This document summarizes key points from a presentation on objectives 2.1 through 2.4 of the VCAP blueprint for implementing and managing complex virtual networks. It covers topics like VLAN, PVLAN, and vSwitch configuration, uplink teaming, network isolation, vDS port bindings, and migrating from vSS to vDS. Recommended resources are also provided.

1. ProfessionalVMware.comVCAP Brownbag, 8/17/2011Damian Karlson

2. VCAP Blueprint Section 2Objective 2.1: Implement & Manage Complex Virtual NetworksObjective 2.2 : Configure and Maintain VLANs, PVLANs and VLAN SettingsObjective 2.3: Deploy and Maintain Scalable Virtual NetworkingObjective 2.4: Administer vNetwork Distributed Switch Settings

3. SNMP & MoreIPv6: Host Configuration > Networking > PropertiesNetQueue: Host Configuration > Advanced Settings > VMkernel/Boot; also use esxcfg-advcfgSNMPvCenter: Administration > vCenter Settings > SNMPNotification traps onlyESX/ESXiESXi only has VMware embedded SNMP agent. ESX has Net-SNMP & VMware embeddedCan only be managed through vicfg-snmp (remote CLI or vMA), which opens the appropriate firewall ports.Configure communities first, then destination

4. Comparing vSS & vDSvSS (virtual standard switches) – same virtual switching technology we all know and loveSwitches defined on each host in a clusterPortgroup/VLAN/uplink configurations can be tediousvDS (virtual distributed switches) – introduced with vSphere 4.0Unified switch across hosts in a clusterSeparation of control and data planesExtensible through 3rd party switches (Cisco NK1v)Traffic stats available; shaping available at dvPortGroup and dvUplink portgroup levelsIngress traffic shaping

5. Create & Manage vSwitchesFull range of vSSconfig needs supportedSome things only available through CLI, such as MTUPartial range of vDSconfig needs supportedSome things not available through CLI, such as PVLANs or creating dvPortGroupsTools are the usual suspects: esxcfg-vswitch, esxcfg-nics, esxcfg-vswif, esxcfg-route, esxcfg-vmknic, PowerCLI, vMA

6. VLAN TaggingVST (virtual switch tagging)VLANs defined at vSwitch level; physical switch accepts all or rangeEST (external switch tagging)VLANs are set to 0 at vSwitch; physical switch does all taggingVGT (virtual guest tagging)VM tags thru virtual NIC propertiesvSwitch set to 4095; physical switch accepts all or range

7. Private VLANsPVLANs are VLANs within VLANs. Requires physical switch support.Original VLAN is the primary, additional VLANs are secondary VLANs.Secondary VLANs come in 3 flavors:Promiscuous VLANs have the same primary and secondary VLAN ID. Can talk to anyone in the same primary.Isolated VLANs can only talk to hosts in a promiscuous VLANCommunity VLANs only talk to each other, and to the promiscuous VLAN

8. VLAN ConfigurationVLANs on vSS are defined at the portgroup levelPVLANs are defined at the vDS level first, then can be selected at the portgroup levelDistributed switches can have VLANs defined at the dvPortGroup level and the dvUplinkPortGroup levelvDS VLAN options“None” for EST“VLAN” for VST“VLAN Trunking” for VGT or multiple VST

9. Uplink teamingRoute based on IP hashRequires Etherchannel or equivalent. Req’d for FTExplicit failoverCan be used to balance load & provide availability in certain situationsRoute based on source MACRoute based on virtual port ID

10. Network IsolationIsolate vMotion, NFS, iSCSI, FTSeparate storage from VM networksUse VLANsWhen teaming use physical NICs on different busses

11. vDS Port BindingsStaticPort is assigned at all times, until the VM is removed from the port groupVM can only be connected through vCenterDynamicPort is assigned when VM is on and vmnic is connected, otherwise it is disconnected.VMs with dynamic ports can only be powered on/off through vCenterEphemeraldvPorts can be assigned through ESX/ESXi or vCenterPort assigning works like dynamicUsually only reserved for emergency/recovery/vCenter down

12. vSS to vDS Port MigrationsCreate vDSUplinksPortgroupsVLANsBreak vSS team and assign one uplink to vDSNetworking > Migrate Virtual Machine NetworkSelect source and destination; select VMs; migrateRemove vSS portgroups and switch as needed

13. ResourcesSean Crookston’s guide (updated on damiankarlson.com)Ed Grigson’s guideEric Sloof’s VCAP testKendrick Coleman’s VCAP-DCA pageTrainsignal TroubleshootingPersonal experience and practice, practice, practice