Vous êtes sur la page 1sur 37

Best Practices for Virtual Networking

Karim Elatov

Technical Support Engineer, GSS

© 2009 VMware Inc. All rights reserved

Agenda

Agenda Best Practices for Virtual Networking Virtual Network Overview vSwitch Configurations Tips & Tricks Troubleshooting Virtual
Best Practices for Virtual Networking Virtual Network Overview vSwitch Configurations Tips & Tricks Troubleshooting Virtual Networks
Best Practices for Virtual Networking
Virtual Network Overview
vSwitch Configurations
Tips & Tricks
Troubleshooting Virtual Networks
What’s New in vSphere 5.0
Network Design Considerations

Virtual Network Overview - Physical to Virtual

Virtual Physical
Virtual
Physical
Physical Physical Physical Switch Switch
Physical
Physical
Physical
Switch
Switch
Virtual Network Overview - Physical to Virtual Virtual Physical Physical Physical Physical Switch Switch Virtual Switch
Virtual Switch
Virtual Switch
  • Conventional access, distribution, core design

  • Design with redundancy for enhanced availability

  • Under the covers, virtual network same as physical

  • Access layer implemented as virtual switches

Virtual Switch Options

Virtual Switch Model Details vNetwork Standard Switch Host based: - Same as vSwitch in VI3 or
Virtual Switch
Model
Details
vNetwork Standard
Switch
Host based:
-
Same as vSwitch in VI3
or more per
ESX host
1
vNetwork Distributed
Distributed:
-
Expanded feature set
Switch
1
or more per
-
Private VLANs
“Datacenter”
-
Bi-directional traffic shaping
-
Network vMotion
-
Simplified management
Cisco Nexus 1000V
Distributed:
-
Cisco Catalyst/Nexus feature set
1
or more per
-
Cisco NXOS cli
“Datacenter”
-
Supports LACP

Virtual networking concepts similar with all virtual switches

ESX Virtual Switch: Capabilities

ESX Virtual Switch: Capabilities MAC address assigned to vnic VM0 VM1 MAC a MAC b MAC
MAC address assigned to vnic VM0 VM1 MAC a MAC b MAC c vSwitch vSwitch Physical
MAC
address
assigned to
vnic
VM0
VM1
MAC a
MAC b
MAC c
vSwitch
vSwitch
Physical
Switches
  • NIC Teaming of Physical NIC(s) [uplink(s)] associated with vSwitches

    • Layer 2 - only forward frames VM <-> VM and VM <-

> Uplink; No vSwitch <-> vSwitch or Uplink <-> Uplink

  • vSwitch will not create loops affecting Spanning Tree in the physical network

    • Can terminate VLAN trunks (VST mode) or pass trunk through to VM (VGT mode)

Distributed Virtual Switch

Distributed Virtual Switch Standard vSwitch vNetwork & dvSwitch vCenter vCenter Exist across 2 or more clustered

Standard vSwitch

vNetwork & dvSwitch

vCenter

vCenter

Distributed Virtual Switch Standard vSwitch vNetwork & dvSwitch vCenter vCenter Exist across 2 or more clustered

Exist across 2 or more clustered hosts

Distributed Virtual Switch Standard vSwitch vNetwork & dvSwitch vCenter vCenter Exist across 2 or more clustered
Distributed Virtual Switch Standard vSwitch vNetwork & dvSwitch vCenter vCenter Exist across 2 or more clustered
Distributed Virtual Switch Standard vSwitch vNetwork & dvSwitch vCenter vCenter Exist across 2 or more clustered

Provide similar functionality to vSwitches Reside on top of hidden vSwitches

Distributed Virtual Switch Standard vSwitch vNetwork & dvSwitch vCenter vCenter Exist across 2 or more clustered
Distributed Virtual Switch Standard vSwitch vNetwork & dvSwitch vCenter vCenter Exist across 2 or more clustered

vCenter owns the configuration of the dvSwitch

Distributed Virtual Switch Standard vSwitch vNetwork & dvSwitch vCenter vCenter Exist across 2 or more clustered
Distributed Virtual Switch Standard vSwitch vNetwork & dvSwitch vCenter vCenter Exist across 2 or more clustered
Distributed Virtual Switch Standard vSwitch vNetwork & dvSwitch vCenter vCenter Exist across 2 or more clustered

Consistent host network configurations

Distributed Virtual Switch Standard vSwitch vNetwork & dvSwitch vCenter vCenter Exist across 2 or more clustered
Distributed Virtual Switch Standard vSwitch vNetwork & dvSwitch vCenter vCenter Exist across 2 or more clustered

Port Groups

Port Groups  Template for one or more ports with a common configuration • VLAN Assignment
  • Template for one or more ports with a common configuration VLAN Assignment Security

Port Groups  Template for one or more ports with a common configuration • VLAN Assignment

Traffic Shaping (limit egress traffic from VM)

Failover & Load Balancing

  • Distributed Virtual Port Group (Distributed Virtual Switch)

Bidirectional traffic shaping (ingress and egress)

Network VMotionnetwork port state migrated upon VMotion

Port Groups  Template for one or more ports with a common configuration • VLAN Assignment
Port Groups  Template for one or more ports with a common configuration • VLAN Assignment

NIC Teaming for Availability and Load Sharing

NIC Teaming for Availability and Load Sharing  NIC Teaming aggregates multiple physical uplinks: • AvailabilityKB - NIC teaming in ESXi and ESX (1004088) 8 " id="pdf-obj-7-4" src="pdf-obj-7-4.jpg">
  • NIC Teaming aggregates multiple physical uplinks: Availabilityreduce exposure to single points of failure (NIC, uplink, physical switch) Load Sharingdistribute load over multiple uplinks (according to selected NIC teaming

algorithm)

VM0 VM1 vSwitch
VM0
VM1
vSwitch
NIC Teaming for Availability and Load Sharing  NIC Teaming aggregates multiple physical uplinks: • AvailabilityKB - NIC teaming in ESXi and ESX (1004088) 8 " id="pdf-obj-7-21" src="pdf-obj-7-21.jpg">
NIC Team
NIC Team
  • Requirements: Two or more NICs on same vSwitch Teamed NICs must have same VLAN configurations

NIC Teaming Options

Name Algorithm—vmnic chosen based upon: Physical Network Considerations Originating Virtual Port ID vnic port Teamed ports
Name
Algorithm—vmnic
chosen based upon:
Physical Network Considerations
Originating
Virtual Port ID
vnic port
Teamed ports in same L2 domain
(BP: team over two physical
switches)
Source MAC
MAC seen on vnic
Teamed ports in same L2 domain
Address
(BP: team over two physical
switches)
IP Hash*
Hash(SrcIP, DstIP)
Teamed ports configured in static
802.3ad “Etherchannel”
-
no LACP (Nexus 1000v for LACP)
-
Needs MEC to span 2 switches
Explicit Failover
Order
Highest order uplink
from active list
Teamed ports in same L2 domain
(BP: team over two physical
switches)
Best Practices:
•Originating Virtual PortID for VMs is the default, no extra configuration needed
•IP Hash, ensure that physical switch is properly configured for Etherchannel

Cisco Nexus 1000v Overview

Cisco Nexus 1000v Overview  Cisco Nexus 1000v is a software switch for vNetwork Distributed Switches
  • Cisco Nexus 1000v is a software switch for vNetwork Distributed Switches (vDS): Virtual Supervisor Module (VSM) Virtual Ethernet Module (VEM)

Things to remember:

Virtual Ethernet Module (VEM)VSM uses external network fabric to communicate with VEMs VSM does not take part in forwarding packets VEM does not switch traffic to other VEM without an uplink

Cisco Nexus 1000v Modules

Server 1 Server 2 Server 3 VM VM VM VM VM VM VM VM VM VM
Server 1
Server 2
Server 3
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
#1
#2
#3
#4
#5
#6
#7
#8
#9
#10
#11
#12
VMware vSwitch
VEM
VMware vSwitch
Nexus 1000V vDS
VEM
VMware vSwitch
VEM
VMware ESX
VMware ESX
VMware ESX
Nexus 1000V
VSM
vCenter Server
Virtual Supervisor Module (VSM) • Virtual or Physical appliance running Cisco OS (supports HA) • Performs
Virtual Supervisor Module (VSM)
• Virtual or Physical appliance running
Cisco OS (supports HA)
• Performs management, monitoring, &
configuration
• Tight integration with VMware Virtual
Center
Virtual Ethernet Module (VEM) Cisco Nexus 1000V Enables: • Enables advanced networking capability on the hypervisor
Virtual Ethernet Module (VEM)
Cisco Nexus 1000V Enables:
• Enables advanced networking
capability on the hypervisor
Policy Based VM Connectivity
Mobility of Network & Security
• Provides each VM with dedicated
“switch port”
Properties
• Non-Disruptive Operational Model
Collection of VEMs = 1 DVS

vSwitch Configurations

vSwitch Configurations Best Practices for Virtual Networking Virtual Network Overview vSwitch Configurations Tips & Tricks Troubleshooting
Best Practices for Virtual Networking Virtual Network Overview vSwitch Configurations Tips & Tricks Troubleshooting Virtual Networks
Best Practices for Virtual Networking
Virtual Network Overview
vSwitch Configurations
Tips & Tricks
Troubleshooting Virtual Networks
What’s New in vSphere 5.0
Network Design Considerations

Cisco ‘show run’ and ‘show tech-support’

Cisco ‘show run’ and ‘show tech - support’  Obtain configuration of a Cisco router orKB - Troubleshooting network issues with the Cisco show tech-support command (1015437) 13 " id="pdf-obj-12-6" src="pdf-obj-12-6.jpg">

Obtain configuration of a Cisco router or switch

Run commands in priviliged EXEC mode

’show run’

‘show tech-support’

The following is a Cisco EtherChannel sample configuration:

interface Port-channel1 switchport

switchport access vlan 100

switchport mode access no ip address ! interface GigabitEthernet1/1 switchport

switchport access vlan 100

switchport mode access no ip address channel-group 1 mode on !

Traffic Types on a Virtual Network

Traffic Types on a Virtual Network Virtual Machine Traffic • Traffic sourced and received from virtual
Traffic Types on a Virtual Network Virtual Machine Traffic • Traffic sourced and received from virtual

Virtual Machine Traffic Traffic sourced and received from virtual machine(s)

Isolate from each other based on service level vMotion Traffic

Traffic sent when moving a virtual machine from one ESX host to another

Should be isolated Management Traffic Should be isolated from VM traffic (one or two Service Consoles) If VMware HA is enabled, includes heartbeats

IP Storage TrafficNFS and/or iSCSI via vmkernel interface Should be isolated from other traffic types

Fault Tolerance (FT) Logging Traffic Low latency, high bandwidth Should be isolated from other traffic types

Traffic Types on a Virtual Network, cont.

Traffic Types on a Virtual Network, cont.  Port groups in dedicated VLANs on a management-only
  • Port groups in dedicated VLANs on a management-only virtual switch.

Service console/VMK Interface vMotion storage mgmt virtual machines 106 107 108 production virtual switch management virtual
Service console/VMK Interface
vMotion
storage
mgmt
virtual machines
106
107
108
production
virtual switch
management
virtual switch
production
management
vMotion
storage

VLAN Tagging Options

VLAN Tagging Options EST – External Switch Tagging vSwitch Physical Switch External Physical switch applies VLAN
EST – External Switch Tagging vSwitch Physical Switch External Physical switch applies VLAN tags switchport access
EST – External Switch Tagging
vSwitch
Physical Switch
External Physical
switch applies
VLAN tags
switchport access vlan
VGT – Virtual Guest Tagging VST – Virtual Switch Tagging VLAN assigned in Port Group policy
VGT – Virtual Guest Tagging
VST – Virtual Switch Tagging
VLAN
assigned in
Port Group
policy
vSwitch
vSwitch
VLAN Tags
PortGroup
VLAN Tags
applied in
set to VLAN
applied in
Guest
“4095”
vSwitch
Physical Switch
Physical Switch
VST is the best practice and
most common method

switchport trunk

switchport trunk

DVS Support for Private VLAN (PVLAN)

DVS Support for Private VLAN (PVLAN)  Enable users to restrict communications DMZ network • BetweenKB - Private VLAN (PVLAN) on vNetwork Distributed Switch - Concept Overview (1010691) 17 " id="pdf-obj-16-4" src="pdf-obj-16-4.jpg">
 Enable users to restrict communications DMZ network • Between VMs on the same VLAN or
Enable users to restrict communications
DMZ network
• Between VMs on the same VLAN or network
segment
Web
application
database
email
document
server
Allow devices to share the same IP subnet while being Layer 2 Isolated
server
server
server
server
PVLAN Types
• Community Benefits:
• VMs can communicate with VMs on
isolated
isolated
Community and Promiscuous
•Employ Larger subnets (advantageous to hosting environments)
community PVLAN
PVLAN
PVLAN
• Isolated
•Reduce Management Overhead
• VMs can only communicate with VMs on
the Promiscuous
• Promiscuous
• VMs can communicate with all VMs

router in promiscuous PVLAN

PVLAN Cost Benefit

PVLAN Cost Benefit W2003EE-32-A W2003EE-32-B W2003EE-32-A W2003EE-32-B W2003EE-32-A W2003EE-32-B W2003EE-32-A W2003EE-32-B W2003EE-32-A W2003EE-32-B W2003EE-32-A W2003EE-32-B PG
W2003EE-32-A W2003EE-32-B W2003EE-32-A W2003EE-32-B W2003EE-32-A W2003EE-32-B W2003EE-32-A W2003EE-32-B W2003EE-32-A W2003EE-32-B W2003EE-32-A W2003EE-32-B PG PG PG PG
W2003EE-32-A
W2003EE-32-B
W2003EE-32-A
W2003EE-32-B
W2003EE-32-A
W2003EE-32-B
W2003EE-32-A
W2003EE-32-B
W2003EE-32-A
W2003EE-32-B
W2003EE-32-A
W2003EE-32-B
PG
PG
PG
PG
PG
PG
PG
PG
PG
PG
PG
PG
Distributed Virtual Switch
TOTAL COST: 12 VLANs (one per VM)
W2003EE-32-A W2003EE-32-B W2003EE-32-A W2003EE-32-B W2003EE-32-A W2003EE-32-B W2003EE-32-A W2003EE-32-B W2003EE-32-A W2003EE-32-B W2003EE-32-A W2003EE-32-B PG (with Isolated PVLAN)
W2003EE-32-A
W2003EE-32-B
W2003EE-32-A
W2003EE-32-B
W2003EE-32-A
W2003EE-32-B
W2003EE-32-A
W2003EE-32-B
W2003EE-32-A
W2003EE-32-B
W2003EE-32-A
W2003EE-32-B
PG (with Isolated PVLAN)
Distributed Virtual Switch
TOTAL COST: 1 PVLAN (over 90% savings…)

Link Aggregation

Link Aggregation  EtherChannel • Port trunking between two to eight • Active Fast Ethernet, GigabitKB ESX/ESXi host requirements for link aggregation (1001938) 19 " id="pdf-obj-18-4" src="pdf-obj-18-4.jpg">

EtherChannel

Port trunking between two to eight

Active Fast Ethernet, Gigabit Ethernet, or 10 Gigabit Ethernet ports

EtherChannel vs. 802.3ad

EtherChannel is Cisco proprietary and 802.3ad is an open standard

Note: ESX implements 802.3ad Static Mode Link Aggregation

LACP (one of the implementations included in IEEE 802.3ad)

Link Aggregation Control Protocol (LACP)

Control the bundling of several physical ports into a single logical channel

Only supported on Nexus 1000v

Sample Link Aggregation Configuration

Sample Link Aggregation Configuration Supported switch Aggregation algorithm: IP-SRC-DST Supported Virtual Switch NIC Teaming mode: IPKB - Sample configuration of EtherChannel / Link aggregation with ESX/ESXi andCisco/HP switches (1004048) 20 " id="pdf-obj-19-4" src="pdf-obj-19-4.jpg">
Supported switch Aggregation algorithm: IP-SRC-DST Supported Virtual Switch NIC Teaming mode: IP HASH
Supported switch Aggregation algorithm: IP-SRC-DST
Supported Virtual Switch NIC Teaming mode: IP HASH

Failover Configurations

Failover Configurations  Link Status relies solely on the network adapter link state • Cannot detectK B - W h a t i s b e a c o n p r o b i n g ? ( 1 0 0 5 5 7 7 ) Figure — Using beacons to detect upstream network connection failures. 21 " id="pdf-obj-20-4" src="pdf-obj-20-4.jpg">

Link Status relies solely on the network adapter link state

Cannot detect configuration errors

Spanning Tree Blocking

Incorrect VLAN

Physical switch cable pulls

Beacon Probing sends out and listens for beacon probes

Broadcast frames (ethertype 0x05ff)

Beacon Probing Best Practice

Use at least 3 NICs for triangulation

If only 2 NICs in team, can’t determine link failed

Leads to shotgun mode results

Failover Configurations  Link Status relies solely on the network adapter link state • Cannot detectK B - W h a t i s b e a c o n p r o b i n g ? ( 1 0 0 5 5 7 7 ) Figure — Using beacons to detect upstream network connection failures. 21 " id="pdf-obj-20-72" src="pdf-obj-20-72.jpg">
Failover Configurations  Link Status relies solely on the network adapter link state • Cannot detectK B - W h a t i s b e a c o n p r o b i n g ? ( 1 0 0 5 5 7 7 ) Figure — Using beacons to detect upstream network connection failures. 21 " id="pdf-obj-20-74" src="pdf-obj-20-74.jpg">

Figure Using beacons to detect upstream network connection failures.

Spanning Tree Protocol (STP) Considerations

Spanning Tree Protocol (STP) Considerations  Spanning Tree Protocol creates loop-free L2 tree topologies in theKB - STP may cause temporary loss of network connectivity when a failover or failback event occurs (1003804) 22 " id="pdf-obj-21-4" src="pdf-obj-21-4.jpg">
  • Spanning Tree Protocol creates loop-free L2 tree

topologies in the physical network

Physical links put in “blocking” state to construct

loop-free tree

  • ESX vSwitch does not participate in Spanning Tree

and will not create loops with uplinks

VM0 VM1 MAC a MAC b vSwitch vSwitch drops BPDUs Physical Switches Blocked link
VM0
VM1
MAC a
MAC b
vSwitch
vSwitch drops
BPDUs
Physical
Switches
Blocked link

ESX Uplinks will not block, always active (full use

of all links)

  • 1. Leave Spanning Tree enabled on physical network and ESX facing ports (i.e. leave it as is!)

Recommendations for Physical Network Config:

  • 2. Use “portfast” or “portfast trunk” on ESX facing ports (puts ports in forwarding state immediately)

  • 3. Use “bpduguard” to enforce STP boundary

Switches sending BPDUs every 2s to
Switches sending
BPDUs every 2s to
construct and maintain Spanning Tree Topology
construct and
maintain Spanning
Tree Topology

Tips & Tricks

Tips & Tricks Best Practices for Virtual Networking Virtual Network Overview vSwitch Configurations Tips & Tricks
Best Practices for Virtual Networking Virtual Network Overview vSwitch Configurations Tips & Tricks Troubleshooting Virtual Networks
Best Practices for Virtual Networking
Virtual Network Overview
vSwitch Configurations
Tips & Tricks
Troubleshooting Virtual Networks
What’s New in vSphere 5.0
Network Design Considerations

Tips & Tricks

Tips & Tricks  Load-Based Teaming (LBT) • Dynamically balance network load over available uplinks •
  • Load-Based Teaming (LBT) Dynamically balance network load over available uplinks Triggered by ingress or egress congestion at 75% mean utilization over a 30

second period

Configure on DVS via “Route based on physical NIC load”

*LBT is not available on the Standard vSwitch (DVS feature for ingress/egress traffic shaping)

  • Network I/O Control (NetIOC) DVS software scheduler to isolate and prioritize specific traffic types

contending for bandwidth on the uplinks connecting ESX/ESXi 4.1 hosts with

the physical network.

Tips & Tricks

Tips & Tricks Tip #1 – After physical to virtual migration, the VM MAC address canK B 1 0 0 8 4 7 3 ) Tip #2 – NLB Multicast needs physical switch Manual ARP resolution of NLB cluster. ( K B 1 0 0 6 5 2 5 ) Tip #3 – Cisco Discovery Protocol (CDP) gives switchport configuration information useful for troubleshooting ( K B 1 0 0 7 0 6 9 ) Tip #4 - Beacon Probing and IP Hash DO NOT MIX (duplicate packets and port flapping) ( K B 1 0 1 7 6 1 2 & K B 1 0 1 2 8 1 9 ) Tip #5 – Link aggregation is never supported on disparate trunked switches – Use VSS with MEC. ( K B 1 0 0 1 9 3 8 & K B 1 0 2 7 7 3 1 ) 25 " id="pdf-obj-24-4" src="pdf-obj-24-4.jpg">

Tip #1 After physical to virtual migration, the VM MAC address can be

changed for Licensed Applications relying on physical MAC address. (KB

Tip #2 NLB Multicast needs physical switch Manual ARP resolution of NLB

cluster. (KB 1006525)

Tip #3 Cisco Discovery Protocol (CDP) gives switchport configuration

information useful for troubleshooting (KB 1007069)

Tip #4 - Beacon Probing and IP Hash DO NOT MIX (duplicate packets and port

flapping) (KB 1017612 & KB 1012819)

Tip #5 Link aggregation is never supported on disparate trunked switches Use

VSS with MEC. (KB 1001938 & KB 1027731)

Tips & Tricks

Tips & Tricks Using 10GigE Variable/high High b/w 2Gbps+ 1-2G b/w Low b/w iSCSI NFS VMotion

Using 10GigE

Variable/high High b/w 2Gbps+ 1-2G b/w Low b/w iSCSI NFS VMotion FT SC SC#2 vSwitch Gbps
Variable/high
High
b/w 2Gbps+
1-2G
b/w
Low b/w
iSCSI
NFS
VMotion
FT
SC
SC#2
vSwitch
Gbps
FCoE
FCoE
10GE
10GE
10
FCoE
Ingress (into switch) traffic shaping policy control on Port Group
Ingress (into switch)
traffic shaping policy
control on Port Group
  • 2x 10GigE common/expected 10GigE CNAs or NICs

  • Possible Deployment Method Active/Standby on all Portgroups VMs “sticky” to one vmnic SC/vmk ports sticky to other Use Ingress Traffic Shaping

to control traffic type per

Port Group

FCoE Priority Group Best Practice: Ensure Drivers and Firmware are compatible for success bandwidth reservation •
FCoE Priority Group
Best Practice: Ensure Drivers and Firmware are compatible for success
bandwidth reservation
• If FCoE, use Priority Group
(in CNA config utility)
vSphere 4.1 supports up to (4) 10GigE NICs; 5.0 supports (8) 10GigE NICs
bandwidth reservation (on CNA
utility)
Tips & Tricks Using 10GigE Variable/high High b/w 2Gbps+ 1-2G b/w Low b/w iSCSI NFS VMotion

Troubleshooting Virtual Networks

Troubleshooting Virtual Networks Best Practices for Virtual Networking Virtual Network Overview vSwitch Configurations Tips & Tricks
Best Practices for Virtual Networking Virtual Network Overview vSwitch Configurations Tips & Tricks Troubleshooting Virtual Networks
Best Practices for Virtual Networking
Virtual Network Overview
vSwitch Configurations
Tips & Tricks
Troubleshooting Virtual Networks
What’s New in vSphere 5.0
Network Design Considerations

Network Troubleshooting Tips

Network Troubleshooting Tips  Troubleshoot one component at a time • Physical NICs • Virtual Switch
  • Troubleshoot one component at a time Physical NICs

Network Troubleshooting Tips  Troubleshoot one component at a time • Physical NICs • Virtual Switch

Virtual Switch

Virtual NICs

Physical Network

  • Tools for Troubleshooting vSphere Client Command Line Utilities

ESXTOP

Third party tools

Ping and Traceroute

Traffic sniffers & Protocol

Analyzers

Wireshark

Logs

Capturing Traffic

Capturing Traffic Best Practice: create a new management interface for this purpose vSwitch must be in1 0 0 4 0 9 9 & 1 0 0 2 9 3 4 ) ESXi uses tcpdump-uw (KB 1 0 3 1 1 8 6 ) 29 " id="pdf-obj-28-4" src="pdf-obj-28-4.jpg">
Capturing Traffic Best Practice: create a new management interface for this purpose vSwitch must be in1 0 0 4 0 9 9 & 1 0 0 2 9 3 4 ) ESXi uses tcpdump-uw (KB 1 0 3 1 1 8 6 ) 29 " id="pdf-obj-28-6" src="pdf-obj-28-6.jpg">
Best Practice: create a new management interface for this purpose
Best Practice: create a new management interface for this purpose

vSwitch must be in Promiscuous Mode (KBs 1004099 & 1002934)

ESXi uses tcpdump-uw (KB 1031186)

What’s New in vSphere 5.0

What’s New in vSphere 5.0 Best Practices for Virtual Networking Virtual Network Overview vSwitch Configurations Tips
Best Practices for Virtual Networking Virtual Network Overview vSwitch Configurations Tips & Tricks Troubleshooting Virtual Networks
Best Practices for Virtual Networking
Virtual Network Overview
vSwitch Configurations
Tips & Tricks
Troubleshooting Virtual Networks
What’s New in vSphere 5.0
Network Design Considerations

What’s New in vSphere 5?

What’s New in vSphere 5? Monitor and troubleshoot virtual infrastructure traffic • NetFlow V5 • PortWhat’s New in VMware vSphere 5.0 Networking Technical Whitepaper 31 " id="pdf-obj-30-6" src="pdf-obj-30-6.jpg">

Monitor and troubleshoot virtual infrastructure traffic

NetFlow V5

Port mirror (SPAN)

LLDP (standard based link layer discovery protocol) support simplifies the

network configuration and management in non-Cisco switch environment.

Enhancements to the network I/O control (NIOC)

Ability to create User-defined resource pool

Support for vSphere replication traffic type; a new system traffic type that

carries replication traffic from one host to another.

Support for IEEE 802.1p tagging

Network Design Considerations

Network Design Considerations Best Practices for Virtual Networking Virtual Network Overview vSwitch Configurations Tips & Tricks
Best Practices for Virtual Networking Virtual Network Overview vSwitch Configurations Tips & Tricks Troubleshooting Virtual Networks
Best Practices for Virtual Networking
Virtual Network Overview
vSwitch Configurations
Tips & Tricks
Troubleshooting Virtual Networks
What’s New in vSphere 5.0
Network Design Considerations

Network Design Considerations

Network Design Considerations  How do you design the virtual network for performance and availability but

How do you design the virtual network for

performance and availability but maintain isolation

between the various traffic types

(e.g. VM traffic, VMotion, and Management)?

Starting point depends on:

Number of available physical ports on server

Required traffic types

2 NIC minimum for availability, 4+ NICs per server preferred

802.1Q VLAN trunking highly recommended for logical scaling (particularly with low NIC port servers)

Examples are meant as guidance and do not represent strict requirements in terms of design

Understand your requirements and resultant traffic types and design accordingly

Example 1: Blade Server with 2 NIC Ports

Example 1: Blade Server with 2 NIC Ports SC vmkernel Portgroup3 Portgroup1 Portgroup2 VLAN 30 VLAN
SC vmkernel Portgroup3 Portgroup1 Portgroup2 VLAN 30 VLAN 10 VLAN 20 vSwitch vmnic0 vmnic1 VLAN Trunks
SC
vmkernel
Portgroup3
Portgroup1
Portgroup2
VLAN 30
VLAN 10
VLAN 20
vSwitch
vmnic0
vmnic1
VLAN Trunks
(VLANs 10, 20, 30)
Active
Standby

Note: Team over dvUplinks with vDS

  • Candidate Design: Team both NIC ports Create one virtual switch Create three port groups:

Use Active/Standby policy for each portgroup Portgroup1: Service Console (SC) Portgroup2: VMotion Portgroup3: VM traffic

Use VLAN trunking

Trunk VLANs 10, 20, 30 on each uplink

Example 2: Server with 4 NIC Ports

Example 2: Server with 4 NIC Ports SC vmkernel Portgroup4 Portgroup3 Portgroup1 Portgroup2 VLAN 40 VLAN
SC vmkernel Portgroup4 Portgroup3 Portgroup1 Portgroup2 VLAN 40 VLAN 30 VLAN 10 VLAN 20 vSwitch1 vSwitch0
SC
vmkernel
Portgroup4
Portgroup3
Portgroup1
Portgroup2
VLAN 40
VLAN 30
VLAN 10
VLAN 20
vSwitch1
vSwitch0
vmnic0
vmnic2
vmnic1
vmnic3
VLANs
VLANs
30, 40
10, 20
Active
Standby

Note: Team over dvUplinks with vDS

  • Candidate Design: Create two virtual switches Team two NICs to each vSwitch vSwitch0 (use active/standby

for each portgroup):

Portgroup1: Service Console (SC)

Portgroup2: VMotion

vSwitch1 (use Originating Virtual

PortID)

Portgroup3: VM traffic #1

Portgroup4: VM traffic #2

Use VLAN trunking

vmnic1 and vmnic3: Trunk VLANs 10, 20

vmnic0 and vmnic2: Trunk VLANs 30, 40

Example 3: Server with 4 NIC Ports (Slight Variation)

Example 3: Server with 4 NIC Ports (Slight Variation) SC vmkernel Portgroup4 Portgroup3 Portgroup1 Portgroup2 VLAN
SC vmkernel Portgroup4 Portgroup3 Portgroup1 Portgroup2 VLAN 40 VLAN 30 VLAN 10 VLAN 20 vSwitch0 vmnic0
SC
vmkernel
Portgroup4
Portgroup3
Portgroup1
Portgroup2
VLAN 40
VLAN 30
VLAN 10
VLAN 20
vSwitch0
vmnic0
vmnic2
vmnic1
vmnic3
VLANs
VLANs
30, 40
10, 20
Active
Standby

Note: Team over dvUplinks with vDS

  • Candidate Design: Create one virtual switch Create two NIC teams vSwitch0 (use active/standby

for portgroups 1 & 2):

Portgroup1: Service Console (SC)

Portgroup2: Vmotion

Use Originating Virtual PortID

for Portgroups 3 & 4

Portgroup3: VM traffic #1

Portgroup4: VM traffic #2

Use VLAN trunking

vmnic1 and vmnic3: Trunk VLANs 10, 20

vmnic0 and vmnic2: Trunk VLANs 30, 40

Questions

Questions 37
Questions 37