I have seen this popping up various times over the last few years. That little tickbox on your VMkernel NIC that says “Management traffic” (aka management network) what is it for? What if I untick it, will SSH to that VMkernel still work? Will the HA heartbeat still work? Can I still ping the VMkernel NIC? Those are all questions I have had in the past, and I can understand why… I would say that the term “Management traffic” is really really poorly chosen, but why?
The feature described as “Management traffic” does nothing more than enabling that VMkernel NIC for HA heartbeat traffic. Yes that is it. Even if you disable this feature, management traffic, you can still use the VMkernel’s associated IP address for adding it to vCenter Server. You can still SSH that VMkernel associated IP address if you have SSH enabled. So keep that in mind.
Yes I fully agree, very confusing but there you have it: the “management traffic” enables the HA heartbeat network, nothing more and nothing less.
Thank you for this important clarification, clearer than
vSphere 5 Documentation Center, Best Practices for Networking
http://pubs.vmware.com/vsphere-50/index.jsp?topic=%2Fcom.vmware.vsphere.avail.doc_50%2FGUID-B1906BCD-E538-4FFF-AAE9-5403FE253F38.html
this means I can safely activate the checkbox for iscsi vmkernel ports too? even if they are not reachable from the vCenter?
This is my understanding based on conversations with various engineers and some tests… Now I don’t give any guarantees as you can imagine, so I would always recommend testing this first.
I tested this long back and using in our current production environment , but test yourself as recommend.
Thanks very much for this note and clarification, I always wondered and never had an opportunity to test as I was managing 5 production environments for clients without a test lab 🙂 Cheers and have an excellent weekend!
-Zeke
I thought the VADP backup traffic to external devices used this port as well?
The official documentation also says that vmk ports marked for vMotion are _not_ used for HA heartbeat traffic, unless there exists only one single vmk port. The ICM course doesn’t mention anything about that.
Regarding VADP, my colleague Magnus who is sitting on the opposite side of the desk thinks that the choice of vmk port for backup traffic is determined by which IP/vmk-port that the backup server initiates its connection towards. Not sure though.
“this means I can safely activate the checkbox for iscsi vmkernel ports too? even if they are not reachable from the vCenter?”
Valid as long as all the ESXi hosts’ iSCSI VMKernel ports can talk to each other.
Although, I do think this is asking for trouble: dedicated iSCSI networks and Layer 2 isolation of storage traffic, vCenter management, HA, and vMotion traffic, is a good idea; I would have a highly-available router or firewall on the iSCSI LAN and on each of your VMkernel LANs; to provide routed connectivity from vCenter and from ESXi to every other vmkernel IP address of every other ESXi, and to every other IP address of vCenter, if vCenter has multiple IP addresses.
Aside from facilitating troubleshooting and monitoring of the network; I find that on occassion there will be operations failing when vCenter or the ESXi host provide or attempt to use an unreachable ESXi IP address for some operation such as a non-routine cold migration, even when none of the 3 boxes were checked.