07-17-2014 08:10 AM - edited 03-07-2019 08:05 PM
I'm a bit old school, and have always only allowed specific VLAN's on trunk links to ESXi hosts.
As the number of VLALN's starts increasing, the allowed vlan trunk list is becoming a management nightmare.
So my question is:
Is it a good idea to allow all VLAN's down to all ESXi hosts?
Essentially treating them as an extension of our switching fabric, since they kind of are.
What's everyone doing nowadays?
Do you guys restrict vlan's, or just allow all to be trunk'd?
thanks in advance for your replies.
Kevin
07-17-2014 08:24 AM
Hello
Its ALWAYS a good idea to manually prune unwarranted vlans across a trunk even an esx host, it cuts down on logical stp instances and virtual ports regards stp scalability.
res
Paul
07-17-2014 09:21 AM
Thank you Paul.
Another reason we're considering trunking all VLAN's is to support vMotion.
The VMWare team wants the flexibility to build clusters across different rows/POD's, to vMotion w/o having to wait for us to add VLAN's to trunks, and confirm they show up in vSwitch.
How do you support the increasing needs of virtualization, while exercising network best practice?
Do you use a spreadsheet, or some software to keep track of which VLAN's are trunk'd to which ESXi hosts?
Just curious how people are managing the VLAN restrictions.
07-17-2014 11:02 AM
In my environment I'm allowing all Vlans down to the ESXi hosts. There are 4 or 5 I could prune from the trunk, but I dont. There have been several situations where the Sys Admin needed to create a server in a particular subnet. Moreover, all of our virtual servers reside on this one UCS system and all workstations need at least one of the many servers.
We've had a few hosts external the UCS system and they were connected on access ports. But, all vlans were allowed on the trunk links of the switch stack they connected to. In the IOS I could see this information with the show interface trunk command. With several user vlans needing to access similar resources, I find it very difficult to try and prune vlans on a trunk link.
07-18-2014 01:00 AM
Hello
"How do you support the increasing needs of virtualization"
If you server team requires "flexibility" (probably meaning they don't want to be bothered with informing networks or going through change control) then that's your call, but personally..... Change control is you friend and knowing your network is all part of the administration and controlling what connects too it is also.
FYI - at my place of work we do keep shared documentation regards vlan restriction and esx hosting
res
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide