Skip to main content

Too much redundancy will kill you

A customer asked me to verify their vSphere implementation. Everything looked perfectly redundant, in the traditional elegant way: cross over between layers to avoid single points of failure. I had to break the bad news: too much redundancy can mean NO redundancy.
In this case: host has 4 network interfaces (2x dual port card). VM's connect to a vSwitch, which has redundancy over vmnic0 and vmnic2 (using 1 port of each card). Another vSwitch for the storage traffic, same level of redundancy, using vmnic1 and vmnic3. Looking good.
Then the physical level. 4 host interfaces, 2 interconnected network switches. The traditional |X| design connects the two interfaces of every card to different switches. Looking good.

But looking at both configurations together, you'll see that every vSwitch gets connected to one physical switch. The sum of two crossed redundancy configurations equals no redundancy at all.
Enabling CDP or LLDP can help you identify this problem, as you can identify on every interface which physical switch it connects to. In this case the CDP physical switch identifier was the same on vmnic0 and vmnic2, and again the same on vmnic1 and vmnic3.
I advised changing the cabling to four straight || || connections, vmnic0 and vmnic1 to the left switch and vmnic2 and vmnic3 to the right switch. That re-introduces the redundancy they thought they had.

Comments

pvaneynd said…
That is actually quite funny.
deinoscloud said…
Nice catch. Many designs have this kind of error...

Obviously you would have to change at the vSS level if you hosts are blade type since the X is physically wired in the back plane of the chassis; NICPort1->SW1, NICPort2->SW2

Popular posts from this blog

How to solve "user locked out due to failed logins" in vSphere vMA

In vSphere 6, if the vi-admin account get locked because of too many failed logins, and you don't have the root password of the appliance, you can reset the account(s) using these steps:

reboot the vMAfrom GRUB, "e"dit the entry"a"ppend init=/bin/bash"b"oot# pam_tally2 --user=vi-admin --reset# passwd vi-admin # Optional. Only if you want to change the password for vi-admin.# exitreset the vMAlog in with vi-admin These steps can be repeated for root or any other account that gets locked out.

If you do have root or vi-admin access, "sudo pam_tally2 --user=mylockeduser --reset" would do it, no reboot required.

Volkswagen UHV bluetooth touch adapter & its problems

My Volkswagen car has the "universal cellphone preparation" UHV built-in. This is the main part of a car kit, but requires an additional adapter for connecting to a cellphone. At first, I was using an adapter for my good old Nokia 6310, even after I changed to the Nokia E71. Connecting was easy: pair the phone with the "VW UHV" bluetooth entity, and done. This has the phone connected to the car kit at all times, so even non-call-related functions use the car audio system (e.g. voice recognition).
But progress will have its way, no matter what happens. So in comes the "bluetooth touch adapter". Instead of a phone-specific adapter, this is a small touchscreen device that slots into the UHV dashboard mount. Connecting a phone is very different now:
the Bluetooth Touch Adapter connects to the "VW UHV" device via bluetooth
the phone connects to "Touch Adapter" device, also via bluetoothThe device doesn't allow step 2 if step 1 didn't s…

Multiple VLANs on a Synology NAS

Synology, like other SOHO/SMB NAS vendors, touts VLAN functionality with their current DSM 4.1 software. However, the web interface just lets you specify one VLAN tag to use over each eth interface (or bond interface).
Manual approachIn the busybox environment that you can ssh into as root (after enabling ssh through the webinterface), there's all the tools you need to use multiple VLANs over one link (eth or bond), however:
First you insert the 802.1q module into the Linux kernel:
 /sbin/lsmod | /bin/grep -q 8021q || /sbin/insmod /lib/modules/8021q.koThen you add each VLAN you need to every interface (bond0 in this example)
 /sbin/vconfig add bond0 4And finally you can configure IP addresses on every interface.vlan combination (bond0.4 in this example)
 /sbin/ifconfig bond0.4 192.168.4.1 broadcast 192.168.4.255 netmask 255.255.255.0The same type of script would work on a QNAP NAS too, by the way. They offer 8021q.ko and vconfig in their commandline environment as well.
Packets from…