Objective 2.1 Configure Advanced Policies/Features and Verify Network Virtualization Implementation (Part 1)
April 15, 2015
Welcome once again. We are going to go over the following points under this objective.
- Identify vSphere Distributed Switch capabilities
- Create / Delete a vSphere Distributed Switch
- Add / Remove ESXi hosts from a vSphere Distributed Switch
- Add / Configure / Remove dvPort Groups
- Add /Remove uplink adapters to dvUplink groups
- Configure vSphere Distributed Switch general and dvPort group Settings
- Create / Configure / Remove virtual adapters
- Migrate virtual machines to/from a vSphere Distributed Switch
- Configure LACP on Uplink Port Groups
- Describe vDS Security Policies / Settings
- Configure dvPort group blocking policies
- Configure Load Balancing and failover policies
- Configure VLAN / PVLAN settings
- Configure traffic shaping policies
- Enable TCP Segmentation Offload Support for a Virtual Machine
- Enable Jumbo Frames support on appropriate components
- Determine appropriate VLAN configuration for a vSphere implementation
So most of what we are going to go over is going to be pictures (yayy!!). Most of the above will stick better with you if you go over it a few times in the client. I know it does for me. Following along with my screenshots should give you a better and faster experience. SO without further ado,
Identify vSphere Distributed Switch Capabilities
So I will first bore you with the long winded explanation of what a vDS is. With a standard switch, both the management plane and the data plane exist together. You have to control the configuration on every host individually. The Distributed switch on the other hand will take the management plane and the data plane and separate them. What does this mean for you? It means that you can create the configuration just once, and push it down to every host that you have attached to that switch. The data plane still exists on each host. This piece is called a host proxy switch.
The Distributed Switch is made up of two abstractions that you use to create your configuration. These are:
- Uplink Port Group: This is the physical connection on each host you create. You create the number of uplinks that you want for each host to have. For example. If you create 2 uplinks in this group, you can map 2 physical NICs on each host to the Distributed Switch. You can set failover and load balancing on this and have it apply to all the hosts.
- Distributed Port Group: This is to provide your network connectivity to your VMs. You can configure teaming, load balancing, failover, VLAN, security, traffic shaping, and more on them. These will get pushed to every host that is part of the Distributed Switch
So as far as the abilities of a vDS vs a standard switch, here is a quick list of things that vDS can do.
- Inbound Traffic Shaping= this allows you throttle bandwidth to the switch.
- VM Port Blocking= You can block VM ports in case of viruses or troubleshooting
- PVLANS= You can use these to further segregate your traffic and increase security
- Load-Based Teaming= An additional load balancing that works off the amount of traffic a queue is sending
- Central Management= As mentioned before you can create the config once and push it to all attached hosts
- Per Port Policy Settings= You can override policies at a port level giving you fine grained control
- Port State Monitoring= Each port can be monitored separate from other ports
- LLDP= Supports Link Layer Discovery Protocol
- Network IO Control= Allows you the ability to set priority on port groups and now VMs even reserving bandwidth per VM
- NetFlow= Used for troubleshooting, grabs a configurable number of samples of network traffic for monitoring
- LACP= The ability to aggregate links together into a single link (must be used in conjunction with the physical switch)
- Backing and Restoring of Network Configuration= You can save and restore configurations
- Port Mirroring= Also used for monitoring you can send all traffic from one port to another
- Statistics move with the Machine= Even after vMotioning, your statistics can stay with the VM
So that is all the reasons why you would want to use a vDS. There are a lot of cool features and capabilities that is makes available and if you want to go even further, NSX is built on top of vDS as well. So it would behoove anyone that wants to get into Software Defined Networking with VMware, get cozy with vDS tech. Let’s go ahead and move onto the next point!
Create / Delete a vSphere Distributed Switch
So the easiest way to create a Distributed Switch is to do the following:
- From the Home Screen click on Networking in the Middle Pane, or you can also click on Networking in the Object Navigator
- Right Click on the Datacenter and this will be the menu that pops up
- Click on Distributed Switch and then click on New Distributed Switch
- You are now presented with the following Box
- Choose a name for your Distributed Switch
- You are now asked for which version of Distributed switch you want to create. Each of them correspond to the ESXi version. This also equals whether certain features will be available. For example on the version 6.0 Switch, NIOC v3 is available but wouldn’t be if you chose version 5.5
- The next screen that is presented to you, is going to present you with some options. Among these are Number of Uplinks, Enable or Disable Network IO Control, if you want to create a Default Port Group and what the name of it will be
- We already mentioned what each of those options are, so I won’t go over them again here. The next screen is just a recap of what you have already chosen
- When it is all done it will show up on your screen like this
- The Distributed Switch has two groups underneath it. The first is the Port Group, the second is the Uplink group
- To Delete the Distributed Switch, you just need to right click on the switch and click Delete. Pretty simple huh?
Add / Remove ESXi hosts from a vSphere Distributed Switch
In order to add or remove hosts to your Distributed Switch, follow these directions:
- Click on Networking from the Home Screen
- Right Click on your Distributed Switch and see the following menu
- Click on Add and Manage Hosts – You are now given this menu
- Click the action you wish to perform, and then click “Next”
- You can now either add or remove hosts as you need
- You also have the ability to migrate Virtual Machines and VMKernel adapters on the next screens
- The last screen you have that is relevant to this objective is “Analyzing Impact” and then “Ready to complete”
- Click Finish and you have now accomplished your task
Add / Configure / Remove dvPort Groups
So after you click on Networking from the Home screen (which you should be quite familiar with at this point) you are presented with your Distributed switch. If you chose to create a default port group when you created the dvSwitch, you should be presented with that on the networking screen underneath your vDS. For Example
Now if you need to configure that port group that you already have, you would just need to click on that port group and then click on manage. This will allow you all sorts of options. You can choose the one you want and then click on edit.
To add or remove a port group, you step one level back up.
- Right click on your vDS and then click on Distributed Port Group or hover over it, and then you are presented with the following options
- Click on New Distributed Port Group and you are then asked to provide a name for it
- Click next and the next screen you are asked to configure the port group
- Next screen is your “Ready to complete” and click finish
To remove a port group:
- Right Click on the port group you wish to remove and then …….wait for it, delete it –That’s all there is to that
Add /Remove uplink adapters to dvUplink groups
There are a number of ways you can assign or remove adapters to a distributed switch. I think the easiest way is just right clicking on the Distributed Switch and then Add and Manage Hosts. You will need to assign hosts vmnics to an uplink. To do that do the following:
- Right Click on the Distributed switch and click on Add and Manage Hosts
- You will now need to select the host or hosts you want to assign to uplinks. You do that on this screen by clicking on the plus sign (+)
- Once it the host is selected it will look like the screen shot above
- Click on next and then you will be presented with this screen
- Manage Physical Adapters is the important thing we are looking for here – Go ahead and click next
- We now have the following screen
- Now we can click on one of the vmnics shown here to assign an uplink to a physical adapter
- Click on the uplink you are interested in assigning and then click Assign Uplink on the top- that will bring up this screen
- Choose the uplink you want to assign and click OK
- It will now show on your screen like this
- Go ahead through the remaining screens if there is anything else you need to change, do so
- Click Finish and you have now assigned the uplink.
- To remove, go through the above but instead of assigning uplink, choose the uplink and then “Unassign adapter”
- That’s all there is to it
Migrate virtual machines to / from a vSphere Distributed Switch
We are going to stay in the same place a while longer, but it is getting long so I have unilaterally decided to split this objective in two parts. The last point we are going to cover in this part is migrating virtual machines in and out of our Distributed Switch. We should be able to accomplish this without any packet drops or loss of connectivity on the part of the virtual machine. We are going to do this in the same place as before, under networking and then right click on our vDS. This time, choose “Migrate Virtual Machine Networking” though. This is the screen you will now be presented with.
From this point it’s relatively straightforward. You choose the network you are coming from, if any, and choose the destination network you want to go to. Then go ahead and click next. This is the next screen.
You can click on the VMs you want to move here. It will only let you do it if the virtual machine can be moved there. In this case all of my other virtual machines can’t be moved to there because they are on hosts that are not added to the vDS. Click on next and then finish and you are done.
Good Lord this took me a while to write up between case load and correcting 5th Grade homework (not mine of course). Next up on Part 2 we will go ahead and cover the rest of the points under this objective.Follow @it_muscle