Vmware Integration: Brkdct-2868

VMware Integration
BRKDCT-2868
BRKDCT-2868
14490_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 2
© 2006, Cisco Systems, Inc. All rights reserved. 1

Presentation_ID.scr
Virtualization
App App App App App App

VM VM VM
Guest OS Guest OS Guest OS Guest OS Modified OS Modified OS
Mofied Stripped Hypervisor Mofied Stripped

Down OS with Down OS with
Hypervisor Host OS Hypervisor
CPU CPU CPU
VMware Microsoft XEN aka

Paravirtualization
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
Migration
VMotion, aka VM Migration allows a

VM to be reallocated on a different
Hard are without
Hardware itho t ha
having
ing to
interrupt service.
Console
Console
App. App. App.

Downtime in the order of few
OS
OS
milliseconds to few minutes, VMware Virtualization Layer VMware Virtualization Layer

not hours or days OS OS OS
Can be used to perform Hypervisor Hypervisor

Maintenance on a server,
Can be used to shift workloads
more efficiently CPU CPU
2 ttypes off Mi
Migration:
ti
VMotion Migration
Regular Migration
BRKDCT-2868

Presentation_ID.scr
VMware Architecture in a Nutshell
Mgmt
Network Production
Network
VM Kernel
App. App. App. Network
Console
OS
OS OS OS
Virtual
Machines
VM Vi
Virtualization
li i Layer
L
Physical Hardware
CPU …
ESX Server Host
VMware HA Clustering
App1 App2
App1 App2 App3 App4 App5

Guest OS Guest OS
Guest OS Guest OS Guest OS Guest OS Guest OS
Hypervisor Hypervisor Hypervisor
ESX Host
H t1 ESX Host
H t2 ESX Host 3
CPU CPU CPU

Presentation_ID.scr
Application-level HA clustering
(Provided by MSCS, Veritas etc…)
App1
App1 App2 App3 App4 App5 App2
Guest OS Guest OS Guest OS Guest OS Guest OS Guest OS Guest OS
Hypervisor Hypervisor Hypervisor
ESX Host
H t1 ESX Host
H t2 ESX Host 3
CPU CPU CPU
Agenda
VMware LAN Networking

vSwitch Basics
NIC Teaming
vSwitch vs LAN Switch
Cisco/VMware DC DESIGNS
SAN Designs
BRKDCT-2868

Presentation_ID.scr
VMware Networking Components
Per ESX-server configuration
VMs vSwitch VMNICS = uplinks
vNIC vSwitch0
VM_LUN_0007
vmnic0
VM_LUN_0005
vNIC
vmnic1
Virtual Ports
BRKDCT-2868
vNIC MAC Address

VM’s MAC address /vmfs/volumes/46b9d79a-
automatically generated 2de6e23e-929d-
001b78bb5a2c/VM LUN 0005
001b78bb5a2c/VM_LUN_0005
Mechanisms to avoid MAC
/VM_LUN_0005.vmx
collision
ethernet0.addressType = "vpx"
VM’s MAC address doesn’t
change with migration ethernet0.generatedAddress =
"00:50:56:b0:5f:24„
VM’s MAC addresses can be
made static by modifying the ethernet0.addressType =
configuration
g files „„static“
ethernetN.address = ethernet0.address =
00:50:56:XX:YY:ZZ "00:50:56:00:00:06„
BRKDCT-2868

Presentation_ID.scr
vSwitch Forwarding Characteristics
Forwarding based on MAC address (No Learning):

If traffic doesn’t match a VM MAC is sent out to vmnic
VM-to-VM traffic stays local
Vswitches TAG traffic with 802.1q VLAN ID
vSwitches are 802.1q Capable
vSwitches can create Etherchannels
BRKDCT-2868
vSwitch Creation
YOU DON’T HAVE TO SELECT A NIC
This is just a name
vNICs
vswitch
Select the Port-Group by specifying the

NETWORK LABEL
BRKDCT-2868

Presentation_ID.scr
VM Ù Port-Group ÙvSwitch
BRKDCT-2868
VLAN’s - External Switch Tagging - EST

VLAN tagging and
Service stripping is done by the
VM1 VM2 Console physical switch
No ESX configuration
Virtual NIC’s
required as the server is
not tagging
VMkernel ESX
NIC VSwitch A VSwitch B The number of VLAN’s
Server supported is limited to
VMkernel the number of physical
NIC’s
C s in tthe
e se
server
e
Physical NIC’s
Physical
Switches VLAN 100 VLAN 200
BRKDCT-2868

Presentation_ID.scr
VLAN’s - Virtual Switch Tagging - VST
The vSwitch tags
outgooing frames with
Service
VM1 VM2 Console the VLAN Id
The vSwitch strips any

Virtual NIC’s dot1Q tags before
delivering to the VM
VMkernel ESX Physical NIC’s and
NIC VSwitch A
Server switch port operate as a
VMkernel trunk
Number of VLAN’s are

limited to the number of
Physical NIC’s vNIC’s
dot1Q
Physical No VTP or DTP. All

VLAN 100 VLAN 200
Switches static config. Prune
VLAN’s so ESX doesn’t
BRKDCT-2868
14490_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
process broadcasts 15
VLAN’s - Virtual Guest Tagging - VGT

Portgroup VLAN Id set
to 4095
Service
VM1 VM2 Console
Tagging and stripping of
dot1Q VLAN id’s happens in
Virtual NIC’s the guest VM – requires
VM applied
an 802.1Q driver
VMkernel ESX Guest can send/receive
NIC VSwitch A
Server any tagged VLAN frame
VMkernel
Number of VLAN’s per
guest are not limited to
the number of VNIC’s
Physical NIC’s
dot1Q
VMware does not ship
Physical with the driver:
VLAN 100 VLAN 200
Switches Windows E1000
Linux dot1q module
BRKDCT-2868

Presentation_ID.scr
Agenda

vSwitch Basics
NIC Teaming
SAN Designs
BRKDCT-2868
Meaning of NIC Teaming in VMware (1)
ESX server NIC cards
vSwitch Uplinks
vmnic0 vmnic1 vmnic2 vmnic3
NIC Teaming
NIC Teaming
THIS IS NOT NIC Teaming

vNIC vNIC vNIC
vNIC
vNIC
ESX Server Host
BRKDCT-2868

Presentation_ID.scr
Meaning of NIC Teaming in VMware (2)
Teaming is Configured at
The vmnic Level
s is NOT Teaming
This
BRKDCT-2868
Design Example
2 NICs, VLAN 1 and 2, Active/Standby
802.1q 802.1q
Port-Group 1 Vlan 1,2 Vlan 1,2
VLAN 2
vmnic0 vmnic1 ESX Server
vSwitch0
Port-Group 2
VLAN 1
VM1 VM2 Service Console
BRKDCT-2868

Presentation_ID.scr
Active/Standby per-Port-Group
CBS-left CBS-right
VMNIC0 VMNIC1
Port-Group1 Port-Group2
vSwitch0
VM5 VM7 VM4 VM6

.5 .7 ESX Server
.4 .6
BRKDCT-2868
Port-Group Overrides vSwitch Global

Configuration
BRKDCT-2868

Presentation_ID.scr
Active/Active
ESX server NIC cards

d
ESX server
vmnic0 vmnic1
vSwitch
Port-Group
VM1 VM2 VM3 VM4 VM5
BRKDCT-2868
Active/Active
IP-Based Load Balancing
Works with Channel-Group

mode ON
LACP iis nott supported
t d P t h
Port-channeling
li
(see below):
9w0d: %LINK-3-UPDOWN: Interface ESX server
GigabitEthernet1/0/14, changed state vmnic0 vmnic1
to up
9w0d: %LINK-3-UPDOWN: Interface vSwitch
GigabitEthernet1/0/13, changed state
to up
Port-Group
9w0d: %EC-5-L3DONTBNDL2:
Gi1/0/14 suspended: LACP currently
not enabled on the remote port.
9w0d: %EC-5-L3DONTBNDL2:
Gi1/0/13 suspended: LACP currently
not enabled on the remote port.
VM1 VM2 VM3 VM4
BRKDCT-2868

Presentation_ID.scr
Agenda

vSwitch Basics
NIC Teaming
SAN Designs
BRKDCT-2868
All Links Active, No Spanning-Tree

Is There a Loop?
CBS-left CBS-right
NIC1 NIC2 NIC3 NIC4
Port-Group1 Port-Group2
vSwitch1
VM5 VM7 VM4 VM6

.5 .7 ESX Server
.4 .6
BRKDCT-2868

Presentation_ID.scr
Broadcast/Multicast/Unknown Unicast
Forwarding in Active/Active (1)
802.1q 802.1q
Vlan 1,2 Vlan 1,2
vmnic0 vmnic1
vSwitch0
Port-Group 1
VLAN 2
ESX Server VM1 VM2
BRKDCT-2868
Broadcast/Multicast/Unknown Unicast
Forwarding in Active/Active (2)
802.1q 802.1q
Vlan 1,2 Vlan 1,2
ESX Host NIC1 NIC2

vSwitch
VM1 VM2 VM3
BRKDCT-2868

Presentation_ID.scr
Can the vSwitch Pass Traffic Through?
E.g. HSRP?
NIC1 NIC2
vSwitch
VM1 VM2
BRKDCT-2868
Is This Design Possible?
Catalyst1 Catalyst2
802.1q
1 802.1q
2
ESX server1
VMNIC1 VMNIC2
vSwitch
VM5 VM7
.5 .7
BRKDCT-2868

Presentation_ID.scr
vSwitch Security
Promiscuous mode Reject

prevents a port from
capturing traffic whose
address is not the VM’s
address
MAC Address Change,
prevents the VM from
modifying the vNIC
address
Forget Transmits prevents
the VM from sending out
traffic with a different MAC
(e.g NLB)
BRKDCT-2868

Similarly to a LAN Switch: Differently from a LAN Switch
Forwarding based on MAC No Learning
address
No Spanning-Tree protocol
VM-to-VM traffic stays local
No Dynamic trunk negotiation
Vswitches TAG traffic with (DTP)
802.1q VLAN ID
No 802.3ad LACP
vSwitches are 802.1q Capable
2 Etherchannel backing up each
vSwitches can create other is not possible
Etherchannels
No SPAN/mirroring capabilities:
Preemption Configuration Traffic capturing is not the
(similar to Flexlinks, but no equivalent of SPAN
delay preemption)
Port Security limited
BRKDCT-2868

Presentation_ID.scr
Agenda

vSwitch Basics
NIC Teaming
SAN Designs
BRKDCT-2868
vSwitch and NIC Teaming Best Practices

Q: Should I use multiple vSwitches or Q: Which NIC Teaming configuration should
multiple Port-Groups to isolate traffic? I use?
A: We didn’t see any advantage in using A: Active/Active, Virtual Port-ID based
multiple vSwitches, multiple Port-Groups
Q: Do I have to attach all NICs in the team
with different VLANs give you enough
to the same switch or to different
flexibility to isolate servers
switches?
Q: Should I use EST or VST?
A: with Active/Active Virtual Port-ID based, it
A: Always use VST, i.e. assign the VLAN doesn’t matter
from the vSwitch
Q: Should I use Beaconing?
Q: Can I use native VLAN for VMs?
A: No
A: Yes you can, but to make it simple don’t.
Q: Should I use Rolling Failover (i.e. no
If you do, do not TAG VMs with the native
preemption)
VLAN
A: No, default is good, just enable
trunkfast on the Cisco switch
BRKDCT-2868

Presentation_ID.scr
Cisco Switchport Configuration
Make it a Trunk interface GigabitEthernetX/X
Enable Trunkfast description <<** VM Port **>>
Can the Native VLAN be used for no ip address
VMs?
switchport
Yes, but IF you do, you have 2
switchport trunk encapsulation dot1q
options
Configure VLAN ID = 0 for the VMs switchport trunk native vlan <id>
that are going to use the native VLAN
(preferred) switchport trunk allowed vlan xx,yy-zz
Configure “vlan dot1q tag native” on switchport mode trunk
the 6k (not recommended)
Do not enable Port Sec

Security
rit switchport nonegotiate
(see next slide) no cdp enable
Make sure that “teamed” NICs are in spanning-tree portfast trunk
the same Layer 2 domain
!
Provide a Redundant Layer 2 path
Typically: SC, VMKernel, VM Production

BRKDCT-2868
Configuration with 2 NIC

SC, VMKernel, Production Share NICs
Trunks
802.1q: Production VLANs,

802.1q Service Console, VM Kernel
NIC teaming
Active/Active ESX Server
VMNIC1 VMNIC2
Port-Group Port-Group Port-Group
1 2 3
vSwitch 0
Global
Active/Active
VST
Service
VM1 VM2 VM Kernel
Console
HBA1 HBA2
Active/Standby Active/Standby
BRKDCT-2868
14490_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public Vmnic1/vmnic2 Vmnic2/vmnic1 36

Presentation_ID.scr
Configuration with 2 NICs
Dedicated NIC to SC, VMKernel, Separate NIC for Production
Trunks
802.1q: Production VLANs,

802.1q Service Console, VM Kernel
NIC teaming
Active/Active ESX Server
VMNIC1 VMNIC2
Port-Group Port-Group Port-Group
1 2 3
vSwitch 0
Global
Active/Standby
Vmnic1/vmnic2
VST
Service
VM1 VM2 VM Kernel
Console
HBA1 HBA2
BRKDCT-2868
Network Attachment (1)

Secondary
root root
Rapid PVST+
Trunkfast 802.1q:
BPDU guard Production,
SC, VMKernel No Blocked Port,
No Loop
Catalyst1 Catalyst2
802.1q: All NICs are used

Production, 802.1q Traffic distributed
SC VMKernel
SC, On all links
1 4
2 3
VMNIC1 VMNIC2 VMNIC1 VMNIC2
vSwitch vSwitch
ESX server1 ESX server 2
BRKDCT-2868

Presentation_ID.scr
802.1q: Secondary
root Production, SC, VMKernel root
Rapid PVST+
Trunkfast
BPDU guard
Typical Spanning-Tree
V-Shape Topology
802.1q:
802 1q: All NICs are used
Production, 802.1q Traffic distributed
SC, VMKernel On all links
1 4
2 3
VMNIC1 VMNIC2 VMNIC1 VMNIC2
vSwitch
ESX server1 ESX server 2 vSwitch
BRKDCT-2868

Dedicated NICs for SC and VMKernel
Dedicated NIC for SC

VMs become completely isolated
Dedicated
Production NIC for VMKernel
VLANs
VMNIC1
Redundant Production
VMNIC2 VMNIC3 ESX Server
How good is this design? VMNIC4
Isolates Management Access
VC cannot
Active/Active control ESX Host Isolates VMKernel
Vmnic1/vmnic2 vswitch
If this is part of an HA Cluster Management

If using iSCSI thisaccess is lost
is the worst
VMs are powered down iSCSI access
Possible failure, is lost
very complicated
Port-Group 1
ToVMotion
Service
recover can’t
VMfrom
Kernel
run
Console
HBA1 HBA2
If this is part of a DRS cluster
It prevents automatic migration
BRKDCT-2868

Presentation_ID.scr
Redundant SC and
P d ti
Production SC, VMK
SC VMKernelSC
l swaps to vmnic4
VMKernel Connectivity
VLANs VLANs
VMNIC2 VMNIC3 ESX Server

VMNIC1
Redundant Production VC can still control Host
VMNIC4
HA augmented by teaming on Production Traffic goes to vmnic3
Different NIC chipsets
All links
Production andused
Management
Active/Active
Vmnic1/vmnic3G
Go through
h h chipset
hi 2 vswitch
“Dedicated NICs” for SC VMKernel
Production swaps to vmnic2
and Management
And VMKernel Go through chipset1
Port-Group 1
Production
Service Traffic
VM Kernel
Console
Continues on vmnic1
HBA1 HBA2
BRKDCT-2868

Secondary
root root
Rapid PVST+
Trunkfast 802.1q:
BPDU guard Production, No Blocked Port,
SC, VMKernel No Loop
Catalyst1 Catalyst2
q
802.1q: 802.1q:
Production SC and VMKernel
1 2 7 8
3 6
4 5
vSwitch vSwitch
BRKDCT-2868

Presentation_ID.scr
802.1q: Secondary
Rapid PVST+
Trunkfast
BPDU guard
V-Shape Topology
Catalyst1 Catalyst2
802.1q:
802 1q
Production 802.1q:
SC and VMKernel
1 2
3 6 7 8
4 5
vSwitch vSwitch
BRKDCT-2868
How About?
802.1q: Secondary
Trunkfast
BPDU guard
V-Shape Topology
Catalyst1 Catalyst2
802.1q:
802 1q
Production 802.1q:
SC and VMKernel
1 2
3 6 7 8
ESX server1 4 5 ESX server 2
vSwitch vSwitch
BRKDCT-2868

Presentation_ID.scr
4 NICs with Etherchannel
“Clustered” switches
802.1q:
802.1q:
6 8 SC, VMKernel
Production
1 3 7
2 5
4
vSwitch vSwitch
BRKDCT-2868
VMotion Migration Requirements
BRKDCT-2868

Presentation_ID.scr
VMKernel Network can be routed
VM Kernel
Network
Mgmt VM Kernel Production

Network Network Network
Virtual
Machines
…
ESX Server Host
BRKDCT-2868
VMotion L2 Design
Rack1
Rack10
vmnic0 vmnic2
vmnic0 vmnic1 vmnic2 vmnic3
vSwitch0 vSwitch2
vSwitch0 vSwitch1 vSwitch2
vmkernel
vmkernel Service
console
ESX Host 1
ESX Host 2 VM4 VM5 VM6
BRKDCT-2868

Presentation_ID.scr
HA clustering (1)
Recommendations:
EMC/Legato AAM based
Have 2 Service Console on
HA Agent runs in every host redundant
d d paths
h
Heartbeats Unicast UDP port Avoid losing SAN access (e.g. via
~8042 (4 UDP ports opened) iSCSI)
Hearbeats run on the Service Make sure you know before hand
Console ONLY if DRS is activated too!
When a Failure Occurs, the ESX Caveats:

Host pings the gateway (on the Losing Production VLAN
SERVICE CONSOLE ONLY) to connectivity only, ISOLATES
verify Network Connectivity VMs (there’s
(there s no equivalent of
uplink tracking on the vswitch)
If ESX Host is isolated, it shuts
down the VMs thus releaseing Solution:
locks on the SAN NIC TEAMING
BRKDCT-2868
HA clustering (2)
iSCSI access/VMkernel 10.0.200.0

COS 10.0.2.0
Prod 10.0.100.0
vmnic0 vmnic0
VM1 VM2
VM1 VM2
ESX1 Server Host ESX2 Server Host

BRKDCT-2868

Presentation_ID.scr
Agenda

vSwitch Basics
NIC Teaming
SAN Designs
BRKDCT-2868
Multiple ESX Servers—Shared Storage
BRKDCT-2868

Presentation_ID.scr
VMFS
VMFS Is High Performance Cluster File System
for Virtual Machines Stores the entire virtual machine
state in a central location
Virtual Machines
Supports heterogeneous storage
arrays
ESX ESX ESX ESX
Server
VMFS
Server
VMFS
Server
VMFS
Server
VMFS
Adds more storage to a VMFS
volume dynamically
Servers
Allows multiple ESX Servers to
access the same virtual machine
storage
g concurrentlyy
Storage
Enable virtualization-based
distributed infrastructure services
A.vmdk
such as VMotion, DRS, HA
BRKDCT-2868
The Storage Stack in VI3

ESX 1 VM1 VM2 VM3 VM4 VM5ESX 2 Selectively presents logical
containers to VMs
VD1 VD2
VD3 VD4 VD5
Provides services such as snapshots
VSCSI VSCSI
Disklib Disklib
ESX
VMFS Storage Stack ESX
VMFS Storage Stack
LVM LVM Provisions logical containers
Aggregates physical volumes
SAN switch
Clustered host-based VM and filesystem
Analogous to how VI3 virtualizes servers
Looks like a SAN to VMs
LUN 1 LUN 2 LUN 3 A network of LUNs
Presented to a network of VMs
BRKDCT-2868

Presentation_ID.scr
Standard Access of Virtual
Disks on VMFS
ESX1 ESX2 ESX3
VM1 VM2 VM3 VM4 VM5 VM6
VMFS1
LUN1
The LUN(s) are presented to an ESX Server cluster via standard LUN masking and zoning
VMFS is a clustered volume manager and filesystem that arbitrates access to the shared LUN
Data is still protected so that only the right application has access. The point of control moves from the SAN to the vmkernel,
but there is no loss of security.
ESX Server creates virtual machines (VMs), each with their own virtual disk(s)
The virtual disks are really files on VMFS
Each VM has a virtual LSI SCSI adapter in its virtual HW model
Each VM sees virtual disk(s) as local SCSI targets – whether the virtual disk files sit on local storage, iSCSI, or fiber channel
VMFS makes sure that only one VM is accessing a virtual disk at one time
With VMotion, CPU state and memory are transferred from one host to another but the virtual disks stay still
VMFS manages the transfer of access from source to destination ESX Server
BRKDCT-2868
Three Layers of the Storage Stack

Virtual
disks
((VMDK))
Virtual Machine
Datastores
VMFS Vols ESX Server
(LUNs)
Storage Array
Physical
disks
BRKDCT-2868

Presentation_ID.scr
ESX Server View of SAN
FibreChannel disk arrays appear as SCSI targets

(devices) which may have one or more LUNs
On boot, ESX Server scans for all LUNs by sending
inquiry command to each possible target/LUN number
Rescan command causes ESX Server to scan again,
looking for added or removed targets/LUNs
ESX Server can send normal SCSI commands to any
LUN, just like a local disk
BRKDCT-2868
ESX Server View of SAN (Cont.)
Built-in locking mechanism to ensure multiple hosts can

access same disk on SAN safely
VMFS-2 and VMFS-3 are distributed file systems, do
appropriate on-disk locking to allow many ESX Server servers
to access same VMFS
Storage is a resource that must be monitored and

managed to ensure performance of VM’s
g 3rd-party
Leverage p y systems
y and storage
g management
g tools
Use VirtualCenter to monitor storage performance from virtual
infrastructure point of view
BRKDCT-2868

Presentation_ID.scr
Choices in Protocol
FC, iSCSI or NAS?

Best practice to leverage the existing infrastructure
Not to introduce too many changes all at once
Virtual environments can leverage all types
You can choose what fits best and even mix them
Common industry perceptions and trade offs still apply in the
virtual world
What works well for one does not work for all
BRKDCT-2868
Which Protocol to Choose?

Leverage the existing infrastructure when possible
Consider customer expertise
p and ability
y to learn
Consider the costs (Dollars and Performance)
What does the environment need in terms of throughput
Size for aggregate throughput before capacity
What functionality is really needed for Virtual Machines

Vmotion, HA, DRS (works on both NAS and SAN)
VMware Consolidated Backup (VCB)
ESX boot from disk
Future scalability
DR requirements
BRKDCT-2868

Presentation_ID.scr
FC SAN—Considerations
Leverage multiple paths for high availability

Manually distribute I/O intensive VMs on
separate paths
Block access provides optimal performance for large
high transactional throughput work loads
Considered the industrial strength backbone for most
large enterprise environments
Requires expertise in storage management team
Expensive price per port connectivity
Increasing to 10 Gb throughput (Soon)
BRKDCT-2868
iSCSI—Considerations
Uses standard NAS infrastructure
Best Practice to
Have dedicated LAN/VLAN to isolate from other network
traffic
Use GbE or faster network
Use multiple NICs or iSCSI HBAs
Use iSCSI HBA for performance environments
Use SW initiator for cost sensitive environments
Supports all VI 3 features
Vmotion, DRS, HA
ESX boot from HW initiator only
VCB is in experimental support today – full support shortly
BRKDCT-2868

Presentation_ID.scr
NFS—Considerations
Has more protocol overhead but less FS overhead than VMFS as
the NAS FS lives on the NAS Head
Simple to define in ESX by providing
Configure NFS server hostname or IP
NFS share
ESX Local datastore name
No tuning required for ESX as most are already defined

No options for rsize or wsize
Version is v3,
Protocol is TCP
Max mount points = 8 by default

Can be increase to hard limit of 32
Supports almost all VI3 features except VCB

BRKDCT-2868
Summary of Features Supported

Protocol Vmotion, VCB ESX boot
DRS & HA from disk
FC SAN
Yes Yes Yes
iSCSI SAN
HW init Yes Soon Yes
iSCSI SAN
SW init
i it Y
Yes S
Soon N
No
NFS
Yes No No
BRKDCT-2868

Presentation_ID.scr
Choosing Disk Technologies
Traditional performance factors

Capacity / Price
Disk types (SCSI, FC, SATA/SAS)
Access Time; IOPS; Sustained Transfer Rate
Drive RPM to reduce rotational latency
Seek time
Reliability (MTBF)
VM performance gated ultimately by IOPS density and

storage space
IOPS Density -> Number of read IOPS/GB
Higher = better
BRKDCT-2868
The Choices One Needs to Consider

FS vs. Raw
VMFS vs. RDM (when to use)
NFS vs. Block

NAS vs. SAN (why use each)
iSCSI vs. FC
What is the trade off?
Boot from SAN

Some times needed for diskless servers
Recommended Size of LUN

it depends on application needs…
File system vs. LUN snapshots (host or array vs. Vmware VMFS
snapshots) – which to pick?
Scalability (factors to consider)
# hosts, dynamic adding of capacity, practical vs. physical limits
BRKDCT-2868

Presentation_ID.scr
Trade Offs to Consider
Ease of provisioning
Ease of on-going management
Performance optimization
Scalability – Head room to grow
Function of 3rd Party services
Remote Mirroring
Backups
Enterprise Systems Management
Skill level of administration team

How many shared vs. isolated storage resources
BRKDCT-2868
Isolate vs. Consolidate

Storage Resources
RDMs map a single LUN to one VM

One can also dedicate a single VMFS Volume
to one VM
When comparing VMFS to RDMs both the above
configurations are what should be compared
The bigger question is how many VM can share a
single VMFS Volume without contention causing pain
The answer is that it depends on many variables
Number of VMs and their workload type
Number of ESX servers those VM are spread across
Number of concurrent request to the same disk sector/platter
BRKDCT-2868

Presentation_ID.scr
Isolate vs. Consolidate
Poor utilization Increased utilization

Islands of allocations Easier provisioning
More management Less management
BRKDCT-2868
Where Have You Heard This Before
Remember the DAS Æ SAN migration

Convergence of LAN and NAS
All the same concerns have been raised before
What if the work load of some cause problems for all?
How will we know who is taking the lions share of resource?
What if it does not work out?
Our Biggest Obstacle Is Conventional Wisdom!

The Earth Is Flat!
If Man Were Meant to fly He Would Have Wings
BRKDCT-2868

Presentation_ID.scr
VMFS vs. RDM—RDM Advantages
Virtual machine partitions are stored in the native

guest OS file system format, facilitating “layered
applications” that need this level of access
As there is only one virtual machine on a LUN, you
have much finer grain characterization of the LUN,
and no I/O or SCSI reservation lock contention.
The LUN can be designed for optimal performance
With “Virtual
Virtual Compatibility”
Compatibility mode,
mode virtual machines
have many of the features of being on a VMFS, such
as file locking to allow multiple access, and snapshots
BRKDCT-2868
VMFS vs. RDM—RDM Advantages
With “Physical Compatibility” mode, it gives a virtual

machine the capability of sending almost all “low-
level” SCSI commands to the target device, including
command and control to a storage controller, such as
through SAN Management agents in the virtual
machine.
Dynamic Name Resolution: Stores unique information
about LUN regardless of changes to physical address
changes due to hardware or path changes
BRKDCT-2868

Presentation_ID.scr
VMFS vs. RDM—RDM Disadvantages
Not available for block or RAID devices that do not

report a SCSI serial number
No snapshots in “Physical Compatibility” mode, only
available in “Virtual Compatibility” mode
Can be very inefficient, in that, unlike VMFS, you can
only have one VM access a RDM
BRKDCT-2868
RDMs and Replication
RDMs mapped RAW LUNs can be replicated to the

Remote Site
RDMs reference the RAW LUNs via
the LUN number
LUN ID
VMFS3 Volumes on Remote site will have unusable

RDM configuration if either properties change
Remove the old RDMs and recreate them
Must correlate RDM entries to correct RAW LUNs
Use the same RDM file name as old one to avoid editing the
vmx file
BRKDCT-2868

Presentation_ID.scr
Storage—Type of Access
RAW VMFS
RAW may give better Leverage templates and
performance quick provisioning
RAW means more LUNs Fewer LUNs means you
More provisioning time don’t have to watch Heap
Advanced features still Scales better with

work
o Consolidated Backup
Preferred Method
BRKDCT-2868
Storage—How Big Can I Go?
One Big Volume or Individual?

Will you be doing replication?
More granular slices will help
High performance applications?
Individual volumes could help
With Virtual Infrastructure 3
VMDK, swap, config files, log files, and snapshots all live
on VMFS
BRKDCT-2868

Presentation_ID.scr
What Is iSCSI?
A SCSI transport protocol, enabling access to storage

devices over standard TCP/IP networks
Maps SCSI block-oriented storage over TCP/IP
Similar to mapping SCSI over Fibre Channel
“Initiators”, such as an iSCSI HBA in an ESX Server,

send SCSI commands to “targets”, located in iSCSI
storage systems
Block storage
IP
BRKDCT-2868
VMware iSCSI Overview
VMware added iSCSI as a supported option in VI3

Block-level
Block level I/O over TCP/IP using SCSI-3
SCSI 3 protocol
Supporting both Hardware and Software Initiators
GigE NiCs MUST be used for SW Initiators (no 100Mb NICs)
Support iSCSI HBAs (HW init) and NICs for SW only today
Check the HCL for supported HW Initiators and SW NICs
What we do not support in ESX 3.0.1

10 gigE
Jumbo Frames
Multi Connect Session (MCS)
TCP-Offload Engine (TOE) Cards
BRKDCT-2868

Presentation_ID.scr
VMware ESX Storage Options
FC iSCSI/NFS DAS
VM VM VM VM VM VM
FC FC SCSI
80%+ of install base

uses FC storage
iSCSI is
i popular
l ini SMB
market
DAS is not popular
because it prohibits
VMotion
BRKDCT-2868
Virtual Servers Share a Physical HBA

A zone includes the physical hba and
the storage array
Access control is demanded to storage
ers
array “LUN
LUN masking and mapping”,
mapping , it is
Virtual
Serve
based on the physical HBA pWWN and

it is the same for all VMs
The hypervisor is in charge of the
mapping, errors may be disastrous
Storage Array
Hypervisor
MDS9000 (LUN Mapping and Masking)
Mapping
FC
HW
pWWN-P FC
pWWN-P
Single Login on a Single Point-to-Point Connection FC Name Server

Zone
BRKDCT-2868

Presentation_ID.scr
NPIV Usage Examples
Virtual Machine Aggregation ‘Intelligent Pass-thru’
FC FC FC FC
Switch becomes an HBA

FC FC FC FC concentrator
FC
NP_Port
NPIV enabled HBA

F_Port F_Port
BRKDCT-2868
Raw Device Mapping
RDM allows direct

read/write access VM1 VM2
to disk
Block mapping is still FC FC
maintained within a
VMFS file RDM
Rarely used but

Mapping
important for clustering FC
VMFS
(MSCS supported)
Used with NPIV
environments
BRKDCT-2868

Presentation_ID.scr
Storage Multi-Pathing
No storage load balancing, strictly failover
Two modes of operation dictate behavior
(Fi d and
(Fixed d Most
M t Recent)
R t)
Fixed Mode VM VM
Allows definition of preferred paths

If preferred path fails a secondary path is used
FC FC
If preferred path reappears it will fail back
Most Recently Used

If current path fails a secondary path is used
If previous path reappears the current path is still used
Supports both Active/Active and Active/Passive

arrays
Auto detects multiple paths
BRKDCT-2868
Q and A
BRKDCT-2868

Presentation_ID.scr
Recommended Reading
BRKDCT-2868
Recommended Reading
BRKDCT-2868

Presentation_ID.scr
Complete Your Online
Session Evaluation
Give us your feedback and you could win Don’t forget to activate
fabulous prizes. Winners announced daily. your Cisco Live virtual
account for access to
Receive 20 Passport points for each session all session material
evaluation you complete. on-demand and return
for our live virtual event
Complete your session evaluation online now in October 2008.
(open a browser through our wireless network Go to the Collaboration
to access our portal) or visit one of the Internet Zone in World of
stations throughout the Convention Center. Solutions or visit
www.cisco-live.com.
BRKDCT-2868
BRKDCT-2868

Presentation_ID.scr

Vmware Integration: Brkdct-2868

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Vmware Integration: Brkdct-2868

Uploaded by

Copyright:

Available Formats

VMware Integration

© 2006, Cisco Systems, Inc. All rights reserved. 1

App App App App App App

Mofied Stripped Hypervisor Mofied Stripped

CPU CPU CPU

VMware Microsoft XEN aka

 VMotion, aka VM Migration allows a

App. App. App.

milliseconds to few minutes, VMware Virtualization Layer VMware Virtualization Layer

 Can be used to perform Hypervisor Hypervisor

© 2006, Cisco Systems, Inc. All rights reserved. 2

App1 App2 App3 App4 App5

Guest OS Guest OS Guest OS Guest OS Guest OS

Hypervisor Hypervisor Hypervisor

CPU CPU CPU

© 2006, Cisco Systems, Inc. All rights reserved. 3

Guest OS Guest OS Guest OS Guest OS Guest OS Guest OS Guest OS

Hypervisor Hypervisor Hypervisor

CPU CPU CPU

 VMware LAN Networking

© 2006, Cisco Systems, Inc. All rights reserved. 4

vNIC MAC Address

© 2006, Cisco Systems, Inc. All rights reserved. 5

 Forwarding based on MAC address (No Learning):

YOU DON’T HAVE TO SELECT A NIC

This is just a name

Select the Port-Group by specifying the

© 2006, Cisco Systems, Inc. All rights reserved. 6

VLAN’s - External Switch Tagging - EST

© 2006, Cisco Systems, Inc. All rights reserved. 7

The vSwitch strips any

Number of VLAN’s are

Physical No VTP or DTP. All

VLAN’s - Virtual Guest Tagging - VGT

© 2006, Cisco Systems, Inc. All rights reserved. 8

 VMware LAN Networking

Meaning of NIC Teaming in VMware (1)

ESX server NIC cards

vmnic0 vmnic1 vmnic2 vmnic3

THIS IS NOT NIC Teaming

ESX Server Host

© 2006, Cisco Systems, Inc. All rights reserved. 9

vmnic0 vmnic1 ESX Server

VM1 VM2 Service Console

© 2006, Cisco Systems, Inc. All rights reserved. 10

VM5 VM7 VM4 VM6

Port-Group Overrides vSwitch Global

© 2006, Cisco Systems, Inc. All rights reserved. 11

ESX server NIC cards

VM1 VM2 VM3 VM4 VM5

 Works with Channel-Group

© 2006, Cisco Systems, Inc. All rights reserved. 12

 VMware LAN Networking

All Links Active, No Spanning-Tree

NIC1 NIC2 NIC3 NIC4

VM5 VM7 VM4 VM6

© 2006, Cisco Systems, Inc. All rights reserved. 13

ESX Server VM1 VM2

ESX Host NIC1 NIC2

VM1 VM2 VM3

© 2006, Cisco Systems, Inc. All rights reserved. 14

Is This Design Possible?

VMotion, aka VM Migration allows a

Can be used to perform Hypervisor Hypervisor

VMware LAN Networking

Forwarding based on MAC address (No Learning):

VMware LAN Networking

Works with Channel-Group

VMware LAN Networking

Promiscuous mode Reject

VMware LAN Networking

Do not enable Port Sec

When a Failure Occurs, the ESX Caveats:

VMware LAN Networking

FibreChannel disk arrays appear as SCSI targets

Built-in locking mechanism to ensure multiple hosts can

Storage is a resource that must be monitored and

FC, iSCSI or NAS?

What functionality is really needed for Virtual Machines

Leverage multiple paths for high availability

No tuning required for ESX as most are already defined

Max mount points = 8 by default

Supports almost all VI3 features except VCB

Traditional performance factors

VM performance gated ultimately by IOPS density and

NFS vs. Block

Boot from SAN

Recommended Size of LUN

Skill level of administration team