Using an Isolation address to ensure HA functionality in a vSAN envrionment.
search cancel

Using an Isolation address to ensure HA functionality in a vSAN envrionment.

book

Article ID: 313763

calendar_today

Updated On: 03-31-2025

Products

VMware vSAN

Issue/Introduction


Scope:

In Networking Configurations where the vSAN and management networks are on different physical or logical networks and traffic is segregated, it is required to change the default vSphere HA isolation address from the management network to the vSAN network.



Background:

- In a vSAN cluster, vSphere HA agents communicate over the vSAN network by default. This is so that in the event of a network failure, vSphere HA and vSAN are on the same network. This, in turn, avoids conflicts when vSphere HA and vSAN experience different partitions when failures occur.
 
- vSAN always needs to be configured before HA is enabled.
 
- By default, vSphere HA in vSAN uses hosts management network default gateway IP for isolation detection.
 
- never use an existing vmkernel interface IP for HA isolation address.

Resolution

It is best practice to set two specific advanced configuration settings in the vSphere HA configuration when there is not already logical or physical segregation between Management network and vSAN network.


In the rare environment where vSAN network/IP space must overlap with any other active networks, the use of an active IP address on the vSAN network as an "isolation address" is strongly recommended.
 
Set the following advanced configuration in vCenter:


das.usedefaultisolationaddress=false
das.isolationaddress0=<IP address on vSAN network>


In some situations there may not be a suitable isolation address on the vSAN network. In this case, most physical top of rack switches can configure a port for SVI (switch virtual interface) to be used as the isolation address.

Additional Information

Powered by Wolken Software