Some time ago I had a VLAN for each type of traffic/usergroup and the infrastructure was on VLAN0(1-untagged). Now everything (with a few exceptions for transit VLANs) is on VLAN0.
I want to move the infrastructure traffic to another VLAN with minimal downtime. From an overview to the network on vCenter it seems a pretty straightforward move: just go to Manage Host Networking under the dSwitch and reassign the VMkernel Network Adapter to another dPort.
Just doing so would mean that I’d end up with the management IP on a competing VLAN away from the subnet while all of the servers are still on the main subnet-VLAN combination–I’d have the same subnet in two VLANs and that screams trouble. For starters, hypervisors would lose contact with domain controllers. I can counter this by drafting a custom hosts file and pushing it to the hosts. What would be more worrisome is that vCenter itself would be left on another VLAN unable to contact the hypervisors.
As we know, Distributed-anything is uneditable, unassignable, uneverything from ESXi for who-knows what reason and once the dSwitch is broken someway, it’s like a day job putting it back together, going back and forth to the physical servers, resetting the network, having enough resources on the servers to take the load while one or more are in maintenance mode so dSwitch changes won’t fail and so on. It escalates pretty quickly into a full-fledged nightmare. Anything of the fancy things done on vCenter are locked away in ESXi, even ESXi obviously knows about them.
Another way to go about it, I think, is to add temporary management-enabled VMkernels with temporary-subnet addresses then merge the old subnet into the new VLAN and finally just remove the temporary subnet from the new VLAN. But, that’s as far as I got. I don’t know if I’m missing steps that might trigger the nightmare. I am using networked storage, both NFS and iSCSI, but I just ordered a bunch of SSDs to go local (and maybe go vSAN after all is in place) and minimize the complexity and try to continue online as much as possible.
I do not want to edit the physical switches, specifically, changing switch management networks. It just seems too risky since I’m using different brands that have different names for the same thing. The main router that would allow me inter-VLAN communication is virtualized. I could do it on switch (L3) but it’s not as featured.
Any suggestion/link/advise/criticism is welcome. Thanks !