vSphere Home Lab: Part 3 – Procurves and static routing

So I’ve just spent the last three hours trying to work out why my Procurve switch wasn’t routing my various VLAN’s I have configured for my home lab.

I had to move my three hosts and switch into the garage because the heat in the office was becoming unbearable! Unfortunately because of this I broke my connection to my iSCSI VLAN I had configured for my labs ip storage. Because I’m running my SAN management software on my main pc I had a second nic directly plugged into that VLAN, nice and simple right?

However, when I moved the gear I no longer had two cables running to my main pc, I now only had one. I though to myself, “surely I can set up some static routing!?!?”.

Anyway, as it turns out my little Thomson ADSL router supports static routing, cool! I configured this like so:

:rtadd (where is my iSCSI subnet and is the management ip of the Procurve). Step one done!

Next I jumped onto my Procurve 2910al and enabled ip routing, giving me this config:

hostname “SWITCH1”
module 1 type j9147a
no stack
ip default-gateway
ip route
ip routing
snmp-server community “public” unrestricted
spanning-tree legacy-path-cost
spanning-tree force-version stp-compatible
vlan 1
no untagged 25-36
untagged 1-24,37-48
ip address
vlan 10
name “vMotion”
tagged 13-18
no ip address
vlan 20
name “FT”
tagged 13-18
no ip address
vlan 30
name “iSCSI”
untagged 25-36
ip address
management-vlan 1

Now, doing a tracert from my main pc on VLAN1 it would get as far as the Procurve, but the switch would respond with destination net unreachable.

I continued to try different commands and read several blog posts on configuring static routes and everything I had done looked fine!

I finally came across a comment someone had posted on a forum suggesting that when you specify a management VLAN on the switch it breaks routing! ARGHHHHHHH!

So, I ran “no management-vlan 1” and saved the config. Now the switch is properly routing all VLANs, yay!!!!!

Now I can fire up my HP P4000 CMC and connect to my VSA’s from my main pc on VLAN1, woohoo.

vSphere Home Lab: Part 2 – There’s some junk in my trunk…

Well, I finally received the last few bits I needed to finish building my new vSphere hosts, in particular my nice little two-bay 2.5″ to 3.5″ drive adapters. These babies cost me about five bucks a piece and means I can mount two SSD’s in a single 3.5″ slot, cool.

Anyway, I started configuring my network based on the fact that I wanted to “trunk” two ports per host so that I had the native VLAN1 untagged, as well as several other tagged VLANs for my vMotion, FT, etc. Please note that trunking VLAN1 to a production ESX host is not recommended, mostly due to the potential security risks around VLAN hopping. I’ve read several VMware documents referring to not trunking VLAN1 however some say “don’t do it” and others say “it won’t work”. I can tell you that it DOES work and could be used in a production environment where the business limitations demand it. One such area would be where there is a large amount of existing network infrastructure using VLAN1 and would be too costly to change (yes, we have some instances of this :-P).

Anyway, back to my lab. I have some pretty crap home networking gear that these HP switches are plugging into and as such don’t support VLAN’s, hence why I am using the native VLAN1. I spent hours the other night trying to work out how to “trunk” several ports and really struggled. To give you some background here, I am not a network engineer and do not administer/configure switches in my day job, however, I understand enough to know how some things work :-). Most of our environment at work involves Cisco switches and because of this I am used to Cisco terminology. This is where I came unstuck…

When we “trunk” ports in a Cisco to pass multiple VLAN’s we are aren’t actually creating an Etherchannel or LACP trunk, instead we are assigning tagged VLAN’s to a port or multiple ports. While trying to stumble my way through using these HP’s I had that same philosophy in mind and could not work out why my “trunks” weren’t working!

As it turns out Cisco do things completely the opposite to most other vendors, such as HP. In the HP switches, you create a VLAN, and assign ports to the VLAN, whether tagged or untagged. I found this blog post which completely explains it all: http://networkingnerd.net/2011/02/02/when-is-a-trunk-not-a-trunk/

So, to cut a long LONG story short, I now consider myself OWNED by these switches and now understand the differences between Cisco’ism and the rest of the world when it comes to trunking, access ports and trunk ports!

Whew…now back to the cool stuff (just kidding, I actually enjoyed it!), playing with vSphere!

Oh, by the way, I’ve given up on running two switches, it’s too noisy and hot, and to be honest, I wouldn’t gain much for the purposes of my VCAP-DCA study, so I’m keeping it simple with one switch…

Thanks for reading, stay tuned for future posts, my next one will probably talk about building up the VSA’s.