VMware Virtual SAN is a distributed object storage platform that depends on IP Network connectivity to provide access to storage resources and storage management infrastructure services. Virtual SAN requires that all of the participating hosts can communicate over an IP network and are members of the same vSphere Cluster.The locally attached storage devices from all of the hosts are pooled and presented as a single datastore to all members of the cluster once they have established IP connectivity and can communicate on the same Ethernet Layer 2 domain.
Study and analysis vurnerability of aodv protocolMehedi
This document discusses security issues in the Ad Hoc On-Demand Distance Vector (AODV) routing protocol for mobile ad hoc networks. It describes various attacks against AODV like wormhole attacks, colluding misrelay attacks, replay attacks, and false route error messages. It also explains black hole attacks and distributed denial of service (DDoS) attacks. The document analyzes why AODV is vulnerable to such attacks due to its characteristics. It concludes that attacks like black hole attacks highly impact AODV's performance and proposes future work to simulate black hole attacks on AODV using a network simulator.
Multicast IP addresses range from 224.0.0.0 to 239.255.255.255. The document discusses well-known multicast addresses, calculating multicast MAC addresses from IP addresses, and protocols for managing multicast traffic distribution including IGMP, CGMP, IGMP snooping, and RGMP. IGMP is used by hosts to join and leave multicast groups and by routers to manage multicast traffic forwarding. Version 2 is the default and includes features like group-specific queries and shorter leave latency. CGMP and IGMP snooping allow switches to optimize multicast forwarding.
Performance analysis of aodv protocol on blackhole attackMehedi
This document discusses the AODV routing protocol, black hole attacks against AODV, and analyzing AODV's performance under black hole attacks. It introduces AODV, explains why it is used, and outlines security issues. It then defines distributed denial of service (DDoS) and black hole attacks, describing how black holes work at the routing level to drop packets. The document concludes it will use a network simulator to analyze how black hole attacks affect AODV performance metrics.
This document discusses several VPN technologies including:
1. Naked DMVPN which allows direct spoke-to-spoke tunnels without traversing the hub to lower costs and increase bandwidth.
2. Protected DMVPN which adds IPsec encryption to DMVPN tunnels for added security using ISAKMP/IKE and crypto profiles.
3. IKE call admission control which discusses IKEv1 and IKEv2 protocols used to set up IPsec security associations and their differences like improved NAT traversal and liveness detection in IKEv2.
Frame Relay is a packet-switched WAN protocol that uses virtual circuits to transmit data between sites more efficiently than dedicated lines. The document describes how to design and configure a Frame Relay network using Cisco Packet Tracer by assigning DLCI numbers, IP addresses, and enabling encapsulation on subinterfaces of routers connected via a cloud network. It also provides steps to verify the configuration and test connectivity between hosts on different networks by pinging.
The document discusses ciphering procedures used in mobile networks. It describes:
1) Ciphering is used to secure signaling and subscriber information exchanged between the mobile station (MS) and base transceiver station (BTS).
2) The ciphering procedure is initiated by the network and performed in the BTS. The ciphering key is generated by the authentication center and sent to the BTS before ciphering begins.
3) The mobile switching center (MSC) sends ciphering commands to the BTS to start or change the ciphering mode via the base station controller (BSC).
Mobile transport layer - traditional TCPVishal Tandel
This document summarizes several mechanisms proposed to improve TCP performance in wireless networks. It discusses approaches like indirect TCP, snooping TCP, and mobile TCP that split the TCP connection to isolate the wireless link. It also covers fast retransmit/recovery techniques, transmission freezing, and selective retransmission to more efficiently handle packet losses due to mobility. While each approach aims to address TCP issues in wireless networks, they often do so by mixing layers or requiring changes to the basic TCP protocol stack.
Abstract Mobile Ad Hoc Network(MANETs) is a wireless communications technology in which devices may move around. There is no fixed structure or network that all the participating nodes form. It is a very flexible network. These characteristicsof MANET make it very unsafe and prone to various attacks.Although many research focus on how to deliver packets fromone node to another, very less importance had been given tothe security. Current techniques of addressing security on thefixed structured wired network are only useful to protect thetransmitted message on the end nodes, the security of routinginformation among the mobile nodes in the hostile environmentwhere mobile Ad Hoc networks are usually used has beeninadequately addressed. Security and routing has been treatedseparately incase of wired network but that cannot be done inwireless network since routing itself can be a major reason fordata loss or theft if done in a casual manner making it prone toattack from malicious node.Hence the routing and security hasto be looked into as one and not separately. Making the routingsecured can make the MANET a more reliable network. We havemade the routing mechanism secured but extending Fuzzy logic toit. Fuzzy logic in deciding the route makes it less prone to attacksand thus ensuring enhanced security. The proposed scheme ofsecure routing will be demonstrated by using simulation on NS2. Keywords AODV, SAODV, Fuzzy Logic, Black holeattack.
A Survey on Securing TORA for Detecting and Protecting Against Sybil Attack i...IJERD Editor
Mobile Ad-hoc Network (MANET) is a quite challenging to ensures security because if it’s open
nature, lack of infrastructure, and high mobility of nodes. MANETs is a fast changing network in a form of
decentralized wireless system. It requires a unique, distinct and persistent identity per node in order to provide
their security and also has become an indivisible part for communication for mobile device. In this phase of
dissertation, we have focused giving security to Temporally Ordered Routing Protocol Algorithm (TORA) from
Sybil attack. TORA is based on a family of link reversal algorithm. It is highly adaptive distributing routing
algorithm used in MANET that is able to provide multiple loop-free routes to any destination using the Route
Creation, Route Maintenance and Route Erasure functions. Sybil attack is a serious threat for wireless networks.
This type of attacker comes in the network and they start creating multiple identities. From that multiple
identities they are disrupting the network by participating in communication with line breaking nodes. This
cause’s huge loss in network resources. These networks can be protected using network failure and firewall
detection schemes for detecting the attack and minimizing their effects. Proposed approach is expected to secure
TORA through the implementation. Performance factor of network would be taken into consideration in order
to verify the efficiency of modified TORA in MANET environment.
The document provides a basic introduction to SS7 (Signaling System 7) including:
1. SS7 defines the elements and procedures for user identification, routing calls, billing, and managing calls on a global scale.
2. SS7 uses out-of-band signaling over high-speed dedicated data links and employs protocols like ISUP and TCAP to set up and tear down calls between network elements.
3. Key SS7 network elements include SSPs, STPs, and SCPs which work together to determine routing and provide supplementary services for calls.
misrouting attack in wireless sensor networks under replication attack. agent based security schemes in Security schemes for wireless sensor networks. International journal paper on wireless sensor networks.
Wireless Deauth and Disassociation Attacks explainedDavid Sweigert
This document summarizes a research paper on denial of service (DoS) attacks in wireless mesh networks. It discusses how management frames in wireless networks are unencrypted, allowing attackers to spoof frames and launch DoS attacks like deauthentication and disassociation attacks. It provides details on how these attacks work by spoofing management frames and terminating legitimate connections. It also reviews related work on implementing these attacks using tools and analyzing their impact on network performance. The goal of the research was to implement these attacks on a real wireless mesh testbed and propose a security algorithm to detect such attacks.
Virtual private networks (VPNs) allow private connectivity between networks over public infrastructure like the internet. A VPN uses tunneling protocols to encapsulate private network traffic within public network packets. Virtual private routed networks (VPRNs) are a type of layer 3 IP-based VPN that emulate a multi-site private network using virtual routing and forwarding tables on provider edge routers. The virtual router model implements VPRNs by running separate routing protocol instances for each VPN to exchange reachability information between customer edge routers via provider edge routers.
A network is nothing but multiple nodes are
connected with each other in some manner. The communication
between each node and the topology of the network are important
to make the environment more efficient. The communications
between systems are broadly categorized into two; that are wired
and wireless communication. In wired network, each node will be
connected through physical wires and follows a topology. But in
wireless network the communication between each node will be
happen a centralized node called Access Point. In wireless
environment a special wireless network is called MANET, in
which there will be no centralized Access Points. MANET is
nothing but Mobile Ad-hoc NETwork. In MANET each node acts
as a sender and receiver. And there is no fixed route between
nodes. Based on the nodes reachable, node will change the
routing table dynamically. So the mobility and scalability of the
nodes will not impact the MANET. The self-configuring ability of
the MANET made it popular in military applications and
emergency recovery. So the communication between each node
should be more secure and trustable. And it’s important to
identify the malicious nodes in MANET too. The malicious nodes
are nodes which are not able to sends packets further or the
nodes which are sends false report to the sender. To identify these
malicious nodes and sends the messages with more secure with
authorization need to implement new Intrusion Identification
System called Digital Signature with Acknowledgement name as
Enhanced Adaptive Acknowledgement. The objective of MANET
is fast communication. So its need to analyze the network
throughput also once the new Intrusion Identification System
introduced.
VLAN Trunking Protocol (VTP) is a Cisco proprietary protocol that propagates the definition of Virtual
Local Area Networks (VLAN) on the whole local area network.[1] To do this, VTP carries VLAN
information to all the switches in a VTP domain. VTP advertisements can be sent over ISL, 802.1Q, IEEE
802.10 and LANE trunks. VTP is available on most of the Cisco Catalyst Family products.
Frame Relay is a WAN protocol that operates at the data link layer. It was developed as a simpler version of X.25 to use over ISDN interfaces. Frame Relay is widely used for voice and data connectivity between LANs over a WAN due to its lower cost compared to dedicated lines. It uses virtual circuits to connect devices and provides bandwidth, reliability, and scalability benefits over private lines.
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
The session specifically covers the requirements and approaches for deploying the Underlay, Overlay as well as the inter-Fabric connectivity of Data Center Networks or Fabrics. Within the VXLAN BGP-EVPN based Overlay, we focus on the insights like forwarding and control plane functions which are critical to the simplicity operation of the architecture in achieving scale, small failure domains and consistent configuration. To complete the overlay view on VXLAN BGP-EVPN, we are going to the insides of BGP and its EVPN address-familiy and extend to about how multiple DC Fabric can be interconnected within, either as stretched Fabrics or with true DCI. The session concludes with a brief overview of manageability functions, network orchestration capabilities and multi-tenancy details. This Advanced session is intended for network, design and operation engineers from Enterprises to Service Providers.
The document provides an overview of the Cluster Control Protocol (CCP) used by Check Point's ClusterXL product. It discusses CCP's role in health status reporting, cluster member probing, state changes, querying membership, and state table synchronization. It also describes CCP message formats, transmission methods on secured and non-secured interfaces, and ClusterXL's decision logic for handling common failures like interface failures and primary reboots in a High Availability configuration.
Remote VPNs allow secure access to corporate networks from remote locations by establishing an encrypted tunnel over the Internet. They provide secure communications and access rights tailored to individual users, enhancing productivity by extending corporate networks and applications while reducing costs and increasing flexibility. The example configuration shows a remote client (R1) connecting to a VPN server (R3) using IKE and IPsec to securely access resources on R3's network.
This document discusses implementing a multicast communication system using an existing data network to provide free TV channels. It describes how a company can set up such a system to offer IP television services, saving money compared to proprietary TV systems. The document outlines the advantages of multicast communication like reduced bandwidth usage compared to unicast. It also discusses challenges like lack of reliability and potential security issues. It provides an overview of the IGMP and PIM routing protocols that enable multicast routing and how they work with unicast routing.
Implementing multicast communication system making use of an existing data ne...iosrjce
This document discusses implementing a multicast communication system using an existing data network to offer free TV channels. It describes how a company can use multicast routing protocols like PIM and IGMP to efficiently stream video to multiple devices. The key advantages of multicast are reducing bandwidth usage and server load compared to unicast. It also discusses challenges like lack of reliability and potential security issues. The document provides an overview of PIM sparse and dense modes and how to configure a prototype multicast network with load balancing and failover between multiple rendezvous points for high availability.
Switching and multicast schemes in asynchronous transfer mode networksEditor Jacotech
This document summarizes various switching and multicast schemes used in asynchronous transfer mode (ATM) networks. It discusses shared memory ATM switching architectures and different approaches for supporting multicast traffic in shared memory switches including replication-at-receiving, replication-at-sending, multiple write multiple read, and single write single read schemes. It also covers requirements for ATM multicast and compares these schemes in terms of advantages and disadvantages related to memory usage and switching performance.
Multicasting allows data to be sent from one source to multiple receivers simultaneously. It provides an efficient way to disseminate information to many recipients. The document discusses IP multicast addressing, the IGMP protocol for joining and leaving multicast groups, multicast routing protocols like DVMRP and PIM, and methods for constructing multicast distribution trees like source-based and shared trees. Multicasting is important for applications like streaming media and teleconferencing that require one-to-many or many-to-many communication.
Basics of multicasting and its implementation on ethernet networksReliance Comm
Multicasting allows data to be sent from one source to multiple receivers simultaneously. It provides an efficient way to disseminate information to many recipients. The document discusses IP multicast addressing, the IGMP protocol for joining and leaving multicast groups, multicast routing protocols like DVMRP and PIM, and methods for constructing multicast distribution trees like source-based and shared trees. Multicasting is important for applications like streaming media and teleconferencing that require one-to-many or many-to-many communication.
This document is a seminar report submitted by Prince Mishra to his professor Anuj Kumar on the topic of virtual local area networks (VLANs). It includes sections on introduction, literature review, types of VLANs including data, native, management and voice VLANs, VLAN implementation, creating and deleting VLANs, and conclusions. The report provides information on how VLANs segment networks logically rather than physically to improve network performance and security.
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...Tarun Khaneja
This document provides a summary of a presentation on CCNA (Cisco Certified Network Associate). It was trained by Ravinder Kumar from Gurukul Technical Institute and submitted by Tarun Khaneja with roll number 2110045 and contact number 09034406598. The presentation introduces CCNA and discusses networking types and applications. It also covers networking devices, subnetting, routing protocols like RIP, EIGRP, OSPF, ACLs, VLANs, and inter-VLAN routing. Configuration examples are provided for EIGRP and RIP routing on the same network.
This document discusses the design and implementation of network security using inter-VLAN routing and DHCP. It begins by explaining how VLANs logically separate network users and resources to create smaller broadcast domains. Inter-VLAN routing is then introduced as the process of forwarding traffic between VLANs using a layer-3 device. The document provides details on different inter-VLAN routing techniques and describes configuring subinterfaces on a router to route between VLANs. It then discusses using DHCP to dynamically assign IP addresses to devices in each VLAN to simplify configuration. Finally, the document proposes a network scenario implementing these concepts across four departments of a company and provides sample configurations for the router and switches.
This document provides a summary of a presentation on CCNA (Cisco Certified Network Associate). It includes:
1. An introduction to CCNA, which stands for Cisco Certified Network Associate and provides information about networking, its types and applications. Networking is important for communication and resource sharing.
2. Descriptions of different types of networking including LAN, MAN, and WAN. It also lists common networking devices like LAN cards, bridges, hubs, switches, and routers.
3. Overviews of topics covered in CCNA including subnetting, supernetting, Classless Interdomain Routing (CIDR), the differences between hubs and switches, what routers are used for,
This document provides an overview of networking and security concepts including the OSI model, functions of common network devices like routers, switches, firewalls and IDS/IPS systems. It describes technologies like NAT, VPNs, encryption, file integrity monitoring and SIEM. It also includes brief introductions to Linux, the CCNA and a case study on site-to-site VPN deployment considerations.
The document compares layer 3 switches and routers. It discusses their differences in performance, cost, port density, flexibility and supported protocols. Layer 3 switches are faster than routers for routing within a LAN but routers can connect LANs, MANs and WANs. They both support static and dynamic routing protocols, though layer 3 switches have limitations. While routers have more capabilities, layer 3 switches are more cost effective for high-speed inter-VLAN routing within a LAN. Both devices are needed to build a fully functional network.
The document summarizes virtual private networks (VPNs), including their definition, need, and how they work. VPNs allow corporate networks to securely transmit data over the public internet. They provide flexibility, scalability, and cost savings compared to traditional private networks. The document describes various VPN types and protocols like IPsec and PPTP. It also discusses VPN hardware and software requirements and advantages/disadvantages of VPNs.
This document provides an overview of topics covered by the Cisco Certified Network Associate (CCNA) certification. It summarizes that the CCNA focuses on fundamental networking knowledge for small office networks. It then explains key topics like networking devices (hubs, switches, routers), the OSI model, IP addressing, routing protocols, access control lists, switches, and virtual LANs (VLANs). The last section thanks the reader, indicating this provides a high-level overview of CCNA certification content.
IP Multicast allows one-to-many and many-to-many communication through multicast addressing and routing protocols. It identifies multicast groups with class D IP addresses and uses IGMP for hosts to join and leave groups, while multicast routing protocols like PIM-SM and PIM-DM establish distribution trees. PIM-SM uses a shared tree by default rooted at a rendezvous point, while PIM-DM uses source-based trees and assumes dense receiver distribution initially pruned by leaves.
This presentation summarizes the Cisco Certified Network Associate (CCNA) certification and covers networking concepts relevant to the CCNA including networking devices, the OSI model, IP addressing, routing, access lists, network address translation, switches, virtual LANs, WAN connection types, wireless technology, and comparisons of 802.11 wireless standards.
Here are the answers to the questions in bold red typeface:
1. What is a WAN?
**A WAN (wide area network) is a geographically dispersed telecommunication network that interconnects multiple computer networks and LANs (local area networks).**
2. What are the main components of a WAN?
**The main components of a WAN include routers, switches, firewalls, servers, and transmission media like fiber optic cables, coaxial cables, leased lines, satellites, and microwave links.**
3. What are some common WAN technologies?
**Some common WAN technologies include Frame Relay, ATM, MPLS, DSL, cable modem,
Implementation of intelligent wide area network(wan)- reportJatin Singh
This document summarizes a student's project on implementing an intelligent wide area network using EIGRP and MPLS routing technologies. The project's objective is to illustrate how these new routing technologies can result in faster convergence and reduced overhead traffic, improving overall network speed. Basic configurations of MPLS and EIGRP are demonstrated on Cisco routers. While the presented network design provides benefits, its full implementation requires high-end routers and switches that may be too costly for many organizations.
Virtual LANs (VLANs) segment networks logically by assigning ports on a switch to different broadcast domains. This allows broadcast traffic to be contained to specific VLANs rather than flooding the entire network. VLANs can be defined by port, MAC address, IP subnet, or multicast group. Quality of Service can also be implemented using VLAN tags to prioritize certain types of traffic. VLANs provide security and segregation benefits by creating logical boundaries between network segments. They allow networks to scale efficiently while containing broadcast traffic and prioritizing important applications.
Routers are networking devices that forward packets between logical networks. They are used to extend or segment large internetworks and connect TCP/IP networks and local area networks to the Internet. Routers have advanced features for quality of service, traffic filtering, and encryption. Switches offer intelligence beyond basic hubs and can read MAC addresses to selectively forward frames to specific ports. Bridges divide a network into segments and filter traffic between segments based on MAC addresses. Gateways connect networks that use different protocols by operating at the network layer.
Similar to Vmware vsan-layer2-and-layer3-network-topologies (20)
Have you ever built a sandcastle at the beach, only to see it crumble when the tide comes in? In the digital world, our information is like that sandcastle, constantly under threat from waves of cyberattacks. A cybersecurity course is like learning to build a fortress for your information!
This course will teach you how to protect yourself from sneaky online characters who might try to steal your passwords, photos, or even mess with your computer. You'll learn about things like:
* **Spotting online traps:** Phishing emails that look real but could steal your info, and websites that might be hiding malware (like tiny digital monsters).
* **Building strong defenses:** Creating powerful passwords and keeping your software up-to-date, like putting a big, strong lock on your digital door.
* **Fighting back (safely):** Learning how to identify and avoid threats, and what to do if something does go wrong.
By the end of this course, you'll be a cybersecurity champion, ready to defend your digital world and keep your information safe and sound!
Best Internet Service Provider In Bangladeshonesky2024
One Sky Communications Limited is a leading broadband service provider offering a range of high-speed internet packages tailored for diverse needs, including Home Internet, SME Internet, and Corporate solutions. Our commitment to connectivity extends beyond just internet services; we also provide advanced VTS (Vehicle Tracking Service) to ensure the safety and efficiency of your fleet. Additionally, we are dedicated to empowering individuals and businesses through our comprehensive IT training services, designed to enhance skills and drive technological proficiency. At One Sky Communications Limited, we are your trusted partner for seamless connectivity, security, and professional development.
Ethics guidelines for trustworthy AI (HIGH-LEVEL EXPERT GROUP ON ARTIFICIAL I...prb404
On 8 April 2019, the High-Level Expert Group on AI presented Ethics Guidelines for Trustworthy Artificial Intelligence. This followed the publication of the guidelines' first draft in December 2018 on which more than 500 comments were received through an open consultation.
According to the Guidelines, trustworthy AI should be:
(1) lawful - respecting all applicable laws and regulations
(2) ethical - respecting ethical principles and values
(3) robust - both from a technical perspective while taking into account its social environment
Tama Tonga MFT T shirts Tama Tonga MFT T shirtsexgf28
Tama Tonga MFT T shirts
https://www.pinterest.com/youngtshirt/tama-tonga-mft-t-shirts/
Tama Tonga MFT T shirts,Tama Tonga MFT shirt,Tama Tonga MFT Sweatshirts,MFT T shirts Grabs yours today. tag and share who loves it.
IP address - Past, Present and Future presented by Paul WilsonAPNIC
Paul Wilson, Director General of APNIC delivered a keynote presentation on 'IP address - Past, Present and Future' at MyNOG 11 held in Kuala Lumpur, Malaysia on the 5 June 2024.
IP address - Past, Present and Future presented by Paul Wilson
Vmware vsan-layer2-and-layer3-network-topologies
1. VMware Virtual SAN
Layer 2 and Layer 3
Network Topologies
Deployments
T E C H N I C A L W H I T E P A P E R
2. T E C H N I C A L W H I T E P A P E R / 1
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
Table of Contents
Introduction.........................................................................................................................................2
Network and vSphere Technologies ............................................................................................2
Networking Related Technologies........................................................................................................... 2
IP Multicast....................................................................................................................................................... 2
Internet Group Management Protocol (IGMP).............................................................................. 2
Protocol-Independent Multicast (PIM).............................................................................................. 3
vSphere Related Technologies ..................................................................................................................4
vSphere Virtual Switch ..............................................................................................................................4
VMkernel Network Interface................................................................................................................... 5
Static Routes................................................................................................................................................... 7
Hosts Profiles..................................................................................................................................................8
Supported Network Topologies ....................................................................................................9
Layer 2 Network Topologies.......................................................................................................................9
Layer 2 Physical Network Configuration ..............................................................................................9
Cisco Hardware Devices...........................................................................................................................11
Brocade Hardware Devices.....................................................................................................................11
Layer 3 Network Topologies......................................................................................................................12
Layer 3 Physical Network Configuration.............................................................................................13
Virtual Network Configuration..................................................................................................... 18
Creating vSphere Distributed Switch....................................................................................................18
Creating vSphere Distributed Port Groups ........................................................................................18
Creating VMkernel Network Interface for Virtual SAN.................................................................18
Host Configuration Information................................................................................................................19
Adding Host Static Routes .........................................................................................................................19
Enable and Configure Virtual SAN........................................................................................................ 20
Validating Virtual SAN Configuration and Health .................................................................. 21
Summary ........................................................................................................................................... 23
Acknowledgments.......................................................................................................................... 23
Author ................................................................................................................................................ 23
3. T E C H N I C A L W H I T E P A P E R / 2
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
Introduction
VMware Virtual SAN is a distributed object storage platform that depends on IP Network connectivity to provide
access to storage resources and storage management infrastructure services. Virtual SAN requires that all of the
participating hosts can communicate over an IP network and are members of the same vSphere Cluster.
The locally attached storage devices from all of the hosts are pooled and presented as a single datastore to all
members of the cluster once they have established IP connectivity and can communicate on the same Ethernet
Layer 2 domain.
Virtual SAN clusters can also be formed with hosts that are connected to different Layer 3 network segments.
The network Layer 3 segments must first be configured with IP Multicast in order to make all segments reachable
by all the members of the cluster.
Although the Virtual SAN network traffic and Virtual Machine traffic can coexist on the same networks, this paper
will not cover the configuration semantics and tuning of Virtual Machine network traffic.
The focus of this paper is based on the physical network and vSphere related technologies that are required to
deploy Virtual SAN across Layer 2 and Layer 3 topologies.
This paper will help virtualization, network, and storage implementation engineers, administrators, and architects
interested in deploying Virtual SAN on Layer 2 and across Layer 3 network topologies.
Network and vSphere Technologies
This section provides an overview and description of the different physical network and vSphere technologies
that are required for deployments of Virtual SAN across Layer 2 and Layer 3 IP network topologies.
Networking Related Technologies
IP Multicast
IP Multicast is an IP Network communication mechanism used to efficiently send communications to many
recipients. The communication can be in the form of one source to many recipients (one-to-many) or many
sources to many recipients (many-to-many).
The recipients may be located in the same Layer 3 segment or distributed across multiple Layer 3 segments. In
the case where the recipients are in the same Layer 3 segment, the recipients will also share the same Ethernet
Layer 2 domain.
An IP Multicast address is called a Multicast Group (MG). IP Multicast relies on communication protocols used by
hosts, clients, and network devices to participate in multicast-based communications.
Communication protocols such as Internet Group Management Protocol (IGMP) and Protocol Independent
Multicast (PIM) are integral components and dependencies for the use IP multicast communications.
IP Multicast is a fundamental requirement of Virtual SAN. Virtual SAN depends on IP multicast communication for
the process of joining and leaving cluster groups as well as other intra-cluster communication services. IP
multicast must be enabled and configured in the IP Network segments that will carry the Virtual SAN traffic
service.
Internet Group Management Protocol (IGMP)
IGMP is a communication protocol used to dynamically add receivers to IP Multicast group memberships. The
IGMP operations are restricted within individual Layer 2 domains. IGMP allows receivers to send requests to the
Multicast Groups they would like to join.
Becoming a member of Multicast Groups allows the routers to know to forward traffic that is destined for the
4. T E C H N I C A L W H I T E P A P E R / 3
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
Multicast Groups on the Layer 3 segment where the receiver is connected. This allows the switch to keep a table
of the individual receivers that need a copy of the Multicast Group traffic.
The participating hosts in a Virtual SAN cluster will negotiate for IGMP version 3. If the network does not support
IGMP version 3, the hosts will fall back to IGMP version 2. VMware recommends that the same version of IGMP be
used in all Layer 3 segments.
Protocol-Independent Multicast (PIM)
Protocol-Independent Multicast (PIM) is a family of Layer 3 multicast routing protocols that provide different
communication techniques for IP Multicast traffic to reach receivers that are in different Layer 3 segments from
the Multicast Groups sources. There are different versions of PIM, each of which is best suited for different IP
Multicast topologies. The main four versions of PIM are these:
• PIM Dense Mode (PIM-DM) – Dense Mode works by building a unidirectional shortest-path tree from each
Multicast Groups source to the Multicast Groups receivers, by flooding multicast traffic over the entire Layer 3
Network and then pruning back branches of the tree where no receivers are present. Dense Mode is
straightforward to implement and it is best suited for small Multicast deployments of one-to-many.
• PIM Sparse Mode (PIM-SM) – Sparse Mode avoids the flooding issues of Dense Mode by assigning a root
entity for the unidirectional Multicast Groups shortest-path tree called a rendezvous point (RP). The
rendezvous point is selected in a per Multicast Group basis.
Figure 1: Layer 3 Network PIM Sparse Mode Communication Flow
Sparse Mode scales fairly well for larger Layer 3 Networks and is best suited for one-to-many Multicast
topologies. If the network only supports IGMP version 2, VMware recommends the use of PIM-SM for Virtual SAN
deployments over Layer 3.
• Bidirectional PIM (Bi-PIM) – Bidirectional PIM assumes that there are many MGs that have many sources
and many receivers (many-to-many). Whereas Sparse Mode can manage many-to-many Multicast
topologies, Bidirectional PIM does it by reducing the load on the Multicast routers as compared to Sparse
Mode.
Bidirectional PIM does not build a shortest-path tree, so MG data paths may have longer end-to-end delays
than Sparse Mode, however Bidirectional PIM allows for a Multicast Group traffic to flow both ways over the
same data path.
• PIM Source-Specific Multicast (PIM-SSM) – Source Specific Multicast is similar to Sparse Mode but it carries
information about the IP of the source. Receivers join Multicast Groups based on the source of the Multicast
Groups.
5. T E C H N I C A L W H I T E P A P E R / 4
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
Figure 2: Layer 3 Network PIM Source Specific Mode Communication Flow
With Source Specific Multicast, shortest-path trees are built and are rooted in just one source, offering a more
secure and scalable model for a limited amount of applications (mostly broadcasting of content).
If the networks are configured with IGMP version 3, then Source Specific Multicast requires the receivers to
support IGMP version 3.
vSphere Related Technologies
vSphere Virtual Switch
VMware Virtual SAN supports the use of both the vSphere Standard Switch and vSphere Distributed Switch.
However, VMware recommends the use of the vSphere Distributed Switch to take advantage of its centralized
management capabilities as well as advanced network features.
Figure 3: VMware Distributed Switched - QoS with Network I/O Control
The Virtual SAN network configuration can be implemented with vSphere standard or distributed switches. In
either case, the networking configuration requirements and behavior remain relatively the same.
vSphere Distributed switches provide several advantages around management, advanced network features, and
scalability capabilities that are all conducive the benefits and values of VMware Virtual SAN.
vSphere Distributed Switches facilitate large scale deployments with the support of up to 500 hosts per switch.
They also provide access to advanced network features such as Network I/O Control and IP Multicast Filtering.
For scenarios where different network traffic services share physical network adapters, VMware recommends the
6. T E C H N I C A L W H I T E P A P E R / 5
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
use of Network I/O Control as mechanism for bandwidth allocation control for traffic management optimization
(QoS).
Note: While the use of the vSphere Distributed Switch and the Network I/O Control feature are typically part of
the vSphere Enterprise Plus licensing SKU, their use is also exclusively included as part of the VMware Virtual
SAN license agreement.
VMkernel Network Interface
The VMkernel networking layer provides network connectivity to hosts and also handles the standard system
traffic of multiple vSphere network services such as vSphere vMotion, IP storage, Fault Tolerance, Virtual SAN,
and others.
Figure 4: Creating a VMkernel network Interface associated with Virtual SAN Traffic Service
Any host that is going to participate as a member of a Virtual SAN cluster must have the Virtual SAN traffic
service associated with a VMkernel network interface.
The Virtual SAN traffic service will automatically assign the default multicast address settings to each host which
will then make them eligible to send frames to a default Multicast Group, and Multicast Group Agent.
• Virtual SAN Default Multicast Group address 224.1.2.3
• Virtual SAN Default Multicast Group Agent address 224.2.3.4
The physical uplinks used by the Virtual SAN network interfaces should be connected to physical switches that
are configured with IGMP and IGMP Snooping version 2 or version 3 on a common network segment that will
carry the Virtual SAN network traffic.
When deploying on a Layer 2 network, one of the switches on that network segment (VLAN) should be
configured as the IGMP Querier.
Alternatively, when the deployment is being performed across Layer 3 network segments, a Layer 3 capable
device (router or switch) with a connection and access to the same Layer 3 network segments can be configured
as the IGMP Querier.
7. T E C H N I C A L W H I T E P A P E R / 6
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
At this point, the hosts will establish their method of communication by joining the Virtual SAN default Multicast
Group addresses, 224.1.2.3 and default Multicast Group Agent addresses 224.2.3.4.
In order to avoid unnecessary IP multicast floods within the Layer 2 segments, VMware recommends configuring
IGMP snooping with an IGMP Querier in order to control the number of physical ports on the switches that will
receive IP multicast frames.
For optimal network communication and efficiency, Virtual SAN multicast frames should be exclusively
forwarded to the ports that are associated with the uplinks of the VMkernel network interfaces that are
configured to carry the Virtual SAN traffic.
Figure 5: Multiple Virtual SAN Clusters
In scenarios with multiple Virtual SAN clusters, VMware recommends changing the default Multicast Group
address and the default Multicast Group Agent address when the different clusters will share the same Layer 2
network segment.
This will prevent the clusters from receiving unnecessary multicast frames from one another.
In scenarios where members of a cluster have been deployed across different network segments (Layer 3),
VMware recommends changing the default Multicast Group address and default Multicast Group Agent address.
VMware recommends the use of the Multicast Address range of 239.0.0.0/8 when changing the default
addresses. Also, consult with members of the network team in order to identify the adequate Multicast Group
addresses to use in order to comply with any potential Multicast Addressing policies that may exist.
For detailed instruction on how to change the default multicast address for Virtual SAN, please refer to the
VMware Knowledge Base article 2075451.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2075451
TCP/IP Stacks
vSphere 6.0 introduced a new TCP/IP Stack architecture where multiple TPC/IP stacks can be utilized to manage
different VMkernel network interfaces and their associated traffic.
As a result, the new architecture provides the ability to configure traffic services such vMotion, Management,
Fault Tolerance, etc. on completely isolated TCP/IP stacks with the ability to use multiple default gateways.
For network traffic isolation and security requirements, VMware recommends deploying the different traffic
services onto different network segments in an order to prevent the different traffic services from traversing
through the same default gateway.
8. T E C H N I C A L W H I T E P A P E R / 7
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
Figure 6: vSphere Multiple TCP/IP Stack Architecture
In order to configure the traffic services onto separate TCP/IP stacks, each traffic service type needs to be
deployed onto their own network segments.
The network segments will be accessed through a physical network adapter with VLAN segmentation and
individually mapped to dissimilar VMkernel network interfaces with the respective traffic services (Virtual SAN,
vMotion, Management, etc.) enabled.
Built-in TCP/IP stacks available in vSphere:
• Default TCP/IP Stack – multi-purpose stack that can be used to manage any of the host related traffic
services. Shares a single default gateway between all configured network services.
• vMotion TCP/IP Stack – utilized to isolate vMotion traffic onto its own stack. The use of this stack
completely removes or disable vMotion traffic from the default TCP/IP stack.
• Provisioning TCP/IP Stack – utilized to isolate some virtual machine related operations such as cold
migrations, cloning, snapshot, NFC related traffic.
It is assumed that environments with isolated network requirements for the vSphere traffic services will not be
able to use the same default gateway to direct traffic.
The use of the different TCP/IP stacks facilitates the management for traffic isolation with the ability to use
different default gateways.
Currently, vSphere 6.0 does not include a dedicated TCP/IP stack for the Virtual SAN traffic service nor the
supportability for the creation of custom Virtual SAN TCP/IP stack.
To ensure Virtual SAN traffic in Layer 3 network topologies leaves over the Virtual SAN VMkernel network
interface, add the Virtual SAN VMkernel network interface to the Default TCP/IP Stack and define static routes for
all of the Virtual SAN cluster members.
Static Routes
The use of static routes is required by traffic services for which vSphere does not provide a non-Default TCP/IP
stack.
In the VMware recommended deployment scenario where the Management and Virtual SAN traffic services are
configured to use different Layer 3 network segments, they will share the Default TCP/IP Stack but be configured
in different Layer 2 domains.
The default route for the Default TCP/IP Stack should remain with the Management VMkernel network interface.
Static routes will be added for the Virtual SAN traffic to egress of the Virtual SAN VMkernel network interface.
9. T E C H N I C A L W H I T E P A P E R / 8
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
It is only necessary to configure a single static route per host for each remote Virtual SAN Layer 3 segment or a
single summary static route if the Virtual SAN Layer 3 segment addressing plan allows it.
Figure 7: Static Route Logical Diagram
Hosts Profiles
Consider the use of Host Profiles as a management option to deal with the operating management functions of
the communications paths that are established with the use of static routes.
Host Profiles provide an automated and centrally managed mechanism for host configuration and compliance.
The use of Host Profiles reduces configuration risks, and can improve efficiency by reducing reliance on
repetitive, manual tasks.
Host Profiles provide the ability to capture the configuration of a pre-configured host, and store the configuration
as a managed object and use the catalog of parameters contained within to configure networking, storage,
security and other host-level parameters.
Figure 8: Host Profiles to Storing Static Routes
10. T E C H N I C A L W H I T E P A P E R / 9
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
Static routes are stored within the Hosts Profiles as part of their catalog parameters. Host Profiles can be applied
to either individual hosts or a cluster; applying a Host Profile to a cluster will affect all hosts in the cluster and
result in a consistent configuration across all hosts in that cluster.
Host Profiles can also be used to validate the system configuration by checking compliance for any host or
cluster against an associated standardized Host Profile.
Supported Network Topologies
This section covers the different supported network topologies and the impact they introduce to the overall
deployment and management of Virtual SAN in different network scenarios.
Layer 2 Network Topologies
Layer 2 network topologies are defined as networking architectures that are composed of devices that operate at
the Data Link layer (Layer 2) of the OSI model.
This network topology is responsible for forwarding packets through intermediate Layer 2 devices such as hosts,
bridge, or switches.
It is required that all of the hosts participating in a Virtual SAN cluster are able to establish communication
through the VMkernel interface connected to a common Layer 2 network segment.
The Layer 2 network topology offers the least complex implementation and management of the IP Multicast
requirements for Virtual SAN while constraining the radius of the cluster.
All cluster members will send IGMP join requests over the VMkernel network interfaces that are used for the
Virtual SAN traffic service.
By default, the hosts will negotiate their communication for IGMP version 3 and failback to IGMP version 2
whenever the physical network device does not support IGMP version 3.
For maximum Layer 2 traffic efficiency, VMware recommends the use and configuration of IGMP Snooping in all
the switches configured in the Layer 2 network segment where Virtual SAN is present.
IGMP Snooping allows physical network devices to forward Multicast frames to only the interfaces where IGMP
Join requests are being observed.
Layer 2 Physical Network Configuration
This section covers the physical network configuration procedures to enable IP Multicast for Virtual SAN. The
configuration is focused on IGMP snooping and IGMP snooping Querier.
We will assume all members of the cluster are in the same Layer 2 network segment, represented by VLAN 10. In
this scenario the role of IGMP Querier will be performed by a physical switches and not a router.
11. T E C H N I C A L W H I T E P A P E R / 1 0
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
Figure 9: Virtual SAN Layer 2 Network Topology
For this scenario we will provide two different configuration examples that will be based on two different vendor
platforms. The first example is based on the configuration of Cisco Nexus switch devices operating with the Cisco
Nexus platform OS with IGMP version 3.
The second example is based on the configuration of Brocade VDX switch devices with IGMP version 2. Currently,
Brocade VDX switch devices do not support IGMP version 3 and therefore the configuration will be based on
IGMP version 2.
The configuration procedures for IP Multicast varies between different vendors and their respective network
devices. Consult the network device vendor documentation for in-depth details and specific advanced
procedures that go beyond the scope of this document.
12. T E C H N I C A L W H I T E P A P E R / 1 1
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
Cisco Hardware Devices
The following a sample configuration of IGMP version 3 (enabled by default per VLAN) in Nexus 6000 running
NX-OS 7.0(3):
Cisco Switch 1
configure terminal
ip igmp snooping
interface vlan 10
ip igmp snooping
Cisco Switch 2
configure terminal
ip igmp snooping
interface vlan 10
ip igmp snooping
ip igmp snooping querier 172.16.10.253
Cisco Switch 3
configure terminal
ip igmp snooping
interface vlan 10
ip igmp snooping
Brocade Hardware Devices
The following is a sample configuration of IGMP version 2 in VDX 6740s running NOS 7.0.0:
Brocade Switch 1
configure terminal
ip igmp snooping enable
interface vlan 10
ip igmp snooping enable
Brocade Switch 2
configure terminal
ip igmp snooping enable
interface vlan 10
ip igmp snooping enable
ip igmp snooping querier enable
Brocade Switch 3
configure terminal
ip igmp snooping enable
interface vlan 10
ip igmp snooping enable
13. T E C H N I C A L W H I T E P A P E R / 1 2
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
Layer 3 Network Topologies
Layer 3 network topologies are defined as networking architectures that are composed of devices that are
capable of operating at the network layer (Layer 3) of the OSI model.
This network topology is responsible for routing packets through intermediate Layer 3 capable devices such as
routers and Layer 3 capable switches.
All Virtual SAN cluster members are required to join the cluster’s Multicast Group by sending IGMP Join requests
over the VMkernel network interfaces that are being used for the Virtual SAN traffic service.
Whenever hosts are deployed across different Layer 3 network segments, the result is a routed network
topology.
Figure 10: Virtual SAN Over a Layer 3 Network Topology
However, since there is a need for those requests to be sent by each Layer 3 segment Default Gateway, the IGMP
Querier has to be the Default Gateway itself.
The Default Gateway will use the Multicast Group memberships from the IGMP Joins to update the PIM protocol
running.
In Layer 3 Network topologies, VMware recommends the use and configuration of IGMP Snooping in all the
switches configured in the Layer 2 domains where hosts participating in the Virtual SAN cluster will be present.
14. T E C H N I C A L W H I T E P A P E R / 1 3
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
Layer 3 Physical Network Configuration
This section covers the configuration procedures for IGMP snooping, IGMP Querier and PIM. We will assume that
there are three Layer 2 domains, each with its own Layer 3 segment. The Layer 2 domains will be represented by
VLANs 10, 172 and 192, as shown in the figure below.
Two configuration examples are provided: one based on the Cisco Nexus platform (with IGMP version 3 and
Source Specific Multicast) and the Brocade VDX (with IGMP version 2 and Sparse Mode).
Configuration procedures are typically different based on hardware vendor’s implementation. Consult the
hardware vendor documentation for in-depth and specific procedures that are beyond the scope of this
document.
Figure 11: Layer 3 Network Logical Design
NETW OR KS SU BNE TS VLAN ROUTE R LO0 MGM AGM RP
VSAN1 172.16.10.0/24 172 R1 1.1.1.1 224.1.2.3 224.2.3.4 2.2.2.2
VSAN2 192.16.10.0/24 192 R2 2.2.2.2 224.1.2.3 224.2.3.4 2.2.2.2
VSAN3 10.16.10.0/24 10 R3 3.3.3.3 224.1.2.3 224.2.3.4 2.2.2.2
Table 1: Network Information Configuration Table
MGM - Master Group Multicast Lo0 - Loopback Interface 0
AGM - Agent Group Multicast RP - Rendezvous Point
15. T E C H N I C A L W H I T E P A P E R / 1 4
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
Cisco Hardware Devices
The following a sample configuration of IGMP version 3 (enabled by default per VLAN) and Sparse Mode in Nexus
6000 running NX-OS 7.0(3)
Cisco Switch 1 (S1)
configure terminal
ip igmp snooping
vlan configuration 172
ip igmp snooping
Cisco Switch 2 (S2)
configure terminal
ip igmp snooping
vlan configuration 192
ip igmp snooping
Cisco Switch 3 (S3)
configure terminal
ip igmp snooping
vlan configuration 10
ip igmp snooping
Cisco Router 1 (R1)
configure terminal
feature pim
ip pim rp-address 2.2.2.2 group-list 224.1.2.3/32
ip pim rp-address 2.2.2.2 group-list 224.2.3.4/32
interface vlan 201
description Network Uplink
ip address 20.1.1.1/30
ip pim sparse-mode
interface vlan 172
ip address 172.16.10.253/24
ip router ospf 9 area 0.0.0.0
ip igmp snooping
ip igmp snooping querier 172.16.10.253
interface Loopback 1
ip address 1.1.1.1/32
ip router ospf 9 area 0.0.0.0
Cisco Router 2 (R2)
configure terminal
feature pim
ip pim rp-address 2.2.2.2 group-list 224.1.2.3/32
ip pim rp-address 2.2.2.2 group-list 224.2.3.4/32
interface vlan 202
description Network Uplink
ip address 20.1.2.1/30
ip pim sparse-mode
interface vlan 192
ip address 192.16.10.253/24
ip router ospf 9 area 0.0.0.0
ip igmp snooping
ip igmp snooping querier 192.16.10.253
interface Loopback 2
ip address 2.2.2.2/32
ip router ospf 9 area 0.0.0.0
16. T E C H N I C A L W H I T E P A P E R / 1 5
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
Cisco Router 3 (R3)
configure terminal
feature pim
ip pim rp-address 2.2.2.2 group-list 224.1.2.3/32
ip pim rp-address 2.2.2.2 group-list 224.2.3.4/32
interface vlan 203
description Network Uplink
ip address 20.1.3.1/30
ip pim sparse-mode
interface vlan 10
ip address 10.16.10.253/24
ip router ospf 9 area 0.0.0.0
ip igmp snooping
ip igmp snooping querier 10.16.10.253
interface Loopback 3
ip address 3.3.3.3/32
ip router ospf 9 area 0.0.0.0
17. T E C H N I C A L W H I T E P A P E R / 1 6
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
Brocade Hardware Devices
The following a sample configuration of IGMP version 2 and Sparse Mode in VDX 6740s running NOS 7.0.0.
Brocade Switch 1 (S1)
configure terminal
ip igmp snooping enable
interface vlan 172
ip igmp snooping enable
Brocade Switch 2 (S2)
configure terminal
ip igmp snooping enable
interface vlan 192
ip igmp snooping enable
Brocade Switch 3 (S3)
configure terminal
ip igmp snooping enable
interface vlan 10
ip igmp snooping enable
Brocade Router 1 (R1)
configure terminal
interface vlan 201
interface vlan 172
ip igmp snooping enable
ip igmp snooping querier enable
rbridge-id 101
router pim
rp-address 2.2.2.2
router ospf
area 0.0.0.0
interface loopback 1
ip address 1.1.1.1/32
ip ospf area 0.0.0.0
no shutdown
interface ve 201
description Network Uplink
ip address 20.1.1.1/30
ip ospf area 0.0.0.0
ip pim-sparse
no shutdown
interface ve 172
ip address 172.16.10.1/24
ip ospf area 0.0.0.0
no shutdown
18. T E C H N I C A L W H I T E P A P E R / 1 7
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
Brocade Router 2 (R2)
configure terminal
interface vlan 202
interface vlan 192
ip igmp snooping enable
ip igmp snooping querier enable
rbridge-id 102
router pim
rp-address 2.2.2.2
router ospf
area 0.0.0.0
interface loopback 2
ip address 2.2.2.2/32
ip ospf area 0.0.0.0
no shutdown
interface ve 202
description Network Uplink
ip address 20.1.2.1/30
ip ospf area 0.0.0.0
ip pim-sparse
no shutdown
interface ve 192
ip address 192.16.10.1/24
ip ospf area 0.0.0.0
no shutdown
Brocade Router 3 (R3)
configure terminal
interface vlan 203
interface vlan 10
ip igmp snooping enable
ip igmp snooping querier enable
rbridge-id 103
router pim
rp-address 2.2.2.2
router ospf
area 0.0.0.0
interface loopback 3
ip address 3.3.3.3/32
ip ospf area 0.0.0.0
no shutdown
interface ve 203
description Network Uplink
ip address 20.1.3.1/30
ip ospf area 0.0.0.0
ip pim-sparse
no shutdown
interface ve 10
ip address 10.16.10.1/24
ip ospf area 0.0.0.0
no shutdown
19. T E C H N I C A L W H I T E P A P E R / 1 8
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
Virtual Network Configuration
This section details the configuration procedures for the virtual network components and features such as
vSphere Distributed Switch, vSphere Distributed Port Groups, VMkernel Network Interfaces, Virtual SAN Traffic
service, and hosts static routes.
Creating vSphere Distributed Switch
Create a vSphere distributed switch on a data center to manage the networking configuration of multiple hosts at
a time from a central place.
• From the vSphere Web Client, navigate to a data center.
• In the navigator, right-click the data center and select Distributed Switch > New Distributed Switch.
• In Name and Location, type a name for the new distributed switch and click Next.
• Select version, select the compatible with ESXi 6.0 and later and click Next
• In Edit Settings configure the distributed switch settings according to environment requirements. Click next,
then Finish.
Creating vSphere Distributed Port Groups
Add a distributed port group to a vSphere Distributed Switch to create a distributed switch network to associate
with VMkernel adapters.
• From the vSphere Web Client, navigate to the distributed switch.
• Right-click the distributed switch and select Distributed port group > New distributed port group.
• In the Select name and location section, type the name of the new distributed port group, VSAN1, and click
Next.
• In the Configure settings section, configure VLAN (172), and Failover Order. Set one uplink to active, and the
other to standby, then keep the default settings beyond that and click Next, and then Finish.
Creating VMkernel Network Interface for Virtual SAN
Create a VMkernel adapter on a host that is associated with a distributed switch to provide network connectivity
to the host and to handle the traffic for Virtual SAN. Dedicate a single distributed port group per VMkernel
adapter. For better isolation, you should configure one VMkernel adapter with one traffic type.
• From the vSphere Web Client, navigate to the host
• Under Manage, select Networking and then select VMkernel adapters.
• Click Add host networking.
• On the Select connection type page, select VMkernel Network Adapter and click Next.
• From the Select an existing network option, select a distributed port group and click Next.
• On the Port properties page, configure the settings for the VMkernel adapter based on the network
information listed on table 2. Enable the Virtual SAN traffic service, then click Next, then Finish.
20. T E C H N I C A L W H I T E P A P E R / 1 9
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
Host Configuration Information
N E T W O R K S H O S T S V S A N V M K I P S U B N E T S V L A N
VSAN1 octo.vsan.a.01 172.16.10.9/24 172.16.10.0/24 172
VSAN1 octo.vsan.a.02 172.16.10.10/24 172.16.10.0/24 172
VSAN1 octo.vsan.a.03 172.16.10.11/24 172.16.10.0/24 172
VSAN1 octo.vsan.a.04 172.16.10.12/24 172.16.10.0/24 172
VSAN2 octo.vsan.b.01 192.16.10.9/24 192.16.10.0/24 192
VSAN2 octo.vsan.b.02 192.16.10.10/24 192.16.10.0/24 192
VSAN2 octo.vsan.b.03 192.16.10.11/24 192.16.10.0/24 192
VSAN2 octo.vsan.b.04 192.16.10.12/24 192.16.10.0/24 192
VSAN3 octo.vsan.c.01 10.16.10.9/24 10.16.10.0/24 10
VSAN3 octo.vsan.c.02 10.16.10.10/24 10.16.10.0/24 10
VSAN3 octo.vsan.c.03 10.16.10.11/24 10.16.10.0/24 10
VSAN3 octo.vsan.c.04 10.16.10.12/24 10.16.10.0/24 10
Table 2: Host Network Information Configuration Table
Adding Host Static Routes
Static routes are used to instruct the Default TCP/IP Stack to use a different default gateway to direct the Virtual
SAN traffic through the necessary paths to reach the remote Virtual SAN networks.
Static routes are required by all the hosts between all the different individual Virtual SAN networks.
N E T W O R K S S U B N E T S G A T E W A Y S V L A N S R O U T E R S
VSAN1 172.16.10.0/24 172.16.10.253 172 R1
VSAN2 192.16.10.0/24 192.16.10.253 192 R2
VSAN3 10.16.10.0/24 10.16.10.253 10 R3
Table 3: Virtual SAN Network Addresses
• Static Routes for hosts on VSAN 1 Network:
esxcli network ip route ipv4 add –g 172.16.10.253 -n 192.168.10.0/24
esxcli network ip route ipv4 add –g 172.16.10.253 -n 10.16.10.0/24
• Static Routes for hosts on VSAN 2 Network:
esxcli network ip route ipv4 add –g 192.168.10.253 -n 172.16.10.0/24
esxcli network ip route ipv4 add –g 192.168.10.253 -n 10.16.10.0/24
• Static Routes for hosts on VSAN 3 Network:
esxcli network ip route ipv4 add –g 10.16.10.253 -n 172.16.10.0/24
esxcli network ip route ipv4 add –g 10.16.10.253 -n 10.16.10.0/24
After adding the static routes, the Virtual SAN traffic connectivity should be available across all networks.
Use the vmkping command test and confirm communication between the different networks by pinging the
different default gateway from all three networks.
• Test connectivity to remote hosts from VSAN 1 Network:
vmkping –I vmk3 192.168.10.253
vmkping –I vmk3 10.16.10.253
• Test connectivity to remote hosts from VSAN 2 Network:
vmkping –I vmk3 172.16.10.253
vmkping –I vmk3 10.16.10.253
21. T E C H N I C A L W H I T E P A P E R / 2 0
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
• Test connectivity to remote hosts from VSAN 2 Network:
vmkping –I vmk3 192.168.10.253
vmkping –I vmk3 172.16.10.253
Note: Use vmkping to validate the connectivity across all hosts in all three networks after the VMkernel network
interfaces have been created on each host.
Enable and Configure Virtual SAN
Once all the necessary physical and virtual networking configurations have been successfully implemented, it is
time to enable Virtual SAN. Virtual SAN can be enabled during or after a vSphere Cluster is created.
• From the vSphere Web Client, navigate to a data center.
• In the navigator, right-click the data center and select right click > New cluster.
• Click Turn On Virtual SAN
Figure 12: Enable Virtual SAN
After enabling Virtual SAN, the Virtual SAN storage provider is automatically registered with the vCenter Server
and the Virtual SAN datastore is created across the Layer 3 fabric.
22. T E C H N I C A L W H I T E P A P E R / 2 1
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
Validating Virtual SAN Configuration and Health
Once Virtual SAN has been enabled, the cluster’s communication and membership can be validated in multiple
ways ranging from the vSphere Web Client to multiple command line interface tools available in vSphere.
The vSphere Web Client offers multiple locations in the UI that offer overall configuration status as well as the
health and validation of the network configuration.
Overall Network Status – navigate to the cluster management view and general settings. If all the members of the
cluster are successfully communicating via the assigned multicast group and address, the network status is
displayed as normal.
Figure 13: Virtual SAN Network Communication Status
Detailed Network Health and Multicast Assessment – navigate to the clusters monitoring view for Virtual SAN.
Review the Network health section that contains several checkpoints for network health and configuration
validation points.
23. T E C H N I C A L W H I T E P A P E R / 2 2
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
Figure 14: Virtual SAN Network Configuration Health
We recommend re-testing the network health and multicast assessment after making any future network
changes by clicking the Retest button.
Regardless of the deployment model of choice, Virtual SAN supported hardware options are based on industry
standard storage components.
24. T E C H N I C A L W H I T E P A P E R / 2 3
VMware Virtual SAN Layer 2 and Layer 3
Network Topologies Deployments
Summary
VMware Virtual SAN is the next evolution in Storage Virtualization. Virtual SAN implementations leverage the
already existing IP Network infrastructure to maximize return on investment while reducing OPEX.
From a deployment perspective, the Virtual SAN network stack is flexible and supported over Layer 2 and Layer
3 network topologies.
Virtual SAN implementations over Layer 2 network topologies present the least amount of network complexity to
implement and simplest option to manage and maintain when compared to Layer 3 network topology
deployments.
Either way, VMware Virtual SAN deployments can be performed on Layer 2 as well as Layer 3 networking
topologies right out-of-the box.
Acknowledgments
I would like to thank: Christos Karamanolis, CTO of the Storage and Availability Business Unit at VMware; Duncan
Epping, Chief Architect; Cormac Hogan, Senior Staff Engineer in the Office of the CTO of the Storage and
Availability Business Unit; Madhu Nalamati, Staff Network Engineer; Ken Werneburg, Manager of the Storage and
Availability Technical marketing team at VMware for reviewing this paper.
I would also like to extend a special thanks to Elver Sena Sosa, CCIE 7321 and VCDX 154 Network Virtualization for
his time and contributing to this paper.
Author
Rawlinson Rivera is a Principal Architect in the Office of the CTO of the Storage and Availability Business Unit at
VMware, Inc. He specializes in cloud enterprise architectures, Hyper-converged Infrastructures (HCI).
Primarily focused on Software-Defined Storage such as Virtual SAN, vSphere Virtual Volumes, as well as storage
related solutions for OpenStack and Cloud-Native Applications. He serves as a trusted adviser to VMware's
customers primarily in the US.
Rawlinson is among the few VMware Certified Design Experts (VCDX #86) in the world, and author of multiple
books based on VMware and other technologies. He is the owner and main author of virtualization blog
punchingclouds.com.
• Follow Rawlinson’s blogs:
http://blogs.vmware.com/virtualblocks/
http://www.punchingclouds.com/
• Follow Rawlinson on Twitter: @PunchingClouds