ProfessionalVMware VCAP BrownBag Section 2

2,068 views
1,939 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,068
On SlideShare
0
From Embeds
0
Number of Embeds
785
Actions
Shares
0
Downloads
33
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Objective 2.1: IPv6, NetQueue, SNMP,VMware Direct Path I/O, Migrate from vSS to a full or hybrid vDS, Configure vSS & vDS using CLI, Identify Virtual Switch DetailsObjective 2.2: VLAN trunking, config PVLANs, identify VLAN configsObjective 2.3: NIC teaming to phy switch config, failover settings, explicit failover, port groups for network isolationObjective 2.4: CLI to configvDS, port bindings, port migration, troubleshoot configurations
  • For ESX, use the VMware embedded SNMP agent. Net-SNMP doesn’t contain VMware-specific information. See the Basic System Administration guide for MIB load orders, and MIB descriptions.Vicfg-snmp -- There is no esxcfg equivalent, and no GUI functionality. If using both embedded and net-snmp, change the port on one of them, otherwise they’ll both attempt to use 161vicfg-snmp.pl --server <hostname> --username <username> --password <password> -c <com1,com2vicfg-snmp.pl --server host.example.com --username user --password password –t target.example.com@162/publicvicfg-snmp.pl --server <hostname> --username <username> --password <password> --enablevicfg-snmp.pl --server <hostname> --username <username> --password <password> --test
  • VCAP lab based on 4.0, so no LBT or NIOCvSS tediousness – managing overrides, failover options, etchttp://vmware.com/files/pdf/vsphere-vnetwork-ds-migration-configuration-wp.pdf
  • Avoid VLAN 1, that’s the default Cisco VLAN
  • http://kb.vmware.com/kb/1010691
  • Fault Tolerance will always send from the same virtual port ID and source MAC on the same host. Use IP Hash to distribute across multiple links.No physical switch config: use source MAC, source port or explicitWith physical switch config: use IP hash
  • http://kb.vmware.com/kb/1022312
  • Connectivity is only preserved if there are multiple uplinks, otherwise there will be a break in VM networkinghttp://kb.vmware.com/kb/1010612
  • ProfessionalVMware VCAP BrownBag Section 2

    1. 1. ProfessionalVMware.com<br />VCAP Brownbag, 8/17/2011<br />Damian Karlson<br />
    2. 2. VCAP Blueprint Section 2<br />Objective 2.1: Implement & Manage Complex Virtual Networks<br />Objective 2.2 : Configure and Maintain VLANs, PVLANs and VLAN Settings<br />Objective 2.3: Deploy and Maintain Scalable Virtual Networking<br />Objective 2.4: Administer vNetwork Distributed Switch Settings<br />
    3. 3. SNMP & More<br />IPv6: Host Configuration > Networking > Properties<br />NetQueue: Host Configuration > Advanced Settings > VMkernel/Boot; also use esxcfg-advcfg<br />SNMP<br />vCenter: Administration > vCenter Settings > SNMP<br />Notification traps only<br />ESX/ESXi<br />ESXi only has VMware embedded SNMP agent. ESX has Net-SNMP & VMware embedded<br />Can only be managed through vicfg-snmp (remote CLI or vMA), which opens the appropriate firewall ports.<br />Configure communities first, then destination<br />
    4. 4. Comparing vSS & vDS<br />vSS (virtual standard switches) – same virtual switching technology we all know and love<br />Switches defined on each host in a cluster<br />Portgroup/VLAN/uplink configurations can be tedious<br />vDS (virtual distributed switches) – introduced with vSphere 4.0<br />Unified switch across hosts in a cluster<br />Separation of control and data planes<br />Extensible through 3rd party switches (Cisco NK1v)<br />Traffic stats available; shaping available at dvPortGroup and dvUplink portgroup levels<br />Ingress traffic shaping<br />
    5. 5. Create & Manage vSwitches<br />Full range of vSSconfig needs supported<br />Some things only available through CLI, such as MTU<br />Partial range of vDSconfig needs supported<br />Some things not available through CLI, such as PVLANs or creating dvPortGroups<br />Tools are the usual suspects: esxcfg-vswitch, esxcfg-nics, esxcfg-vswif, esxcfg-route, esxcfg-vmknic, PowerCLI, vMA<br />
    6. 6. VLAN Tagging<br />VST (virtual switch tagging)<br />VLANs defined at vSwitch level; physical switch accepts all or range<br />EST (external switch tagging)<br />VLANs are set to 0 at vSwitch; physical switch does all tagging<br />VGT (virtual guest tagging)<br />VM tags thru virtual NIC properties<br />vSwitch set to 4095; physical switch accepts all or range<br />
    7. 7. Private VLANs<br />PVLANs are VLANs within VLANs. Requires physical switch support.<br />Original VLAN is the primary, additional VLANs are secondary VLANs.<br />Secondary VLANs come in 3 flavors:<br />Promiscuous VLANs have the same primary and secondary VLAN ID. Can talk to anyone in the same primary.<br />Isolated VLANs can only talk to hosts in a promiscuous VLAN<br />Community VLANs only talk to each other, and to the promiscuous VLAN<br />
    8. 8. VLAN Configuration<br />VLANs on vSS are defined at the portgroup level<br />PVLANs are defined at the vDS level first, then can be selected at the portgroup level<br />Distributed switches can have VLANs defined at the dvPortGroup level and the dvUplinkPortGroup level<br />vDS VLAN options<br />“None” for EST<br />“VLAN” for VST<br />“VLAN Trunking” for VGT or multiple VST<br />
    9. 9. Uplink teaming<br />Route based on IP hash<br />Requires Etherchannel or equivalent. Req’d for FT<br />Explicit failover<br />Can be used to balance load & provide availability in certain situations<br />Route based on source MAC<br />Route based on virtual port ID<br />
    10. 10. Network Isolation<br />Isolate vMotion, NFS, iSCSI, FT<br />Separate storage from VM networks<br />Use VLANs<br />When teaming use physical NICs on different busses<br />
    11. 11. vDS Port Bindings<br />Static<br />Port is assigned at all times, until the VM is removed from the port group<br />VM can only be connected through vCenter<br />Dynamic<br />Port is assigned when VM is on and vmnic is connected, otherwise it is disconnected.<br />VMs with dynamic ports can only be powered on/off through vCenter<br />Ephemeral<br />dvPorts can be assigned through ESX/ESXi or vCenter<br />Port assigning works like dynamic<br />Usually only reserved for emergency/recovery/vCenter down<br />
    12. 12. vSS to vDS Port Migrations<br />Create vDS<br />Uplinks<br />Portgroups<br />VLANs<br />Break vSS team and assign one uplink to vDS<br />Networking > Migrate Virtual Machine Network<br />Select source and destination; select VMs; migrate<br />Remove vSS portgroups and switch as needed<br />
    13. 13. Resources<br />Sean Crookston’s guide (updated on damiankarlson.com)<br />Ed Grigson’s guide<br />Eric Sloof’s VCAP test<br />Kendrick Coleman’s VCAP-DCA page<br />Trainsignal Troubleshooting<br />Personal experience and practice, practice, practice<br />

    ×