My company wants to move to virtualized environment from its current physical environment - total about 50 vms on 12 hosts. Need to have HA capability to ensure that the system keeps chugging along even if the HW fails. We are going to repurpose some of the compute HW and add some new networking hardware for this. I think all is well on the compute side, but what is stumping us is the network design. It seems like VLAN architecture with tagged frames and trunking might do the trick, but the literature on this is quite confusing, so if someone can shed light on this, it would be helpful.

Network requirements: 1. Need to have multiple network zones (DMZ, App, Db, Storage, Management etc) 2. Each physical host only has 2 physical NIC's 3. Existing FW/Router is a HA set operating in active/passive mode with auto failover (Sonicwall 3600) 4. VM's from any host should be able to be assigned into any network zone, and have connectivity to another VM in another zone (eg Internet -> Web VM (DMZ) -> DB VM (DB zone) 5. Cost effective, easy to maintain network

We will purchase 2 new switches for this, but question is which one, and what features do I need to achieve all the above. Seems like a layer 2 switch is sufficient, and I would like to avoid complications like adding Open vSwitch (do I have to have this?)

We intend to bond the 2 physical NICs at the host level and connect the NIC's separately to each switch, then configure the VLAN to span the 2 switches. Is this the right approach?

