Author Topic: vmware esxi5.0 production environment  (Read 5132 times)

blatu2006

  • Member
  • ***
  • Posts: 2
    • View Profile
vmware esxi5.0 production environment
« on: March 25, 2014, 02:38:21 AM »
Hi Wanos support team,

I am trying your product now. i have many question to ask you.

1. I am using vsx5.0 virtual environment. the subnet is 192.168.20.0/24 for production. 192.168.25.0/24 for management. Two esxi5.0 hosts connect to cisco 2960s switches. There is a firewall in front of the switch. There are 16 virtual machines with MS domain environment.

2. Now I have installed WANOS as a virtual machine. After i study your network design, the virtual machine WANOS should be in front of the production network and hide of the firewall. Right? WANOS should be the gateway for my production network. right?

3. In my environment, how to setup the NIC adapter? It seems that after i enable the NIC mode to promiscuous mode. My Cisco switch ports were shutdown with error. How to configure my switch ports for connecting WANOS wan NIC?

Wanos

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 56
    • View Profile
Re: vmware esxi5.0 production environment
« Reply #1 on: March 25, 2014, 07:32:03 AM »
Hi, very good questions

1) So far so good

2) No, Wanos is just a bridge/switch. No changes to the existing IP addressing is required. The IP Addresses on Wanos is used between the devices and for management of them, but other devices don't need to know about them or in other words no gateways need to be changed.

3) For production networks you need dedicated NIC's for the lan0 and wan0 or use different VLAN's. Since promiscuous is enabled it sounds like you got it right. Assuming both NIC's connect to the same 2960, they need to be in two different VLAN's as well. The switch should be running 'spanning-tree mode rapid-pvst' for best results, but make sure it's at least PVST or MST. MST is a bit more complicated, but essentially the inside and outside VLAN should be in different instances.

With both NIC's connected to the same switch and running Per Vlan Spanning Tree it should stay up. The Firewall should be on the same outside VLAN as wan0 and the VM's and other servers on the lan0 VLAN.

The concept is the same as for the high availability design, just without the second backup cable: High Availability
« Last Edit: September 26, 2016, 01:07:44 PM by lmolina »
Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs

Wanos

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 56
    • View Profile
Re: vmware esxi5.0 production environment
« Reply #2 on: March 25, 2014, 09:54:08 AM »
Another diagram. In this scenario the wan0 connects directly to the Router/Firewall

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs

Wanos

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 56
    • View Profile
Re: vmware esxi5.0 production environment
« Reply #3 on: March 25, 2014, 09:55:37 AM »
In this diagram lan0 and wan0 connects to the same switch using inside and outside VLANs (PVSTP)

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs

blatu2006

  • Member
  • ***
  • Posts: 2
    • View Profile
Re: vmware esxi5.0 production environment
« Reply #4 on: March 26, 2014, 02:36:07 AM »
Thank your for your answer. I am still confused with the network diagram. In the network diagram, my environment is Lan0 and Wan0 are in the same clan, same subnet. For example, my virtual machine is in 192.168.20.0/24 subnet and firewall internal interface ip is 192.168.20.1. But in the first diagram, router ip address is 172.16.1.1 in vlan10, and servers are in 172.16.1.0/24, but connecting vlan20, they are in the same subnets? Is there any wrong configuration?

Wanos

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 56
    • View Profile
Re: vmware esxi5.0 production environment
« Reply #5 on: March 26, 2014, 06:42:16 AM »
Hi, yes, this is possible since the appliance is a bridge/switch. Think of the inline device as another switch. This is also why no routing needs to be configured.

You can use either setup. If you want to keep just using one vlan, then the wan0 needs to be connected directly to the firewall internal interface. If the Firewall is connected to the switch or maybe you have two firewalls, then the two vlans (inside/outside) can be used. Wanos will bridge the two networks (vlan10 and vlan20), so they are actually one network. The two different vlans are used to ensure traffic flows through the bridge appliance.
Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs