Configuring vSphere Distributed Switches. Flashcards
vSphere Distributed Switch Capabilities
- Inbound traffic shaping: A port group setting that can throttle the aggregate bandwidth inbound to the switch. This might be useful for a port group containing VMs that are being used as web servers.
- VM network port block: Specific ports can be configured as “blocked” for a specified VM’s use. This might be helpful for troubleshooting or for advanced configurations.
- Private VLANs: This is a vSphere implementation of a VLAN standard that is available on the latest physical switches. With regard to vSphere, private virtual local-area networks (PVLANs) can be created in the vSphere that are used only in the vSphere and not on your external network. In essence, a PVLAN is a VLAN within a VLAN. In addition, the PVLANs in your vSphere can be kept from seeing each other.
- Load-based teaming: You can configure network load balancing in a much more intelligent fashion than with vSSs by enabling the system to recognize the current load on each link before making frame forwarding decisions. This could be useful if the loads that are on each link vary considerably over time.
- Data-center-level management: A vDS is managed from the vCenter as a single switch from the control plane, even though many hosts are connected to each other at the I/O plane. This provides a centralized control mechanism and guarantees consistency of configuration.
- Network vMotion: Because a port group that is on a vDS is connected to multiple hosts, a VM can migrate from one host to another without changing port groups. The positive effect of this is that the attributes assigned to the port group (such as security, traffic shaping, and NIC teaming) migrate as well.
- vSphere switch APIs: Third-party switches have been and are being created that can be installed in the control plane. On switches such as the Cisco Nexus 1000v, the true essence of the switch is installed into the vCenter as a virtual appliance (VA).
- Per-port policy settings: Most of the configuration on a vDS is at the port group level, but it can be overridden at the individual port level. This allows you tremendous flexibility with regard to port settings such as security, traffic shaping, and so on.
- Port state monitoring: Each port on vDS can be managed and monitored independently of all other ports. This means that you can quickly identify an issue that relates to a specific port.
- Link Layer Discovery Protocol: Similar to Cisco Discovery Protocol (CDP), Link Layer Discovery Protocol (LLDP) enables vDSs to discover other devices, such as switches and routers, that are directly connected to them. The advantage of LLDP is that it is an open protocol that is not proprietary to Cisco.
- User-defined network I/O control: You can set up a quality of service (QoS) (of a sort), but instead of defining traffic paths by protocols, you can define the traffic paths by types of VMware traffic. In earlier versions of vDSs, you could define traffic as vMotion, Management, and others, but now you can define your own categories. This adds to flexibility in network control and design.
- NetFlow: You can use the standard for traffic monitoring, NetFlow, to monitor, analyze, and log traffic flows in your vSphere. This enables you to easily monitor virtual network flows with the same tools that you use to monitor traffic flows in the physical network. Your vDS can forward NetFlow information to a monitoring machine in your external network.
- Port mirroring: Most commonly used with intrusion detection systems (IDSs) and intrusion prevention systems (IPSs), port mirroring provides for a copy of a packet to be sent to a monitoring station so that traffic flows can be monitored without the IPS/IDS skewing the data. Port mirroring is new to vSphere 5.x and later vDSs.
- Backup, Restore, Import, Export Configuration: You can back up a configuration of a vDS so that it can easily be restored later or even exported from one vDS and imported onto another one. This saves time and increases network flexibility.
- LACP: Link Aggregation Control Protocol (LACP) allows for the combining of multiple physical links into one logical link for the purposes of fault tolerance and load balancing.
Creating/Deleting a vSphere Distributed Switch.
You probably could create them with the 60-day evaluation license, but you would then need to purchase an Enterprise Plus license before the evaluation period expires; otherwise, your switch would cease to function. You also must consider the level of hosts that you have in the data center onto which you are adding the switch, because this will impact the version of the switch that you create.
Select the version for your new vDS, as shown in Figure 5-3. You should select a version that is compatible with the hosts that will be connected to this switch.
From Edit settings, choose the number of uplinks that you will allow on this switch. (The default is four, but this number can be changed later if needed.) Then choose whether to create a default port group and, if so, what to name it. Finally, choose whether to enable Network I/O control on this switch, as shown in Figure 5-4.
Deleting a vDS.
You might assume that deleting a vDS would just be a matter of right-clicking it and selecting to remove it. This is almost true. However, you first need to remove the hosts and the port groups from the vDS. Then you can right-click it and select to remove it. The next two sections cover (among other topics) removing hosts and port groups from a vDS. When you know how to do that, deleting the vDS is as simple as right-clicking and selecting Remove from Inventory under All vCenter Actions.
Adding/Configuring/Removing dvPort Groups.
As you might remember, port groups allow you to get more than one set of attributes out of the same switch. This is especially true with vDS port groups. The port groups that you create on a vDS are connected to all the hosts to which the vDS is connected; hence, they are called distributed virtual port groups (dvPort groups). Because a vSphere 6.0 vDS can be connected to up to 1,000 hosts, the dvPort groups can become very large and powerful. After you create port groups on a vDS, you can migrate your VMs to the dvPort groups. In the following activities, you learn how to add, configure, and remove dvPort groups on vDSs.
Adding/Removing Uplink Adapters to dvUplink Groups.
As shown in Figure 5-19, dvUplink groups connect your vDS to the hidden switches that are contained in your hosts and then from there to the physical world. This allows you to control networking at the control plane on the vDS while the actual input/output (I/O) is still passing from host to host at the I/O plane. Each host keeps its own network configuration in its hidden switch that is created when you add a host to a vDS. This ensures that the network will continue to function, even if your vCenter fails or is not available.
That’s a lot of terminology all at once, but as you might remember, I said that one of the main things to understand was where the virtual meets the physical. You should know that the dvUplink groups are virtual, but the uplink adapters lead to physical adapters. Connecting multiple uplink adapters to a dvUplink group opens up the possibilities of load balancing and fault tolerance.
Creating/Configuring/Removing Virtual Adapters.
To create a new VMkernel port on a vDS, you create and configure a VMkernel virtual adapter.
Migrating Virtual Adapters to/from a vSphere Standard Switch.
Make sure that all the VMkernel ports that you have been using on your vSSs are successfully migrated to your vDSs.
Configuring LACP on Uplink Port Groups.
You can have more than one vmnic configured for a port group to provide for load balancing and fault tolerance. The options discussed thus far treat each physical link as a separate logical link. For fault tolerance, one link can take the place of another; whereas for load balancing, you use software methods to determine which link is used by each VM for each session.
vSphere 5.1 allowed only one LAG per vDS, but vSphere 5.5 and later allow up to 64 LAGs per vDS, with up to 24 physical ports on each LAG. This gives you a tremendous flexibility, especially if you already have physical switches that support dynamic link aggregation.
Determining Use Cases for a vSphere Distributed Switch.
If you are going to use a vDS in your vSphere, you typically need to obtain an Enterprise Plus license.
Determining Use Cases for a vSphere Distributed Switch.
If you are going to use a vDS in your vSphere, you typically need to obtain an Enterprise Plus license.
As outlined previously in Table 5-2, many features are available only on vDSs. They include features such as inbound traffic shaping, private VLANs, more granular port control for blocking, mirroring, LACP, and so on.