|
Objective 2.1 – Configure Virtual Switches |
 |
 |
|
Written by Matthijs van den Berg
|
|
Thursday, 08 October 2009 23:06 |
|
Note: Though all / most of the commands in this section can be performed by as well the Grafical User Interface as the Command Line I will only work out the GUI part unless especially stated. This is based upon the “Tools” section below every Objective stating the GUI much more often than the CLI. If you need CLI command to perform you configuration please take a look at the Enterprise Administrator exam prep I have written. This guide holds much more information in regards to the CLI.
Knowledge
- Understand Virtual Switch and ESX/ESXi NIC and port maximums
A Virtual Switch (vSwitch) is a switch that lives on a single ESX host. This Virtual switch is connected to the physical network as well as to other Virtual Switches via physical ethernet connections.
A vSwitch allows for many servers (via port groups) and uplinks to be connected. Port groups are the virtual extension of VLANs. Whitin a vSwitch you can create a portgroup with a VLAN ID allowing only the traffic between that portgroup and the “physical” VLAN. In regards to the vSwitch there are some configuration maximums:
- Physical hardware
- The maximum number of physical adaptors depends on the brand / model of adaptor you use. Please see the configuration maximums guide on page 5 for more information.
- Virtual Switch Maximums
- Total virtual network switch ports per host (vDS and vSS ports): 4096
- Virtual network switch ports per standard switch: 4088
- Port groups per standard switch: 512
- Standard switches per host: 248
More information about the networking introduction can be found here, and basic understanding (really helpful if you are a newbie) can be found here. All configuration maximums can be found here.
- Determine the vSwitch NIC teaming policy in a given situation
NIC teaming sets the NIC teaming policies for a vSwitch or an individual port group to share traffic load or provide failover in case of hardware failure. There are several ways to configure multiple NIC’s. The best configuration depends on the situation you are in. In the following bullets is described per teaming configuration in what situation it can be used:
- Load Balancing
In a load balanced configuration multiple NICs are used to handle the traffic from a vSwitch. Based upon a distribution logic (like port based, MAC based or IP based (the last one requires a port channel on a physical switch, the others do not require switch configuration)) all traffic is distributed across the uploads resulting in more usable bandwidth. When a NIC or uplink fails in a load balanced setup the remaining NIC handles all the traffic (after some detection and MAC address learning downtime)
- Failover
Used with multiple NICs where only one NIC is active at a given time. When a network error occurs on the active NIC the secondary NIC can take over. This is used when there I no need for large bandwidth or the underlying network is not redundant or capable to support redundant uplinks.
- Determine the appropriate vSwitch security policies in a given situation
For the VCDX exam I have written some security riscs and defined how to combat those. Please read here (second half).
- Create/Delete Virtual Switches
A virtual switch can be added using the vCenter Client. Login and follow the next steps:
- Select a ESX host
- Select the tab “Configuration”
- Select “networking” under hardware
- Click “Add Networking” in the upper right corner of the screen. The next screen shows:
- Select “Virtual Machine” and click next
- Select the NIC (non available in the example, but there should be) you would like to use and click next.
- Add a name and VLAN for a portgroup (or no VLAN of non are configured on you physical network). (Normally you would still see the physical NICs on the right side in the preview pane)
- Click Next, check the config, and click finish.
- Create Ports/Port Groups
- Besides adding Port Groups during the creation of a new vSwitch (like above) you can add them later. To do so:
- Select a ESX host
- Select the tab “Configuration”
- Select “networking” under hardware
- Click “Properties” next to an existing vSwitch
- Click on the “Add” button to add a portgroup
- Select “Virtial Machine” to add a portgroup for VMs, next
- Name the new port group, optionally set the VLAN ID, next and Finish. The new port group is now added.
- Assign Physical Adapters
- Select a ESX host
- Select the tab “Configuration
- Select “networking” under hardware
- Click “Properties” next to an existing vSwitch
- Select the tab “Network Adaptors”
- Click “Add”
- Follow the wizard to add a NIC to a vSwitch (you need a available NIC; a NIC currently not in use by another vSwitch)
- Modify vSwitch NIC Teaming and failover policies
- Select a ESX host
- Select the tab “Configuration”
- Select “networking” under hardware
- Click “Properties” next to an existing vSwitch
- Select the “vSwitch”
- Click “Edit”
- Goto the tab “NIC Teaming”
- Adjust the load balancing and / or failover setting to your needs.
- Modify vSwitch security policy and VLAN settings
- Select a ESX host
- Select the tab “Configuration”
- Select “networking” under hardware
- Click “Properties” next to an existing vSwitch
- Select the “vSwitch”
- Click “Edit”
- Goto the tab “Security”
- Set the security policies to your needs.
- Configure VMotion
To configure VMotion you need to add a “VMkerel Portgroup” to one of you vSwitches (a dedicated vSwitch of a vSwitch with VLANs in where you VMotion network has it’s own VLAN). To add a “VMkernel Port” you can use the Add a Port Group wizard described earlier. When you already add a portgroup you may need to enable VMotion support on the portgroup. To do so:
- Select a ESX host
- Select the tab “Configuration”
- Select “networking” under hardware
- Click “Properties” next to an existing vSwitch
- Select your VMotion Port Group and click “Edit”
- Make sure the the “VMotion” checkbox is checked.
Tools
|
