Shulou(Shulou.com)06/01 Report--

Vsphere has also been used for several years, basically maintaining a major version upgrade once a year, from version 5.0 to 5.5,6.0, and recently began to deploy 6.5. the biggest headache is network planning, which is also the focus of vsphere deployment.

In the transition from a traditional data center, there were only four HP rack servers, without even thinking about network planning, mixing one vlan, a Class C address with the original server. This also caused a variety of troubles in the future, with the increase of the server, IP is not enough, security is not guaranteed.

Although the data center can operate normally, it is unreasonable to take advantage of the small scale and catch up with the upgrade 6.5, just in time to replan the network.

According to best practices, the networks of Management, vMotion, vSphereFT, iSCSI, and so on are isolated from each other to improve security and performance. At the same time, it is recommended to configure 2 physical network cards for redundancy and load balancing for each network. According to the best practice, at least 6 network cards may be required, and more than a dozen network cards may be needed, which is unrealistic for rack servers equipped with 4 network cards.

My standard configuration is 4 network cards, vMotion, Management and vSphereFT networks share 2 network cards, and production network uses 2 network cards. VSwitch uses the access port and vSphere Distributed Switch uses trunk mode.

Vlan20 172.20.20.1Compact 24 HP oa, vc, ilo, FC SAN storage and other hardware management addresses

Vlan21 172.20.21.1 VMware addresses such as 24 vcenter, vsphere, vcops, vdp, etc.

172.20.0.1 Universe 24 vmotion address

172.20.1.1 Compact 24 vSphere FT address

Vlan100 x.x.x.x/24 external web service address

Vlan200 x.x.x.x/24 address of internal business operation and maintenance platform

VMotion and vSphereFT can go through the second layer, without the need to configure routing, in the vsphere6.5 version, you can configure a separate TCP/IP stack for vMotion.

A mistake was made in the configuration of vMotion network. In the past, independent VMkernel was configured for vMotion network. When upgrading to 6.0, it is found that there is no problem in Management, so there is no longer a separate address for vMotion. In the case of dual physical network cards, there is generally no problem, but when a physical network card fails, vMotion operation will lead to unicast flooding.

Security Policy:

1. Prevent mutual access through layer 3 switched acl or port isolation

two。 The policy on the firewall only allows administrators to access the management address

The best practice network topology diagram is as follows, and it is recommended that the uplink ports be distributed on both switches for redundancy.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.