VLANs define the VxRail logical networks within the cluster and the method used to control the paths that a logical network can pass through. A VLAN is a numeric ID that is assigned to a VxRail logical network. The same VLAN ID is also configured on the individual ports on your ToR switches, and on the virtual ports in the VMware VDS during the automated implementation process.
When an application or service in the VxRail cluster sends a network packet on the VMware VDS, the VLAN ID for the logical network is attached to the packet. The packet can only be able to pass through the ports on the ToR switch and the VMware VDS where there is a match in VLAN IDs. You should isolate the VxRail logical network traffic using separate VLANs. This recommended, but not required. A flat network is recommended only for test, non-production purposes.
- The virtualization team discuss with the application owners which specific applications and services that are planned for VxRail are to be made accessible to specific end-users. This determines the number of logical networks required to support traffic from non-management virtual machines.
- If you plan to have multiple independent VxRail clusters, use different VLAN IDs across multiple VxRail clusters to reduce network traffic congestion.
- The network team must plan the following:
- Define the pool of VLAN IDs needed to support the VxRail logical networks, and determine which VLANs restrict traffic to the cluster, and which VLANs can pass through the switch up to the core network.
- Plan to configure the VLANs on the upstream network, and on the switches attached to the VxRail nodes.
- Configure routing services to ensure connectivity for external users and applications on VxRail network VLANs passed upstream.
- The virtualization team must assign the VLAN IDs to the individual VxRail logical networks.
- External Management
- Internal Management
- vCenter Management Network
- vSphere vMotion
- Virtual Machine
Before VxRail 4.7.x, both external and internal management traffic shared the external management network. Starting with VxRail 4.7.x, the external and internal management networks are broken out into separate networks.
External Management network
External Management network supports communications to the ESXi hosts, and has common network settings with the VMware vCenter Server Management Network. All VxRail external management traffic is untagged by default and should be able to go over the native VLAN on your ToR switches.
A tagged VLAN can be configured instead to support the VxRail external management network. This option is considered a best practice, and is especially applicable in environments where multiple VxRail clusters are deployed on a single set of ToR switches. To support using a tagged VLAN for the VxRail external management network, configure the VLAN on the ToR switches. Configure trunking for every switch port that is connected to a VxRail node to tag the external management traffic.
vCenter Management network
The vCenter Management Network hosts the VxRail Manager and the VxRail-managed VMware vCenter Server. By default, it also shares the same network settings as the External Management network. In this context, the physical ESXi hosts and the logical VxRail management components share the same subnet and share the same VLAN. Starting with version 7.0.350, this logical network can be assigned to a unique subnet and assigned a VLAN separate from the external management network.
Internal Management network
The Internal Management network is used solely for device discovery by VxRail Manager during initial implementation and node expansion. This network traffic is non-routable and is isolated to the ToR switches connected to the VxRail nodes. Powered-on VxRail nodes advertise themselves on the Internal Management network using multicast, and discovered by VxRail Manager. The default VLAN of 3939 is configured on each VxRail node that is shipped from the factory. This VLAN must be configured on the switches, and configured on the trunked switch ports that are connected to VxRail nodes.
If a different VLAN value is used for the Internal Management network, it not only must be configured on the switches, but must also be applied to each VxRail node on-site. Device discovery on this network by VxRail Manager fails if these steps are not followed.
To leverage vSAN for VxRail cluster storage resources, configure a VLAN for the vSAN network and the VMware vSphere vMotion network. Configure a VLAN for each network on the ToR switches, and include the VLANs on the trunked switch ports that are connected to VxRail nodes.
The Virtual Machine networks are for the virtual machines running your applications and services. These networks can be created by VxRail during the initial build or afterward using the VMware vClient after initial configuration is complete. Dedicated VLANs are preferred to divide VM traffic, based on business and operational objectives. VxRail creates one or more VM networks for you, based on the name and VLAN ID pairs that you specify. When you create VMs in the VMware vSphere Web Client to run your applications and services, you can assign the VM to the VM networks of your choice. For example, you could have one VLAN for development, one for production, and one for staging.
|Network configuration table
|Enter the external management VLAN ID for VxRail management network (VxRail Manager, ESXi, VMware vCenter Server, Log Insight). If you do not plan to have a dedicated management VLAN and will accept this traffic as untagged, enter 0 or Native VLAN.
|Enter the internal management VLAN ID for VxRail device discovery. The default is 3939. If you do not accept the default, the new VLAN must be applied to each VxRail node before cluster implementation to enable discovery.
|Enter a VLAN ID for VMware vSphere vMotion (enter 0 in the VLAN ID field for untagged traffic).
|Enter a VLAN ID for vSAN, if applicable (enter 0 in the VLAN ID field for untagged traffic).
|Enter a Name and VLAN ID pair for each VM guest network that you want to create. VM Network can be configured during the cluster build process, or after the cluster is built (enter 0 in the VLAN ID field for untagged traffic).
|Enter the VMware vCenter Server Network VLAN ID (if different from the external management VLAN ID).