2 Confidential Agenda What is a vDS? New Features Why? Configuration Common network issues seen by GSS
3 Confidential What is a vDS?
4 Confidential What is a vDS? VMware’s next generation virtual networking solution for spanning multiple hosts with a single virtual switch representation. Available starting in vSphere 4 (ESX 4.x and vCenter 4.x) Can span 350 ESX/ESXi hosts Extends the features and capabilities of virtual networking Simplifies provisioning and the ongoing process of configuration, monitoring, and management Host-level virtual switches are abstracted into a single large vNetwork Distributed Switch that spans multiple hosts Port Groups become Distributed Virtual Port Groups (DV Port Groups) Ensures configuration consistency for VMs and virtual ports Statistics and policies follow the VM
5 Confidential What is a vDS? vNetwork Standard Switch (vSS) vNetwork Distributed Switch (vDS)
6 Confidential What is a vDS? Distributed Virtual Port Groups (DV Port Groups) port groups associated with a vDS specify port configuration options for each member port define how a connection is made through the vDS to the Network parameters are similar to those available with Port Groups on Standard Switches VLAN ID Traffic shaping parameters Security teaming and load balancing ...etc
7 Confidential What is a vDS? Distributed Virtual Uplinks (dvUplinks) a new concept introduced with vDS provide a level of abstraction for the physical NICs (vmnics) on each host NIC teaming, load balancing, and failover policies on the vDS and DV Port Groups are applied to the dvUplinks and not the vmnics on individual hosts Each vmnic on each host is mapped to a dvUplink Permits teaming and failover consistency irrespective of vmnic assignments
8 Confidential What is a vDS? vDS view in vCenter
9 Confidential What is a vDS? vDS is requires an Enterprise Plus license vDS is controller by vCenter and is stored in the VCDB A local copy of the vDS is stored on each ESX host If vCenter goes down the vDS will continue to function but it's configuration cannot be modified until vCenter is available again 3rd party networking vendors can provide proprietary networking interfaces to monitor, control and manage virtual networks (Cisco Nexus 1000v)
10 Confidential New Network Features in vDS
11 Confidential New Features Private VLANS An extension of VLANs which adds further segmentation of the logical broadcast domain to create private groups
12 Confidential New Features Network vMotion tracking of virtual machine networking state (e.g. counters, port statistics) as the VM moves from host to host on a vDS
13 Confidential New Features Bi-Directional Traffic Shaping expands upon the outbound only traffic shaping feature of Standard Switches with bi-directional traffic shaping capabilities
14 Confidential New Features Network IO Control (NetIOC) – Available in vSphere 4.1+ a software approach to partitioning physical network bandwidth among the different types of network traffic flows allows to you set shares for different types of traffic limit the amount of bandwidth specific traffic can use
15 Confidential New Features Load Based Teaming (LBT) – Available in vSphere 4.1+ reshuffles port binding dynamically based on load and dvUplinks usage to make an efficient use of the bandwidth available looks at TX and RX utilization over a 30 second period does not require any special configuration on the pSwitch
16 Confidential Why vDS?
17 Confidential Why vDS? New Features 3 rd party distributed switches - Cisco Nexus 1000v Save time by creating the vDS once and provisioning it to all ESX hosts in the DC Central location for making configuration changes Moves away from host-level configuration Ensures consistency across all hosts Simplifies debugging and troubleshooting
18 Confidential Configuration
19 Confidential Configuration In vCenter, click Home > Inventory > Networking Right-click on your DC and choose New vNetwork Distributed Switch
20 Confidential Configuration Select your vDS version:
21 Confidential Configuration Name of the Distributed Switch Number of Uplink Ports. Uplinks can be renamed/added afterwards.
22 Confidential Configuration Click Add now Choose the ESX host Select physical adapter to select adapter per ESX View details
23 Confidential Configuration Verify the settings and click Finish
24 Confidential Configuration VDS view
25 Confidential Configuration VM properties view
27 Confidential Common Network issues seen by GSS
28 Confidential Common support issues Removing and re-adding an ESX host with a vDS from vCenter Problem: Customers occasionally will remove their ESX host from the vCenter inventory and re-add it while troubleshooting issues with other features such as HA. Symptoms: Once re-added the vDS configuration is not consistent between vCenter and ESX vCenter complains that the vmnic's are in use Recommendations: Do NOT remove the ESX host from vCenter. VC controls the vDS. When the ESX host is removed from the inventory VC will delete its association with the vDS. The ESX host will still think that it is part of the vDS due to its local copy of the vDS information. You must remove the local copy of the vDS from the ESX host and re-add it to the vDS In vSphere 4.1 and warning message will come up if you try and remove an ESX that is attached to a vDS fro the VC inventory
29 Confidential Common support issues Capturing network traffic on ESX and ESXi Problem: Network packet captures need to be collected on the ESX/ESXi host for troubleshooting. Symptoms: You may run in to a situation where you need to collect network traces on the ESX/ESXi host to help debug a networking issue. Setting up a mirror/SPAN port on the pSwitch may not be easily done. Recommendations: Tcpdump and tcpdump-uw are come with ESX/ESXi Tcpdump can capture traffic from a promiscuous vswif interface Tcpdump-uw can capture traffic from a promiscuous vmknic interface KB – tcpdump KB – tcpdump-uw
30 Confidential Common support issues VLAN vs VLAN Trunking with dvPortgroups on vDS Problem: The VLAN configuration method has changed on a vDS vs vSS and causes misconfiguration. Symptoms: Results in no network connectivity. Recommendations: When using virtual switch tagging (VST), select “VLAN” and specify the VLAN ID (the most common configuration among customers) When using virtual guest tagging (VGT), select “VLAN Trunk” and specify the VLAN range that will be passed to the guest. (same as using VLAN 4095 on vSS)
31 Confidential Common support issues All vDS uplinks are not configured to access the same networks on the pSwitch. Problem: How to deal with vmnics that are configured to see different parts of the network. Symptoms: An ESX host has multiple NICs connected to multiple networks on the same vDS. For example 2 vmnics connect to the MGMT network and 2 connect to the PROD network. Recommendations: Edit the dvPortgroup teaming settings and set active and unused NICs to separate them.
32 Confidential Common support issues Incorrect load-balancing policy configuration Problem: After configuring NIC teaming you experience network issues. Symptoms: Sporadic network connectivity. Very poor network performance. Complete network outage. Recommendations: Ensure the vDS/vSS teaming configuration match the pSwitch configuration. IP-Hash requires the pSwitch to be configured for static 802.3ad. IP-Hash does NOT support active protocols such as LACP. “channel-group 1 mode on” on Cisco gear. Port-ID, MAC-Hash, LBT do not require any special configuration on the pSwitch.
33 Confidential Common support issues An HA isolation event is triggered when network maintenance is performed even though redundant NIC teaming is configured on ESX. Problem: Your ESX host is configured with teaming NICs for redundancy and you perform maintenance on one of the links. When this link is brought back up is causes HA to detect a network isolation. Symptoms: HA isolation. VMs are powered off and brought up on another host in the cluster. Recommendations: Enabled “spanning-tree portfast” of equivalent on your pSwitch interfaces. Disable HA when performing network maintenance.
34 Confidential Common support issues VM looses network connectivity after a migration with vMotion. Problem: VMs intermittently loose network connectivity when migrated using vMotion to another host when NIC teaming is used. Symptoms: VM drops off the network. Recommendations: Test each vmnic individually by moving all but 1 to “unused”. Check the pSwitch configuration to ensure all interfaces have a consistant configuration.
35 Confidential Common support issues Choosing dvPort binding type. Problem: What dvPort binding type should I choose? Symptoms: How do the 3 binding types work? Recommendations: KB Static (default) – port is always reserved until the VM is removed. VC required. Dynamic – port is only reserved when the VM is powered on. VC required. Ephemeral – port is reserved when VM is powered on and NIC is connected. VC is not required.
36 Confidential Common support issues vSphere maximum guide states that a vDS supports a max of 20,000 ports but you can only add a max of Problem: You cannot configure more then 8192 ports on a vDS. Symptoms: vCenter pops up a message stating that the maximum ports allowed is Can cause issues with Lab Manager as it tried to deploy more then this soft limit. Recommendations: (see next page...)
37 Confidential Common support issues 1. In a browser, enter /mob/ for the address and enter VC username and password when prompted 2. Click the “content” link 3. Search for the row with the word “rootFolder” on the left. Click on the link on the right at the row (the link should read like “group-d1 (Datacenters)”) 4. Search for the row with the word “childEntity” on the left. On the right, a list of datacenter link should be shown there. Click on the one that the VDS is defined in 5. Search for the row with the word “networkFolder” on the left. Click on the link on the right at the row (the link should read like “group-n123 (network)”) 6. Search for the row with the word “childEntity” on the left. On the right, a list of VDS and distributed port groups linkd should be shown there. Click on the VDS you want to change the maxPort 7. Search for the row with the word “config” on the left. Click on the link on the right at the row. 8. Search for the row with the word “configVersion” on the left (it should be the first row). Take a note of its value displayed on the right. The value should be a numeric number, like “123” 9. Go back to the previous page (the VDS page) 10.Click on a link that reads “ReconfigureDvs_Task”, a new window pops up. 11.Enter “ ” in the text field labeled as “spec” (replace the configVersion value, 123, in the xml with the actual value you got from step 8) and click on “Invoke Method” link. 12.Done. You can dismiss the poped up invocation window. You can verify the new maxPort value by going to the “config” page in step 7 and check the value for the “maxPorts” row. (Yes, this will be published in a KB soon)