Consider networking features that can provide availability, security, and bandwidth guarantee in a Virtual SAN cluster.
For details about the Virtual SAN network configuration, see the VMware Virtual SAN Design and Sizing Guide and Virtual SAN Network Design Guide.
Networking Failover and Load Balancing
Virtual SAN uses the teaming and failover policy that is configured on the backing virtual switch for network redundancy only. Virtual SAN does not use NIC teaming for load balancing.
If you plan to configure a NIC team for availability, consider these failover configurations.
|Teaming Algorithm||Failover Configuration of the Adapters in the Team|
|Route based on originating virtual port||Active/Passive|
|Route based on IP hash||Active/Active with static EtherChannel for standard switch and LACP port channel for distributed switch|
|Route based on physical network adapter load||Active/Active with LACP port channel for distributed switch|
Virtual SAN supports IP-hash load balancing, but cannot guarantee improvement in performance for all configurations. You can benefit from IP hash when Virtual SAN is among its many consumers. In this case, IP hash performs load balancing. If Virtual SAN is the only consumer, you might notice no improvement. This behavior specifically applies to 1-GbE environments. For example, if you use four 1-GbE physical adapters with IP hash for Virtual SAN, you might not be able to use more than 1 Gbps. This behavior also applies to all NIC teaming policies that VMware supports.
Virtual SAN does not support multiple VMkernel adapters on the same subnet. You can use multiple VMkernel adapters on different subnets, such as another VLAN or separate physical fabric. Providing availability by using several VMkernel adapters has configuration costs including vSphere and the network infrastructure. Network availability by teaming physical network adapters is easier to achieve with less setup.
Multicast Considerations in Virtual SAN Network
Multicast must be enabled on the physical switches to enable heartbeat and exchange of metadata between the hosts in the Virtual SAN cluster. You can configure an IGMP snooping querier on the physical switches for delivery of multicast messages only through the physical switch ports that are connected to the Virtual SAN host network adapters. In the case of multiple Virtual SAN clusters on the same network, before you deploy an additional Virtual SAN cluster in production, change the multicast address for the new cluster so that the member hosts do not receive unrelated multicast messages from another cluster. For information about assigning a multicast address for a Virtual SAN cluster, see Change the Multicast Address for a Virtual SAN Cluster.
Allocating Bandwidth for Virtual SAN by Using Network I/O Control
If Virtual SAN traffic uses 10-GbE physical network adapters that are shared with other system traffic types, such as vSphere vMotion traffic, vSphere HA traffic, virtual machine traffic, and so on, you can use the vSphere Network I/O Control in vSphere Distributed Switch to guarantee the amount of bandwidth that is required for Virtual SAN.
In vSphere Network I/O Control, you can configure reservation and shares for the Virtual SAN outgoing traffic.
- Set a reservation so that Network I/O Control guarantees that minimum bandwidth is available on the physical adapter for Virtual SAN.
- Set shares so that when the physical adapter assigned for Virtual SAN becomes saturated, certain bandwidth is available to Virtual SAN and to prevent Virtual SAN from consuming the entire capacity of the physical adapter during rebuild and synchronization operations. For example, the physical adapter might become saturated when another physical adapter in the team fails and all traffic in the port group is transferred to the other adapters in the team.
For example, on a 10-GbE physical adapter that handles traffic for Virtual SAN, vSphere vMotion, and virtual machines, you can configure certain bandwidth and shares.
|Traffic Type||Reservation, Gbps||Shares|
If the 10-GbE adapter becomes saturated, Network I/O Control allocates 5 Gbps to Virtual SAN on the physical adapter.
For information about using vSphere Network I/O Control to configure bandwidth allocation for Virtual SAN traffic, see the vSphere Networking documentation.
Marking Virtual SAN Traffic
Priority tagging is a mechanism to indicate to the connected network devices that Virtual SAN traffic has high Quality of Service (QoS) demands. You can assign Virtual SAN traffic to a certain class and mark the traffic accordingly with a Class of Service (CoS) value from 0 (low priority) to 7 (high priority), using the traffic filtering and marking policy of vSphere Distributed Switch.
Segmenting Virtual SAN Traffic in a VLAN
Consider isolating Virtual SAN traffic in a VLAN for enhanced security and performance, especially if you share the capacity of the backing physical adapter among several traffic types.
If you plan to use jumbo frames with Virtual SAN to improve CPU performance, verify that jumbo frames are enabled on all network devices and hosts in the cluster.
By default, the TCP segmentation offload (TSO) and large receive offload (LRO) features are enabled on ESXi. Consider whether using jumbo frames improves the performance enough to justify the cost of enabling them on all nodes on the network.