Good idea to trunk all VLAN's to all VMWare ESXi hosts?
I'm a bit old school, and have always only allowed specific VLAN's on trunk links to ESXi hosts. As the number of VLALN's starts increasing, the allowed vlan trunk list is becoming a management nightmare.
So my question is: Is it a good idea to allow all VLAN's down to all ESXi hosts? Essentially treating them as an extension of our switching fabric, since they kind of are.
What's everyone doing nowadays? Do you guys restrict vlan's, or just allow all to be trunk'd?
Another reason we're considering trunking all VLAN's is to support vMotion. The VMWare team wants the flexibility to build clusters across different rows/POD's, to vMotion w/o having to wait for us to add VLAN's to trunks, and confirm they show up in vSwitch. How do you support the increasing needs of virtualization, while exercising network best practice?
Do you use a spreadsheet, or some software to keep track of which VLAN's are trunk'd to which ESXi hosts? Just curious how people are managing the VLAN restrictions.
In my environment I'm allowing all Vlans down to the ESXi hosts. There are 4 or 5 I could prune from the trunk, but I dont. There have been several situations where the Sys Admin needed to create a server in a particular subnet. Moreover, all of our virtual servers reside on this one UCS system and all workstations need at least one of the many servers.
We've had a few hosts external the UCS system and they were connected on access ports. But, all vlans were allowed on the trunk links of the switch stack they connected to. In the IOS I could see this information with the show interface trunk command. With several user vlans needing to access similar resources, I find it very difficult to try and prune vlans on a trunk link.
"How do you support the increasing needs of virtualization"
If you server team requires "flexibility" (probably meaning they don't want to be bothered with informing networks or going through change control) then that's your call, but personally..... Change control is you friend and knowing your network is all part of the administration and controlling what connects too it is also.
FYI - at my place of work we do keep shared documentation regards vlan restriction and esx hosting
Please don't forget to rate any posts that have been helpful.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...