vSphere Home Lab: Part 2 – There’s some junk in my trunk…

Well, I finally received the last few bits I needed to finish building my new vSphere hosts, in particular my nice little two-bay 2.5″ to 3.5″ drive adapters. These babies cost me about five bucks a piece and means I can mount two SSD’s in a single 3.5″ slot, cool.

Anyway, I started configuring my network based on the fact that I wanted to “trunk” two ports per host so that I had the native VLAN1 untagged, as well as several other tagged VLANs for my vMotion, FT, etc. Please note that trunking VLAN1 to a production ESX host is not recommended, mostly due to the potential security risks around VLAN hopping. I’ve read several VMware documents referring to not trunking VLAN1 however some say “don’t do it” and others say “it won’t work”. I can tell you that it DOES work and could be used in a production environment where the business limitations demand it. One such area would be where there is a large amount of existing network infrastructure using VLAN1 and would be too costly to change (yes, we have some instances of this :-P).

Anyway, back to my lab. I have some pretty crap home networking gear that these HP switches are plugging into and as such don’t support VLAN’s, hence why I am using the native VLAN1. I spent hours the other night trying to work out how to “trunk” several ports and really struggled. To give you some background here, I am not a network engineer and do not administer/configure switches in my day job, however, I understand enough to know how some things work :-). Most of our environment at work involves Cisco switches and because of this I am used to Cisco terminology. This is where I came unstuck…

When we “trunk” ports in a Cisco to pass multiple VLAN’s we are aren’t actually creating an Etherchannel or LACP trunk, instead we are assigning tagged VLAN’s to a port or multiple ports. While trying to stumble my way through using these HP’s I had that same philosophy in mind and could not work out why my “trunks” weren’t working!

As it turns out Cisco do things completely the opposite to most other vendors, such as HP. In the HP switches, you create a VLAN, and assign ports to the VLAN, whether tagged or untagged. I found this blog post which completely explains it all: http://networkingnerd.net/2011/02/02/when-is-a-trunk-not-a-trunk/

So, to cut a long LONG story short, I now consider myself OWNED by these switches and now understand the differences between Cisco’ism and the rest of the world when it comes to trunking, access ports and trunk ports!

Whew…now back to the cool stuff (just kidding, I actually enjoyed it!), playing with vSphere!

Oh, by the way, I’ve given up on running two switches, it’s too noisy and hot, and to be honest, I wouldn’t gain much for the purposes of my VCAP-DCA study, so I’m keeping it simple with one switch…

Thanks for reading, stay tuned for future posts, my next one will probably talk about building up the VSA’s.