Scribd
Upload
755 views34 pages

Module 5: Configuring and Managing Virtual Networks: © 2020 Vmware, Inc

Uploaded by

hacker_05
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
755 views34 pages

Module 5: Configuring and Managing Virtual Networks: © 2020 Vmware, Inc

Uploaded by

hacker_05
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 34

Module 5: Configuring and

Managing Virtual Networks

© 2020 VMware, Inc.


Importance
When you configure ESXi networking properly, virtual machines can communicate with other
virtual, and physical, machines. In this way, remote host management and IP-based storage
operate effectively.

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5-2
Module Lessons
1. Introduction to vSphere Standard Switches
2. Configuring Standard Switch Policies

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5-3
Virtual Beans: Networking Requirements
Virtual Beans has the following requirements for its network infrastructure:
• Use the existing VLAN infrastructure and create VLANs as needed for the vSphere
environment.
• Use the available bandwidth efficiently:
– Infrastructure services must get enough bandwidth.
– Infrastructure traffic should not interfere with the performance of business-critical and
nonbusiness-critical application traffic.
• Avoid single points of failure.
As the Virtual Beans administrator, you must configure vSphere networking to meet these
requirements.

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5-4
Lesson 1: Introduction to vSphere Standard
Switches

© 2020 VMware Inc. All rights reserved.


Learner Objectives
After completing this lesson, you should be able to meet the following objectives:
• Identify virtual switch connection types
• Configure and view standard switch configurations
• Distinguish between the features of standard and distributed switches

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5-6
About Virtual Switches
Virtual switches connect VMs to the physical network.
They provide connectivity between VMs on the same ESXi host or on different ESXi hosts.
They also support VMkernel services, such as vSphere vMotion migration, iSCSI, NFS, and
access to the management network.

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5-7
Types of Virtual Switch Connections
A virtual switch has specific connection types:
• VM port groups
• VMkernel port: For IP storage, vSphere vMotion migration, vSphere Fault Tolerance, vSAN,
vSphere Replication, and the ESXi management network
• Uplink ports

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5-8
Virtual Switch Connection Examples
More than one network can coexist on the same virtual switch or on separate virtual switches.

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5-9
About VLANs
ESXi supports 802.1Q VLAN tagging.
Virtual switch tagging is one of the supported
tagging policies:
• Frames from a VM are tagged as they exit
the virtual switch.
• Tagged frames arriving at a virtual switch are
untagged before they are sent to the
destination VM.
• The effect on performance is minimal.
ESXi provides VLAN support by assigning a
VLAN ID to a port group.

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 10


Types of Virtual Switches
A virtual network supports standard and distributed switches. Both switch types are elastic: Ports
are created and removed automatically.
• Standard switch: • Distributed switch:
– Virtual switch that is configured for a single – Virtual switch that is configured for an
host. entire data center.
– Up to 2,000 hosts can be attached to the
same distributed switch.
– The configuration is consistent across all
attached hosts.
– Hosts must either have an Enterprise Plus
license or belong to a vSAN cluster.

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 11


Adding ESXi Networking
You can add new standard switches to an ESXi host or configure existing ones using the vSphere
Client or VMware Host Client.

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 12


Viewing the Configuration of Standard Switches
In the vSphere Client, you can view a host’s standard switch configuration by selecting Virtual
Switches on the Configure tab.

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 13


Network Adapter Properties
The Physical adapters pane shows adapter details such as speed, duplex, and MAC address
settings.
Although the speed and duplex settings are configurable, the best practice is to leave the settings
at autonegotiate.

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 14


Distributed Switch Architecture

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 15


Standard and Distributed Switches: Shared Features
Standard and distributed switches have several features in common.

Feature Standard Switch Distributed Switch


Layer 2 switch Yes Yes
VLAN segmentation (802.1Q tagging) Yes Yes
IPv6 support Yes Yes
NIC teaming Yes Yes
Outbound traffic shaping Yes Yes
Cicso Discovery Protocol (CDP) Yes Yes

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 16


Additional Features of Distributed Switches
Distributed switches include several features that are not part of standard switches.

Feature Standard Switch Distributed Switch


Inbound traffic shaping No Yes
VM network port block No Yes
Private VLANs No Yes
Load-based teaming No Yes
Data center level management No Yes
vSphere vMotion migration of virtual networking state No Yes
Per-port policy settings No Yes
Port state monitoring of network statistics No Yes
NetFlow No Yes
Port mirroring No Yes
Access to NSX-T port groups No Yes
Link Layer Discovery Protocol (LLDP) No Yes
© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 17
Review of Learner Objectives
After completing this lesson, you should be able to meet the following objectives:
• Identify virtual switch connection types
• Configure and view standard switch configurations
• Distinguish between the features of standard and distributed switches

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 19


Lesson 2: Configuring Standard Switch
Policies

© 2020 VMware Inc. All rights reserved.


Learner Objectives
After completing this lesson, you should be able to meet the following objectives:
• Explain how to set the security policies for a standard switch port group
• Explain how to set the traffic shaping policies for a standard switch port group
• Explain how to set the NIC teaming and failover policies for a standard switch port group

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 21


Network Switch and Port Policies
Policies that are set at the standard switch level apply to all port groups on the standard switch by
default.
Available network policies: Policy levels:
• Security • Standard switch level: Default policies for all
• Traffic shaping the ports on the standard switch.
• NIC teaming and failover • Port group level: Effective policies defined at
this level override the default policies that are
set at the standard switch level.

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 22


Configuring Security Policies
As an administrator, you can define security policies at both the standard switch level and the port
group level:
• Promiscuous mode: You can allow a virtual switch or port group to forward all traffic regardless
of the destination.
• MAC address changes: You can accept or reject inbound traffic when the MAC address is
altered by the guest.
• Forged transmits: You can accept or reject outbound traffic when the MAC address is altered
by the guest.

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 23


Traffic-Shaping Policies
Network traffic shaping is a mechanism for limiting a virtual machine’s consumption of available
network bandwidth.
Average rate, peak rate, and burst size are configurable.

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 24


Configuring Traffic Shaping
A traffic-shaping policy is defined by average bandwidth, peak bandwidth, and burst size. You can
establish a traffic-shaping policy for each port group and each distributed port or distributed port
group:
• Traffic shaping is disabled by default.
• Parameters apply to each virtual NIC in the standard switch.
• On a standard switch, traffic shaping controls only outbound traffic, that is, traffic traveling from
the VMs to the virtual switch and out onto the physical network.

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 25


NIC Teaming and Failover Policies
With NIC teaming, you can increase the network capacity of a virtual switch by including two or
more physical NICs in a team.

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 26


Load-Balancing Method: Originating Virtual Port ID
With the load-balancing method that is based on the originating virtual port ID, a virtual machine’s
outbound traffic is mapped to a specific physical NIC.

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 27


Load-Balancing Method: Source MAC Hash
For the load-balancing method based on source MAC hash, each virtual machine’s outbound
traffic is mapped to a specific physical NIC that is based on the virtual NIC’s MAC address.

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 28


Load-Balancing Method: Source and Destination IP Hash
With the IP-based load-balancing method, a NIC for each outbound packet is selected based on
its source and destination IP addresses.

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 29


Detecting and Handling Network Failure
The VMkernel can use link status or beaconing, or both, to detect a network failure.
Network failure is detected by the VMkernel, which monitors the link state and performs beacon
probing.
The VMkernel notifies physical switches of changes in the physical location of a MAC address.
Failover is implemented by the VMkernel based on configurable parameters:
• Failback: How the physical adapter is returned to active duty after recovering from failure.
• Load-balancing option: Use explicit failover order. Always use the vmnic uplink at the top of the
active adapter list.

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 30


Physical Network Considerations
Your virtual networking environment relies on the physical network infrastructure. As a vSphere
administrator, you should discuss your vSphere networking needs with your network
administration team.
The following issues are topics for discussion:
• Number of physical switches
• Network bandwidth required
• Physical switch configuration support for 802.3ad, for NIC teaming
• Physical switch configuration support for 802.1Q, for VLAN tagging
• Physical switch configuration support for Link Aggregation Control Protocol (LACP)
• Network port security
• Link Layer Discovery Protocol (LLDP) and Cisco Discovery Protocol (CDP) and their operation
modes, such as listen, broadcast, listen and broadcast, and disabled

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 31


Lab 7: Using Standard Switches
Lab 8: Using Distributed Switches

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 18


Review of Learner Objectives
After completing this lesson, you should be able to meet the following objectives:
• Explain how to set the security policies for a standard switch port group
• Explain how to set the traffic shaping policies for a standard switch port group
• Explain how to set the NIC teaming and failover policies for a standard switch port group

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 32


Virtual Beans: Networking Requirements
As a Virtual Beans administrator, you have a few decisions to make about your network
infrastructure.
As you plan your network, you consider these key takeaways about vSphere networking:
• You must create port groups for the VLANs that you want to use in your vSphere environment.
• You can use NIC teaming in the virtual switch to avoid a single point of failure.
• You can separate infrastructure service traffic from your application traffic by putting each traffic
type on its own VLAN.
Segmenting traffic can improve performance and enhance security by limiting network access
to a specific traffic type.
• You should research the benefits of using distributed switches in your environment. Distributed
switches have additional features over standard switches.

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 33


Key Points
• Virtual switches can have the following connection types: VM port group, VMkernel port, and
physical uplinks.
• A standard switch is a virtual switch configuration for a single host.
• Network policies set at the standard switch level can be overridden at the port group level.
• A distributed switch provides centralized management and monitoring for the networking
configuration of all ESXi hosts that are associated with the switch.
Questions?

© 2020 VMware, Inc. VMware vSphere: Install, Configure, Manage [V7] | 5 - 34

You might also like