vMotion in a VMware ESXi environment
This guide provides sample configuration of
The following depicts the network topology for this sample deployment. In this sample deployment, there are two hosts, Host 60 (10.6.30.60) and Host 80 (10.6.30.80), which are members of Cluster 1 in the DataCenter 1. The vCenter server (10.6.30.99) manages DataCenter 1.
The following prerequisites must be met for this configuration:
- The vCenter server has been set up and the data center and cluster have been created.
- Host 60 and Host 80 are part of the cluster.
- A Gigabit Ethernet network interface card with a VMkernel port enabled for vMotion exists on both ESXi hosts.
- A FortiGate-VM is set up and able to handle traffic.
To migrate the FortiGate-VM on the vCenter web portal:
- Log into the vCenter web portal.
- Verify the current location of the FortiGate-VM:
- Go to the FortiGate-VM.
- On the Summary tab, check the Host. In this example, the host is currently Host 60 (10.6.30.60).
- Go to Storage > Files. Check that the FortiGate-VM is located in the correct datastore. In this example, the datastore is currently Datastore 60, which is in Host 60.
- Right-click the FortiGate-VM and select Migrate.
- Configure the migration options:
- For Select a migration type, select Change both compute resource and storage. Click NEXT.
- For Select a compute resource, select the desired new compute resource. In this example, Host 80 (10.6.30.80) is selected. Click NEXT.
- For Select storage, select the storage associated with the compute resource selected in step 5. In this example, Datastore 80 (as corresponds to Host 80) is selected. Click NEXT.
- For Select networks, select the desired destination network at the compute resource selected in step 5. In this example, the source network is at Host 60, and the destination network is at Host 80. Click NEXT.s
- For Select vMotion priority, select Schedule vMotion with high priority (recommended). Click NEXT.
- Before initiating the migration, open the CLI for the FortiGate-VM to check on traffic during the migration. Enter the
diag sniffer packet any 'icmp and host 8.8.8.8'
command to check if traffic is stable. If no traffic is lost during migration and the FortiGate-VM SSH session does not break, the output resembles the following: - Click FINISH. After a few seconds, the FortiGate-VM is migrated to the new compute resources, in this case Host 80.
- Log into the vCenter web portal. Go to the FortiGate-VM. On the Summary tab, the Host is now the new compute resources, in this case Host 80 (10.6.30.80).
- Go to Storage > Files. It shows that the FortiGate-VM is now located in a new datastore, in this example Datastore 80.
To configure the FortiGate-VM using the CLI:
config system interface
edit "port1"
set vdom "root"
set ip 10.6.30.61 255.255.255.0
set allowaccess ping https ssh snmp http telnet
set type physical
next
edit "port2"
set vdom "root"
set ip 10.1.100.61 255.255.255.0
set allowaccess ping https ssh snmp http telnet
set type physical
next
edit "port3"
set vdom "root"
set ip 172.16.200.61 255.255.255.0
set allowaccess ping https ssh snmp http telnet
set type physical
next
end
config router static
edit 1
set gateway 172.16.200.254
set device "port3"
next
end
config firewall policy
edit 1
set srcintf "port2"
set dstintf "port3"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set nat enable
next
end