3

Fairly new to ESXi, using 4.1

Has a vSwitch setup with both physical nic cards, one of them is for the public network of the host server and the other is for the private network.

Without mapping one of the nics to a second vSwitch, will ESXi and my VMs actually be able to use both nics?

Realistically I want ESXi management network for vSphere to use the public network nic so that I can control it, and the Virtual Machines should also use the public network nic so they can be reachable servers.

The private nic can stay on the box so that the hosting provider can monitor it and provide me access via IPMI as needed, but otherwise I don't think I need it...

MetaGuru
  • 896
  • 6
  • 22
  • 36

2 Answers2

4

If you don't map a NIC to any vSwitch, then that NIC will not be used at all. Period.

If you want all traffic (both management and VM) to go to the public network, then the NIC connected to the private network is effectively useless; you can ask your hosting provider to connect it to the public network just like the other one, then map them both to the same vSwitch, and you'll get automatic load balancing and failover for the server's network connection.

Massimo
  • 70,200
  • 57
  • 200
  • 323
  • So to be clear, having multiple nics in one vswitch will only use one nic at a time or it will load balance between the two? For each unique physical network connection that I wish to use I should have a associated vswitch? – MetaGuru Jul 20 '11 at 21:14
  • If you bond two NICs to the same vSwitch, you will have load balancing (but only on different connections, traffic going from the same VM to the same remote address will only flow through one single NIC). – Massimo Jul 20 '11 at 21:38
  • 1
    If you have different physical connections you need to map them to different vSwitch; if two or more NICs are associated with the same vSwitch, ESXi will assume they can handle the same traffic. – Massimo Jul 20 '11 at 21:39
3

What Massimo said is technically correct, but I think I'd burn an IP from the hosting provider and set it up on the WAN interface on a firewall (could be an ALIX pfSense box) with an IPSec tunnel terminating at your location.

I'd then use that second private NIC for ESXi management traffic only, behind that firewall, on a private subnet, plugged into the LAN port of the firewall. You could then tunnel across from your office and have access to your ESXi management completely isolated from your public VM network in case of misconfiguration, but also to protect your management network from the public Internet.

gravyface
  • 13,957
  • 19
  • 68
  • 100
  • 1
    I absolutely agree having ESXi's management interface sitting on a public network is not the greatest idea. – Massimo Jul 20 '11 at 21:13
  • And if he really wants/needs load balancing, he should add another couple of NICs and have cross-NIC redundancy/load balancing for management and VM traffic. – gravyface Jul 20 '11 at 21:56