Understanding Witness traffic separation in vSAN

In continuation to my blog  Deploying a witness appliance in vSAN let’s go ahead and see how to enable witness traffic in the environment.

You can clearly see that by default witness host has two networks:

a.) Management network – vSwitch0 – vmk0

b.) Witness switch “vsan traffic enabled” – vmk1

This feature allows flexibility to distinguish node to node traffic & node to witness traffic. In witness host, you need not to tag witness traffic. In here, vmk1 is tagged for vsan traffic and on the data nodes side vmk1 has to be tagged for witness traffic. There is no option in vsphere webclient/vsphere client to enable witness traffic on the vmkernel adapter.

This can be enabled by running below command on the hosts SSH:

esxcli vsan network ip add -i vmk1 -T=witness 

Note: You can use witness tag on management vmkernel also. If you do not wish to use different subnet for witness traffic.

e.g: ( On data nodes)

[root@blr1:~] esxcli vsan network ip add -i vmk1 -T=witness
[root@blr1:~] esxcli vsan network list

Interface
VmkNic Name: vmk2
IP Protocol: IP
Interface UUID: 15bb6d5b-9328-22b0-137d-0050560151b8
Agent Group Multicast Address: 224.2.3.4
Agent Group IPv6 Multicast Address: ff19::2:3:4
Agent Group Multicast Port: 23451
Master Group Multicast Address: 224.1.2.3
Master Group IPv6 Multicast Address: ff19::1:2:3
Master Group Multicast Port: 12345
Host Unicast Channel Bound Port: 12321
Multicast TTL: 5
Traffic Type: vsan

Interface
VmkNic Name: vmk1
IP Protocol: IP
Interface UUID: 1b9c285c-c649-a3b6-f0c8-0050560151b8
Agent Group Multicast Address: 224.2.3.4
Agent Group IPv6 Multicast Address: ff19::2:3:4
Agent Group Multicast Port: 23451
Master Group Multicast Address: 224.1.2.3
Master Group IPv6 Multicast Address: ff19::1:2:3
Master Group Multicast Port: 12345
Host Unicast Channel Bound Port: 12321
Multicast TTL: 5
Traffic Type: witness

 

 

 

 

 

Since vSAN 6.7U1 mixed MTU support has been added in vSAN stretched clusters and 2 Node ROBO clusters.

(Image Courtesy: Storage Hub)

Let us take an example if vmk1 is being used for witness traffic and vmk2 is being used for vsan network on the data nodes. So, between data sites vmk2 can be used for vsan traffic with MTU size of 9000 and between data site to witness site vmk1 can be used for witness traffic with MTU 1500.

You can also tag management vmkernel vmk0 for witness between data sites to witness site. This is also a supported configuration.

Have a look at https://blogs.vmware.com/virtualblocks/ for more understanding.

Thank you for reading and happy learning!!

 

Be the first to comment

Leave a Reply

Your email address will not be published.


*