Twitter: #VSVC4699, Jason Nash (Varrow)
Jason Nash is always a good speaker, and keeps the presentations interesting with live demos instead of death by PowerPoint. This was a repeat session from last year, with a few new vSphere 5.5 networking enhancements sprinkled in. vSphere 5.5 does not have any major new networking features (NSX is a totally different product), but as you will see from the notes gets some “enhancements”. This session does not cover NSX at all, it is just about the vSphere Distributed switch. I always try and attend a session by Jason each year, and in the past he’s had Nexus 1000v sessions which I found very helpful for real-world deployment.
Standard vSwitches
- They are not all bad
- Easy to troubleshoot
- Not many advanced features
- Not much development doing into them
Why bother with the VDS?
- Easier to administer for medium to large environments
- New features: NOIC, port mirroring, NetFlow, Security (private VLANs), ingress and egress traffic shaping, LACP
Compared to Others?
- VDS (vSphere Distributed Switch)
- Cisco Nexus 1000v
- IBM 5000v (little usage)
- VDS competes very well in all areas
- Significant advancements in 5.1 and minor updates in 5.5
vSphere 5.5 New Features
- Enhanced LACP – Multiple LAGs per ESXi host
- Enhanced SR-IOV – Most of the software stack is now bypassed
- Support for 40g Ethernet
- DSCP Marking (QoS)
- Host level packet capture
- Basic ACLs in the VDS
- pktcap
Why should you deploy it?
- Innovative features: Network I/O control, load-based teaming
- Low complexity
- Included in Enterprise Plus licensing
- No special hardware required
- Bit of a learning curve, but not much
Architecture
- VDS architecture has two main components
- Management or control plane are integrated into vCenter
- Data plane is made up of hidden vSwitches on the vSphere host
- Can use physical or virtual vCenters
- vCenter is key and holds the configuration
Traffic Separation with VDS
- A single VDS can only have one uplink configuration
- Two options: Active/Standby/Unused or multiple VDS
- Usually prefer a single VDS
- Kendrickcoleman.com
Lab Walk Through
- If using LACP/LAG, make sure one side is active, one is passive
- LACP/LAG hashing algorithms must match on BOTH sides otherwise weird problems can happen
- When using LAG groups, the end state must have all NICs active (can’t use active/standby)
- Private VLAN config requires physical switch configuration and support
- Netflow switch IP is just the IP address shown in the logs to correlate the data to a switch. The traffic will not be coming from that IP.
- Encapsulated remote mirroring (L3) source is the most common spanning config
- Switch health checks runs once per minute – Checks things such as jumbo frames and switch VLAN configuration
- Don’t use ephemeral binding if you want to track net stats (could be used for VDI)
- Use static port binding for most server workloads
