blueprint01 wrote:
I will change my network design as you described:
vmnic0 (active), vmnic2 (standby) -> vswitch0 -> Management (VLAN 10) -> 192.168.10.0/24
vmnic2 (active), vmnic0 (standby) -> vswtch0 -> vMotion (VLAN 20) -> 192.168.20.0/24
vmnic1, vmnic3 -> vswitch1 -> iSCSI (MPIO) -> 10.10.0.0/24
vmnic4, vmnic6 -> vswitch2 -> VM Network -> 192.168.40.0/24
That seems good, now you have redundancy on network card level too. If you can (and if possible should) get another physical switch you could quite easy arrange your cables to have full physical switch redundancy as well without any changes on the ESXi network configuration.
All networks are redundant and use two different hardware NICs. I have to configure the physical switch ports which are connected to vmnic0 and vmnic2 as tagged for VLAN 10 and VLAN 20 the same for the ports of the other host.
Is this correct and best practice?
Yes, that is good. The vMotion network could use just any unused IP range and needs only addresses for the host, so no routing or default gateway is needed. If you need help with the switch configuration with tagging status let us know.
May I use the same IP subnet and VLAN (default untagged VLAN) for management and VM network or is this a problem for performance or security?
That will depend on your situation. If possible it is good to have a separate VLAN / IP subnet only for management, but depending on the size of your network (you mentioned having a single switch) then it might not be necessary. Be sure to set a long and complex password for the root account on the hosts.