Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

ProfessionalVMware VCAP BrownBag Section 2

2,170 views

Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

ProfessionalVMware VCAP BrownBag Section 2

  1. 1. ProfessionalVMware.com<br />VCAP Brownbag, 8/17/2011<br />Damian Karlson<br />
  2. 2. VCAP Blueprint Section 2<br />Objective 2.1: Implement & Manage Complex Virtual Networks<br />Objective 2.2 : Configure and Maintain VLANs, PVLANs and VLAN Settings<br />Objective 2.3: Deploy and Maintain Scalable Virtual Networking<br />Objective 2.4: Administer vNetwork Distributed Switch Settings<br />
  3. 3. SNMP & More<br />IPv6: Host Configuration > Networking > Properties<br />NetQueue: Host Configuration > Advanced Settings > VMkernel/Boot; also use esxcfg-advcfg<br />SNMP<br />vCenter: Administration > vCenter Settings > SNMP<br />Notification traps only<br />ESX/ESXi<br />ESXi only has VMware embedded SNMP agent. ESX has Net-SNMP & VMware embedded<br />Can only be managed through vicfg-snmp (remote CLI or vMA), which opens the appropriate firewall ports.<br />Configure communities first, then destination<br />
  4. 4. Comparing vSS & vDS<br />vSS (virtual standard switches) – same virtual switching technology we all know and love<br />Switches defined on each host in a cluster<br />Portgroup/VLAN/uplink configurations can be tedious<br />vDS (virtual distributed switches) – introduced with vSphere 4.0<br />Unified switch across hosts in a cluster<br />Separation of control and data planes<br />Extensible through 3rd party switches (Cisco NK1v)<br />Traffic stats available; shaping available at dvPortGroup and dvUplink portgroup levels<br />Ingress traffic shaping<br />
  5. 5. Create & Manage vSwitches<br />Full range of vSSconfig needs supported<br />Some things only available through CLI, such as MTU<br />Partial range of vDSconfig needs supported<br />Some things not available through CLI, such as PVLANs or creating dvPortGroups<br />Tools are the usual suspects: esxcfg-vswitch, esxcfg-nics, esxcfg-vswif, esxcfg-route, esxcfg-vmknic, PowerCLI, vMA<br />
  6. 6. VLAN Tagging<br />VST (virtual switch tagging)<br />VLANs defined at vSwitch level; physical switch accepts all or range<br />EST (external switch tagging)<br />VLANs are set to 0 at vSwitch; physical switch does all tagging<br />VGT (virtual guest tagging)<br />VM tags thru virtual NIC properties<br />vSwitch set to 4095; physical switch accepts all or range<br />
  7. 7. Private VLANs<br />PVLANs are VLANs within VLANs. Requires physical switch support.<br />Original VLAN is the primary, additional VLANs are secondary VLANs.<br />Secondary VLANs come in 3 flavors:<br />Promiscuous VLANs have the same primary and secondary VLAN ID. Can talk to anyone in the same primary.<br />Isolated VLANs can only talk to hosts in a promiscuous VLAN<br />Community VLANs only talk to each other, and to the promiscuous VLAN<br />
  8. 8. VLAN Configuration<br />VLANs on vSS are defined at the portgroup level<br />PVLANs are defined at the vDS level first, then can be selected at the portgroup level<br />Distributed switches can have VLANs defined at the dvPortGroup level and the dvUplinkPortGroup level<br />vDS VLAN options<br />“None” for EST<br />“VLAN” for VST<br />“VLAN Trunking” for VGT or multiple VST<br />
  9. 9. Uplink teaming<br />Route based on IP hash<br />Requires Etherchannel or equivalent. Req’d for FT<br />Explicit failover<br />Can be used to balance load & provide availability in certain situations<br />Route based on source MAC<br />Route based on virtual port ID<br />
  10. 10. Network Isolation<br />Isolate vMotion, NFS, iSCSI, FT<br />Separate storage from VM networks<br />Use VLANs<br />When teaming use physical NICs on different busses<br />
  11. 11. vDS Port Bindings<br />Static<br />Port is assigned at all times, until the VM is removed from the port group<br />VM can only be connected through vCenter<br />Dynamic<br />Port is assigned when VM is on and vmnic is connected, otherwise it is disconnected.<br />VMs with dynamic ports can only be powered on/off through vCenter<br />Ephemeral<br />dvPorts can be assigned through ESX/ESXi or vCenter<br />Port assigning works like dynamic<br />Usually only reserved for emergency/recovery/vCenter down<br />
  12. 12. vSS to vDS Port Migrations<br />Create vDS<br />Uplinks<br />Portgroups<br />VLANs<br />Break vSS team and assign one uplink to vDS<br />Networking > Migrate Virtual Machine Network<br />Select source and destination; select VMs; migrate<br />Remove vSS portgroups and switch as needed<br />
  13. 13. Resources<br />Sean Crookston’s guide (updated on damiankarlson.com)<br />Ed Grigson’s guide<br />Eric Sloof’s VCAP test<br />Kendrick Coleman’s VCAP-DCA page<br />Trainsignal Troubleshooting<br />Personal experience and practice, practice, practice<br />

×