2. VCAP Blueprint Section 2 Objective 2.1: Implement & Manage Complex Virtual Networks Objective 2.2 : Configure and Maintain VLANs, PVLANs and VLAN Settings Objective 2.3: Deploy and Maintain Scalable Virtual Networking Objective 2.4: Administer vNetwork Distributed Switch Settings
3. SNMP & More IPv6: Host Configuration > Networking > Properties NetQueue: Host Configuration > Advanced Settings > VMkernel/Boot; also use esxcfg-advcfg SNMP vCenter: Administration > vCenter Settings > SNMP Notification traps only ESX/ESXi ESXi only has VMware embedded SNMP agent. ESX has Net-SNMP & VMware embedded Can only be managed through vicfg-snmp (remote CLI or vMA), which opens the appropriate firewall ports. Configure communities first, then destination
4. Comparing vSS & vDS vSS (virtual standard switches) – same virtual switching technology we all know and love Switches defined on each host in a cluster Portgroup/VLAN/uplink configurations can be tedious vDS (virtual distributed switches) – introduced with vSphere 4.0 Unified switch across hosts in a cluster Separation of control and data planes Extensible through 3rd party switches (Cisco NK1v) Traffic stats available; shaping available at dvPortGroup and dvUplink portgroup levels Ingress traffic shaping
5. Create & Manage vSwitches Full range of vSSconfig needs supported Some things only available through CLI, such as MTU Partial range of vDSconfig needs supported Some things not available through CLI, such as PVLANs or creating dvPortGroups Tools are the usual suspects: esxcfg-vswitch, esxcfg-nics, esxcfg-vswif, esxcfg-route, esxcfg-vmknic, PowerCLI, vMA
6. VLAN Tagging VST (virtual switch tagging) VLANs defined at vSwitch level; physical switch accepts all or range EST (external switch tagging) VLANs are set to 0 at vSwitch; physical switch does all tagging VGT (virtual guest tagging) VM tags thru virtual NIC properties vSwitch set to 4095; physical switch accepts all or range
7. Private VLANs PVLANs are VLANs within VLANs. Requires physical switch support. Original VLAN is the primary, additional VLANs are secondary VLANs. Secondary VLANs come in 3 flavors: Promiscuous VLANs have the same primary and secondary VLAN ID. Can talk to anyone in the same primary. Isolated VLANs can only talk to hosts in a promiscuous VLAN Community VLANs only talk to each other, and to the promiscuous VLAN
8. VLAN Configuration VLANs on vSS are defined at the portgroup level PVLANs are defined at the vDS level first, then can be selected at the portgroup level Distributed switches can have VLANs defined at the dvPortGroup level and the dvUplinkPortGroup level vDS VLAN options “None” for EST “VLAN” for VST “VLAN Trunking” for VGT or multiple VST
9. Uplink teaming Route based on IP hash Requires Etherchannel or equivalent. Req’d for FT Explicit failover Can be used to balance load & provide availability in certain situations Route based on source MAC Route based on virtual port ID
10. Network Isolation Isolate vMotion, NFS, iSCSI, FT Separate storage from VM networks Use VLANs When teaming use physical NICs on different busses
11. vDS Port Bindings Static Port is assigned at all times, until the VM is removed from the port group VM can only be connected through vCenter Dynamic Port is assigned when VM is on and vmnic is connected, otherwise it is disconnected. VMs with dynamic ports can only be powered on/off through vCenter Ephemeral dvPorts can be assigned through ESX/ESXi or vCenter Port assigning works like dynamic Usually only reserved for emergency/recovery/vCenter down
12. vSS to vDS Port Migrations Create vDS Uplinks Portgroups VLANs Break vSS team and assign one uplink to vDS Networking > Migrate Virtual Machine Network Select source and destination; select VMs; migrate Remove vSS portgroups and switch as needed
13. Resources Sean Crookston’s guide (updated on damiankarlson.com) Ed Grigson’s guide Eric Sloof’s VCAP test Kendrick Coleman’s VCAP-DCA page Trainsignal Troubleshooting Personal experience and practice, practice, practice
Editor's Notes
Objective 2.1: IPv6, NetQueue, SNMP,VMware Direct Path I/O, Migrate from vSS to a full or hybrid vDS, Configure vSS & vDS using CLI, Identify Virtual Switch DetailsObjective 2.2: VLAN trunking, config PVLANs, identify VLAN configsObjective 2.3: NIC teaming to phy switch config, failover settings, explicit failover, port groups for network isolationObjective 2.4: CLI to configvDS, port bindings, port migration, troubleshoot configurations
For ESX, use the VMware embedded SNMP agent. Net-SNMP doesn’t contain VMware-specific information. See the Basic System Administration guide for MIB load orders, and MIB descriptions.Vicfg-snmp -- There is no esxcfg equivalent, and no GUI functionality. If using both embedded and net-snmp, change the port on one of them, otherwise they’ll both attempt to use 161vicfg-snmp.pl --server <hostname> --username <username> --password <password> -c <com1,com2vicfg-snmp.pl --server host.example.com --username user --password password –t target.example.com@162/publicvicfg-snmp.pl --server <hostname> --username <username> --password <password> --enablevicfg-snmp.pl --server <hostname> --username <username> --password <password> --test
VCAP lab based on 4.0, so no LBT or NIOCvSS tediousness – managing overrides, failover options, etchttp://vmware.com/files/pdf/vsphere-vnetwork-ds-migration-configuration-wp.pdf
Avoid VLAN 1, that’s the default Cisco VLAN
http://kb.vmware.com/kb/1010691
Fault Tolerance will always send from the same virtual port ID and source MAC on the same host. Use IP Hash to distribute across multiple links.No physical switch config: use source MAC, source port or explicitWith physical switch config: use IP hash
http://kb.vmware.com/kb/1022312
Connectivity is only preserved if there are multiple uplinks, otherwise there will be a break in VM networkinghttp://kb.vmware.com/kb/1010612
