asked on VLANs, DNS, VMWare
Hi all, I need some help with VLANs, DNS, VMWare and the equivalent in HyperV. I have just been put in charge or a network with what seems to me a very strange (or could be just wrong setup).
The setup:
I have 3 servers in a VMware cluster. 5 NICs in each node. 1 NIC for every node is connected to physically separate storage network (2 x SANs) and the other 4 NICs (per node) are teamed to a LACP trunk with 10 VLANs (all normal so far). In VMware a Virtual NIC for each VLAN has been created. We have 3 x servers running AD & DNS (one is physical and just connected to VLAN2). The 2 virtual AD / DNS servers have 5 virtual NICs each connected to them, each virtual NIC on a different VLAN. Only 1 reverse lookup is set in DNS and that only covers 1 of the VLANs. The 2 virtual AD /DNS servers are showing a lot of 7005 DNS errors, seem to try and reply to pings using a IP not in the subnet of the machine pinging it and when connecting to the DNS via an RSAT machine you have to connect to the IP as connecting to the name often resolves the wrong IP (for the RSAT machines VLAN) and then of course errors and fails to connect. I can’t see the reason or logic behind a setup like this and took it as an unwritten rule that you should never multi-home a DC
Question 1: Am I missing something or not understanding something?
Question 2: I may not be able to wrap my head around this setup but I am pretty sure it’s the main reason why I get some very strange errors reported and network performance is excuse the un-techie term but rubbish
Question 3: What is the best way to deal with multiple VLANs in a VMWare configuration like this / is there a simple fix?
Question 4: This and other issues I am finding is making me think my best long term solution is to start a new network hosted on HyperV (as I personally find it much easier to work with) and plan a big rework of the whole network. Any advice or different advice on the same setup with HyperV
The setup:
I have 3 servers in a VMware cluster. 5 NICs in each node. 1 NIC for every node is connected to physically separate storage network (2 x SANs) and the other 4 NICs (per node) are teamed to a LACP trunk with 10 VLANs (all normal so far). In VMware a Virtual NIC for each VLAN has been created. We have 3 x servers running AD & DNS (one is physical and just connected to VLAN2). The 2 virtual AD / DNS servers have 5 virtual NICs each connected to them, each virtual NIC on a different VLAN. Only 1 reverse lookup is set in DNS and that only covers 1 of the VLANs. The 2 virtual AD /DNS servers are showing a lot of 7005 DNS errors, seem to try and reply to pings using a IP not in the subnet of the machine pinging it and when connecting to the DNS via an RSAT machine you have to connect to the IP as connecting to the name often resolves the wrong IP (for the RSAT machines VLAN) and then of course errors and fails to connect. I can’t see the reason or logic behind a setup like this and took it as an unwritten rule that you should never multi-home a DC
Question 1: Am I missing something or not understanding something?
Question 2: I may not be able to wrap my head around this setup but I am pretty sure it’s the main reason why I get some very strange errors reported and network performance is excuse the un-techie term but rubbish
Question 3: What is the best way to deal with multiple VLANs in a VMWare configuration like this / is there a simple fix?
Question 4: This and other issues I am finding is making me think my best long term solution is to start a new network hosted on HyperV (as I personally find it much easier to work with) and plan a big rework of the whole network. Any advice or different advice on the same setup with HyperV
VMwareDNSHyper-VNetworking
Last Comment
Dead_Eyes
ASKER
Hi Andrew, thanks for the pointers on separation of the VLANs I totally agree that is what I would expect to see. The way he had divided VLANs (90% of all traffic is VLAN2) already demonstrated he did not know how to use VLANs (Not that I am an expert but diving by edge switch seems a better method to me). What really concerns me is these multi-homed DC's. the DNS is a mess of duplication causing many issues. This may sound like a dumb question but is the best practice to create a virtual NIC that tags all VLANs, attach it to the DNS server and use AD sites and services to break up the traffic and create reverse lookup zones for each VLAN? I will implement redundancy to the SAN at a later date, getting an operational network with a correctly functioning DNS is my main concern at the moment (and yes iSCSI LUNs from 2 x dell equallogic SANs). to give you a better idea of the VLANs they include Guest wireless, CCTV, Door access, DisplayNET, MainNET, ControlNET, Finance etc. although providing different services they need to share a DNS and I am currently reviewing the running config of the core and edge switches to determine the DHCP \ DNS helpers and inter-VLAN comms (all of which seem to contain past configs never cleared from the setup :( )
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a questionASKER
Thanks I think I get it now, so you only really need a virtual NIC with one VLAN on it (Preferably the same VLAN as other servers) and you let the IP Helpers on the switches guide traffic from other VLANs to the AD \ DNS. A single forward lookup zone is all you need on the DNS server and multiple reverse lookup zones for the different IP ranges on other VLANs. AD will presumably just handle itself as it will use DNS to communicate (Facilitated by the IP Helpers).
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Just reading your question, VMware vSphere or Hyper-V your networking infrastructure is key to a successful implementation.
A single network interface per SAN, this is not correct, you would be advised to have at least two for network resilience at least.
This could be accomplished and designed using VLANS or standard network interfaces, with 5 network interfaces per ESXi host, may trunks and VLANS would be the way forward for
1. Management Network
2. VIrtual Machine Network
3. vMotion Network
4. Storage Network
I assume iSCSI ?
as for DNS and AD issues, the hypervisor just hosts these VMs.
I would have a single NIC per VM, and all VMs on the same VLAN (if required).
Storage Network, vMotion Network need to be isolated, Management Network that is up to you, but is often on the same network as virtual machine network. e.g.AD/DNS.