I have a test 3-node Nutanix cluster. Just starting to learn. They are NX G9s. Each node has 4x25GB ports, but during installation only 2 were configured. Is it possible, or even best practice, to islolate the storage traffic from the VM traffic? Ie, maybe configure the unused 2 ports as another vSwtich and run the distributed fabric over that? If so, even possible to do this after install? Apologies for any misunderstandings.
Solved
Dedicate uplinks for DSF, modify current cluster?
+1Best answer by NBorba
Hi,
is it possible, yes of course,
do you really need that segregation? it is up to you and the design and what security is forcing you to do.
you can simply create another switch and add the other two ports to that switch and point your VM traffic (TRUNK) over those two ports, that will simply segregate the VM traffic from the replication and storage traffic (they will remain on first two )
Adding to this, When you create the cluster you also enable the CVM Segmentation option (https://portal.nutanix.com/page/documents/solutions/details?targetId=BP-2071-AHV-Networking:cvm-network-segmentation.html), this basically places all storage traffic on a different vlan to add more security to it without the need to have dedicated uplink ports. That way you can ensure storage traffic is secure and you can leverage the 4x uplinks (100gbps) if you want.
Best practice would be to have at least 3 vlans:
- Management traffic - your standard CVM/Prism network.
- storage traffic - your CVM Segmentation network where storage and cluster services run.
- VM Traffic - The network where your VMs are hosted.
This topic has been closed for replies.
Hi,
is it possible, yes of course,
do you really need that segregation? it is up to you and the design and what security is forcing you to do.
you can simply create another switch and add the other two ports to that switch and point your VM traffic (TRUNK) over those two ports, that will simply segregate the VM traffic from the replication and storage traffic (they will remain on first two )
+1Hi,
is it possible, yes of course,
do you really need that segregation? it is up to you and the design and what security is forcing you to do.
you can simply create another switch and add the other two ports to that switch and point your VM traffic (TRUNK) over those two ports, that will simply segregate the VM traffic from the replication and storage traffic (they will remain on first two )
Adding to this, When you create the cluster you also enable the CVM Segmentation option (https://portal.nutanix.com/page/documents/solutions/details?targetId=BP-2071-AHV-Networking:cvm-network-segmentation.html), this basically places all storage traffic on a different vlan to add more security to it without the need to have dedicated uplink ports. That way you can ensure storage traffic is secure and you can leverage the 4x uplinks (100gbps) if you want.
Best practice would be to have at least 3 vlans:
- Management traffic - your standard CVM/Prism network.
- storage traffic - your CVM Segmentation network where storage and cluster services run.
- VM Traffic - The network where your VMs are hosted.
+1Thank you very much everyone! I will see if I can revert our current test cluster and segment everything. We are a large VMware shop, just testing our Nutanix now.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.