The upstream network from the VxRail cluster must be configured to allow passage for VxRail networks that require external access. The switches supporting direct connectivity to the VxRail cluster should pass the external-facing VxRail network traffic through a pair of switch ports upstream to a pair of switch ports on the next network layer (spine). The switches at the next layer needs to direct this network traffic to the appropriate data center services and end-user community.
The VxRail External Management Network should be accessible to your location’s IT infrastructure and personnel only. IT administrators require access to this network for day-to-day management of the VxRail cluster, and the VxRail cluster is dependent on outside applications such as DNS and NTP to operate correctly.
Figure 26. Logical Network including Upstream Elements
VxRail Virtual Machine Networks support access to applications and software that is deployed on the virtual machines on the VxRail cluster. While you must create at least one VxRail Virtual Machine network at VxRail initial implementation, additional VxRail Virtual Machine networks can be added to support the end-user community. The spine switch must be configured to direct the traffic from these VxRail Virtual Machine networks to the appropriate end-users.
The VxRail Witness Traffic Separation Network is optional if you plan to deploy a stretched-cluster. The VxRail Witness traffic separation network enables connectivity between the VxRail nodes with the witness at an offsite location. The remote-site witness monitors the health of the vSAN datastore on the VxRail cluster over this network.
Using Appendix A: VxRail Network Configuration Table, perform the following steps: