The VSA cluster network must have at least 1 dedicated Ethernet switch that supports IEEE 802.1Q VLAN trunking.

You can have 2 dedicated switches to eliminate a single point of failure in the physical network. The switches must be configured to support the IP ranges of the front-end and back-end networks of the VSA cluster. To isolate front-end and back-end networks, you should use VLANs instead of physical isolation. VLAN isolation protects the VSA virtual NICs from Ethernet broadcast storms and malicious capturing and parsing of Ethernet frames. If VLANs are to be used with the VSA Cluster, all of the NICs must go into trunking ports.

You can configure two VLAN IDs on your switches to isolate traffic between the front-end and back-end networks. You can use the VLAN IDs in the VSA Installer and VSA Automated Installer to specify the VLAN IDs for the front-end and back-end networks. Using VLAN IDs is not mandatory.

A VSA back-end VLAN isolates VSA private network traffic and VSA front-end network traffic from network traffic initiated by non-VSA virtual machines on the VM Network port group. The private network includes clustering and RAID1 replication for a three-node VSA cluster and RAID1 replication only for a two-node VSA cluster. In addition, the vMotion network traffic is routed over the front-end VLAN even though it is directed to the back-end vSwitch.

Note

VLAN IDs can range from 1 to 4094. You cannot use 0 and 4095.

VLAN ID Configuration for a VSA Cluster

VSA Cluster Network

Example VLAN ID

Front-end network

1337

Back-end network

3598