I just bought my first managed switch. It's a Zyxel 1910-24G. I understand the benefits of VLAN for performance and security, and I made a decision to make use of VLAN, but I'm having trouble wrapping my head around how I am going to implement it. It's a fairly basic design for most network admins, so if you have any advice or can link to any guides/articles, please let me know. Thanks!
This entire post is a theoretical design based on my limited networking knowledge. I have not actually started putting anything together yet. Things will get easier once my switch arrives and I start playing around with it and learning about it.
My current equipment:
The VLANs that I want:
My VMware environment is designed like this:
In summary, the challenges before me are:
This entire post is a theoretical design based on my limited networking knowledge. I have not actually started putting anything together yet. Things will get easier once my switch arrives and I start playing around with it and learning about it.
My current equipment:
- WAN link: ASUS RT-N16 running Tomato firmware (with VLAN enabled if that helps)
- Router: pfSense VM guests with CARP/etc, uplinked into the ASUS router
- Switch: Zyxel 1910-24G
- Various desktops
- Storage system capable of NFS and iSCSI
- Multiple ESXi servers with HA, DRS, vMotion, etc. I also want to try VSAN beta
The VLANs that I want:
- 100 Management desktops
- 200 Regular desktops
- 300 VOIP traffic
- 400 DMZ
- 1000 Datastore IP storage traffic (NFS in this case)
- 1100 vMotion
- 1200 FT Logging traffic
- 1300 VSAN traffic
- 1400 VM guest LAN
My VMware environment is designed like this:
- 1 Linux fileserver with 2x 1GBe NICs (I want to do teaming/LACP for 2GB/s, but that's for another thread)
- 2 ESXi nodes with 2x 1GBe NICs (I also want to team these for 2GB/s)
In summary, the challenges before me are:
- Teaming multiple NICs in Linux (LACP), for fault tolerance and aggregating bandwidth
- Teaming multiple NICs in ESXi, for fault tolerance and aggregating bandwidth
- Separating traffic using VLANs, for performance and security
- Using virtualized software-based firewall instances (pfSense) to route between VLANs
- Deploying one pfSense instance on each VMWare node, and having them work together, in case one node fails