In the network design for the ESXi hosts in a VI workload domain, you place the hosts on a VLAN for traffic segmentation and decide on the IP addressing scheme and name resolution for optimal support for customer's workloads and maintenance of the hosts.
Network Segments
To perform system functions in a virtual infrastructure in addition to providing network connectivity to the virtual machines, the ESXi hosts in the management domain are connected to several dedicated networks. See Networks in VMware Cloud Foundation and Overlay Design for a Virtual Infrastructure Workload Domain.
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
VCF-WLD-ESX-NET-001 |
Place the ESXi hosts in the VI workload domain cluster on a new VLAN-backed management network segment dedicated for VI workload domain. |
|
A new VLAN and a new subnet are required for the VI workload domain management network. |
IP Addressing
You must assign a static IP address for the management interface of each ESXi host in the VI workload domain.
Following industry best practices, VMware Cloud Foundation does not allow using DHCP to assign an IP address to the management interface of ESXi hosts.
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
VCF-WLD-ESX-NET-002 |
Allocate statically assigned IP addresses and host names across all ESXi hosts in the VI workload domain cluster. |
Ensures stability across the SDDC and makes it simpler to maintain and makes it easier to track. |
Requires precise IP address management. |
Name Resolution
Name resolution provides the translation between an IP address and a fully qualified domain name (FQDN). The management IP address of each ESXi host in the VI workload domain must have valid internal DNS registration which includes forward and reverse name resolution.
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
VCF-WLD-ESX-NET-003 |
Configure forward and reverse DNS records for each ESXi host in the VI workload domain cluster. |
All ESXi hosts are accessible by using a fully qualified domain name instead of by using IP addresses only. |
You must provide DNS records for each ESXi host. |
Time Synchronization
Time synchronization provided by the Network Time Protocol (NTP) is important to ensure that all components in the SDDC are synchronized to the same time source. For example, if the clocks on the physical machines in your vSphere network are not synchronized, SSL certificates and SAML Tokens, which are time-sensitive, might not be recognized as valid in communications between network machines. Time inconsistencies in vSphere can cause first-boot to fail at different services depending on where in the environment time is not accurate and when the time is synchronized.
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
VCF-WLD-ESX-NET-004 |
Configure time synchronization by using an internal NTP time source across all ESXi hosts in the VI workload domain cluster. |
Ensures consistent time across all devices in the environment, which can be critical for proper root cause analysis and auditing. |
An operational NTP service must be available in the environment. |
VCF-WLD-ESX-NET-005 |
Set the NTP service policy to |
Ensures that the NTP service is available right after you restart an ESXi host. |
None. |