Blue Gears - 2 Physical NICs with VMware ESX

Virtualization hosts running on commodity boxes presents a challenge for the administrator. Namely in the number of available physical NICs available for use. Often there are only two NICs available. How to setup virtual networking in this situation is a challenge of trade-offs between performance, redundancy, and security. The best way to use these pNICs is as follows:

pNIC0 -> vSwitch0 -> Portgroup0 (service console)
..................-> Portgroup1 (VMotion)
..................-> Portgroup2 (Storage Network)
pNIC1 -> vSwitch0 -> Portgroup3 (VM Network)

Then assign pNIC1 as the backup pNIC for Portgroup0, Portgroup1, and Portgroup2. Lastly, assign pNIC0 as the backup pNIC for Portgroup3. This works best however when VLANs are enabled. You want to explicitly setup each portgroup to use strict failover mode and not to use any form of load balancing. The split described will give the best performance,redundancy, and security when only two pNICs are available. This setup does work better when VLANs are in use as the vSwitch has built in security against all currently known VLAN attacks. Security will suffer if you just use subnets instead of VLANs. When using VLANs, all VLANs in use must have a trunk through each pNIC in order for redundancy to come into play on a pNIC or path failure. This configuration is not a secure implementation. Sharing networks between your hostile virtual machines and your service console, VMotion, or storage networks is not secure. The use of 2 pNICs limits the possibilities and there are serious trade-offs when it comes to security.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)