As virtualization and cloud computing become more popular in the data center, a shift in the traditional three-tier networking model is taking place. The traditional core-aggregate-access model is being replaced by the leaf and spine design.

The network must be designed to meet the diverse needs of different entities in an organization. These entities include applications, services, storage, administrators, and users.

  • Use controlled access where required and isolation where necessary to provide an acceptable level of security.

  • Use a leaf and spine design to simplify the network architecture.

  • Configure common port group names across hosts to support virtual machine migration and failover.

  • Separate the network for key services from one another to achieve greater security and better performance.

Network isolation is often recommended as a best practice in the data center. In a vRealize Suite environment, you might have several key VLANs, spanning two or more physical clusters.

In the following illustration, all hosts are part of the ESXi Management, vSphere vMotion, VXLAN, and NFS VLANs. The Management host is also connected to the external VLAN, and each edge host is connecting to its customer-specific VLAN.

In this case, connections use Link Aggregation Control Protocol (LACP) provided by a vSphere Distributed Switch to aggregate the bandwidth of physical NICs on ESXi hosts that are connected to LACP port channels. You can create multiple link aggregation groups (LAGs) on a distributed switch. A LAG includes two or more ports and connects physical NICs to the ports. LAG ports are teamed in the LAG for redundancy, and the network traffic is load balanced between the ports by using an LACP algorithm.

See LACP Support on a vSphere Distributed Switch.

Figure 1. Different Types of ESXi Hosts Connect to Different VLANs
VLANs connect different types of hosts.