Configuring and Managing Virtual Networks: © 2015 Vmware Inc. All Rights Reserved

Configuring and Managing Virtual Networks
Module 5
© 2015 VMware Inc. All rights reserved.

You Are Here
1. Course Introduction 7. Virtual Machine Management

2. Software-Defined Data Center 8. Resource Management and
Monitoring
3. Creating Virtual Machines
9. vSphere HA and vSphere Fault
4. vCenter Server Tolerance
5. Configuring and Managing 10. Host Scalability
Virtual Networks
11. vSphere Update Manager and
6. Configuring and Managing Host Maintenance
Virtual Storage
12. Installing vSphere Components
VMware vSphere: Install, Configure, Manage 5-2

Importance
VMware ESXi™ networking features enable:
• Virtual machines to communicate with other virtual and physical machines
• Management of the ESXi host
• VMkernel communication on the network
Failure to properly configure ESXi networking can negatively affect

virtual machine management and storage operations.

Module Lessons
Lesson 1: Introduction to vSphere Standard Switches
Lesson 2: Configuring Standard Switch Policies
Lesson 3: Introduction to vSphere Distributed Switches

Lesson 1:
Introduction to vSphere Standard
Switches
5-5
Learner Objectives
By the end of this lesson, you should be able to meet the following
objectives:
• Describe the virtual switch connection types
• Configure and view standard switch configurations, such as virtual machine
port group, VMkernel port, VLAN, and so on

Types of Virtual Switch Connections
A virtual switch has specific connection types:
• Virtual machine port groups
• VMkernel port:
– For IP storage, VMware vSphere® vMotion® migration, VMware vSphere® Fault
Tolerance, VMware Virtual SAN™, and VMware vSphere® Replication™
– For the ESXi management network
Virtual Machine Port Groups VMkernel Ports
Production TestDev DMZ vSphere Management

vMotion
Virtual Switch
Uplink Ports

Virtual Switch Connection Examples
More than one network can coexist on the same virtual switch. Or
networks can exist on separate virtual switches.
Management vSphere vMotion Production TestDev iSCSI
Virtual Switch
Management vSphere vMotion Production TestDev iSCSI
Virtual Switch Virtual Switch Virtual Switch Virtual Switch Virtual Switch

Types of Virtual Switches
A virtual network supports these types of virtual switches:
• Standard switches:
– Virtual switch configuration for a single host
• Distributed switches:
– Virtual switches that provide a consistent network configuration for virtual machines
as they migrate across multiple hosts

Standard Switch Components
A standard switch provides connections for virtual machines to
communicate with one another, whether they are on the same host or on
different hosts.
VM VM VM IP Management
1 2 3 storage Network
VNIC VNIC VNIC VNIC
VMkernel
Test VLAN 101

Production VLAN 102
IP Storage VLAN 103
Management VLAN 104

Viewing the Standard Switch Configuration
You can view a host’s standard switch configuration by clicking
Networking on the Manage tab.
Display port group

properties.
Delete the
port group.
Display Cisco Discovery

Protocol information.

About VLANs
ESXi supports 802.1Q VLAN tagging.
VM VM
Virtual switch tagging is one of the
tagging policies supported:
• Frames from a virtual machine are
tagged as they exit the virtual switch. VMkernel VLAN VLAN
105 106
• Tagged frames arriving at a virtual
switch are untagged before they are Virtual Switch
sent to the destination virtual machine.
• Effect on performance is minimal. Physical
NIC
ESXi provides VLAN support by Physical

giving a VLAN ID to a port group. Switch Trunk Port

Network Adapter Properties
A physical adapter can become a bottleneck for network traffic if the
adapter speed does not match application requirements.

Review of Learner Objectives
You should be able to meet the following objectives:
• Describe the virtual switch connection types
• Configure and view standard switch configurations, such as virtual machine
port group, VMkernel port, VLAN, and so on

Lesson 2:
Configuring Standard Switch
Policies
5-15
Learner Objectives
objectives:
• Explain how to set the security policies for a standard switch port group
• Explain how to set the traffic shaping policies for a standard switch port group
• Explain how to set the NIC teaming and failover policies for a standard switch
port group

Network Switch and Port Policies
Policies that are set at the standard switch level apply to all port groups
on the standard switch by default.
Available network policies:
• Security
• Traffic shaping
• NIC teaming and failover
Policies are defined at the following levels:

• Standard switch level:
– Default policies for all the ports on the standard switch.
• Port group level:
– Effective policies: Policies defined at this level override the default policies that are
set at the standard switch level.

Configuring Security Policies
Administrators can define security policies at both the standard switch
level and the port group level:
• Promiscuous mode: Allows a virtual switch or port group to forward all traffic
regardless of the destination.
• MAC address changes: Accept or reject inbound traffic when the MAC
address has been altered by the guest.
• Forged transmits: Accept or reject outbound traffic when the MAC address
has been altered by the guest.

Traffic-Shaping Policy
Network traffic shaping is a mechanism for limiting a virtual machine’s
consumption of available network bandwidth.
Average rate, peak rate, and burst size are configurable.
Outbound Bandwidth
Peak Bandwidth
Average
Time
Burst Size = Bandwidth x Time

Configuring Traffic Shaping
A traffic-shaping policy is defined by average bandwidth, peak
bandwidth, and burst size. You can establish a traffic-shaping policy for
each port group and each distributed port or distributed port group:
• Traffic shaping is disabled by default.
• Parameters apply to each virtual NIC in the standard switch.
• On a standard switch, traffic shaping controls only outbound traffic.

NIC Teaming and Failover Policies
Administrators can edit the NIC teaming and failover policy by
configuring specific options.

Load-Balancing Method: Originating Virtual Port ID
The diagram shows routing based on the originating port ID, called
virtual port ID load balancing.
Virtual
Switch
Physical
Switch
Virtual NICs Physical NICs

Load-Balancing Method: Source MAC Hash
The diagram shows routing based on source MAC hash.
Internet
Virtual
Switch Physical
Switch
Virtual Physical
NICs NICs

Load-Balancing Method: Source and Destination IP Hash
The diagram shows routing based on IP hash.
Internet
Virtual Physical
Switch Switch
Virtual NICs Physical NICs

Detecting and Handling Network Failure
The VMkernel can use link status or beaconing or both to detect a
network failure.
Network failure is detected by the VMkernel, which monitors the link
state and performs beacon probing.
VMkernel notifies physical switches of changes in the physical location of
a MAC address.
Failover is implemented by the VMkernel based on configurable
parameters:
• Failback: How the physical adapter is returned to active duty after recovering
from failure.
• Load-balancing option: Use explicit failover order. Always use the vmnic uplink
at the top of the active adapter list.

Lab 7: Using Standard Switches
Create a standard switch and a port group
1. View the Standard Switch Configuration
2. Create a Standard Switch with a Virtual Machine Port Group
3. Attach Your Virtual Machine to the New Virtual Machine Port Group

• Explain how to set the security policies for a standard switch port group
• Explain how to set the traffic shaping policies for a standard switch port group
• Explain how to set the NIC teaming and failover policies for a standard switch
port group

Lesson 3:
Introduction to vSphere
Distributed Switches
5-28
Learner Objectives
objectives:
• List the benefits of using vSphere distributed switches
• Describe the distributed switch architecture
• Create a distributed switch
• Manage the distributed switch
• Describe the properties of a distributed switch

Benefits of vSphere Distributed Switches
The vSphere distributed switch greatly extends vSphere networking
features and centralizes vSphere management.
vSphere distributed switches have the following benefits over standard
switches:
• vSphere distributed switch simplifies data center administration.
• vSphere distributed switch configuration is consistent across all the hosts that
use it.
• vSphere distributed switch behavior is consistent with the behavior of standard
switches.
• vSphere distributed switch supports advanced features, such as private
VLANs, NetFlow, and port mirroring.
• vSphere distributed switch enables networking statistics and policies to migrate
with virtual machines during a migration with VMware vSphere® vMotion®.
• vSphere distributed switch allows for customization and third-party
development.

Standard Switch and Distributed Switch Feature Comparison
Feature Standard Switch Distributed Switch
Layer 2 switch
VLAN segmentation
IPv6 support
802.1Q tagging
NIC teaming
Outbound traffic shaping
Inbound traffic shaping
VM network port block
Private VLANs
Load-based teaming
Data center-level management
vSphere vMotion migration over a network
Per-port policy settings
Port state monitoring
NetFlow
Port mirroring

Distributed Switch Architecture
Management Port Management Port
vSphere vMotion vSphere vMotion

Port Port
Distributed Ports
and Port Groups
Distributed Switch vCenter
(Control Plane) Server
Uplink
Port Groups
Hidden Virtual
Switches
(I/O Plane)
Virtual
Physical NICs Physical

(Uplinks)
Host 1 Host 2

Distributed Switch Example
You create a distributed switch named VDS01. You create a port group
named Production, which will be used for virtual machine networking.
You assign uplinks vmnic1 on host ESXi01 and vmnic1 on host ESXi02
to the distributed switch.
Uplink
Production Port Group
Distributed
Switch VDS01
Virtual
Physical
Uplinks
vmnic0 vmnic1 vmnic2 vmnic0 vmnic1 vmnic2
ESXi01 ESXi02

Viewing a Distributed Switch
You can view a host’s distributed switch configuration by clicking the
Manage tab and clicking the Networking link.
Distributed
switch settings.
View distributed
switch settings.

Creating a Distributed Switch
You can create a distributed switch on a data center to handle the
networking configuration of multiple hosts at the same time from a
central place.

Editing General and Advanced Distributed Switch Properties
General settings for a distributed switch include the switch name and the
number of uplinks.
Basic multicast filtering mode

forwards multicast traffic for virtual
machines according to the
destination multicast group MAC
address.

Migrating Network Adapters to a Distributed Switch
For hosts associated with a distributed switch, you can migrate network
adapters from a standard switch to the distributed switch.
Migrate physical or
virtual network
adapters to this
distributed switch.

Assigning a Physical NIC of a Host to a Distributed Switch
You can assign physical NICs of a host that is associated with a
distributed switch to an uplink port on the host proxy switch.
Manage the physical

network adapters
connected to the
selected switch.

Connecting Virtual Machines to a Distributed Switch
You connect virtual machines to distributed switches by connecting their
associated virtual network adapters to distributed port groups.
For a single virtual machine,

modify the network adapter
configuration of the virtual
machine.
For a group of virtual machines,

migrate virtual machines from a
virtual network to a distributed
switch.

Editing Distributed Port Group General Properties
You can edit general distributed port group settings, such as the
distributed port group name, the port settings, and the network resource
pool.
Port binding options include static, dynamic, and ephemeral (no port
binding).

Editing Distributed Port Group Advanced Properties
From the advanced settings of a distributed port group, you can
configure the per-port overriding of the policies that are set at the port
group level.

About the VMkernel Networking Level
The VMkernel networking layer provides connectivity to hosts and
handles the standard system traffic of VMware vSphere® vMotion®, IP
storage, VMware vSphere® Fault Tolerance, VMware Virtual SAN™, and
others.
You can also create VMkernel adapters on the source and target
VMware vSphere® Replication™ hosts to isolate the replication data
traffic.
TCP/IP stacks at the VMkernel level:
• Default TCP/IP stack
• vMotion TCP/IP stack
• Provisioning TCP/IP stack
• Custom TCP/IP stacks

Creating a VMkernel Adapter on a Host Associated with a Distributed Switch
You create a VMkernel adapter on a host that is associated with a

distributed switch to provide network connectivity to the host and to
handle the traffic for vSphere vMotion, IP storage, vSphere Fault
Tolerance logging, Virtual SAN, and others.
Click Add host networking to

start the Add Networking wizard.
Click VMkernel
Network Adapter.

Troubleshooting Distributed Switch Issues (1)
Under certain conditions, the virtual machines that are on the same
distributed port group but on different hosts cannot communicate with
one another.
Problems:
• Virtual machines residing on the same port group but on different hosts are
unable to communicate.
• Pings from one virtual machine to another fail. You cannot migrate the virtual
machines between the hosts by using vSphere vMotion.
Causes:
• On some of the hosts, no physical NICs are assigned to active or standby
uplinks in a NIC team. The failover order of a distributed port group is not
correctly configured.
• The physical NICs on the hosts assigned to the active or standby uplinks
reside on different VLANs on the physical switch. The physical NICs on
different VLANs are not visible to one another and thus fail to communicate.

Troubleshooting Distributed Switch Issues (2)
Solutions:
• In the topology of the distributed switch, check which host does not have
physical NICs assigned to an active or standby uplink on the distributed port
group. Assign at least one physical NIC on that host to an active uplink on the
port group.
• In the topology of the distributed switch, check the VLAN IDs of the physical
NICs assigned to the active uplinks on the distributed port group. On all hosts,
assign physical NICs from the same VLAN to an active uplink on the
distributed port group.

Physical Network Considerations
Your virtual networking environment relies on the physical network
infrastructure. As a vSphere administrator, you should discuss your
vSphere networking needs with your network administration team.
The following issues are topics for discussion:
• Number of physical switches
• Network bandwidth that is required
• Physical switch configuration support for 802.3ad, for NIC teaming
• Physical switch configuration support for 802.1Q, for VLAN tagging
• Physical switch configuration support for Link Aggregation Control Protocol
(LACP)
• Network port security
• Link Layer Discovery Protocol (LLDP) and Cisco Discovery Protocol (CDP) and
their operation modes, such as:
– Listen, broadcast, listen and broadcast, and disabled

Lab 8: Using vSphere Distributed Switches
Create and configure a distributed switch
1. Create a Distributed Switch
2. Add the ESXi Hosts to the New Distributed Switch
3. Examine Your Distributed Switch Configuration
4. Migrate the Virtual Machines to a Distributed Switch Port Group
5. Prepare for the Next Lab

• List the benefits of using vSphere distributed switches
• Describe the distributed switch architecture
• Create a distributed switch
• Manage the distributed switch
• Describe the properties of a distributed switch

Key Points
• Three connection types can exist on a virtual switch: virtual machine port
group, VMkernel, and physical uplinks.
• A standard switch is a virtual switch configuration for a single host.
• Network policies set at the standard switch level can be overridden at the port
group level.
• A distributed switch provides centralized management and monitoring of the
networking configuration of all hosts that are associated with the switch.
• You set up a distributed switch at the data center level on a vCenter Server
system. The settings of the distributed switch are propagated to all hosts that
are associated with the switch.
• Distributed port groups define how a connection is made through the
distributed switch to the network.
Questions?


Configuring and Managing Virtual Networks: © 2015 Vmware Inc. All Rights Reserved

Uploaded by

Copyright:

Available Formats

You might also like

Configuring and Managing Virtual Networks: © 2015 Vmware Inc. All Rights Reserved

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Configuring and Managing Virtual Networks: © 2015 Vmware Inc. All Rights Reserved

Uploaded by

Copyright:

Available Formats

Configuring and Managing Virtual Networks

© 2015 VMware Inc. All rights reserved.

1. Course Introduction 7. Virtual Machine Management

VMware vSphere: Install, Configure, Manage 5-2

Failure to properly configure ESXi networking can negatively affect

VMware vSphere: Install, Configure, Manage 5-3

VMware vSphere: Install, Configure, Manage 5-4

VMware vSphere: Install, Configure, Manage 5-6

Virtual Machine Port Groups VMkernel Ports

Production TestDev DMZ vSphere Management

VMware vSphere: Install, Configure, Manage 5-7

Management vSphere vMotion Production TestDev iSCSI

Management vSphere vMotion Production TestDev iSCSI

VMware vSphere: Install, Configure, Manage 5-8

VMware vSphere: Install, Configure, Manage 5-9

VNIC VNIC VNIC VNIC

Test VLAN 101

VMware vSphere: Install, Configure, Manage 5-10

Display port group

Display Cisco Discovery

VMware vSphere: Install, Configure, Manage 5-11

ESXi provides VLAN support by Physical

VMware vSphere: Install, Configure, Manage 5-12

VMware vSphere: Install, Configure, Manage 5-13

VMware vSphere: Install, Configure, Manage 5-14

VMware vSphere: Install, Configure, Manage 5-16

Policies are defined at the following levels:

VMware vSphere: Install, Configure, Manage 5-17

VMware vSphere: Install, Configure, Manage 5-18

VMware vSphere: Install, Configure, Manage 5-19

VMware vSphere: Install, Configure, Manage 5-20

VMware vSphere: Install, Configure, Manage 5-21

Virtual NICs Physical NICs

VMware vSphere: Install, Configure, Manage 5-22

VMware vSphere: Install, Configure, Manage 5-23

Virtual NICs Physical NICs

VMware vSphere: Install, Configure, Manage 5-24

VMware vSphere: Install, Configure, Manage 5-25

VMware vSphere: Install, Configure, Manage 5-26

VMware vSphere: Install, Configure, Manage 5-27

VMware vSphere: Install, Configure, Manage 5-29

VMware vSphere: Install, Configure, Manage 5-30

VMware vSphere: Install, Configure, Manage 5-31

Management Port Management Port

vSphere vMotion vSphere vMotion

Physical NICs Physical

VMware vSphere: Install, Configure, Manage 5-32

VMware vSphere: Install, Configure, Manage 5-33

VMware vSphere: Install, Configure, Manage 5-34

VMware vSphere: Install, Configure, Manage 5-35

Basic multicast filtering mode

VMware vSphere: Install, Configure, Manage 5-36

VMware vSphere: Install, Configure, Manage 5-37

Manage the physical

VMware vSphere: Install, Configure, Manage 5-38

For a single virtual machine,

For a group of virtual machines,

VMware vSphere: Install, Configure, Manage 5-39