We're about to implement NSX and I am using the opportunity to re-work our networks and routing. I'm a little reluctant to ask this because it seems pretty basic, but I'm primarily a server guy and this is a bit out of my comfort zone.
Scenario:
We have three main sites that form a ring. All three sites have various user subnets, but sites A and B also contain datacenters with VMware hosts.
- Site A: 10.1/16
- Site B: 10.2/16
- Site C: 10.3/16
- Virtual Infrastructure: 10.0/16
All Sites:
- Router Interfaces: 10.X.0.0-31
- Switch Management Interfaces: 10.X.0.128-254
- Client Data/VoIP/WiFi/IP Cameras/Keycard locks/etc: 10.X.1-254/24 (occasionally /23 if need be)
Sites A and B:
- VMware hosts: 10.X.0.32-63
- NSX Edge Gateways: 10.X.0.64-95
- Physical servers: 10.X.0.96-127
Virtual Infrastructure:
- Distributed Logical Router Interfaces: 10.0.X.1
- Virtual Network Appliances (Load balancers, security devices, etc..): 10.0.X.2-31
- Virtual Machines: 10.0.X.32-254
Questions:
- If I make the 10.X.0.0 networks /24s (meaning each site's router interfaces, switch management, VM hosts, NSX ESGs, and physical servers share a subnet/VLAN), will I run into any issues? (I know out-of-band management is best practice, but I don't really see the point if we don't have a physically separate network for it. I'm probably going to end up on-site with a console cable no matter what. Is the concern primarily broadcast storms and the like taking down everything instead of just a segment? Is that really something I should be concerned about these days?)
- Would making the 10.X.0.0 networks /27s solve any and all issues presented by question 1?
- Any other comments or critiques? This is my first time designing at this scale from (relative) scratch in the real world, so I'd like to hear about the potential pitfalls from some people who have done this before.
Thanks!
No comments:
Post a Comment