frames and the VLAN native

  Question - should separate vSwitches two be created on networks separated for failover, or network cards must be involved?

  If the network adapters are associated are active, reserve active?

  B CONFIG

  ESX 4.1

  Up to six network ports available for iSCIS traffic on physical servers

  iSCSI - 480 EMC server, two controllers, level of talent to support VAAI

  Each controller can see all LUNS

  Each contreller will have four network adapters configured in two ALIVE

  Cisco 48 ports between the two switch configured for frames and VLAN native

  No idea what this config shoud be to support high availability and multi-pathing (is multi-pathing support in this config?)

  CONFIG HAS

  Question - should separate vSwitches two be created on networks separated for failover, or network cards must be involved?

  If the network adapters are associated are active, reserve active?

  Grouping of NETWORK cards would probably be a better bet, here, with assets.  In fact, you won't see a lot of load balancing between the two network cards, but a little does not hurt.  If you configure your political grouping based on the destination IP address and you have your storage ports are numbered sequentially, you'll have the best of the use cases of these two ports.

  B CONFIG

  ESX 4.1

  Using iSCSI multipathing.  Here is a good blog on how better to use with a Clariion system.  FLARE 30 should be out soon and take care of this limitation, so you can use iSCSI multipathing as described in the Guide of Config of iSCSI SAN.

  http://virtualgeek.typepad.com/virtual_geek/2009/08/important-note-for-all-EMC-CLARiiON-customers-using-iSCSI-and-vSphere.html

  Andy

• Question/security of network design

  I would like to get opinions on the design of a network of our ESX host.  We have a couple of the main areas of ESX, each with 10 physical network interface cards.  We have the following in our environment:

  -iSCSI and NAS storage (so two cards NETWORK is for IP storage)

  -2 separate networks for virtual machines - 1 for admin interfaces (not for users) and the other for servers in production (for users)

  Current configuration is:

  2 NICs (SC and admin VMs)

  2 NICs (IP storage)

  2 NICs (vMotion)

  3 NETWORK interface cards (Production Server virtual machines)

  I would like opinions on how course of a facility that is.  Is it a question of having the SC share a vSwitch with the VMs admin?  They are on the same VLAN physical.   We do not control the switches, is not really an option to configure the VLANS on switches.  Thank you.

  Hello

  Thank you.  I think that I can not have explained myself quite clearly.  I was not suggesting put Admin VMs and the connections on the same vSwitch as the Production Server VMs.  On the contrary, I was concerned by the SC being on the same vSwitch as the VMs Admin, I do not think that it is a good practice to.  In our environment, we have a single subnet for all virtual machines, separated into 2 subnets on the physical switches.  We do not use (or want to use) VLAN tagging on the vSwitches.  There is the firewall between each of our VLAN.  So, the admin VMs are separated from the VLAN Production by a firewall.  My real question is the size of a security problem for the SC and the admin virtual machines to share a vSwitch if they already share a physical network?  We do not have the ability to create a separate network or VLAN just for traffic SC.  Our environment now looks like this:

  Because they already share the same physical network sharing the same vSwitch is not a huge or any concerns. Consider the vSwitch another part of your administrative network. The best practice is to put all the management servers and virtualization workstations within the same firewall network. You have done this.

  -natachasery 2-SC & admin VM network (local network VIRTUAL 0 192.168.15.0/24)

  Works for me. I often use the Administrative VMS and place them on the vSwitch with the SC. After all they are using the same network and the vSwitch is just another part of the Web of network switch.

  -3 natachasery - Prod VM network (VLAN 1 192.168.15.0/24)

  Not sure I would use 3 but I leave that to you.

  -2 natachasery - VMKernel & SC (10.10.1.0/8)

  It passes through security zones. I would use rather your firewall administration to fill ports of CHAP protocol between IP storage network and the administrative network. What you have is a common, but not the safest practice you have now 2 attack points in the service console of administration network and from the network of IP storage. This could include the possibility of virtual computers that use iSCSI initiators. Because everything you need is to have the SC participate for CHAP (whether you use it or not), you can easily use your existing administrative firewall to do this. You may need to fix things up a bit to within your network to make this happen, but it would be how I would address this possible security problem.

  -2 natachasery-vMotion (172.16.32.0/16)

  Sounds good.

  It would be useful to create a fifth vSwitch just to house the VMs admin, so that they do not share a vSwitch and natachasery with SC?

  Not really. Same Security Zone.

  Best regards

  Edward L. Haletky

  VMware communities user moderator

  ====

  Author of the book "VMWare ESX Server in the enterprise: planning and securing virtualization servers, Copyright 2008 Pearson Education.»

  Blue gears and SearchVMware Pro Articles: http://www.astroarch.com/wiki/index.php/Blog_Roll

  Security Virtualization top of page links: http://www.astroarch.com/wiki/index.php/Top_Virtualization_Security_Links

• Helps the FS7610 PS Series SAN, 10Gb network design

  Hi, we have currently a square of infrastructure EqualLogic SAN and NAS (2 x PS6510E, FS7500), a stack of two PC8024F 10 GB switches, 2 envelopes chassis m1000e blade with the A1 being a set of switches 1 GB m6220 fabric (fabric A2 a battery of the same thing), the tissue being a pile of m8024k B1 10 GB passes, (fabric B2 a battery of the same thing) and a stack of PC6224 two 1 GB (top of the grid GigE) switches.

  We all have this connected to the 10 GB being its own private network 10.1.0.x SAN network and vlan, nice and isolated from all the rest.  The blades can access the iSCSI shares via their network cards of 10 GB which is all on this network 10.1.0.x.  The NIC 1 GB on the blades are on a public network, and the FS7500 of the customer ports are on this network too via the 6224, so NFS connections are established via the public network to 1 GB.

  We intend to invest in an additional PS Series array to the host to a backup site, for replication.  At the same time, we plan to buy a FS7610 to our main site to take advantage of our 10 GB infrastructure and move the FS7500 existing to our backup site, so we can replicate iSCSI and NAS container volumes.

  That's where we could use some help, because now many things have changed.  Now, the SAN must be on the public network for replication to succeed, AND to take advantage of the connectivity of 10 GB and sharing NFS mount of the FS7610 through 10 Gbit, we need to use network cards 10 Gbit and switches in the network of the client NAS, that are already used for iSCSI traffic (and will in the future be used for connections to SAN vmware hypervisor).  In the FS7610 install and set up the guide, it says

  • Use the switches for network client and for the internal network and the SAN.
  • Use separate subnets for network client and for the internal network and the SAN.

  We can move the SAN and it is a dedicated subnet network and VLAN that is on the public network without problem, but my main concern is to be able to satisfy the recommendations/network configurations required for the FS7610 and avoid the local SAN/NAS traffic through a router to ensure connections of 10 GB.  Advice or tips are appreciated!

  It is the same thing that you are dealing with Linux, but TCP/IP standard routing.   You cannot route private subnets directly on the internet.  We need to create a "Wan".   Do not directly routed on the internet.

  Your WAN will create a private network and a tunnel over the Internet.   OpenVPN is a possible solution.

  A very widespread scenario might be:

  Once you have put WAN in place, on the internet of these routers would be a true internet address (e.g., 62.x.x.x.x) so the two WAN devices can communicate with each other.   They create a VPN tunnel with a new subnet, say 10.3.0.x.

  The WAN router primary side would have a leg on the subnet 10.1.0.x, say with 10.1.0.10 IP address as your default route on the side of EQL SAN 10.1.0.10.

  On the side of the DR this router would have a leg on the 10.2.0.x subnet, say 10.2.0.10.  The default GW on the side DR would be 10.2.0.10.   The router knows how to move packets between networks using the standard range.

  Looks like all you're missing is the "WAN" VPN tunnel between sites.  You want something that will encrypt traffic between the sites anyway.

  Who help me?

  Kind regards

• Complex network design HELP!

  Hello

  I am responsible for the implementation of ipsec vpn access to a network with multiple servers, and it is configured as follows:

  GW: 172.20.x.1

  Device1: 192.168.1.10

  DEVICE2: 192.168.1.20

  mobile device pool: 10.10.10.0/24

  There is a layer 3 switch to which all servers are connected to and which I do not have access.

  On this, there are several VLANs and some trunked ports allow traffic above vlan out. I give myself a port on this switch for which I connect to my ASA. I guess it is a trunk port, maybe not.

  Technicians remotely need access to this network, mainly devices1 and device2. Also need to access the pool 10.x to test.

  My question is, how do I configure my ASA5505 to allow access to these technicians of distance to these devices? This is a whole new ASA5505 out of the box.

  Which network set up in the Interior network of the SAA.

  I'm confused, please help!

  All what you need to do is add these IP addresses and the subnet to the crypto ACL and also make sure that these IPs are part of no. NAT / NAT 0 statement.

  If the remote company gave you 3 fps who want access to both devices and mobile IP pool?  If this is the case then your crypto ACL will resemble the following:

  VPN - ACL extended permitted ip 192.168.1.10 host access list

  VPN - ACL extended permitted ip 192.168.1.20 host access list

  VPN - ACL 10.10.10.0 ip extended access list allow 255.255.255.0 host

  VPNMAP 5 crypto card matches the address VPN - ACL

  access-list no. - NAT allowed extended host ip 192.168.1.10

  access-list no. - NAT allowed extended host ip 192.168.1.20

  access-list no. - NAT extended ip 10.10.10.0 allow 255.255.255.0 host

  NAT (inside) - No. - NAT 0 access list

  --

  Please do not forget to select a correct answer and rate useful posts

• Network design help

  Hello

  I have 2 ISPS. I have a VLAN internal on PIX1 unit and use isps1 to get the traffic and our main network is on 10.10.10.x. I plan to build some VPNs to all my customer to ISP2 through another unit PIX2 networks. VPNS are for remote support purposes and to connect the servers to the customer of my position. They will be on different networks other than 10.10.10.x. But I would like to access these servers VPN through my network 10.10.10.x so.

  So I would like to know if it is possible to route traffic PIX1 PIX2 way 10.10.10.x unit can access customer LANs. Please notify

  Thank you

  Well, a really simple solution would involve a router on the 10.10.10.x - router address the subnet IP routing to point to PIX2.

  I assue you have no router, so PIX1 must perform this function.

  Allows to assume that the PIX1 IP address 10.10.10.1 and 10.10.10.2 PIX2.  For the segement LAN the default gateway is PIX1 - so all traffic will be spent in PIX1.  You have static routes for remote VPN subnets pointing PIX2 PIX1.  According to the PIXos version you are running, you must have same-security-traffic permit intra-interface enabled.

  You will perform NAT at one point, 10/8 is fairly common and widespread.

  HTH >

• Network design verification question

  Attention VMware networking gurus:

  Asked me recently only a network at a customer problem.   Here's what I discovered:

  -The customer has a unique vSwitch that is configured for the IP Hash load balancing, and were therefore all port groups in the vSwitch except for the production network of virtual machine that has been configured with the "port ID" parameter by default.

  From my understanding the hash IP is used when aggregated links------etherchannel configurations are in place on the switch.  and if the links are grouped and then Port ID would be used.

  This configuration is in place for some time and he's working until very recently.  But the recent issue that I believe was the result of vmnic2 defined as unused in the vSwitch parent but in the Group of active game ports.  A lost virtual machine connectivity, and I think it's because of the changeover to vmnic2 in the port group.

  There is a KB on the unused vmnic and I am prepared to recommend a remedy for this, but I need some advice regarding the offset of the config IP HASH on the vSwitch while the resident of port group is defined on Port ID.

  Please advise, thanks in advance.

  
  

  With the IP of the hash (or LACP), you must have all of the links active. This is because the physical switch across the channel has no information on these configurations and will always try to transmit traffic on the respective physical link it deems appropriate for the applied hash. If this link is "used" to a group of ports on the ESXi host, the vNIC connected will not receive traffic arriving on the uplink.

  -The customer has a unique vSwitch that is configured for the IP Hash load balancing, and were therefore all port groups in the vSwitch except for the production network of virtual machine that has been configured with the "port ID" parameter by default.

  This is a misconfiguration as well and should actually cause problems too. Either your uplinks and so ALL connected port groups are part of a chain or not. Once, the physical spend a single channel of forms by physical link and no group VLAN / logical port and assume the other end is configured like that as well.

  Long story short: with the policy/etherchannel load balancing of IP-hash all physical uplink vmnic must be set active for all vSwitch and all groups of ports on it. All groups of ports must be defined with property policy intellectual-hash.

• Best network design... Need advice on the best use of NIC

  I'm new to the concept of Distributed Switch so I need advice.

  Our current environment is the result of a vCenter 4.1 and ESXi 4.1 Enterprise Plus, but we are just using the standard vSwitch (1 for vMotion/Console and 1 for virtual machines).  When the distributed switch came out, we were warned that a vDSwitch could cause us problems if the server vCenter or database is down.  We could not connect directly to the host and make network changes because the vDSwitch is set in the database.  That's why we stayed with the Standard vSwitch only.

  Our farm is quite small, only 5 hosts but we run around 100 mV in this regard.

  We use currently servers HP DL385 G7, which have 4 cards integrated network, and we have a map of installed NETWORK 4 port card.

  I use the NETWORK 4 EtherChannel ports and trunk card to our virtual machines.

  I am currently using only 1 network card integrated for vMotion and 1 for the Service Console and they all have two of the other defined as secondary.

  This configuration has worked very well for us, but I realize that the latest version of ESXi has some new features that we could use.

  NEW CONFIGURATION

  I'll put up a new vCenter 5 and ESXi 5 environment and I am considering using the switch distributed instead of the usual vSwitch we use.  I'm also eager to take advantage of the multiple NIC vMotion.  All our cards are 10/100/1000 MB capable... No. 10 GigE.

  I think... use that map 4 NETWORK ports for my EtherChannel/trunk for just as our virtual machine before, but this would be set to vDSwitch1

  The mixture of my 4 other integrated ports, it's causing me grief.  Should they be on a standard vSwitch or vDSwitch?  Use 2 ports for vMotion and 2 for the Console?  I really thought to use 3 ports for vMotion and 1 Console port.  I could put the Console port to use one of the vMotion ports such as adapter of standby is... I'm so confused freaking!

  Any recommendations on how I should put up?

  Hello

  Given that you can't split your vmnic for each vSwitch I would recommend either keep configuration simular with the knoweldge if a whole nic fails, you will take a failure or as autumn has already been mentioned on 'Origin Port ID'. Lets do this out and give a little better example

  Current configuration

  vSwitch0

  VMNIC0 - NETWORK interface integrated - Service Console

  VMNIC1-Onboard NIC - VMotion (different IP or VLAN?)

  VMNIC2-Onboard NIC - VMotion (different IP or VLAN?)

  VMNIC3 - NETWORK interface integrated - VMotion (eve of Console of Service) (different IP or VLAN?)

  vSwitch1

  VMNIC4 - extension PCI NIC - Etherchannel trunk - PortGroup - VMNET

  Extension VMNIC5 - PCI NIC Etherchannel trunk-PortGroup - VMNET

  Extension VMNIC6 - PCI NIC Etherchannel trunk-PortGroup - VMNET

  Extension VMNIC7 - PCI NIC Etherchannel trunk-PortGroup - VMNET

  Now, to captured to eliminate any single point of failure that you could do is break your Etherchannel trunk and back this vSwitch from Port ID and Setup VMNIC2, VMNIC3, VMNIC4, VMNIC5 as vSwitch1 for your VMNET. Then the cable to multiple switches eliminate any single point of faiulre. If your standard configuration would look like this

  vSwitch0

  VMNIC0 - on - Board Service Console

  VMNIC1 - Board - Vmotion

  VMNIC6 - extension PCI NIC - Vmotion

  VMNIC7 - extension PCI NIC - Vmotion (standby Service Console)

  vSwitch1

  VMNIC2 - VMNET

  VMNIC3 - VMNET

  VMNIC4 - VMNET

  VMNIC5 - VMNET

  So to finish any request for psyhical nics on this particular configuration the Port ID of origin essentially around robins. If during your first VM is online it will be use VMNIC2 and nic forever, until a failure, in which case he will grab the next nic online. When your second VM is online it will use VMNIC3 forever, until a failure and so on. This still will give you around the same way through to as far as networking is concerned. However if you are attached to the trunk, etherchannel 4 GB and can obsorb a failure in case of failure, the network card 4 ports can stay.

  Distributed switching Setup

  Allows you to see how you can switch to distributed switching

  Let's start first of all, you can have EVERYTHING in switches distributed even the service console port if you wish. The resason why some people do not like to do this with the service console port is because IF your database is broken you cannot make any changes to the distributed switch. However it will not prevent a feature to your distributed it switches simply means, you can change them. Also if just getting worse and your DB has been declining for some time and you REALLY need to make a change to the service console port you can go into the console and change back to a standard vSwitch if need be. This allows the said look at some standard configs, you can work

  vSwitch0 (Standard)

  VMNIC0 - Service Console Port (Port Original ID or standby)

  VMNIC4 - Service Console Port (Port Original ID or standby)

  vSwitch1 (Standard)

  VMNIC1 - Vmotion

  VMNIC5 - Vmotion

  Distributed switch

  VMNIC2 - VMNET

  VMNIC3 - VMNET

  VMNIC6 - VMNET

  VMNIC7 - VMNET

  Now this config using originating port ID and breaks your etherchannel if you want to keep your configuration with the etherchannel it can look like this

  vSwitch0

  VMNIC0 - NETWORK interface integrated - Service Console

  VMNIC1-Onboard NIC - VMotion (different IP or VLAN?)

  VMNIC2-Onboard NIC - VMotion (different IP or VLAN?)

  VMNIC3 - NETWORK interface integrated - VMotion (eve of Console of Service) (different IP or VLAN?)

  Distributed switch

  VMNIC4 - VMNET

  VMNIC5 - VMNET

  VMNIC6 - VMNET

  VMNIC7 - VMNET

  Other changes to the configuration may also put the vmotion in distributed witch the VMNET but you would to VLAN, or you could create a second Distributed switch and put it as long as there are 2 network cards. It can go either way. The main advantage of a distributed switch is that it brings all of your settings with you in any host. So trade ect all your VIRTUAL networks is really easy to reproduce if a new host is brought online, all you have to do is to add the new host network cards in the distributed switch and your config is done. With that in mind lets look at the service console. This console is always configured on EACH Setup program that out you of the box if not that you really need to have these parameters transported on several hosts that is another reason why most people just don't. VMotion is up to you, I have seen and configured two ways, it all depends on how simple you want to keep it or think of switching / vlaning / port of groups.

  If you have any questions please let me know, I hope this has helped

• Issue of network design

  You want advice on which Setup is better in terms of network speed and configuration. That would provide the best performance among the following options:

  Multiple trunks in vDS using road based on the physical load of NIC

  vPort channel through several N2Ks in vDS using road based on IP Hash (I know that this is a requirement for Port channels)

  Or some other editing? I would like TO connect 2 x 10 GB straight in the N5Ks, but don't have the cards right now. These will be just for normal VMs on the side business of the House... no DMZ or something funky like that on the initial Setup.

  Thoughts?

  Thanks in advance.

  Unfortunately, the answer is not as simple as that. My gut response is "it depends."

  In most of the solutions that I have held, I have a requirement of customer care for a large number of machines virtual workstation 'type' to be deployed - a result is a lot of density VM on my guests. All virtual machines have only a NIC in the result, the way that handles vswitch that their movement would not benefit from the etherchannel for defined reasons application - I don't have multiple NICs to level VM to enjoy multiple NICs nationwide vSwitch, so I can't use multiple paths in an etherchannel link. No gain.

  So to answer your question directly with this type of scenario, no, there is no gain.

  Different scenario: I have a server VM. multiple NICs, stuck. Network cards present the vswitch. The vSwitch is on an etherchannel. It should work faster, no? The answer is not necessarily - it depends. Often, servile NIC bring several physical interfaces to a logical interface presented to the switch - therefore, a MAC address. Don't forget the LACP discussion? When you have defined "route based on source MAC hash", there isn't that one MAC - and LACP will assume only link. Hash of the IP? I've seen a few examples of what I call 'miracles' on the side of the machine virtual NIC, but for us, simple mortals who do not want to be network stacks re-writing all the time, what an interface.

  Once again, no gain. How to solve this problem? You could split the servile NIC and that they present multiple MAC addresses in this case (and it takes the server config to use this configuration in this way), or multiple IP addresses, or extreme measures. Books-the measures a little load balancing. Not the shot I would - I don't like not called late into the night to fix the unnecessarily complicated links.

  Moreover, one is easier simply apply a faster link. If we compare the economy of the whole of thinking necessary to solve an etherchannel (and remember, it is not a two-way entity by itself, you should pay attention to both ends) to what it would cost to slap in a 10 Gbps connection, I know which I take the road.

  Lots of shine of profound details in there, but I think that somewhere in the middle is the answer you're looking for. I hope this helps.

  -abe

• Network design... Need help cont.

  I redid this thread in order to give the points. Here's the original:

  http://communities.VMware.com/message/1515861#1515861

  1. vMotion and HA will not work if you have virtual machines stored on the hard disk of the local server. This is why you MUST use a SAN. Centralized storage allows all servers see virtual machines, so being able to move VMs from server to server is possible (iSCSI, NFS, FC, FCoE). If the virtual machines are sitting on the local server, you can not have HA or vMotion.

  2. don't shoot yourself in the foot and try to start production on 2 network cards. You'll end up with people shouting at you on performance. Get a detailed plan and follow it carefully. Get the right equipment and infrastructure in place first or people will not want to embrace virtualization

  Your installation will work? Yes.  It will be the best performance? N ° you need to invest in some more NIC (6 physical NIC in ESX host is a minimum of IMO, I usually go with 10. There you have before, levels of redundancy and less liklihood of the neck of the bottle.

  If you can't do anything else and MUST use 2 network cards, I would honeslty think to keep everything on 1 vSwitch and tagging VLAN to the port of vSphere group layer. In this way, you can use two NICs for all traffic. No best practices.