The upstream network from the VxRail cluster must be configured to allow passage for VxRail networks that require external access. Use Appendix A: VxRail Network Configuration Table for reference. Upstream passage is required for:
- The External Management VLAN (Row 1)
- Any VM Network VLANs (Row 6)
- The optional vCenter Server Network VLAN (Row 7)
- If a vSAN witness is required for the VxRail cluster, include the VxRail Witness Traffic Separation VLAN (Row 74) for upstream passage.
- The VxRail Internal Management VLAN (Row 2) must be blocked from outbound upstream passage.
- Optionally, the vSphere vMotion VLAN (Row 3) and vSAN VLAN (Row 4) can be configured for upstream passage.
If you plan to expand the VxRail cluster beyond a single rack, configure the VxRail network VLANs for either:
- Stretched Layer 2 networks across racks
- To pass upstream to routing services if new subnets will be assigned in expansion racks.
Figure 57. Logical networks connecting to upstream elements
If your Layer 2 or Layer 3 boundary is at the lowest network tier (top-of-rack switch), perform the following tasks:
- Configure point-to-point links with the adjacent upstream switches.
- Terminate the VLANs requiring upstream access on the top-of-rack switches.
- Enable and configure routing services for the VxRail networks requiring upstream passage.
If your Layer 2 or Layer 3 boundary is upstream from at the lowest network tier (top-of-rack switch), perform the following tasks:
- Connect ports on the adjacent upstream switch to the uplinks on the top-of-rack switches.
- Configure logical pairings of the ports on the adjacent upstream switch and the top-of-rack switch.
- Configure the logical port pairings, commonly known as “port channels” or “EtherChannels,” to allow upstream passage of external VxRail networks.