Expert Reference Series of White Papers. VMware vsphere Distributed Switches



Similar documents
How To Set Up A Virtual Network On Vsphere (Vsphere) On A 2Nd Generation Vmkernel (Vklan) On An Ipv5 Vklan (Vmklan)

vsphere Networking vsphere 5.5 ESXi 5.5 vcenter Server 5.5 EN

vsphere Networking vsphere 6.0 ESXi 6.0 vcenter Server 6.0 EN

Network Troubleshooting & Configuration in vsphere VMware Inc. All rights reserved

What s New in VMware vsphere 5.5 Networking

Virtual Networking Features of the VMware vnetwork Distributed Switch and Cisco Nexus 1000V Series Switches

Nutanix Tech Note. VMware vsphere Networking on Nutanix

vsphere Private Cloud RAZR s Edge Virtualization and Private Cloud Administration

What s New in VMware vsphere 5.0 Networking TECHNICAL MARKETING DOCUMENTATION

VMware Virtual SAN 6.2 Network Design Guide

vsphere Networking ESXi 5.0 vcenter Server 5.0 EN

Vmware VSphere 6.0 Private Cloud Administration

Expert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts

VMware vsphere-6.0 Administration Training

vsphere Distributed Switch

ESXi Configuration Guide

VMware vsphere 5.0 Evaluation Guide

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

Implementing Enhanced Secure Multi-tenancy Solutions (IESMT)

How to Create a Virtual Switch in VMware ESXi

What s New in VMware vsphere 5.1 Networking

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

VMware vsphere: [V5.5] Admin Training

Implementing and Troubleshooting the Cisco Cloud Infrastructure **Part of CCNP Cloud Certification Track**

ADVANCED NETWORK CONFIGURATION GUIDE

VMware NSX Network Virtualization Design Guide. Deploying VMware NSX with Cisco UCS and Nexus 7000

Simplify VMware vsphere* 4 Networking with Intel Ethernet 10 Gigabit Server Adapters

VMware vsphere 5.1 Advanced Administration

QNAP in vsphere Environment

Configuration Maximums

Best Practices for Running VMware vsphere on Network-Attached Storage (NAS) TECHNICAL MARKETING DOCUMENTATION V 2.0/JANUARY 2013

VMware vsphere Replication Administration

Nutanix Tech Note. Configuration Best Practices for Nutanix Storage with VMware vsphere

Study Guide. Professional vsphere 4. VCP VMware Certified. (ExamVCP4IO) Robert Schmidt. IVIC GratAf Hill

VXLAN: Scaling Data Center Capacity. White Paper

Running a VSM and VEM on the Same Host

Application Note Gigabit Ethernet Port Modes

Network Virtualization

VMware vsphere Design. 2nd Edition

Expert Reference Series of White Papers. Visions of My Datacenter Virtualized

Configuration Maximums

VMware Virtual SAN Network Design Guide TECHNICAL WHITE PAPER

How to monitor network traffic inside an ESXi host

hp ProLiant network adapter teaming

VMware vsphere 5.0 Boot Camp

VMware vsphere 4.1 with ESXi and vcenter

Cisco Nexus 1000V Switch for Microsoft Hyper-V

ESX Configuration Guide

How To Use Vsphere On Windows Server 2012 (Vsphere) Vsphervisor Vsphereserver Vspheer51 (Vse) Vse.Org (Vserve) Vspehere 5.1 (V

Simplified, High-Performance 10GbE Networks Based on a Single Virtual Distributed Switch, Managed by VMware vsphere* 5.1

BUILDING A NEXT-GENERATION DATA CENTER

Set Up a VM-Series Firewall on an ESXi Server

Khóa học dành cho các kỹ sư hệ thống, quản trị hệ thống, kỹ sư vận hành cho các hệ thống ảo hóa ESXi, ESX và vcenter Server

How to Create VLANs Within a Virtual Switch in VMware ESXi

VMWARE VSPHERE 5.0 WITH ESXI AND VCENTER

Active Fabric Manager (AFM) Plug-in for VMware vcenter Virtual Distributed Switch (VDS) CLI Guide

Top 3 VMware Certifications You Must Get - And How To Pass the First Time VMware Certification

Technical Note. vsphere Deployment Worksheet on page 2. Express Configuration on page 3. Single VLAN Configuration on page 5

Set Up a VM-Series Firewall on an ESXi Server

Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance

VirtualclientTechnology 2011 July

Best Practices for Monitoring Databases on VMware. Dean Richards Senior DBA, Confio Software

NSX TM for vsphere with Arista CloudVision

Drobo How-To Guide. Use a Drobo iscsi Array as a Target for Veeam Backups

E-SPIN's Virtualization Management, System Administration Technical Training with VMware vsphere Enterprise (7 Day)

Table of Contents. vsphere 4 Suite 24. Chapter Format and Conventions 10. Why You Need Virtualization 15 Types. Why vsphere. Onward, Through the Fog!

VMware Virtual SAN Design and Sizing Guide TECHNICAL MARKETING DOCUMENTATION V 1.0/MARCH 2014

VMware. NSX Network Virtualization Design Guide

VMware Network Virtualization Design Guide. January 2013

Cisco Nexus 1000V Virtual Ethernet Module Software Installation Guide, Release 4.0(4)SV1(1)

ESX Server 3 Configuration Guide Update 2 and later for ESX Server 3.5 and VirtualCenter 2.5

Huawei Enterprise A Better Way VM Aware Solution for Data Center Networks

Network Access Control in Virtual Environments. Technical Note

Windows Server 2012 R2 Hyper-V: Designing for the Real World

VMware Host Profiles: Technical Overview

VMware

How to Configure an Initial Installation of the VMware ESXi Hypervisor

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

Cisco Nexus 1000V Series Switches

VMware Virtual Networking Concepts I N F O R M A T I O N G U I D E

Hardening and Hacking vsphere and Private Cloud Everything you need to know about vsphere Security

Deploying 10 Gigabit Ethernet on VMware vsphere 4.0 with Cisco Nexus 1000V and VMware vnetwork Standard and Distributed Switches - Version 1.

Dell EqualLogic Best Practices Series

Configuration Maximums

Networking Topology For Your System

Enhancing Cisco Networks with Gigamon // White Paper

Cisco NetFlow Generation Appliance (NGA) 3140

Configuring iscsi Multipath

Virtualized Access Layer. Petr Grygárek

Microsoft SQL Server 2012 on Cisco UCS with iscsi-based Storage Access in VMware ESX Virtualization Environment: Performance Study

VMware vcloud Networking and Security Overview

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)

N_Port ID Virtualization

W H I T E P A P E R. Best Practices for High Performance NFS Storage with VMware

Expert Reference Series of White Papers. Five Reasons VMware vsphere 6.0 is a Game Changer

Virtual SAN Design and Deployment Guide

Install Guide for JunosV Wireless LAN Controller

Certification Guide. The Official VCP5. vmware* press. Bill Ferguson. Upper Saddle River, NJ Boston Indianapolis San Francisco.

Transcription:

Expert Reference Series of White Papers VMware vsphere Distributed Switches info@globalknowledge.net www.globalknowledge.net

VMware vsphere Distributed Switches Rebecca Fitzhugh, VCAP-DCA, VCAP-DCD, VCAP-CIA, VCP-DCV, VCP-DT, VCP-Cloud, Author, Global Knowledge Instructor Introduction There are two types of virtual switches available using vsphere, the vsphere Standard Switch and the vsphere Distributed Switch. The vsphere Standard Switch (vswitch or vss) resides in and is manually configured and administered on each ESXi host. The vsphere Distributed Switch (dvswitch or vds) provides similar functionality but is centralized to vcenter Server and is more featured. Additionally, the vsphere Distributed Switch requires the use of vsphere Enterprise Plus licensing. Both virtual switch types support the following features: Forwarding of L2 frames VLAN segmentation 802.1q encapsulation support NIC Teaming (support for more than one uplink) Outbound (Tx) traffic shaping Cisco Discovery Protocol (CDP) support In addition, the vsphere Distributed Switch supports the following features: Datacenter level management Network I/O Control Traffic Filtering and Marking Inbound (Rx) traffic shaping Configuration backup and restore Private VLANs Link aggregation control support Port state monitoring NetFlow Port mirroring This white paper will cover the vds architecture as well as an overview of many of the different features that are exclusive to the vsphere Distributed switch. Architecture A vsphere Distributed Switch is an aggregation of per-host virtual switches that are presented and controlled as a single distributed switch at the datacenter level through vcenter Server. The vsphere Distributed Switch provides centralized management and monitoring of the ESXi host networking components that are associated with the dvswitch. The purpose of this design is to establish a consistent switch configuration across the ESXi hosts in a virtual datacenter due to the dvswitch being created and configured at the vcenter Server level and propagated to the ESXi hosts. Copyright 2015 Global Knowledge Training LLC. All rights reserved. 2

A vsphere Distributed Switch is made up of two architectural components the control plane and the I/O plane: The control plane exists at the vcenter Server level and is ultimately responsible for configuring and managing the dvswitch, distributed port groups, uplinks, NIC teaming, PVLANs, and so on. The I/O plane is a hidden virtual switch that exists on each ESXi host that manages the I/O hardware on the ESXi host and is responsible for forwarding frames to the correct uplink(s). Therefore, in the event that vcenter Server is unavailable, communications will persist. When a virtual machine is connected to a port on a distributed switch, a folder named.dvsdata is created on the datastore on which the virtual machine resides. However, the.dvsdata folder will not be created if no virtual machines on that datastore are attached to a distributed switch. This folder would not exist if the virtual machines are connected only to standard switches. There is at least one subfolder that matches the universally unique identifier (UUID) of a distributed switch. In that subfolder there may be one or more files that correspond to a port ID in which a VM is connected to. This file contains the port state and policy information. Each distributed switch may have one or more distributed port groups assigned to it. A distributed port group associates multiple ports under a common configuration, defining how a connection is made to the network. A port can connect any networking entity, such as a virtual machine or a VMkernel interface. Features This section will provide an overview to several features that are unique to the vsphere Distributed Switch. Network I/O Control Network I/O Control (NIOC) is a traffic management capability that uses network resource pools to determine bandwidth allocation based I/O shares and limits. Network I/O Control was a feature that was released with vsphere 4.1 and is important in environments where 10 GigE cards are prevalent. Using Network I/O Control assists in facilitating sharing bandwidth by different traffic types across the same physical NIC(s). When the NIOC feature is enabled, the dvswitch traffic is divided into the following (system defined) network resource pools: management traffic, iscsi traffic, NFS traffic, vmotion traffic, VSAN traffic, Fault Tolerance traffic, vsphere Replication traffic, and virtual machine traffic. You also have the ability to create custom (user defined) network resource pools should the system defined network resource pools not fit your exact needs. vsphere 6 introduces the ability to guarantee bandwidth not only at the distributed port group level but also to a vnic at a virtual machine level. The configurable options of a network resource pool include shares, limits, and QoS priority tags. Physical adapter shares are assigned to a network resource pool to determine the share value associated to the traffic type affiliated with that pool. Shares only apply when the physical adapter is saturated. A host limit may also be assigned; this is the upper limit of bandwidth that the traffic type with a related network resource pool can use. A QoS priority tag (802.1p) may also be applied to all outgoing traffic for a network resource pool. QoS tags will ensure that the traffic is prioritized properly as it reaches the physical switch. Traffic Filtering and Marking The traffic filtering and marking policy is available with dvswitches that are version 5.5 or later. This will effectively allow for the creation of Access Control Lists (ACLs) as well as allow the tagging of traffic to pass Quality of Service (QoS) or Differentiated Services Code Point (DSCP) values for network prioritization. Copyright 2015 Global Knowledge Training LLC. All rights reserved. 3

An ACL allows for granular control of what traffic is allowed in or out of a specific VM, set of VMs, or even a port group. The rules are applied on the data path between the vnic and the distributed port or between the uplink port and the physical NIC. The VMkernel processes these rules, thus eliminating the need for any kind of external application and allowing for faster rule processing. These rules can be created using the following qualifiers: MAC Source Address and Destination Address qualifiers IP qualifiers, such as protocol type, IP Source Address, IP Destination Address, port number System Traffic qualifiers, such as vmotion traffic, management traffic, FT traffic, and so on A rule generally consists of one of the aforementioned qualifiers and an action of whether to restrict or prioritize the matching network traffic. Private VLANs A VLAN divides a broadcast domain into multiple logical broadcast domains; a Private VLAN (PVLAN) is an extension to the standard VLAN, further segmenting the logical broadcast domain into private groups. Ultimately this functionality allows for the extension of a single VLAN (primary PVLAN) into secondary PVLANs, with these secondary PVLANs residing only within the domain of the primary VLAN. There is one type of primary PLAN promiscuous. Any node attached to a promiscuous PVLAN may send and receive network traffic to any node in any secondary PVLAN associated the same primary. The promiscuous PVLANs have the same VLAN ID for both the primary and secondary VLAN. The secondary PVLANs are broken up into two types, community and isolated. Any node attached to a port in a community secondary PVLAN can send to and receive network traffic from any other port in the same secondary community PLAN, as well as send to and receive network traffic from the promiscuous PVLAN. Any node attached to an isolated secondary PVLAN may only send to and receive network traffic from the promiscuous PVLAN, even if there are other nodes attached to the same isolated secondary PVLAN. Network traffic between virtual machines that reside on different ESXi hosts but are on the same PVLAN must traverse a physical switch. The physical switch must be PVLAN aware and must be configured so that the secondary PVLANs reach the destination. NIC Teaming Policies vsphere NIC teaming policies enable the distribution or load balance of network traffic across the physical NICs by providing a mechanism that logically binds multiple physical NICs. This will result in greater throughput and availability. There are a few NIC teaming policies that are available using the vsphere Distributed Switch but not the vsphere Standard Switch. These policies include load-based teaming and Link Aggregation Control Protocol support. vsphere 4.1 introduced a NIC teaming policy called load-based teaming (LBT) or route based on physical NIC load. This policy is traffic load aware and reshuffles port binding dynamically based on load and the uplink usage in order to make the most efficient use of the bandwidth. Earlier releases provided several load balancing choices, still available today, which base their routing on a source MAC hash, an IP hash, or the originating virtual port ID. While these are valid load-balancing options in most environments, they each have limitations. Each of these policies statically maps the virtual NIC to an affiliated physical NIC rather than based on the current networking traffic. Because of this, these policies may not effectively distribute the network traffic across the uplinks. Loadbased teaming can address this shortcoming. Copyright 2015 Global Knowledge Training LLC. All rights reserved. 4

Link Aggregation Control Protocol (LACP) support began with vsphere 5.1 and has been enhanced since then. LACP support on a vsphere Distributed Switch 5.5 allows ESXi hosts to connect to physical switches using dynamic link aggregation. Multiple link aggregation groups (LAGs) can be created to aggregate the physical NIC bandwidth on ESXi hosts connected to LACP port channels. A LAG consists of two or more uplink ports and connects physical NICs to the ports. LAGs are used to increase network redundancy, bandwidth, and load balancing to the port groups. Up to sixty-four LAGs can be created on a vds and an ESXi host can support up to thirty-two LAGs. LACP configuration for the vsphere 5.1 vds only supported the IP hash load balancing policy whereas the vsphere 5.5 vds supports all load-balancing algorithms. Monitoring It s not uncommon for different teams to be managing the virtual switch and physical switch configurations. This can make it very difficult to troubleshoot unless each configuration parameter has been gone through manually. There have been enhancements to the vsphere Distributed Switch over the past few years to address these operational challenges. vsphere 5.0 introduced support for Link Layer Discovery Protocol (LLDP); earlier version of vsphere had support for Cisco Discovery Protocol (CDP). CDP is supported for both Standard and Distributed vswitches, whereas LLDP is supported only for Distributed vswitches. Both discovery protocols provide information about neighbor network devices, such as the device ID, software version, timeout, and so on. CDP is Cisco proprietary, so there are obvious incompatibility issues when using network devices from other vendors. LLDP is a vendor neutral discovery protocol. The Network Health Check feature was introduced with vsphere 5.1. This feature detects any misconfiguration of VLAN, MTU, and NIC Teaming parameters across the virtual switch and the connected physical switch (access layer switch). When enabled, layer 2 Ethernet frames are exchanged across the ESXi host uplinks each minute to detect misconfiguration. In order for this feature to operate correctly, there should be at least two uplinks configured on the vds and at least two ESXi hosts using the vds. This feature is not enabled by default and can only be enabled using the vsphere Web Client. Port mirroring is the capability of a network switch to send a copy of network traffic seen on one switch port to another switch port that may have a network-monitoring device connected. Port mirroring is sometimes referred to as Switch Port Analyzer (SPAN) on Cisco switches. The vsphere Distributed Switch provides a similar port mirroring function. A port mirroring session is configured with a destination and once configured, the vds will copy the network traffic to the destination. Port mirroring sessions may be created between virtual machines on the same ESXi host, virtual machines on different ESXi hosts, from a source VLAN to a destination port, from a source port to a destination IP address, or from a source port to a destination uplink. This feature can assist in troubleshooting or debugging network issues in the virtual infrastructure. NetFlow is a networking protocol that collects IP traffic information as records and sends them to a collector for traffic analysis. It gives visibility into traffic between virtual machines on the same ESXi host, virtual machines on different ESXi hosts, and virtual machine to physical infrastructure network traffic. NetFlow support gives an administrator the ability to monitor network traffic while assisting with network forensics, to include intrusion detection, compliance monitoring, and more. This feature can help to give real insight to the virtual networking piece of the virtual infrastructure. Backup and Restore vsphere Distributed Switch and distributed port group configurations can be exported to a file. This file will preserve all valid network configurations, enabling the ability to restore in case of issue, loss of vcenter Server, or even use this file to distribute the configurations to other deployments. Copyright 2015 Global Knowledge Training LLC. All rights reserved. 5

A new vds can be created with the configuration settings from the exported file. If distributed port groups were included in the configuration file then those will also be created. Restoring a distributed switch will overwrite the current settings of the distributed switch and its port groups that were included in the exported file. Any port group not part of the configuration file will remain. This functionality is available using the vsphere Web Client. Conclusion The vsphere Distributed Switch extends the capabilities and features of virtual networks while simplifying configuration, management, and monitoring by centralizing the dvswitch. Virtual switches can be divided up into two logical sections, the data plane (I/O plane) and the management plane (control plane). Each vsphere Standard Switch contains both the management and data planes, which are configured and managed individually. The vsphere Distributed Switch eases the management burden by treating the network as an aggregated resource, abstracting the virtual switches into a dvswitch spanning multiple ESXi hosts at a datacenter level. The data plane remains local to each ESXi host but the management is centralized. The vds also provides enhanced network monitoring and troubleshooting capabilities, like port mirroring, NetFlow, and network health check capabilities. PVLANs, Network I/O Control, and several other features are also made possible by use of the vsphere Distributed Switch. Learn More Learn more about how you can improve productivity, enhance efficiency, and sharpen your competitive edge through training. VMware vsphere: Install, Configure, Manage [V6.0] VMware vsphere: Optimize and Scale [V6.0] Visit www.globalknowledge.com or call 1-800-COURSES (1-800-268-7737) to speak with a Global Knowledge training advisor. About the Author Rebecca Fitzhugh is a VMware Certified Instructor and consultant whose primary focus is on VMware virtual infrastructure products as well as the vcloud and Horizon suites. Prior to becoming an instructor and consultant, she served five years in the United States Marine Corps where she assisted in the build-out and administration of multiple enterprise networks residing on virtual infrastructure. Packt Publishing recently published her book, vsphere Virtual Machine Management. Copyright 2015 Global Knowledge Training LLC. All rights reserved. 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information