Nexus1000v: Mgmt Port on different VLAN than host

Unanswered Question
Aug 4th, 2010
I am setting up a pair of Nexus 1000v switches.   As per the Cisco
documentation, I have the management port in the system-uplink
port-profile.  However, currently, this management port is in the same
production VLAN as most of our servers.  I would rather have the
management in an separate VLAN for security and reliability reasons.
Also, as I cannot assign a VLAN to both the system-uplink and the
data-uplink port-group, this means all of the server traffic will be
using the system-uplink port-group.  This does not sound logical.

My question is:
1.  Does the management port have to be in the same VLAN as the VM Host
server?
2.  If is does, what are the implications of putting the management port
on the data-uplink port-group?
3.  OR, if (1) is YES, then what do you think about putting the VM Hosts
(ESXI) on a separate VLAN than the virtual servers?

Note:  I have been playing with svs domain mode l3.  But as I cannot even
ping the gateway, I haven't had much success.
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Sebastian Helmer Fri, 08/06/2010 - 03:02

I would say you should seperate it.

One VLAN Management (mabye in ESX Managemt or Switchmanagement VLAN)

One VLAN for Packet & Contrl.

Others for Data (server, user traffic)

Seperate Management ist just for security reasons

The others should be seperated, because the are very important to let the nexus Work, If packets are lost, the hole nexus will get trouble to work.

Additional you should think about QoS if you don't use a seperate NIC for that traffic. I would suggest to use a bundle of NIC's for evetyhing and work with QoS to be High Available.

Thats my point of view after discussion in a nexus training and with a cisco technician.

regards,

Sebastain

cklam@ias.edu Fri, 08/06/2010 - 06:15

Thanks!   One more question.  Must the VLAN for ESX Managment and the Nexus Mmgt be the same?   If so, I will have to re-ip the ESX Managment. If not, can someone post an config example of this?

Thank you,

Christina

Sebastian Helmer Fri, 08/06/2010 - 06:35

No it must not.

the VSM mus only be able to contact the VC. But I think you know that.

Because of that I will prefere to use the same VLAN.

It is just for management like SSH, telnet etc...and connection to the VC

I have no configuration sorry, my testlab is not ready until now..

regards,

Sebastian

Actions

Login or Register to take actions

This Discussion

Posted August 4, 2010 at 1:07 PM
Stats:
Replies:3 Avg. Rating:
Views:494 Votes:0
Shares:0

Related Content

Discussions Leaderboard