1 confidential © 2010 vmware inc. all rights reserved confidential vsphere vnetwork distributed...
TRANSCRIPT
1 Confidential
© 2010 VMware Inc. All rights reserved
Confidential
vSphere vNetwork Distributed Switch (vDS)
Kris Hanks, Networking Escalation Engineer, Global Support Services
2 Confidential
Agenda
What is a vDS?New FeaturesWhy?ConfigurationCommon network issues seen by GSS
3 Confidential
What is a vDS?
4 Confidential
What is a vDS?
VMware’s next generation virtual networking solution for spanning multiple hosts with a single virtual switch representation.
Available starting in vSphere 4 (ESX 4.x and vCenter 4.x)
Can span 350 ESX/ESXi hosts
Extends the features and capabilities of virtual networking
Simplifies provisioning and the ongoing process of configuration, monitoring, and management
Host-level virtual switches are abstracted into a single large vNetwork Distributed Switch that spans multiple hosts
Port Groups become Distributed Virtual Port Groups (DV Port Groups)
Ensures configuration consistency for VMs and virtual ports
Statistics and policies follow the VM
5 Confidential
What is a vDS?
vNetwork Standard Switch (vSS)
vNetwork Distributed Switch (vDS)
6 Confidential
What is a vDS?
Distributed Virtual Port Groups (DV Port Groups)
port groups associated with a vDS specify port configuration options for each member port define how a connection is made through the vDS to the Network parameters are similar to those available with Port Groups on Standard
Switches VLAN ID Traffic shaping parameters Security teaming and load balancing ...etc
7 Confidential
What is a vDS?
Distributed Virtual Uplinks (dvUplinks)
a new concept introduced with vDS provide a level of abstraction for the physical NICs (vmnics) on each host NIC teaming, load balancing, and failover policies on the vDS and DV Port
Groups are applied to the dvUplinks and not the vmnics on individual hosts Each vmnic on each host is mapped to a dvUplink Permits teaming and failover consistency irrespective of vmnic assignments
8 Confidential
What is a vDS?
vDS view in vCenter
9 Confidential
What is a vDS?
vDS is requires an Enterprise Plus license
vDS is controller by vCenter and is stored in the VCDB
A local copy of the vDS is stored on each ESX host
If vCenter goes down the vDS will continue to function but it's configuration cannot be modified until vCenter is available again
3rd party networking vendors can provide proprietary networking interfaces to monitor, control and manage virtual networks (Cisco Nexus 1000v)
10 Confidential
New Network Features in vDS
11 Confidential
New Features
Private VLANS An extension of VLANs which adds further segmentation of the logical
broadcast domain to create private groups
12 Confidential
New Features
Network vMotion tracking of virtual machine networking state (e.g. counters, port statistics)
as the VM moves from host to host on a vDS
13 Confidential
New Features
Bi-Directional Traffic Shaping expands upon the outbound only traffic shaping feature of Standard
Switches with bi-directional traffic shaping capabilities
14 Confidential
New Features
Network IO Control (NetIOC) – Available in vSphere 4.1+ a software approach to partitioning physical network bandwidth among the
different types of network traffic flows allows to you set shares for different types of traffic limit the amount of bandwidth specific traffic can use
15 Confidential
New Features
Load Based Teaming (LBT) – Available in vSphere 4.1+ reshuffles port binding dynamically based on load and dvUplinks usage to
make an efficient use of the bandwidth available looks at TX and RX utilization over a 30 second period does not require any special configuration on the pSwitch
16 Confidential
Why vDS?
17 Confidential
Why vDS?
New Features
3rd party distributed switches - Cisco Nexus 1000v
Save time by creating the vDS once and provisioning it to all ESX hosts in the DC
Central location for making configuration changes
Moves away from host-level configuration
Ensures consistency across all hosts
Simplifies debugging and troubleshooting
18 Confidential
Configuration
19 Confidential
Configuration In vCenter, click Home > Inventory > Networking
Right-click on your DC and choose New vNetwork Distributed Switch
20 Confidential
Configuration Select your vDS version:
21 Confidential
Configuration Name of the Distributed Switch Number of Uplink Ports. Uplinks can be renamed/added afterwards.
22 Confidential
Configuration Click Add now Choose the ESX host Select physical adapter to select adapter per ESX
View details
23 Confidential
Configuration Verify the settings and click Finish
24 Confidential
Configuration VDS view
25 Confidential
Configuration VM properties view
26 Confidential
Configuration Host Network view
27 Confidential
Common Network issues seen by GSS
28 Confidential
Common support issues Removing and re-adding an ESX host with a vDS from vCenter
Problem: Customers occasionally will remove their ESX host from the vCenter inventory
and re-add it while troubleshooting issues with other features such as HA.
Symptoms: Once re-added the vDS configuration is not consistent between vCenter and
ESX vCenter complains that the vmnic's are in use
Recommendations: Do NOT remove the ESX host from vCenter. VC controls the vDS. When the
ESX host is removed from the inventory VC will delete its association with the vDS. The ESX host will still think that it is part of the vDS due to its local copy of the vDS information.
You must remove the local copy of the vDS from the ESX host and re-add it to the vDS
In vSphere 4.1 and warning message will come up if you try and remove an ESX that is attached to a vDS fro the VC inventory
29 Confidential
Common support issues Capturing network traffic on ESX and ESXi
Problem: Network packet captures need to be collected on the ESX/ESXi host for
troubleshooting.
Symptoms: You may run in to a situation where you need to collect network traces on the
ESX/ESXi host to help debug a networking issue. Setting up a mirror/SPAN port on the pSwitch may not be easily done.
Recommendations: Tcpdump and tcpdump-uw are come with ESX/ESXi Tcpdump can capture traffic from a promiscuous vswif interface Tcpdump-uw can capture traffic from a promiscuous vmknic interface KB 1000880 – tcpdump KB 1031186 – tcpdump-uw
30 Confidential
Common support issues VLAN vs VLAN Trunking with dvPortgroups on vDS
Problem: The VLAN configuration method has changed on a vDS vs vSS and causes
misconfiguration.
Symptoms: Results in no network connectivity.
Recommendations: When using virtual switch tagging (VST), select “VLAN” and specify the VLAN
ID (the most common configuration among customers) When using virtual guest tagging (VGT), select “VLAN Trunk” and specify the
VLAN range that will be passed to the guest. (same as using VLAN 4095 on vSS)
31 Confidential
Common support issues All vDS uplinks are not configured to access the same networks on
the pSwitch.
Problem: How to deal with vmnics that are configured to see different parts of the
network.
Symptoms: An ESX host has multiple NICs connected to multiple networks on the same
vDS. For example 2 vmnics connect to the MGMT network and 2 connect to the PROD network.
Recommendations: Edit the dvPortgroup teaming settings and set active and unused NICs to
separate them.
32 Confidential
Common support issues Incorrect load-balancing policy configuration
Problem: After configuring NIC teaming you experience network issues.
Symptoms: Sporadic network connectivity. Very poor network performance. Complete network outage.
Recommendations: Ensure the vDS/vSS teaming configuration match the pSwitch configuration. IP-Hash requires the pSwitch to be configured for static 802.3ad. IP-Hash does NOT support active protocols such as LACP. “channel-group 1
mode on” on Cisco gear. Port-ID, MAC-Hash, LBT do not require any special configuration on the
pSwitch.
33 Confidential
Common support issues An HA isolation event is triggered when network maintenance is
performed even though redundant NIC teaming is configured on ESX.
Problem: Your ESX host is configured with teaming NICs for redundancy and you
perform maintenance on one of the links. When this link is brought back up is causes HA to detect a network isolation.
Symptoms: HA isolation. VMs are powered off and brought up on another host in the cluster.
Recommendations: Enabled “spanning-tree portfast” of equivalent on your pSwitch interfaces. Disable HA when performing network maintenance.
34 Confidential
Common support issues VM looses network connectivity after a migration with vMotion.
Problem: VMs intermittently loose network connectivity when migrated using vMotion to
another host when NIC teaming is used.
Symptoms: VM drops off the network.
Recommendations: Test each vmnic individually by moving all but 1 to “unused”. Check the pSwitch configuration to ensure all interfaces have a consistant
configuration.
35 Confidential
Common support issues Choosing dvPort binding type.
Problem: What dvPort binding type should I choose?
Symptoms: How do the 3 binding types work?
Recommendations: KB 1022312 Static (default) – port is always reserved until the VM is removed. VC required. Dynamic – port is only reserved when the VM is powered on. VC required. Ephemeral – port is reserved when VM is powered on and NIC is connected.
VC is not required.
36 Confidential
Common support issues vSphere maximum guide states that a vDS supports a max of
20,000 ports but you can only add a max of 8192.
Problem: You cannot configure more then 8192 ports on a vDS.
Symptoms: vCenter pops up a message stating that the maximum ports allowed is 8192. Can cause issues with Lab Manager as it tried to deploy more then this soft
limit.
Recommendations: (see next page...)
37 Confidential
Common support issues1. In a browser, enter http://<vc-ip-address>/mob/ for the address and enter VC username and
password when prompted2. Click the “content” link3. Search for the row with the word “rootFolder” on the left. Click on the link on the right at the
row (the link should read like “group-d1 (Datacenters)”)4. Search for the row with the word “childEntity” on the left. On the right, a list of datacenter link
should be shown there. Click on the one that the VDS is defined in5. Search for the row with the word “networkFolder” on the left. Click on the link on the right at
the row (the link should read like “group-n123 (network)”)6. Search for the row with the word “childEntity” on the left. On the right, a list of VDS and
distributed port groups linkd should be shown there. Click on the VDS you want to change the maxPort
7. Search for the row with the word “config” on the left. Click on the link on the right at the row.8. Search for the row with the word “configVersion” on the left (it should be the first row). Take a
note of its value displayed on the right. The value should be a numeric number, like “123”9. Go back to the previous page (the VDS page)10. Click on a link that reads “ReconfigureDvs_Task”, a new window pops up.11. Enter “<spec><configVersion>123</configVersion><maxPorts>20000</maxPorts></
spec>” in the text field labeled as “spec” (replace the configVersion value, 123, in the xml with the actual value you got from step 8) and click on “Invoke Method” link.
12. Done. You can dismiss the poped up invocation window.
You can verify the new maxPort value by going to the “config” page in step 7 and check the value for the “maxPorts” row.
(Yes, this will be published in a KB soon)
38 Confidential
Common support issues
PowerCLI snippet:
$dvs = Get-VirtualSwitch -Distributed -Name DVSName | Get-View$cfg = New-Object -TypeName VMware.Vim.DVSConfigSpec$cfg.MaxPorts = 20000$cfg.configVersion = $dvs.config.configVersion$dvs.ReconfigureDvs_Task( $cfg )
39 Confidential
40 Confidential
© 2010 VMware Inc. All rights reserved
Confidential
Questions