VMworld 2012: Distributed Switch Deep Dive INF-NET2207

August 27, 2012
in VMware, VMworld 2012

Jason Nash, Varrow

This was a great session that delved into the depths of the VMware VDS that ships with vSphere 5.0 and 5.1. VMware has put a lot of new features in to the 5.1 VDS. Development on the standard vSwitch has pretty much ceased, so you will need to pony up to the Enterprise Plus SKU to enjoy these new features.

  • Standard vSwitches are not all bad – Easy to understand, easy to troubleshoot, flexible.
  • Why bother with the VDS?
    • A lot of features: NIOC, Port Mirroring, NetFlow, Private VLANs, traffic shaping
  • Three options: VMware VDS, Cisco Nexus 1000v, IBM 5000v (vaporware)
  • Significant advances in VDS in 5.0 and 5.1
  • VDS Enhancements in vSphere 5.1
    • Roll back and recovery
    • Config backup and restore
    • MAC address management
    • Elastic port groups
    • LACP
    • SR-IOV
    • VDS scale enhancements
    • Data plane performance
    • Network health check
    • RSPAN, ERSPAN
    • IPFIX (NetFlow v10)
    • SNMP MIBS
    • Netdump
    • BPDU Filter
    • ACLs via vCloud Networking
  • VDS as a platform – Required for VXLAN and other 3rd party plug-ins
  • Requires the use of the new Web UI in 5.1
  • Requires Enterprise Plus licensing
  • VDS Deployment Considerations
    • vCenter outage will not disrupt most operations
    • Virtualized vCenter is a VMware best practice
  • A single VDS can only have one uplink configuration (all pNICs must have the same VLANs)
    • Physically separate traffic? Use Active/Standby/Unused in each port group
    • Multiple VDS switches can be used, but not recommended
  • NetFlow stats add very little overhead – Just sends stats, not mirrored traffic
  • Port Mirroring – Recommend using L3 source encapsulation
  • Health Check – VLAN and MTU checks plus teaming/failover. Requires two pNICs in the uplink group for VLAN/MTU. Teaming/Failover requires two physical servers each with two pNICs.
  • Port binding type – Don’t use dynamic (going away). Static binding – same port number regardless of whether vCenter is down or not. Ephemeral is really only used for large scale VDI clients. For server VMs use static.
  • Use elastic port allocation
  • Don’t use IP hashing with active/standby/unused NIC configuration. Upstream switch has no idea of the config. Use multiple VDS if you must use IP hashing.
  • Use physical NIC team load balancing in nearly all cases
  • If you need granular load balancing (say 1 server VM needs to communicate with 1000 clients), then use IP hashing
  • Beacon probing requires the use of three or more pNICs
  • You can migrate VMs to a VDS during production with no downtime
  • VDS migration tips
    • Use “migrate host networking” feature
    • Pull one pNIC from your standard switch (assuming redundancy) and move to VDS
  • 30 second automatic roll-back if host is isolated from VDS misconfiguration
  • Best Practices
    • Use static port binding, specially with virtual vCenter
    • Try and let physical switches do tagging and trunk all VLANs
    • Don’t use native VLANs
    • Use load based teaming in most cases
Print Friendly, PDF & Email
Buy me a coffee

Related Posts

Subscribe
Notify of
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments