Layer 2 switches & SAN setup.

Posted on 2013-05-30
Last Modified: 2013-06-03
Hello.  Forgive my lack of knowledge here, I'm just learning at the moment.

We are going to have an 8 port SAN Box (HP P2000 G3 Modular Smart Array Systems) with 11 drives (RAID10) connected to two LAYER2 switches.  The switches are then going to connected to, two, host controllers (beefed up servers).   The host controllers will have Hyper V installed, they will host our DC, Exchange VE's.  The VHD's (containing the VE's) will be stored on the SAN drives.  The two host controllers will be connected to the rest of the network/LAN via a router.

My question is based around the layer two switches - we will have 4 VLANS (each with own subnet/IP Range) configured on the two switches.  The two switches will connect to the host controllers via x2 cat6 cables, going into x2 NIC's (teamed) on each controller (server).

As you know layer 2 switches cannot apply intelligence when forwarding packets, and that they cannot route packets based on IP addresses.  With the above setup, do we need layer 3 switches.  

Sorry if my question is to generalised and not specific.   What I mean to say, is that having two LAYER2 switches setup with VLANS, which will connect to a SAN, do they need to be able to apply intelligence when forwarding requests from the LAN.

If you need me to expand on anything, or make things clearer (which is highly likely) then please say.  This is all relatively new to me.  I have been tasked with researching how to get this all configured.

Question by:SpencerKarnovski
  • 4
  • 4

Expert Comment

by:Robby Swartenbroekx
ID: 39207328
Does the normal LAN need to access all networks?

We have a setup with 3 VLAN's: 1 VLAN for iSCSI, 1 VLAN for vMotion and 1 for management + data network. Those 3 networks are not connected to each other. probably you don't need/want that those networks can communicate with eachother.

If you still need traffic to be routed to the 3 networks you need or a Layer3 switch, or a router/firewall between the switches.

Author Comment

ID: 39207454

Yes - the normal LAN will need to access all of the network.   The DC, Exchange servers will be virtualized - the actual VHDs for those will be hosted on the SAN.  The SAN management, the Hyper V installations will be controlled by two servers.

I have quickly done a image (a rather ugly one) to show the proposed setup.  

Basically we are converting our bare metal server infrastructure into a virtualized environment.  We are going to host the virtual images (our DC, Exchange etc..) on the SAN for optimal performance.  

Clients need to be able to access the DC as they would when it was attached on the local LAN.   Of course, connecting the SAN BOX to the switches we have to create VLANS - we have created 4 separate VLANS.   Packets, or frames, should be able to travel to and from the SAN as normal.

Anyway, can you gauge from what I have said, that we would need LAYER 3 switches.   Please feel free to ask question about the setup.  


Accepted Solution

Robby Swartenbroekx earned 500 total points
ID: 39207527
Still not conviced you need data from your normal network (with AD/Exchange) to flow to your iSCSI network.
Also I don't see why you have 4 different VLAN's for iSCSI.

It is not that Hyper-V uses the iSCSI network, that this same network should be connected to your Exchange server and your AD server. Only the HyperV box needs the iSCSI connection, after that it will

I guess this photo is what your MSA looks like at the back side.

Only 2 VLAN's are needed on the switch:
- Management: connected to management ports on SAN and to your network and also the default VLAN to configure the switches.
- iSCSI: for the iSCSI traffic.

You also have an incorrect view on what is the SAN controller. The SAN controllers are the 2 devices that are in your san (TOP and BOT). Your HyperV servers connects to these SAN controllers with iSCSI. For speed it is best to Trunck your ports (this means, combine them and use them as they are 1). You can do this with the 4 ports and then your drawing is (on the SAN side ok), you have then 4Gbit speed to your disks. But you lose redundancy. If one switch or 1 controller fails in your setup, 1 hyperV and all machines running on it also fails.

A better sollution is to combine 2 network port (instead of 4) and connect them crossed (ALL-to-ALL). This way, you can lose 1 switch and/or 1 controller and still keep all machines running. I made your drawing even worse to interpret to represent how I would connect them.
(and now with attachment)
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.


Author Comment

ID: 39207610
Hello, thanks for the input.  I shall read and digest,then report back.  

I might as well note, that this setup is what I have been "told" to follow by my network administrator.  While he is away on holiday, I want to try and create a better diagram (and improve my understanding of the setup), so when he gets back I can show him a more suitable setup.

Anyway, will digest what you have said and report back,


Author Comment

ID: 39207785
a few quick questions (btw - I shall finish this question by redrawing the diagram for your inspection).

"Your HyperV servers connects to these SAN controllers with iSCSI"
 -  would these connect directly to the SAN controllers on the back of the SAN BOX, or connect to a VLAN on the switch?  I would assume because of this statement "- Management: connected to management ports on SAN" they should connect to the switch and be one of the two VLANS?    

Also, "or speed it is best to Trunck your ports (this means, combine them and use them as they are 1). You can do this with the 4 ports" so, I take it you mean, looking at my incorrect diagram, the four connections coming from ports 21 - 24 - we should trunk those 4 together - but as you suggested, we do not want all a single trunk (4 ports) going into just one hyper v - so, if we do not trunk 4 ports because 2 of each have to go in "each" hyper V - what would be the best setup.   Trunking 2 ports?  So we have 2 trunked ports going into each server?

Hope I'm not confusing you - thanks loooads for your help.

Expert Comment

by:Robby Swartenbroekx
ID: 39207877
- best with switches between them. VLAN1 and VLAN2:
VLAN1: management: connect it to your normal network + connect it to the 2 grey ports on your SAN (each controller 1). Give your switch an IP in this VLAN.
VLAN2: All other cables.

- indeed use thruncks with 2 cables each. You need to setup the truncking in the switch, the SAN and the server.
on the SANBOX make those 4 trucks: TOP1+2; TOP3+4; BOT1+2; BOT3+4
On the 2 Switches make those 4 truncks on each: 11+12; 13+14; 21+23; 22+24 (you can change the port numbers, but this is how I have drawn them)
On the HyperV machines, trunck NIC1+2 and NIC3+4. Connect all the other NIC's to your normal network and attach them to the virtual datanetwork switch where your VM's are connected on).
The connections to be made (each connection has 2 UTP cables)
TOP1+2 -> Switch1_11+12
TOP3+4 -> Switch2_11+12
BOT1+2 -> Switch1_13+14
BOT3+4 -> Switch2_13+14
Switch1_21+23 -> HyperV1_NIC1+2
Switch1_22+24 -> HyperV2_NIC1+2
Switch2_21+23 -> HyperV1_NIC3+4
Switch2_22+24 -> HyperV2_NIC3+4

Author Comment

ID: 39207920
Ok, thanks Pan..

Quick query, then I have enough to go on:

" Connect all the other NIC's to your normal network and attach them to the virtual datanetwork switch where your VM's are connected on"

The VM's are being stored on the SAN Array - this is the whole purpose of creating the SAN, to store the VMs.  Does this change anything?

Thanks again - very good responses here.

Expert Comment

by:Robby Swartenbroekx
ID: 39208046
clients don't need access to the SAN. They do need access to Exchange, AD, ...
Only your HyperV machines need access to the SAN infrastructure on the data ports (the orange ones). You obviously need access to the management port (grey) of the SAN.

So in this setup, you do need at least 5 NIC's (preferably 6 to 8) for each HyperV (=hardware) server.

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question