Compliance and Storage Network Isolation
I have two tenants in a multitenant environment that access the same iSCSI array. The iSCSI array has a limitation in that can only use one IP address on one vLAN. the result of this is that using this array means sharing a vLAN between two tenants, even though it is a non-routed vLAN dedicated to iSCSI. (ESXi vmkernel adapters from HA clusters in both tenants connect to the same iSCSI array). Tenant A has no special compliance requirements, but Tenant B does. The LUNs in the storage array are mapped only to the appropriate IPs for the appropriate ESXi servers in the respective environments to access. But will sharing this vLAN among iSCSI vmkernel ports in both tenants mean that Tenant B will be non-compliant with respect to a standard such as HIPAA? The vmkernel ports would be in the same broadcast domain.
It matters if the traffic is routed or not. "Routing" traffic and "switching" traffic are two different things and the "bandiwidth" rating on "routing" traffic versus "switching" traffic are considerably lower. More takes place when a "packet" is routed than when it just uses layer 2 traffic. This must be taken in consideration when planning traffic between your VM servers and its respective "storage, VMs and etc. Personally, I would never have that traffic "routed". Never. Do it if you like. I wouldn't recommend it. Any time your "hop" to a target... you introduce latency. Maybe your network fabric can handle it now... But what will happen when you start adding to your environment?
Remember the maximumn throughput on a 1 GB connection is 125mbs. Even creating a 2 member bond just gives you 250/mbs. Throw a "hop" in the mix....... I just don't like the numbers. Especially if you're going to run several VM guests on one server.
I feel your pain. Oracle VM can be a complicated product to use if you don't understand its full functionality. If you don't have your system in production.... then change it. Go through the headache now. Oracle VM works very well when it is setup properly. Very well. I just implemented a RAC environment running Oracle's ERP systems for several hundred users. It works great. Haven't had one problem since the migration. Performance is spectacular...
Similar Messages
-
Auto Deploy and VCD Network Isolation - Not Working
Hello,
I have opened a support case about this issue, but the case is moving a lot slower than I would like to see. I thought I'd post here to see if anyone has ran into anything similar.
We recently switched our 24-host vCloud cluster (more info about this cluster below) over to Auto-Deploy (was using boot from USB). After the switch, we had a few complaints from customers that use isolated networks. It turns out that only 4 of our 24 hosts were working properly with isolated networks. All 24-hosts are using the same auto-deploy image.
When the hosts boot up, the vCloud Director web interface shows the following with green check marks: "Status", "Enabled", "Ready", "Available", and "VCD Network Isolation Capable".
To get my other 20 hosts working, I disabled all 20 hosts in the vCloud interface, unprepared them, and prepared them. After this, network isolation worked for those 20 hosts. When I reboot one of the hosts, the host still looks like it's good in the interface, but network isolation doesn't work until I disable, unprepare, and prepare.
Here is some more information about our environment:
vCenter build 2001466
ESXi Host Build 2702864
VCD Build 5.5.2.2000523
vShield Build 5.5.3
Here is the Deploy Rule that the hosts are using:
Name : UCS-2.2.1-pcloud.5.5.aln
PatternList : {oemstring=$SPT:ESX_PublicCloud_autod.2.2.x}
ItemList : {ESXi-5.5.0-autod-2.2.1.vshield}
I have confirmed that this is indeed the profile being used by looking at the Summary tab for the hosts and seeing the listed Image Profile.
And here is what's in that item:
PowerCLI D:\ImageBuild> Get-EsxSoftwarePackage
Name Version Vendor Creation Date
misc-cnic-register 1.72.1.v50.1i-1vmw.550.0.0.... VMware 9/19/2013 6:0...
scsi-lpfc820 8.2.3.1-129vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
scsi-megaraid-mbox 2.20.5.1-6vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
esx-xlibs 5.5.0-0.0.1331820 VMware 9/19/2013 6:0...
lpfc 10.0.100.1-1vmw.550.0.0.133... VMware 9/19/2013 6:0...
mtip32xx-native 3.3.4-1vmw.550.1.15.1623387 VMware 2/22/2014 1:1...
net-nx-nic 5.0.621-1vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
block-cciss 3.6.14-10vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
scsi-fnic 1.6.0.5-1OEM.500.0.0.472560 cisco 9/30/2013 11:...
net-enic 2.1.2.42-1OEM.500.0.0.472560 Cisco 9/5/2013 8:30...
sata-sata-sil24 1.1-1vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
rste 2.0.2.0088-4vmw.550.1.15.16... VMware 2/22/2014 1:1...
elxnet 10.0.100.0v-1vmw.550.0.0.13... VMware 9/19/2013 6:0...
scsi-aacraid 1.1.5.1-9vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
ata-pata-cmd64x 0.2.5-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
net-cnic 1.72.52.v55.1-1vmw.550.0.0.... VMware 9/19/2013 6:0...
scsi-adp94xx 1.0.8.12-6vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
net-be2net 4.6.100.0v-1vmw.550.0.0.133... VMware 9/19/2013 6:0...
net-ixgbe 3.7.13.7.14iov-12vmw.550.2.... VMware 4/29/2015 6:4...
net-igb 5.0.5.1.1-1vmw.550.2.54.240... VMware 1/1/2015 8:00...
epsec-mux 5.1.0-01814505 VMware 5/13/2014 4:3...
esx-base 5.5.0-2.62.2702864 VMware 4/29/2015 6:4...
ata-pata-sil680 0.4.8-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
ipmi-ipmi-msghandler 39.1-4vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
ata-pata-hpt3x2n 0.3.4-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
scsi-megaraid-sas 5.34-9vmw.550.2.33.2068190 VMware 8/23/2014 1:5...
scsi-mptsas 4.23.01.00-9vmw.550.0.0.133... VMware 9/19/2013 6:0...
net-bnx2 2.2.3d.v55.2-1vmw.550.0.0.1... VMware 9/19/2013 6:0...
ata-pata-via 0.3.3-2vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
ima-qla4xxx 2.01.31-1vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
ata-pata-amd 0.3.10-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
ata-pata-serverworks 0.4.3-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
sata-sata-promise 2.12-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
sata-sata-nv 3.5-4vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
ipmi-ipmi-devintf 39.1-4vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
scsi-ips 7.12.05-4vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
sata-sata-svw 2.3-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
scsi-mptspi 4.23.01.00-9vmw.550.0.0.133... VMware 9/19/2013 6:0...
net-e1000e 1.1.2-4vmw.550.1.15.1623387 VMware 2/22/2014 1:1...
esx-xserver 5.5.0-0.0.1331820 VMware 9/19/2013 6:0...
net-tg3 3.123c.v55.5-1vmw.550.2.33.... VMware 8/23/2014 1:5...
net-forcedeth 0.61-2vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
scsi-aic79xx 3.1-5vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
sata-ata-piix 2.12-10vmw.550.2.33.2068190 VMware 8/23/2014 1:5...
scsi-bnx2i 2.72.11.v55.4-1vmw.550.0.0.... VMware 9/19/2013 6:0...
ohci-usb-ohci 1.0-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
scsi-qla4xxx 5.01.03.2-6vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
scsi-qla2xxx 902.k1.1-9vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
net-mlx4-core 1.9.7.0-1vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
ata-pata-atiixp 0.4.6-4vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
misc-drivers 5.5.0-2.62.2702864 VMware 4/29/2015 6:4...
esx-dvfilter-generic-... 5.5.0-0.0.1331820 VMware 9/19/2013 6:0...
ata-pata-pdc2027x 1.0-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
qlnativefc 1.0.12.0-1vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
lsi-mr3 0.255.03.01-2vmw.550.1.16.1... VMware 4/15/2014 9:0...
vshield 5.5.3-2172759 VMware 9/30/2014 2:3...
net-vmxnet3 1.1.3.0-3vmw.550.2.39.2143827 VMware 9/18/2014 11:...
scsi-hpsa 5.5.0-44vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
tools-light 5.5.0-2.62.2702864 VMware 4/29/2015 6:4...
scsi-mpt2sas 14.00.00.00-3vmw.550.1.15.1... VMware 2/22/2014 1:1...
scsi-bnx2fc 1.72.53.v55.1-1vmw.550.0.0.... VMware 9/19/2013 6:0...
lsi-msgpt3 00.255.03.03-1vmw.550.1.15.... VMware 2/22/2014 1:1...
net-e1000 8.0.3.1-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
xhci-xhci 1.0-2vmw.550.2.39.2143827 VMware 9/18/2014 11:...
ipmi-ipmi-si-drv 39.1-4vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
sata-ahci 3.0-21vmw.550.2.54.2403361 VMware 1/1/2015 8:00...
net-bnx2x 1.72.56.v55.2-1vmw.550.0.0.... VMware 9/19/2013 6:0...
scsi-megaraid2 2.00.4-9vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
ehci-ehci-hcd 1.0-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
esx-tboot 5.5.0-2.33.2068190 VMware 8/23/2014 1:5...
uhci-usb-uhci 1.0-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
sata-sata-sil 2.3-4vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
vcloud-agent 5.5.0-1280396 VMware 8/17/2013 4:0...
net-mlx4-en 1.9.7.0-1vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
And here is the output of testing the deploy rule compliance:
PowerCLI D:\ImageBuild> Get-Cluster 0000000-ESXVCLOUDCL1.ALN | Get-VMHost |Test-
DeployRuleSetCompliance
VMHost ItemList
esx142269.vm.seo.... {}
esx140622.vm.seo.... {}
esx139784.vm.seo.... {}
esx140617.vm.seo.... {}
esx138793.vm.seo.... {}
esx135523.vm.seo.... {}
esx138945.vm.seo.... {}
esx138794.vm.seo.... {}
esx139783.vm.seo.... {}
esx140309.vm.seo.... {}
esx140310.vm.seo.... {}
esx140311.vm.seo.... {}
esx140313.vm.seo.... {}
esx140339.vm.seo.... {}
esx140614.vm.seo.... {}
esx140615.vm.seo.... {}
esx140616.vm.seo.... {}
esx140618.vm.seo.... {}
esx140619.vm.seo.... {}
esx140621.vm.seo.... {}
esx141947.vm.seo.... {}
esx141945.vm.seo.... {}
esx142271.vm.seo.... {}
esx142270.vm.seo.... {}
Here is another vib list from a host:
~ # esxcli software vib list
Name Version Vendor Acceptance Level Install Date
net-enic 2.1.2.42-1OEM.500.0.0.472560 Cisco VMwareCertified -
ata-pata-amd 0.3.10-3vmw.550.0.0.1331820 VMware VMwareCertified -
ata-pata-atiixp 0.4.6-4vmw.550.0.0.1331820 VMware VMwareCertified -
ata-pata-cmd64x 0.2.5-3vmw.550.0.0.1331820 VMware VMwareCertified -
ata-pata-hpt3x2n 0.3.4-3vmw.550.0.0.1331820 VMware VMwareCertified -
ata-pata-pdc2027x 1.0-3vmw.550.0.0.1331820 VMware VMwareCertified -
ata-pata-serverworks 0.4.3-3vmw.550.0.0.1331820 VMware VMwareCertified -
ata-pata-sil680 0.4.8-3vmw.550.0.0.1331820 VMware VMwareCertified -
ata-pata-via 0.3.3-2vmw.550.0.0.1331820 VMware VMwareCertified -
block-cciss 3.6.14-10vmw.550.0.0.1331820 VMware VMwareCertified -
ehci-ehci-hcd 1.0-3vmw.550.0.0.1331820 VMware VMwareCertified -
elxnet 10.0.100.0v-1vmw.550.0.0.1331820 VMware VMwareCertified -
epsec-mux 5.1.0-01814505 VMware VMwareCertified -
esx-base 5.5.0-2.62.2702864 VMware VMwareCertified -
esx-dvfilter-generic-fastpath 5.5.0-0.0.1331820 VMware VMwareCertified -
esx-tboot 5.5.0-2.33.2068190 VMware VMwareCertified -
esx-xlibs 5.5.0-0.0.1331820 VMware VMwareCertified -
esx-xserver 5.5.0-0.0.1331820 VMware VMwareCertified -
ima-qla4xxx 2.01.31-1vmw.550.0.0.1331820 VMware VMwareCertified -
ipmi-ipmi-devintf 39.1-4vmw.550.0.0.1331820 VMware VMwareCertified -
ipmi-ipmi-msghandler 39.1-4vmw.550.0.0.1331820 VMware VMwareCertified -
ipmi-ipmi-si-drv 39.1-4vmw.550.0.0.1331820 VMware VMwareCertified -
lpfc 10.0.100.1-1vmw.550.0.0.1331820 VMware VMwareCertified -
lsi-mr3 0.255.03.01-2vmw.550.1.16.1746018 VMware VMwareCertified -
lsi-msgpt3 00.255.03.03-1vmw.550.1.15.1623387 VMware VMwareCertified -
misc-cnic-register 1.72.1.v50.1i-1vmw.550.0.0.1331820 VMware VMwareCertified -
misc-drivers 5.5.0-2.62.2702864 VMware VMwareCertified -
mtip32xx-native 3.3.4-1vmw.550.1.15.1623387 VMware VMwareCertified -
net-be2net 4.6.100.0v-1vmw.550.0.0.1331820 VMware VMwareCertified -
net-bnx2 2.2.3d.v55.2-1vmw.550.0.0.1331820 VMware VMwareCertified -
net-bnx2x 1.72.56.v55.2-1vmw.550.0.0.1331820 VMware VMwareCertified -
net-cnic 1.72.52.v55.1-1vmw.550.0.0.1331820 VMware VMwareCertified -
net-e1000 8.0.3.1-3vmw.550.0.0.1331820 VMware VMwareCertified -
net-e1000e 1.1.2-4vmw.550.1.15.1623387 VMware VMwareCertified -
net-forcedeth 0.61-2vmw.550.0.0.1331820 VMware VMwareCertified -
net-igb 5.0.5.1.1-1vmw.550.2.54.2403361 VMware VMwareCertified -
net-ixgbe 3.7.13.7.14iov-12vmw.550.2.62.2702864 VMware VMwareCertified -
net-mlx4-core 1.9.7.0-1vmw.550.0.0.1331820 VMware VMwareCertified -
net-mlx4-en 1.9.7.0-1vmw.550.0.0.1331820 VMware VMwareCertified -
net-nx-nic 5.0.621-1vmw.550.0.0.1331820 VMware VMwareCertified -
net-tg3 3.123c.v55.5-1vmw.550.2.33.2068190 VMware VMwareCertified -
net-vmxnet3 1.1.3.0-3vmw.550.2.39.2143827 VMware VMwareCertified -
ohci-usb-ohci 1.0-3vmw.550.0.0.1331820 VMware VMwareCertified -
qlnativefc 1.0.12.0-1vmw.550.0.0.1331820 VMware VMwareCertified -
rste 2.0.2.0088-4vmw.550.1.15.1623387 VMware VMwareCertified -
sata-ahci 3.0-21vmw.550.2.54.2403361 VMware VMwareCertified -
sata-ata-piix 2.12-10vmw.550.2.33.2068190 VMware VMwareCertified -
sata-sata-nv 3.5-4vmw.550.0.0.1331820 VMware VMwareCertified -
sata-sata-promise 2.12-3vmw.550.0.0.1331820 VMware VMwareCertified -
sata-sata-sil24 1.1-1vmw.550.0.0.1331820 VMware VMwareCertified -
sata-sata-sil 2.3-4vmw.550.0.0.1331820 VMware VMwareCertified -
sata-sata-svw 2.3-3vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-aacraid 1.1.5.1-9vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-adp94xx 1.0.8.12-6vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-aic79xx 3.1-5vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-bnx2fc 1.72.53.v55.1-1vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-bnx2i 2.72.11.v55.4-1vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-hpsa 5.5.0-44vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-ips 7.12.05-4vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-lpfc820 8.2.3.1-129vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-megaraid-mbox 2.20.5.1-6vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-megaraid-sas 5.34-9vmw.550.2.33.2068190 VMware VMwareCertified -
scsi-megaraid2 2.00.4-9vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-mpt2sas 14.00.00.00-3vmw.550.1.15.1623387 VMware VMwareCertified -
scsi-mptsas 4.23.01.00-9vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-mptspi 4.23.01.00-9vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-qla2xxx 902.k1.1-9vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-qla4xxx 5.01.03.2-6vmw.550.0.0.1331820 VMware VMwareCertified -
uhci-usb-uhci 1.0-3vmw.550.0.0.1331820 VMware VMwareCertified -
vcloud-agent 5.5.0-1280396 VMware VMwareCertified -
vmware-fdm 5.5.0-2001466 VMware VMwareCertified -
vshield 5.5.3-2172759 VMware VMwareCertified -
xhci-xhci 1.0-2vmw.550.2.39.2143827 VMware VMwareCertified -
tools-light 5.5.0-2.62.2702864 VMware VMwareCertified -
scsi-fnic 1.6.0.5-1OEM.500.0.0.472560 cisco VMwareCertified -
Any help is appreciated. Thanks.Right now, on my test host (that is not working), I have two VMs, one named "Test 1" and the other "Test 2" They only have an isolated network on them (named "Test Isolated Network") that is in my VDC, and pings do not work between them. If I move them to any other host (that have been unprepared and prepared), pings work. I can move both to the same host, or different hosts.
Here is the fence info on this host, I'm not really sure how to interpret this:
~ # esxcli vcloud fence getfenceinfo
Module Parameters:
Host Key: 0x104b0
Configured LAN MTUs:
+------------------------------------------------------------------------------------------+
| LAN ID | 1 2 3 4 5 6 7 8 9 10 - - - - - - |
| MTU | 1500 1500 1500 1500 1500 1500 1500 1500 1500 1500 - - - - - - |
+------------------------------------------------------------------------------------------+
Active Ports:
+-----------------------------------------+
| ID | OPI | LanID | MTU |
+-----------------------------------------+
| 410b1d4ce7d0 | 01,0001a2 | 4 | 1500 |
| 410b1d4cfde0 | 01,0001a2 | 4 | 1500 |
+-----------------------------------------+
Switch State:
+-----------------------------------------------------+
| Inner MAC | Outer MAC | used | age | seen |
+-----------------------------------------------------+
+ ............................... Port:0x410b1d4ce7d0 +
+-----------------------------------------------------+
+ ............................... Port:0x410b1d4cfde0 +
| 00:50:56:01:06:16 | 00:13:F5:01:04:B4 | 1 | 1 | 1 |
+-----------------------------------------------------+
Port Statistics Summary:
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Identity | To VM dropped | To VM passed | From VM dropped | From VM passed | Reflect |
| Port ID | Fence ID | total | misunf | misfen | stored | frag | other | fenced | join | unfen | csum | frag | GVT | other | fenced | tso | frag | csum | GVT | ufport | pass | error |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 410b1d4ce7d0 | 01,0001a2 | 3991 | 2 | 3976 | 0 | 0 | 0 | 13 | 0 | 0 | 0 | 0 | 0 | 0 | 679 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 410b1d4cfde0 | 01,0001a2 | 4478 | 2 | 3860 | 0 | 0 | 0 | 616 | 0 | 0 | 0 | 0 | 0 | 0 | 626 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
And here is the output of the command a little while later on the same host (while my test pings are going)
~ # esxcli vcloud fence getfenceinfo
Module Parameters:
Host Key: 0x104b0
Configured LAN MTUs:
+------------------------------------------------------------------------------------------+
| LAN ID | 1 2 3 4 5 6 7 8 9 10 - - - - - - |
| MTU | 1500 1500 1500 1500 1500 1500 1500 1500 1500 1500 - - - - - - |
+------------------------------------------------------------------------------------------+
Active Ports:
+-----------------------------------------+
| ID | OPI | LanID | MTU |
+-----------------------------------------+
| 410b1d4ce7d0 | 01,0001a2 | 4 | 1500 |
| 410b1d4cfde0 | 01,0001a2 | 4 | 1500 |
+-----------------------------------------+
Switch State:
+-----------------------------------------------------+
| Inner MAC | Outer MAC | used | age | seen |
+-----------------------------------------------------+
+ ............................... Port:0x410b1d4ce7d0 +
+-----------------------------------------------------+
+ ............................... Port:0x410b1d4cfde0 +
| 00:50:56:01:06:16 | 00:13:F5:01:04:B4 | 1 | 1 | 1 |
+-----------------------------------------------------+
Port Statistics Summary:
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Identity | To VM dropped | To VM passed | From VM dropped | From VM passed | Reflect |
| Port ID | Fence ID | total | misunf | misfen | stored | frag | other | fenced | join | unfen | csum | frag | GVT | other | fenced | tso | frag | csum | GVT | ufport | pass | error |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 410b1d4ce7d0 | 01,0001a2 | 4696 | 2 | 4681 | 0 | 0 | 0 | 13 | 0 | 0 | 0 | 0 | 0 | 0 | 796 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 410b1d4cfde0 | 01,0001a2 | 5300 | 2 | 4565 | 0 | 0 | 0 | 733 | 0 | 0 | 0 | 0 | 0 | 0 | 743 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Looking at the VDS, the Maximum MTU is set to 1500. Looking at dvs.VCDVSTest Isolated Network-ca9a45c9-1dec-4f95-8b96-68d9c05b2a5d, I see it's VLAN is set to 2535 (which matches the network pool settings) and number of ports is 16 -
I am running Oracle VM 3.1.1 on a server with 4 ethernet interfaces.
bond0 is setup with eth0 and eth1 and bond mode is active/backup. This bond is used by the managed network.
bond1 is setup with eth2 and eth3 and bond mode is dynamic link aggregation. This bond is used by public network.
Managed network channels: Server Management, Cluster Meartbeat and Live Migration
Public network channels: Storage and Virtual Machine
All my 7 virtual machines are installed on separte physical disk using iSCSI.
95% of my network traffic on dom0 is going though eth0, so I belive that iSCSI is not using the public network.
How can I make my VM use bond1 / public network for iSCSI traffic?
The managed nework did have storage assigned when I created the storage connection, but I have rebooted dom0 after applying the settings above. Can this be the problem?
Thanks in advance.
Regards,
ThomasIt matters if the traffic is routed or not. "Routing" traffic and "switching" traffic are two different things and the "bandiwidth" rating on "routing" traffic versus "switching" traffic are considerably lower. More takes place when a "packet" is routed than when it just uses layer 2 traffic. This must be taken in consideration when planning traffic between your VM servers and its respective "storage, VMs and etc. Personally, I would never have that traffic "routed". Never. Do it if you like. I wouldn't recommend it. Any time your "hop" to a target... you introduce latency. Maybe your network fabric can handle it now... But what will happen when you start adding to your environment?
Remember the maximumn throughput on a 1 GB connection is 125mbs. Even creating a 2 member bond just gives you 250/mbs. Throw a "hop" in the mix....... I just don't like the numbers. Especially if you're going to run several VM guests on one server.
I feel your pain. Oracle VM can be a complicated product to use if you don't understand its full functionality. If you don't have your system in production.... then change it. Go through the headache now. Oracle VM works very well when it is setup properly. Very well. I just implemented a RAC environment running Oracle's ERP systems for several hundred users. It works great. Haven't had one problem since the migration. Performance is spectacular... -
Does OVM 3 support network I/O management and storage I/O prioritization
Does OVM 3 support any QoS setting for networking and/or storage? If so how are they set? I have been looking and can't seem to locate these settings.
In OVM 2.2 network I/O traffic management and storage I/O prioritization could be set as described in this 2.2 blog posting.
http://blogs.oracle.com/virtualization/entry/oracle_vm_22_new_feature_cpu_s
ThanksIt is not manageable through the GUI but can be changed in the vm.cfg file. Example:
vif_other_config = [['00:16:3e:31:d5:4b', 'tbf', 'rate=8mbit,latency=50ms'], ['00:16:3e:52:c4:03', 'tbf', 'rate=10mbit']]
- ingress
vif = ['mac=00:16:3e:31:d5:4b,bridge=xenbr0,rate=10Mb/s@50ms'] - egress -
Am I charged for storage and virtual networks?
I just finished this hands on lab:
http://blogs.technet.com/b/keithmayer/archive/2013/01/07/step-by-step-build-a-free-sharepoint-2013-lab-in-the-cloud-with-windows-azure-31-days-of-servers-in-the-cloud-part-7-of-31.aspx#.Uv82evldVS4
I already stopped all the virtual machines.
However I see online, Default Directory, Storage Account and Virtual Network.
Will I be charged for those?
Follow me on Twitter <<<
levalencia Blog <<<Hi
Storage account is free, Azure charge for storage, if you never store any thing associated to the storage account, that's free.
So does Vitual network
Please refer to this:
Storage
www.windowsazure.com/en-us/pricing/details/storage/
Vitrual Network
http://www.windowsazure.com/en-us/pricing/details/virtual-network/
The Default Directory is the Azure Active Directory tied to your Azure account It's free
Please mark post as answered if it helped! -
I have a network requirement to acheive where we are installing a LIS software which should be adhereing to the HIPAA Compliance and should be seperated from the existing network infrastructure. Our network has 4510 as the core switch directly attaching to campus. Also a firewall is hanging off the core for Internet. Now internally all the VLANs talk to each other. Going forward the new server should be communicating from a secure vlan and only with the required clients only if permitted. How would i go to implement this in our existing network? I have requirement for 2 VM hosts and storage for that server. Everyone accessing this server should follow the HIPAA compliance guidelines.......
Should I implement using access-list in the core by creating a VLAN but i think it wouldn't be that scalable and nightmare for maintance and troubleshooting?
Should I implement it by forcing the traffic through ASA(hairpining) and inspecting the traffic over there on ASA along with static nat and also should i have to permit intra interface traffic?
I am confused about how to implement this solution?
Little help into this or any documentation that would help me to get to the solution.
Thanks in advance.I haven't worked anywhere needing HIPAA compliance but I would have thought the guidelines would dictate what level of security you needed ie. stateless acls on the SVI or stateful firewall.
In terms of the implementation then I assume the server will be in it's own vlan ?
If so I can't see why maintaining an acl will be any more work than updating rules on a firewall.
If you did use the firewall then you would need to create a vlan for the server but no SVI, ie. you extend the vlan to the firewall.
Then you would need a route on the 4500 for this vlan pointing to the firewall so clients could get to the server.
The servers default gateway would obviously be the firewall.
Is this at all helpful or were you asking something completely different ?
Jon -
Welcome to the Storage Networking Discussion
Welcome to the Cisco Networking Professionals Connection Emerging Technologies Forum. This conversation will provide you the opportunity to discuss issues surrounding Storage Networking. We encourage everyone to share their knowledge and start conversations on issues such as storage consolidation, disaster recovery, data replication and any other topic concerning Storage Networking.
Remember, just like in the workplace, be courteous to your fellow forum participants. Please refrain from using disparaging or obscene language or posting advertisements.
We encourage you to tell your fellow networking professionals about the site!
If you would like us to send them a personal invitation simply send their names and e-mail addresses along with your name to us at [email protected]Hi guys,
I am new to Oracle so I have 2 basic Technology&Software questions for an RFI, which I wasn't able to find answered for EBS R12:
8.1 Please list any specific hardware requirements/prerequisites your company’s product may have with regards to the application & database servers, clients/workstations…
8.2 Please list any specific software requirements/prerequisites your company’s products may have with regards to the operating system, database….
I know it is pretty basic stuff, but would appreciate any kind of information on these topics.
Thanks a lot!
Denisa -
WiFi Network and Wired Network
In your opinion, what would be the best configuration of a combination WiFi and wired network. Here's the situation. In my apartment, my living room is very close to my office, WiFi converage is good from the LR to the office where I have my servers and internet connection etc. But in order to provide stellar performance, I wanted to add an Access Point or Airport Express in the LR to make the signal that much better.
In this situation, would you have the Internet Modem, Time Capsule, in the office and the Airport Express in the LR? I'm assuming that would provide the best wireless coverage for the entire apartment. My only concern is the speed accessing the Time Capsule as well as the 1TB NAS as well as SAN File Storage connected to the core switch I have in my office, which is a Cisco 3750G (10/100/1000) over WiFi. I think this would be the best solution. Thanks.
-SlevinSlevinKelevra wrote:
In your opinion, what would be the best configuration of a combination WiFi and wired network. Here's the situation. In my apartment, my living room is very close to my office, WiFi converage is good from the LR to the office where I have my servers and internet connection etc. But in order to provide stellar performance, I wanted to add an Access Point or Airport Express in the LR to make the signal that much better.
But how is the AP linked back to the office.. if you are wireless repeating.. then you lose whatever you gain.. and probably worse than lose.. you introduce double hop wireless.. This is only going to work if you have ethernet link.. and then Express should be replaced by Extreme.. as Express still uses 10/100 port. Decent wireless should saturate that. (Seldom does.. but if you are doing calcuations I am sure you can see the problem).
Do you get decent 5ghz in the LR?? The key to fast wireless is using 5ghz especially in apartment complex where you are probably surrounded by 2.4ghz wireless.
If the current equipment does not allow you decent 5ghz connection.. strongly suggest you run a single ethernet between the office and the LR and use that.. with Extreme or better AP..
If you want to start wireless bridging at 5ghz.. look at ubiquiti stuff.. it is head and shoulders above domestic standard equipment for not too big a premium. -
Connecting a Dell B22 FEX to Nexus 6001 and storage
Hi Folks,
We have a setup where we are running a Dell B22 FEX in Blade enviornment and want to connect the B22 FEX to a cisco Nexus 6001 switch. As per NX-OS release note, B22 FEX and 6001 Nexus connectivity is supported.
Now after connecting to Nexus 6001, how do i get access to storage pool or SAN fabric ? As per another thread of discussion, Nexus 6001 does not support direct fabric attachment at this point in time. So how do we bridge these two elements to a storage fabric ??
As per 6.02 release note:
"Support for DELL FEX
Added support for the Cisco Nexus B22 Dell Fabric Extender for Cisco Nexus 6000 Series switches starting with the 6.0(2)N1(2) release."
This is the exact reason we bought it. We have a enviornment where we are running Dell B22 FEX. Idea is to connect the B22 FEX into Nexus 6001. We are confuse at this point. After connecting the Dell B22 FEX to Nexus 6001, how to access the storage network or storage fabric ??
Thanks,Hi Rays,
The function should be the same for all FEXs regardless of what parent switch they connect to. to.
if you are referring to this comment:
You can connect any edge switch that leverages a link redundancy mechanism not dependent on spanning tree such as Cisco FlexLink or vPC
FelxLink is a different technology that does not use STP, but not every switch platform supports FelxLink. FlexLink is not used very often, as other technologies like VSS, VPC and stacking has emerged.
HTH -
I can't manage file and storage services in server manager.
I have a windows 2012 R2 server. I had turned on the file and storage services role and was able to configure a single share in server manager. A few days later I wanted to create another share but when I select file and storage services within server manager
I get the message at the top that says The server has not been queried for data since it appeared offline. Also there are no shares listed. Even though the shared folder that I already created is available from other computers.
If I try to create a file share anyway I am asked to choose a server to create the share on and the server appears in the list with a status of offline.
Now this may seem like an obvious connection issue however, I am trying to configure the server locally, not over the network. I can manage other services in server manager just fine. I have WDS and WSUS roles installed and can be configured with server
manager just fine. I only have a problem with file and storage services.
There are no errors in the event log.
I tried to remove the file and storage services role from the server but as soon as I uncheck the box for file and storage services I get a pop up windows that says:
The validation process found problems on the server from which you want to remove features. The selected features cannot be removed from the selected server. click ok to select different featres.
I lists validation results that simply state the name of the server and says "storage services cannot be removed."
How can I get file and storage services working again?Hi,
How many servers are there in the list? If the offline serve is a remote server, please reboot the remote server to see the result. In the meantime, please new a shared folded on the local server in Windows Explorer to see if the issue still exists.
Please refer to the article below to share a folder with server manager.
12 Steps to NTFS Shared Folders in Windows Server 2012
https://blogs.technet.com/b/keithmayer/archive/2012/10/21/ntfs-shared-folders-a-whole-lot-easier-in-windows-server-2012.aspx#.Ux1ty_mSwXV
Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Problem connecting two storage networks
Hello,
I connect two datacenters with 10GB modules. I'm using single mode fiber, it has 10Km between datacenters. Now I need connect the storage network in both datacenters using the same fiber. The storage networks use FCoE.
What solution can I use to connect the two storage networks. My budget is really limited.
Storage Network 1---------Network 1-------Fiber---------Network 2------Storage Network 2
Thanks for the help.Brigid,
There seems to be two aspects:
One is to get the end points to coincide. You may tick View>Snap Guides, then click one path by the end Anchor Point and drag it to snap (Smart Guides say anchor when you are there).
The other is to get rid of the gap in the stroke(s), You may join the paths into one, dragging across the coinciding Anchor Points with the Direct Selection Tool and Ctrl/Cmd+J, or you may keep the separate paths and change the Cap to Round in the Stroke palette/panel which will give you a rounded outer appearance); I presume the former is what you wish, in which case you may choose between Round and Miter Join. -
Mixing public and private networks on the same switch
Hello Everyone,
I know this may get some security engineers in frenzy but wanted to know if there is a safe way to mix public and private networks on the same switch.
We have many remote offices that we want to add public wifi and a couple of other services that would be completely outside of our internal network. Each office has a 3750 with plenty of open ports. How can I safely create a vlan for public access on these switches which currently have our internal network on. I have read that people are doing this to save on the cost of purchasing a dedicated switch. Some people are using access lists and one person mentioned creating a private vlan for the public network. I looked up private vlan and it seemed bit confusing.
Is this recommended? If not what would be the safest way to do this?
Thanks EveryoneDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
How "safe" is relative. If your running just one VLAN on a switch, that's would be the safest (basically the same as mixing traffic on the same wire - separation is done else where).
If you multiple VLANs on a switch, then you need to determine how likely someone might figure out a way to breach the VLAN barriers. (This isn't so easy on newer switches.) If the VLAN isolation is breeched, then you need to examine what does that imply from a security perspective (for example can someone now inject or receive other VLAN traffic).
For most purposes, I don't see mixing public and private VLANs, alone, on the same switch as much of a risk. More of a concern is what can be reached on either VLAN and how well it's protected. -
Extend both main and guest networks with a 2nd Time Capsule?
I have a 4th generation 2TB Time Capsule set up to broadcast primary and guest networks. I am running out of storage. I would like to increase my storage and I would also like to extend both primary and guest networks.
I currently use an older Linksys router (WRT330N) operating in bridge mode (wired connection to the TC) to extend the primary network, but it does not extend the guest network.
If I purchase a second (5th generation) Time Capsule to replace the Linksys, can it be set up to extend both the primary and guest networks?
From searching the forum, it appears not, but I'd like to confirm. Is true for both both wireless and cabled range extension options?
If I'm not able to extend the guest network this way, I'm inclined to settle for extending the primary network as I currently do and look for other ways to increase my network storage capacity (e.g. by upgrading the drive in my existing TC).If I purchase a second (5th generation) Time Capsule to replace the Linksys, can it be set up to extend both the primary and guest networks?
Yes, either using wireless or an Ethernet connection between the two Time Capsules, providing that the 4th Gen Time Capsule is running at least firmware version 7.6.3.
A wired Ethernet connection between the two Time Capsules is highly recommended. If you plan to extend using wireless, the second Time Capsule will need to be located where it can receive a very good signal from the first. -
Storage Network Role - Is it implemented in 3.2?
The following link states that the Storage Networking Role is not functional and is for future use... this article is dated Nov. 2012. Can somone please confirm if this role is functional in Oracle VM Server 3.2?
The reason for asking is that I want to separate the storage traffic (iSCSI) from the network traffic.
[http://www.oracle.com/technetwork/articles/servers-storage-admin/networking-ovm-x86-1873548.html]
Edited by: 995366 on 21-Mar-2013 07:47I am using ths with 3.2.2: one network for storage and one for everything else. works fine. I even just confirmed with tcpdump that the proper networks are being used
cheers
bjoern -
Forcing SMB traffic through Storage Network?
Hello,
I am trying out a Hyper-V cluster in my lab using SMB 3.0. My current infrastructure looks like this:
hvhost1
NIC 1 - Network IP: 192.168.10.181
NIC 2 - Storage IP: 192.168.100.181
hvhos2
NIC 1 - Network IP: 192.168.10.182
NIC 2 - Storage IP: 192.168.100.182
fshost1
NIC 1 - Network IP: 192.168.10.186
NIC 2 - Storage IP: 192.168.100.186
Contrained delegation is setup on both HV Hosts for cifs\FSHost1.
I am able to successfully run VMs on both HV hosts while path to FSHost1 is set to either,
\\fshost1\<share>\<vhd> or \\192.168.10.186\<share>\<vhd>. However, I am unable to force the SMB connection through my storage network using path, \\192.168.100.186\<share>\<vhd>. I receive the following error:
[Window Title] Hyper-V Manager [Main Instruction] An error occurred while attempting to start the selected virtual machine(s). [Content] 'shpweb1' failed to start. Microsoft Emulated IDE Controller (Instance ID 83F8638B-8DCA-4152-9EDA-2CA8B33039B4): Failed
to Power on with Error 'General access denied error'. The Machine Account 'CONTOSO\HV-A1$' or the user initiating the VM management operation or both do not have the required access to the file share '\\192.168.100.186\ReFS_v2_r1\Virtual Hard Disks\shpweb1.vhd'.
Please ensure that the computer machine account and the user initiating the VM management operation have full access to the file share as well as the file system folder backing the file share. Error: 'General access denied error'. Hyper-V Virtual Machine Management
service Account does not have sufficient privilege to open attachment '\\192.168.100.186\ReFS_v2_r1\Virtual Hard Disks\shpweb1.vhd'. Error: 'General access denied error'. [Expanded Information] 'shpweb1' failed to start. (Virtual machine ID 1409B639-3B68-4954-AC17-AA7B7CDDA3A9)
'shpweb1' Microsoft Emulated IDE Controller (Instance ID 83F8638B-8DCA-4152-9EDA-2CA8B33039B4): Failed to Power on with Error 'General access denied error' (0x80070005). (Virtual machine ID 1409B639-3B68-4954-AC17-AA7B7CDDA3A9) 'shpweb1': The Machine Account
'CONTOSO\HV-A1$' or the user initiating the VM management operation or both do not have the required access to the file share '\\192.168.100.186\ReFS_v2_r1\Virtual Hard Disks\shpweb1.vhd'. Please ensure that the computer machine account and the user initiating
the VM management operation have full access to the file share as well as the file system folder backing the file share. Error: 'General access denied error' (0x80070005). (Virtual machine ID 1409B639-3B68-4954-AC17-AA7B7CDDA3A9) 'shpweb1': Hyper-V Virtual
Machine Management service Account does not have sufficient privilege to open attachment '\\192.168.100.186\ReFS_v2_r1\Virtual Hard Disks\shpweb1.vhd'. Error: 'General access denied error' (0x80070005). (Virtual machine ID 1409B639-3B68-4954-AC17-AA7B7CDDA3A9)
Is this possible, and how might I go about getting this to work?Hi there Jonathan,
Thanks for the response! I am no longer running into the 'general access errors' as I am working around some constrained delegation issues in the environment. That is, you can't add an 'ip address' as a delegate within AD. Due to this, I run into the 'general
access error' delegation issue when I try using the unc path, \\192.168.100.186\<path>. I have to use the NetBIOS/FQDN name of the host which will migrate the VM across my VMNetwork segment (192.168.10.0/24 subnet).
With that said, I am still running into the issue where, when I specify the VM path with \\192.168.100.186\<path> (my Storage segment on 192.168.100.0/24 subnet) the SMB connection continues to communicate on my VMNetwork segment (192.168.10.0/24 subnet).
I'm not quite certain how to force the SMB communication over my Storage segment.
Moving forward, I plan on purchasing additional NICs for my HV/FS servers, which should allow me to run multichannel SMB on my storage network. Once this is configured I am going to try and run the 'get-smbmultichannelconstraint' cmdlet to force SMB
over my teamed Storage network. This is the only thing I can think of trying.
Maybe you are looking for
-
Flash 10.1 not working with dell 780 or 760
I have 500 Machines at my site and they all work since the 10.1 upgrade except my dell 760 and dell 780 machines running windows XP. These machines run all flash animations at like 1/10th speed. They are EXTREMELY slow! I thought maybe it was a vide
-
Hi All , I know the purpose of process code which will post the data in the idoc into database.But my query is after creating function module why cant we directly link that FM in partner profile.I mean ofcourse we dont have such option, but
-
Region sql query(updateable report) data entry in non db columns
In a tabular report type updateable report What is the best way to provide data entry into a non db column a) (to accept parameters for some on demand pl/sql processes)? Only when setting a) as a standard report column the db insert/update transactio
-
SOAMANAGER SRT framework exception HTTP :
I have configured the web service in client 100 using SOAMANAGER. I am consuming services from non-sap system. Now, when I am trying to create the logical port in another client it gives error SRT Framework exception: HTTP: Current user does not have
-
Got error in job execution, but the standalone procedure runs fine.
I got error in job execution. But it runs fine as standalone procedure. Where could it be wrong? _>exec dbms_job.run(145373); BEGIN dbms_job.run(145373); END; ERROR at line 1: ORA-12011: execution of 1 jobs failed ORA-06512: at "SYS.DBMS_IJOB", line