I am configuring a new network and had a couple questions I am finding hard to find good answers about best practices on using VLANs to separate Core network traffic and iSCSI traffic.
The switches for the core network are a Cisco 24 port 3560X doing layer 3 VLAN routing and three 3560x 48port. I have 3-4 servers that on the SAN with average of 7-10 VM's per host. Am I overloading the switches with that amount of traffic ? Am I better off doing completely dedicated switches for the SAN?
In addition to what others have said, you should actually have two switches for your storage network for redundancy, with multipathing configured so that there's two paths per hypervisor host to your SAN. This configuration (depending on hypervisor, licensing, etc.) also allows for load balancing between paths in addition to high availability.
Yes you are asking for trouble. In order to get good performance out of iSCSI, you need to enable jumbo packets on the switch. On the 3560, you're only able to set MTU size for the entire switch, not individual ports. So you'd have to set a higher MTU for the entire network which may lead to more problems that you'll have to deal with.
In addition to that problem, you're adding more complexity to a very critical portion of your infrastructure. In addition to that, you're introducing potential security vulnerabilities as VLAN hopping can be a real concern when everything is not setup correctly.
You also have to worry about performance on the switch. iSCSI is very sensitive to performance issues. You may be overloading the switch by having it do both your network and SAN.
Stay away from it! Buy a dedicated switch for your iSCSI network and you'll have no regrets.
Generally its best to keep them separate. But that costs more money.
But only you can answer if you are overloading the switches. How much of each port being utilized? What is the utilization of the cpu on the switches? Do you have enough to spare capacity to handle peak load?
If you're pushing over 90% of the maximums each day, then yes. If you're at 10%, then no.
Any where in the middle will depend on how much budget you have compared to how sensitive the data is to the latency.
Separate switches is the best config. That having been said, VLANS can absolutely work just fine. Even if you aren't able to enable jumbo frames because of the issue that Jason Berg mentioned, with just 3 hosts I suspect you will be fine. I would make the point though of actually monitoring those switches to see the impact of the extra traffic so you know if you're getting close to maxing them out.
In addition to what other already have mentioned, it's recommended to disable unicast storm control - which often is done globally. This could cause problem for non iSCSI traffic.
