Planning Guide—vSAN 2-Node Cluster on VxRail
Executive summary
Introduction
Requirements, recommendations, and restrictions
Deployment options
Conclusion
References
VxRail hardware
VDS support
VxRail software version
Nested fault domains
vSAN file services
VCenter Server
Witness virtual appliance
Physical network
Port requirements
Witness and management network topology
Network layout
Capacity planning considerations
Node upgrades
Licensing
Other support limitations
Witness and management network topology
Witness and management network topology
-
VMware supports communications between vSAN nodes and the vSAN witness host as follows:
- Layer 2 (same subnet) for configurations with the witness host management in the same location.
- Layer 3 (routed) for configurations with the witness host in an alternate location such as at the main data center
- A static route is required.
- The maximum supported roundtrip time (RTT) between the vSAN 2-node cluster and the witness is 500 milliseconds (250 milliseconds each way).
- Witness traffic separation is required. With the VxRail implementation of the vSAN 2-node cluster, a VMkernel interface is designated to carry witness traffic destined for the witness host.
- The witness requires two IP addresses on different subnets—one for the management of the witness and one for the witness traffic from the 2-node cluster.
Figure 3. 4 x 10 GbE direct-connect port configuration
Figure 4. 4 x 25 GbE direct-connect port configuration
Each vSAN host’s vmk5 VMkernel interface is tagged with “witness” traffic. When using Layer 3, each vSAN host must have a static route configured for vmk5. The host must be able to properly access the vmk1 on the vSAN witness host, which is tagged with “vSAN” traffic.
Likewise, the vmk1 interface on the witness host must have a static route configured to properly communicate with vmk5 on each vSAN host.