ProfessionalVMware VCAP BrownBag Section 2
Upcoming SlideShare
Loading in...5

ProfessionalVMware VCAP BrownBag Section 2






Total Views
Views on SlideShare
Embed Views



3 Embeds 746 729 16 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • Objective 2.1: IPv6, NetQueue, SNMP,VMware Direct Path I/O, Migrate from vSS to a full or hybrid vDS, Configure vSS & vDS using CLI, Identify Virtual Switch DetailsObjective 2.2: VLAN trunking, config PVLANs, identify VLAN configsObjective 2.3: NIC teaming to phy switch config, failover settings, explicit failover, port groups for network isolationObjective 2.4: CLI to configvDS, port bindings, port migration, troubleshoot configurations
  • For ESX, use the VMware embedded SNMP agent. Net-SNMP doesn’t contain VMware-specific information. See the Basic System Administration guide for MIB load orders, and MIB descriptions.Vicfg-snmp -- There is no esxcfg equivalent, and no GUI functionality. If using both embedded and net-snmp, change the port on one of them, otherwise they’ll both attempt to use --server --username --password -c --username --password --server --username --password --test
  • VCAP lab based on 4.0, so no LBT or NIOCvSS tediousness – managing overrides, failover options, etc
  • Avoid VLAN 1, that’s the default Cisco VLAN
  • Fault Tolerance will always send from the same virtual port ID and source MAC on the same host. Use IP Hash to distribute across multiple links.No physical switch config: use source MAC, source port or explicitWith physical switch config: use IP hash
  • Connectivity is only preserved if there are multiple uplinks, otherwise there will be a break in VM networking

ProfessionalVMware VCAP BrownBag Section 2 ProfessionalVMware VCAP BrownBag Section 2 Presentation Transcript

    VCAP Brownbag, 8/17/2011
    Damian Karlson
  • VCAP Blueprint Section 2
    Objective 2.1: Implement & Manage Complex Virtual Networks
    Objective 2.2 : Configure and Maintain VLANs, PVLANs and VLAN Settings
    Objective 2.3: Deploy and Maintain Scalable Virtual Networking
    Objective 2.4: Administer vNetwork Distributed Switch Settings
  • SNMP & More
    IPv6: Host Configuration > Networking > Properties
    NetQueue: Host Configuration > Advanced Settings > VMkernel/Boot; also use esxcfg-advcfg
    vCenter: Administration > vCenter Settings > SNMP
    Notification traps only
    ESXi only has VMware embedded SNMP agent. ESX has Net-SNMP & VMware embedded
    Can only be managed through vicfg-snmp (remote CLI or vMA), which opens the appropriate firewall ports.
    Configure communities first, then destination
  • Comparing vSS & vDS
    vSS (virtual standard switches) – same virtual switching technology we all know and love
    Switches defined on each host in a cluster
    Portgroup/VLAN/uplink configurations can be tedious
    vDS (virtual distributed switches) – introduced with vSphere 4.0
    Unified switch across hosts in a cluster
    Separation of control and data planes
    Extensible through 3rd party switches (Cisco NK1v)
    Traffic stats available; shaping available at dvPortGroup and dvUplink portgroup levels
    Ingress traffic shaping
  • Create & Manage vSwitches
    Full range of vSSconfig needs supported
    Some things only available through CLI, such as MTU
    Partial range of vDSconfig needs supported
    Some things not available through CLI, such as PVLANs or creating dvPortGroups
    Tools are the usual suspects: esxcfg-vswitch, esxcfg-nics, esxcfg-vswif, esxcfg-route, esxcfg-vmknic, PowerCLI, vMA
  • VLAN Tagging
    VST (virtual switch tagging)
    VLANs defined at vSwitch level; physical switch accepts all or range
    EST (external switch tagging)
    VLANs are set to 0 at vSwitch; physical switch does all tagging
    VGT (virtual guest tagging)
    VM tags thru virtual NIC properties
    vSwitch set to 4095; physical switch accepts all or range
  • Private VLANs
    PVLANs are VLANs within VLANs. Requires physical switch support.
    Original VLAN is the primary, additional VLANs are secondary VLANs.
    Secondary VLANs come in 3 flavors:
    Promiscuous VLANs have the same primary and secondary VLAN ID. Can talk to anyone in the same primary.
    Isolated VLANs can only talk to hosts in a promiscuous VLAN
    Community VLANs only talk to each other, and to the promiscuous VLAN
  • VLAN Configuration
    VLANs on vSS are defined at the portgroup level
    PVLANs are defined at the vDS level first, then can be selected at the portgroup level
    Distributed switches can have VLANs defined at the dvPortGroup level and the dvUplinkPortGroup level
    vDS VLAN options
    “None” for EST
    “VLAN” for VST
    “VLAN Trunking” for VGT or multiple VST
  • Uplink teaming
    Route based on IP hash
    Requires Etherchannel or equivalent. Req’d for FT
    Explicit failover
    Can be used to balance load & provide availability in certain situations
    Route based on source MAC
    Route based on virtual port ID
  • Network Isolation
    Isolate vMotion, NFS, iSCSI, FT
    Separate storage from VM networks
    Use VLANs
    When teaming use physical NICs on different busses
  • vDS Port Bindings
    Port is assigned at all times, until the VM is removed from the port group
    VM can only be connected through vCenter
    Port is assigned when VM is on and vmnic is connected, otherwise it is disconnected.
    VMs with dynamic ports can only be powered on/off through vCenter
    dvPorts can be assigned through ESX/ESXi or vCenter
    Port assigning works like dynamic
    Usually only reserved for emergency/recovery/vCenter down
  • vSS to vDS Port Migrations
    Create vDS
    Break vSS team and assign one uplink to vDS
    Networking > Migrate Virtual Machine Network
    Select source and destination; select VMs; migrate
    Remove vSS portgroups and switch as needed
  • Resources
    Sean Crookston’s guide (updated on
    Ed Grigson’s guide
    Eric Sloof’s VCAP test
    Kendrick Coleman’s VCAP-DCA page
    Trainsignal Troubleshooting
    Personal experience and practice, practice, practice