VCAP-DCA Objective 2.4 – Administer vNetwork Distributed Switch Settings

Knowledge
  • Explain relationship between vDS and logical vSSes
Skills and Abilities
  • Understand the use of command line tools to configure appropriate vDS settings on an ESX/ESXi host
  • Determine use cases for and apply Port Binding settings
  • Configure Live Port Moving
  • Given a set of network requirements, identify the appropriate distributed switch technology to use
  • Use command line tools to troubleshoot and identify configuration items from an existing vDS
Tools
  • ESX Configuration Guide
  • ESXi Configuration Guide
  • vSphere Command-Line Interface Installation and Scripting Guide
  • Product Documentation
  • vSphere Client
  • vSphere CLI
    • vicfg-*

 

Notes

Explain relationship between vDS and logical vSSes

vDS stands for Virtual Distributed Switch
vSS stands for Virtual Standard Switch

Both standard (vSS) and distributed (vDS) switches can exist at the same time.

You can view the switch configuration on a host (both vSS and dvS) using esxcfg-vswitch -l. It won’t show the ‘hidden’ switches used under the hood by the vDS although you can read more about those in this useful article at RTFM or at Geeksilver’s blog.

Source Geeksilver’s Blog: http://geeksilver.wordpress.com/2010/05/21/vds-vnetwork-distributed-switch-my-understanding-part-1/ and http://geeksilver.wordpress.com/2010/05/21/vds-vnetwork-distributed-switch-my-understanding-part-2/

So What is vDS? What’s difference between vSS and vDS from configure file structure?

vDS is a new Virtual Switch introduced by Vmware. The old vSS is more like local Host property. All switch data saved in the local Host. Other Host is not aware what kind of vSS other Host has. Not only vCenter can’t do anything about it, it causes trouble when you do vMotion. vDS is saved in both vCenter and Host. One copy in the vCenter, vDS is saved in the SQL database. In the local host, vDS has another local database cache copy sits at /etc/vmware/dvsdata.db. This local cache will be updated by vCenter every 5 minutes.

What’s difference between vSS and vDS on control level?

With vSS, everything should be controlled on local host. Basically, you go to Local Host->Configuration->Networking. Then, you start everything from there. But vDS is different. vDS divide control into 2 different level. I call them high level and low level.

High Level: High level is to create/remove, management teaming, distribution port group etc. This level sits at vCenter->Inventory->Networking.

Low Level: This level is to connect your vm, vmkernel, and your local physical cards to vDS. Please be aware that your vm, vmkernel, etc are connecting to distribute port group. Unlike local vSS (you have create same vswitch, same vswitch port group on all hosts), vDS is pushed from vCenter to all Hosts. As long as you are connecting to same vDS, you will have same distribute port group.

image

With local physical nic card, they need to connect to dvUPlink side. You can choose any number of local nics to connect or even no nic at all. But what you can’t do is to setup teaming (only work for 2 nics from same host), traffic shaping, VLAN because you need to setup on high level.

How does vDS work?

What will your instructor tell you? “Please don’t consider vDS is a switch connecting to Hosts. vDS is just a template” Well, that’s what you always heard from all your instructors. but template of what? The answer is vDS is template of HIDDEN vSwitch sitting on your local host. vDS(the template) is managed by vCenter(high level operation) and your local Host(low level operation). Let’s see a diagram.

image

From this diagram, you can see there are two hosts. Each host has hidden switch which received template (vDS) from vCenter. The local template will be updated every 5 minutes like what I mentioned in Part 1.

Now, let’s open this hidden switch and see what’s happening in there.

image

As you can see, the hidden switch has forwarding engine and teaming engine which will be configured and controlled by setting in vCenter. There are two IO filters (not just one) is to be used in VMSafe. So what VMSafe does is let third party software (for example, the Trend Micro) build a VM appliance and be certified by VMWARE to prove it won’t do any damage. That special VM will use special API to monitor traffice (like firewall) or check virus. Meaning, if you want to use VMSafe product, you have to use vDS, meaning you have buy Enterprise Plus license! I guess that’s why VMSafe product is not popular.

ok. Back to vDS. Let’s make a small conclusion. vDS is also a vSS. But it’s hidden in the Host. This hidden vSS is using template made by vCenter and Local Host so you can control traffic and share switch data between hosts.

 

Understand the use of command line tools to configure appropriate vDS settings on an ESX/ESXi host

See VMware KB1008127 Configuring vSwitch or vNetwork Distributed Switch from the command line in ESX/ESXi 4.x.

Apply these commands to vNetwork Distributed Switches:

esxcfg-vswitch -Q <vmnic> -V <dvPort ID of vmnic> <dvSwitch> #unlink a DVS uplink
esxcfg-vswitch -P <vmnic> -V <unused dvPort ID> <dvSwitch> #add a DVS uplink

To create the vswif and uplink it to the DVS port:
esxcfg-vswif -a -i <IP-address> -n <Netmask> -V <dvSwitch> -P <DVPort Id> vswif0

There are a few more command’s but not a lot for the vDS.

esxcfg-nics shows the physical nic information of the ESX host.

net-dvs is a debugging utility for the Distributed Switch. This is an unsupported command.

 

Determine use cases for and apply Port Binding settings

There are three types of Port Binding settings. Source: VMware KB1010593

  • Static Static Binding (Default): means that the dvPort is assigned to the virtual machine at configuration time. When all the ports are booked by virtual machines, it is not possible to connect to any more virtual machines, regardless of whether the connected virtual machines are powered up or not, and an error message is displayed.
  • Dynamic Dynamic Binding: means that the dvPort is assigned at the moment of powering the virtual machine up. This option allows for over committing the number of dvPorts.
  • None (Ephemeral ports): (Ephemeral Ports or No Binding) this behavior resembles the behavior in the standard vSwitch. If you select this option, the number of ports are automatically set to 0, and the Portgroup allocates one port for each connected virtual machine, up to the maximum number of ports available in the Switch.

Some more info and advantages and disadvantages can be found at the vexperienced.co.uk blog.

  • Static port binding
    • Default binding method for a dvPortGroup
    • Assigned to a VM when it’s added to the dvPortGroup
    • Conceptually like a static IP address
    • Port assignment persists to the VM across reboots, vMotions etc
  • Dynamic port binding
    • Used when you approach port limits (either on the particular dvPortGroup or on the vDS itself which has a maximum of 6000 dvPorts). If you have 10,000 VMs you only allocate a dvPort to powered on VMs
    • Conceptually like DHCP for a pool of desktops
    • dvPort assignment can change when VM is powered off. vCenter will attempt to use the same dvPort but no guarantee.
    • LIMITATION: Not all VMs can be powered on at the same time if you have more than 6000.
    • LIMITATION: vCenter must be available when powering on the VM, as it needs to assign a dvPort.
  • Ephemeral port binding
    • Port binding does NOT persist.
    • Number of VMs can exceed the number of ports on a given dvPortGroup (but are still bound by the total number of dvPorts on a vDS)
    • Equivalent to standard vSwitch behaviour
    • You can power on a VM using either vCenter or the VI client connected directly to a host.

 

Configure Live Port Moving

Live port migration means a standalone dvPort can be moved to a dvPortGroup and thus acquiring the all the configuration of the dvPortGroup and a dvPort which is a part of a dvPortGroup can be moved out from a dvPortGroup, the subsequent config changes to the dvPortGroup does not apply to this dvPort.

 

Given a set of network requirements, identify the appropriate distributed switch technology to use

Learn the differences between using the Nexus 1000v vs. VMware distributed virtual switch (vDS).

See http://searchnetworking.techtarget.com.au/articles/38282-VMware-vSwitch-vs-Cisco-Nexus-1-V for more information about this.

Also take a look at a whitepaper from VMware and Cisco called: Virtual Networking features of the VMware vNetwork Distributed Switch and Cisco Nexus 1000V Switch. This whitepaper can be found: http://www.vmware.com/files/pdf/technology/cisco_vmware_virtualizing_the_datacenter.pdf

 

Use command line tools to troubleshoot and identify configuration items from an existing vDS

See the Trainsignal Troubleshooting vSphere course lesson 14, lesson 15.

Another tool that can be used to troubleshoot is the net-dvs commandline tool. This is an unsupported command.

  • Located in /usr/lib/vmware/bin (not in the PATH variable so just typing net-dvs won’t work)
  • Can be used to see the vDS settings saved locally on an ESX/i host;
    • dvSwitch ID
    • dvPort assignments to VMs
    • VLAN, CDP information etc

 

Links

http://www.seancrookston.com/2010/09/09/vcap-dca-objective-2-4-administer-vnetwork-distributed-switch-settings/

http://www.kendrickcoleman.com/index.php?/Tech-Blog/vcap-datacenter-administration-exam-landing-page-vdca410.html

http://www.vexperienced.co.uk/2011/04/01/vcap-dca-study-notes-2-4-administer-vnetwork-distributed-switches/

http://damiankarlson.com/vcap-dca4-exam/objective-2-4-administer-vnetwork-distributed-switch-settings/

Documents and manuals

ESX Configuration Guide: http://www.vmware.com/pdf/vsphere4/r41/vsp_41_esx_server_config.pdf

ESXi Configuration Guide: http://www.vmware.com/pdf/vsphere4/r41/vsp_41_esxi_server_config.pdf

vSphere Command-Line Interface Installation and Scripting Guide: www.vmware.com/pdf/vsphere4/r41/vsp4_41_vcli_inst_script.pdf

Source

Related articles:

Disclaimer.
The information in this article is provided “AS IS” with no warranties, and confers no rights. This article does not represent the thoughts, intentions, plans or strategies of my employer. It is solely my opinion.

Marco

Marco works for ViaData as a Senior Technical Consultant. He has over 15 years experience as a system engineer and consultant, specialized in virtualization. VMware VCP4, VCP5-DC & VCP5-DT. VMware vExpert 2013, 2014,2015 & 2016. Microsoft MCSE & MCITP Enterprise Administrator. Veeam VMSP, VMTSP & VMCE.