Introduction to vSphere Networking

Day 3

VMware vSphere:
Install, Configure, Manage
Introduction to vSphere
Distributed Switches
Learner Objectives
By the end of this lesson, you should be able to meet the following
objectives:
• List the benefits of using vSphere distributed switches
• Describe the distributed switch architecture
• Create a distributed switch
• Manage the distributed switch
• Describe the properties of a distributed switch
Benefits of vSphere Distributed Switches
The vSphere distributed switch greatly extends vSphere networking
features and centralizes vSphere management.
vSphere distributed switches have the following benefits over standard
switches:
• vSphere distributed switch simplifies data center administration.
• vSphere distributed switch configuration is consistent across all the hosts that
use it.
• vSphere distributed switch behavior is consistent with the behavior of standard
switches.
• vSphere distributed switch supports advanced features, such as private
VLANs, NetFlow, and port mirroring.
• vSphere distributed switch enables networking statistics and policies to migrate
with virtual machines during a migration with VMware vSphere® vMotion®.
• vSphere distributed switch allows for customization and third-party
development.
vSS and vDS Comparison

Feature Standard Switch Distributed Switch

Layer 2 switch
VLAN segmentation
IPv6 support
802.1Q tagging
NIC teaming
Outbound traffic shaping
Inbound traffic shaping
VM network port block
Private VLANs
Load-based teaming
Data center-level management
vSphere vMotion migration over a network
Per-port policy settings
Port state monitoring
NetFlow
Port mirroring
 Distributed Switch Architecture

Management Port Management Port

vSphere vMotion vSphere vMotion

Port Port
Distributed Ports
and Port Groups
Distributed Switch vCenter
(Control Plane) Server
Uplink
Port Groups

Hidden Virtual
Switches
(I/O Plane)
Virtual

Physical NICs Physical

(Uplinks)

Host 1 Host 2
Distributed Switch Example
You create a distributed switch named VDS01. You create a port group
named Production, which will be used for virtual machine networking.
You assign uplinks vmnic1 on host ESXi01 and vmnic1 on host ESXi02
to the distributed switch.

Uplink
Production Port Group
Distributed
Switch VDS01

Virtual
Physical
Uplinks
vmnic0 vmnic1 vmnic2 vmnic0 vmnic1 vmnic2
ESXi01 ESXi02
Viewing a Distributed Switch
You can view a host’s distributed switch configuration by clicking the
Manage tab and clicking the Networking link.
Distributed
switch settings.

View distributed
switch settings.
Creating a Distributed Switch
You can create a distributed switch on a data center to handle the
networking configuration of multiple hosts at the same time from a
central place.
Editing General and Advanced Distributed Switch Properties
General settings for a distributed switch include the switch name and the
number of uplinks.

Basic multicast filtering mode

forwards multicast traffic for virtual
machines according to the
destination multicast group MAC
address.
Migrating Network Adapters to a Distributed Switch
For hosts associated with a distributed switch, you can migrate network
adapters from a standard switch to the distributed switch.

Migrate physical or
virtual network
adapters to this
distributed switch.
Assigning a Physical NIC of a Host to a Distributed Switch
You can assign physical NICs of a host that is associated with a
distributed switch to an uplink port on the host proxy switch.

Manage the physical

network adapters
connected to the
selected switch.
Connecting Virtual Machines to a Distributed Switch
You connect virtual machines to distributed switches by connecting their
associated virtual network adapters to distributed port groups.

For a single virtual machine,

modify the network adapter
configuration of the virtual
machine.

For a group of virtual machines,

migrate virtual machines from a
virtual network to a distributed
switch.
Editing Distributed Port Group General Properties
You can edit general distributed port group settings, such as the
distributed port group name, the port settings, and the network resource
pool.

Port binding options include static, dynamic, and ephemeral (no port
binding).
Editing Distributed Port Group Advanced Properties
From the advanced settings of a distributed port group, you can
configure the per-port overriding of the policies that are set at the port
group level.
About the VMkernel Networking Level
The VMkernel networking layer provides connectivity to hosts and
handles the standard system traffic of VMware vSphere® vMotion®, IP
storage, VMware vSphere® Fault Tolerance, VMware Virtual SAN™, and
others.
You can also create VMkernel adapters on the source and target
VMware vSphere® Replication™ hosts to isolate the replication data
traffic.
TCP/IP stacks at the VMkernel level:
• Default TCP/IP stack
• vMotion TCP/IP stack
• Provisioning TCP/IP stack
• Custom TCP/IP stacks
Creating a VMkernel Adapter on a Host Associated with a Distributed Switch

You create a VMkernel adapter on a host that is associated with a

distributed switch to provide network connectivity to the host and to
handle the traffic for vSphere vMotion, IP storage, vSphere Fault
Tolerance logging, Virtual SAN, and others.

Click Add host networking to

start the Add Networking wizard.

Click VMkernel
Network Adapter.
Netflow
Netflow is configured on the settings of your dvSwitch (Right-
click dvSwitch->Edit Settings) on the NetFlow tab. There are a number of
items we can configure here. First off, our collector IP and port. This is
the IP and port of the actual NetFlow collector where we are sending the
data too. To allow all of your traffic to appear as coming from a single
source, rather than multipleESX management networks you can specify
an IP address for the dvSwitch here as well. This doesn't actually live
on your network, just shows up in your NetFlow collector.
DirectPath I/O
DirectPath I/O allows virtual machine access to physical PCI functions
on platforms with an I/O Memory Management Unit.
The following features are unavailable for virtual machines configured
with DirectPath:
• Hot adding and removing of virtual devices
• Suspend and resume
• Record and replay
• Fault tolerance
• High availability
• DRS (limited availability. The virtual machine can be part of a cluster,
but cannot migrate across hosts)
• Snapshots
Network Troubleshooting
Review of Distributed Switch Network Connectivity
The cause of a network connectivity problem might be in the virtual
machines, the vCenter Server system, or the ESXi hosts that have NICs
assigned to the distributed switch and the physical network.
Management Port

VM State  VM VM VM VM
Management
Port vSphere vMotion Port
Distributed Ports
and Port Groups vCenter
Distributed Switch
(Control Plane) Server
Uplink
Port Groups

Hidden Virtual
Switches
(I/O Plane)
Virtual
ESXi Host ESXi Host Physical
Physical NICs
(Uplinks)
Distributed Switch Rollback
The distributed switch rollback is triggered when invalid updates are
made to distributed switch-related objects
Examples of events that might trigger a distributed switch rollback:
• Changing the MTU of a distributed switch
• Changing the following settings in the distributed port group of the
management VMkernel network adapter:
– NIC teaming and failover
– VLAN
– Traffic shaping

If an invalid configuration occurs, one or more hosts might be out of

synchronization with the distributed switch.
Recovering from a Distributed Switch Misconfiguration
Always back up your distributed switch before you make a change to its
configuration:
• If your distributed switch loses network connectivity because of a
misconfiguration, you can restore from your latest backup.
vSphere Web Client provides you with features to back up and restore
distributed switch configuration:
• Export: Back up your distributed switch configuration.
• Restore: Reset the configuration of a distributed switch from an exported
configuration file.
• Import: Create a distributed switch from an exported configuration file.

The export, restore, and import functions are available only with vSphere
Web Client. They are not available with VMware vSphere® Client™.
Backing Up a Distributed Switch Configuration
You can back up a distributed switch configuration by exporting the
configuration to a file.
Exporting enables you to do the following tasks:
• Make a backup of your distributed switch configuration.
• Create a template of a distributed switch configuration.
• Create a revision control system for your distributed switch configuration.
Restoring and Importing a Distributed Switch Configuration
After you export a distributed switch configuration, you can use the
restore or the import function to reset the configuration or to create a
distributed switch.
You can use restore to reset a distributed switch configuration that is
corrupted.
You can use import to create a distributed switch, for example, on a
different vCenter Server system.
Review of Learner Objectives
You should be able to meet the following objectives:
• Provide a network troubleshooting overview
• Analyze and troubleshoot standard switch problems
• Analyze and troubleshoot virtual machine connectivity problems
• Analyze and troubleshoot management network problems
• Analyze and troubleshoot distributed switch problems
Key Points
• Virtual network connectivity problems might occur with standard switches,
distributed switches, virtual machines, or management networks.
• A virtual machine connectivity problem might exist in the physical layer, the
virtual layer, or the guest operating system.

• The ping command is useful when troubleshooting ESXi host and virtual
machine connectivity issues.
• When an ESXi host frequently disconnects from vCenter Server, heartbeat
packets are being lost between vCenter Server and the ESXi host.
• vSphere network rollback prevents accidental misconfiguration of management
networking and loss of connectivity.

• A good practice is to back up your distributed switch configuration with the

vSphere Web Client whenever you make a change to the configuration.

• You can use the restore or the import function to reset the distributed switch
configuration.
Questions?
 5-28
© 2015 VMware Inc. All rights reserved.
 NSX
VMware NSX is the network virtualization platform for the
Software-Defined Data Center.
NSX embeds
networking and security
functionality that is typically
handled in hardware directly
into the hypervisor. The
NSX network virtualization
platform fundamentally
transforms the data center’s
network operational model
like server virtualization did
10 years ago, and is helping
thousands of customers
realize the full potential of
an SDDC.
Virtual Networks and Network Virtualization
The configurations show the difference between virtual networking and
network virtualization.

VXLAN VXLAN VXLAN

VLAN50 VLAN60 VLAN70
5050 5060 5070

Distributed Switch Distributed Switch

ESXi ESXi

VLAN TRUNKING 50, 60

VMware NSX Components (2)
VMware NSX includes the following components:
• VXLAN (logical switches): An overlay protocol that provides creation of
logical layer 2 networks over existing IP networks on existing physical
infrastructure without the need to rearchitect any of the data center networks.
• Distributed logical router: Provides optimal east-west routing at the
hypervisor level in a distributed fashion. Virtual machines that reside on the
same host on different subnets can communicate with one another without
having to traverse a traditional routing interface.
• Distributed logical firewall: Allows segmentation of virtual data center entities
such as virtual machines based on VM names and attributes, user identity,
and vCenter Server objects, in addition to traditional networking attributes
such as IP addresses and ports. Provides firewall filtering at line rate and is
distributed across all the hosts.
• Service Composer: Helps provision and assign network and security services
to applications in a virtual infrastructure. The services are mapped to a
security group and they are applied to the virtual machines in the security
group using a security policy.
VMware NSX Logical Switch Example
Logical switches extend layer 2 connectivity across layer 3 boundaries.
VM VM VM
1 2 3
172.16.10.11/24 172.16.10.12/24 172.16.10.13/24
VXLAN 5001

Logical Switch

10.20.10.10/24 10.20.20.11/24 10.20.30.12/24

vSphere Host vSphere Host vSphere Host

Physical Network