Tag Archives: vswitch

VCAP-DCA Study guide – 6.3 Troubleshooting Network Performance and Connectivity

Knowledge

  • Identify virtual switch entries in a Virtual Machine’s configuration file
  • Identify virtual switch entries in the ESX/ESXi Host configuration file
  • Identify CLI commands and tools used to troubleshoot vSphere networking configurations
  • Identify logs used to troubleshoot network issues

Skills and Abilities

  • Utilize net-dvs to troubleshoot vNetwork Distributed Switch configurations
  • Utilize vicfg-* commands to troubleshoot ESX/ESXi network configurations
  • Configure a network packet analyzer in a vSphere environment
  • Troubleshoot Private VLANs
  • Troubleshoot Service Console and vmkernel network configuration issues
  • Troubleshooting related issues
  • Use esxtop/resxtop to identify network performance problems
  • Use CDP and/or network hints to identify connectivity issues
  • Analyze troubleshooting data to determine if the root cause for a given network problem originates in the physical infrastructure or vSphere environment

Tools & learning resources

Identify virtual switch entries in a VMs configuration file

Contains both vSS and vDS entries;

image

In the example VM below it has three vNICs on two separate vDSs. When troubleshooting you may need to coordinate the values here with the net-dvs output on the host;

  • NetworkName will show “” when on a vDS.
  • The .VMX will show the dvPortID, dvPortGroupID and port.connectid used by the VM – all three values can be matched against the net-dvs output and used to check the port configuration details – load balancing, VLAN, packet statistics, security  etc

NOTE: Entries are not grouped together in the .VMX file so check the whole file to ensure you see all relevant entries.

image

Identify virtual switch entries in the ESX/i host configuration file

The host configuration file (same file for both ESX and ESXi);

  • /etc/vmware/esx.conf

Like the .VMX file it contains entries for both switch types although there are only minimal entries for the vDS. Most vDS configuration is held in a separate database and can be viewed using net-dvs (see section 6.3.7).

Command line tools for network troubleshooting

The usual suspects;

  • vicfg-nics
  • vicfg-vmknic
  • vicfg-vswitch (-b) for CDP
  • vicfg-vswif
  • vicfg-route
  • cat /etc/resolv.conf, /etc/hosts
  • net-dvs
  • ping and vmkping

Continue reading VCAP-DCA Study guide – 6.3 Troubleshooting Network Performance and Connectivity

VCAP-DCA Study Notes – 2.4 Administer vNetwork Distributed Switches

Knowledge

  • Explain relationship between vDS and logical vSSes

Skills and Abilities

  • Understand the use of command line tools to configure appropriate vDS settings on an ESX/ESXi host
  • Determine use cases for and apply Port Binding settings
  • Configure Live Port Moving
  • Given a set of network requirements, identify the appropriate distributed switch technology to use
  • Use command line tools to troubleshoot and identify configuration items from an existing vDS

Tools & learning resources

Relationship between vSS and vDS

Both standard (vSS) and distributed (vDS) switches can exist at the same time – indeed there’s good reason to use this ‘hybrid’ mode.

You can view the switch configuration on a host (both vSS and dvS) using esxcfg-vswitch -l. It won’t show the ‘hidden’ switches used under the hood by the vDS although you can read more about those in this useful article at RTFM or at Geeksilver’s blog.

Command line configuration of a vDS

The command line is pretty limited when it comes to vDS. Useful commands;

  • esxcfg-vswitch
    • esxcfg-vswitch -P vmnic0 -V 101 <dvSwitch> (link a physical NIC to a vDS)
    • esxcfg-vswitch -Q vmnic0 -V 101 <dvSwitch> (unlink a physical NIC from a vDS)
  • esxcfg-vswif -l | -d (list or delete a service console)
  • esxcfg-nics
  • net-dvs

NOTE: net-dvs can be used for diagnostics although it’s an unsupported command. It’s located in /usr/lib/vmware/bin. Use of this command is covered in section 6.4 Troubleshooting Network connectivity.

NOTE: esxcfg-vswitch can ONLY be used to link and unlink physical adaptors from a vDS. Use this to fix faulty network configurations. If necessary create a vSS switch and move your physical uplinks across to get your host back on the network. See VMwareKB1008127 or this blogpost for details.

Identify configuration items from an existing vDS

You can use esxcfg-vswitch -l to show the dvPort assigned to a given pNIC and dvPortGroup.

See the Troubleshooting Network connectivity section for more details.

Continue reading VCAP-DCA Study Notes – 2.4 Administer vNetwork Distributed Switches

VCAP-DCA Study Notes – 2.3 Deploy and Maintain Scalable virtual networks

Knowledge

  • Identify VMware NIC Teaming policies
  • Identify common network protocols

Skills and Abilities

  • Understand the NIC Teaming failover types and related physical network settings
  • Determine and apply Failover settings
  • Configure explicit failover to conform with VMware best practices
  • Configure port groups to properly isolate network traffic

Tools & learning resources

Identify, understand , and configure NIC teaming

The five available policies are;

  • Route based on virtual port ID (default)
  • Route based on IP Hash (MUST be used with static Etherchannel – no LACP). No beacon probing.
  • Route based on source MAC address
  • Route based on physical NIC load (vSphere 4.1 only)
  • Explicit failover

NOTE: These only affect outbound traffic. Inbound load balancing is controlled by the physical switch.

Continue reading VCAP-DCA Study Notes – 2.3 Deploy and Maintain Scalable virtual networks

VCAP-DCA Study Notes – 2.2 Configure and Maintain VLANs and PVLANs

This is one of the smaller objectives plus only the PVLAN concepts and practices are new – VLAN support remains relatively unchanged from VI3 (although the vDS and it’s associated VLAN support is new).

Knowledge

  • Identify types of VLANs and PVLANs

Skills and Abilities

  • Determine use cases for and configure VLAN Trunking
  • Determine use cases for and configure PVLANs
  • Use command line tools to troubleshoot and identify VLAN configurations

Tools & learning resources

Types of VLAN

VLANs are a network standard (802.1q) which are fully supported in vSphere. They can be used to minimise broadcast traffic and as a security measure to segregate traffic (although like any technology there are weaknesses). Typical uses for VLANs with vSphere are to isolate infrastructure (vMotion, iSCSI and NFS) traffic and VM traffic.

There are three main ways of using VLANs with vSphere (covered in this VMware whitepaper);

  • Virtual guest tagging (VGT) – requires VLAN driver support in the guest OS
  • Virtual Switch tagging (VST) – common option, requires VLAN trunking on external switches
  • External switch tagging (EST) – less flexible and requires more physical NICs

In the Cisco world you set a port to be an ‘access port’ or a ‘trunk port’ if it’s going to carry multiple VLANs. VLAN IDs are 16 bit values giving a range of 0-4095. 4095 is used within vSphere to mean ‘all VLANs’ and is how you configure a portgroup when using VGT.

Configuring VLANs and VLAN trunking

For standard vSwitches you configure VLAN tags on portgroups. This configuration is done at the ESX host using the VI client (Configuration -> Networking);

  • Use VLAN 0 when no VLAN tags are present (EST)
  • Use VLAN 4095 to pass all VLANs (VGT)

Use a specific VLAN ID depending on the isolation required (VST)

Continue reading VCAP-DCA Study Notes – 2.2 Configure and Maintain VLANs and PVLANs

VCAP-DCA Study notes – 2.1 Implement and Manage Complex Virtual Networks

The VCAP-DCA lab is still v4.0 (rather than v4.1) which means features such as NIOC and load based teaming (LBT) aren’t covered. Even though the Nexus 1000V isn’t on the Network objectives blueprint (just the vDS) it’s worth knowing what extra features it offers as some goals might require you to know when to use the Nexus1000V or just the vDS.

Knowledge

  • Identify common virtual switch configurations

Skills and Abilities

  • Determine use cases for and apply IPv6
  • Configure NetQueue
  • Configure SNMP
  • Determine use cases for and apply VMware DirectPath I/O
  • Migrate a vSS network to a Hybrid or Full vDS solution
  • Configure vSS and vDS settings using command line tools
  • Analyze command line output to identify vSS and vDS configuration details

Tools & learning resources

Network basics (VCP revision)

Standard switches support the following features (see section 2.3 for more details);

  • NIC teaming
    • Based on source VM ID (default)
    • Based on IP Hash (used with Etherchannel)
    • Based on source MAC hash
    • Explicit failover order
  • VLANs (EST, VST, VGT)

vDS Revision

The vDistributed switch separates the control plane and the data place to enable centralised administration as well as extra functionality compared to standard vSwitches. A good summary can be found at GeekSilver’s blog. Benefits;

  • Offers both inbound and outbound traffic shaping (standard switches only offer outbound)
    • Traffic shaping can be applied at both dvPortGroup and dvUplink PortGroup level
    • For dvUplink PortGroups ingress is traffic from external network coming into vDS, egress is traffic from vDS to external network
    • For dvPortGroups ingress is traffic from VM coming into vDS, egress is traffic from vDS to VMs
    • Configured via three policies – average bandwidth, burst rate, and peak bandwidth
  • Ability to build a third party vDS on top (Cisco Nexus 1000v)
  • Traffic statistics are available (unlike standard vSwitches)

image

NOTES:

  • CDP and MTU are set per vDS (as they are with standard vSwitches).
  • PVLANs are defined at switch level and applied at dvPortGroup level.
  • There is one DVUplink Portgroup per vDS
  • NIC teaming is configured at the dvPortGroup level but can be overridden at the dvPort  level (by default this is disabled but it can be allowed). This applies to both dvUplink Portgroups and standard dvPortGroups although on an uplink you CANNOT override the NIC teaming or Security policies.
  • Policy inheritance (lower level takes precedence but override is disabled by default)
    • dvPortGroup -> dvPort
    • dvUplink PortGroup -> dvUplinkPort

NOTE: Don’t create a vDS with special characters in the name (I used ‘Lab & Management’) as it breaks host profiles – see VMwareKB1034327.

Continue reading VCAP-DCA Study notes – 2.1 Implement and Manage Complex Virtual Networks