VCP6vHerseyVITAVMware

VCP6-DCV Delta Study – Section 2 – Objective 2.1

This post covers Section 2, Configure and Administer Advanced vSphere Networking, Objective 2.1, Configure Advanced Policies/Features and Verify Network Virtualization Implementation.

The vSphere Knowledge covered in this objective:

  • Identify vSphere Distributed Switch (vDS) capabilities
  • Create/Delete a vSphere Distributed Switch
  • Add/Remove ESXi hosts from a vSphere Distributed Switch
  • Add/Configure/Remove dvPort groups
  • Add/Remove uplink adapters to dvUplink groups
  • Configure vSphere Distributed Switch general and dvPort group settings
  • Create/Configure/Remove virtual adapters
  • Migrate virtual machines to/from a vSphere Distributed Switch
  • Configure LACP on Uplink portgroups
  • Describe vDS Security Polices/Settings
  • Configure dvPort group blocking policies
  • Configure load balancing and failover policies
  • Configure VLAN/PVLAN settings
  • Configure traffic shaping policies
  • Enable TCP Segmentation Offload support for a virtual machine
  • Enable Jumbo Frames support on appropriate components
  • Determine appropriate VLAN configuration for a vSphere implementation

Objective 2.1 VMware Resources and Tools include:


– Identify vSphere Distributed Switch (vDS) capabilities

  • Consistent virtual switch and portgroup configuration across all hosts attached to the vDS
  • Netflow support
  • LACP Support
  • Load balancing on physical NIC load
  • Network IO Control (NIOC)
  • Cisco Discovery Protocol (CDP) and Link Layer Discovery Protocol (LLDP) support
  • Ingress and egress traffic shaping
  • Route based on physical NIC load
  • Health check
  • vDS Configuration Export and Restore
  • Traffic filtering and marking
  • Port blocking

– Create/Delete a vSphere Distributed Switch
Create a vSphere Distributed Switch in the vSphere Networking Guide on page 27.

create-vds

Creating a New Virtual Distributed Switch workflow:

  • Name and location
  • Select version
  • Edit settings
    Number of uplink ports, resource allocation, and default port group

– Add/Remove ESXi hosts from a vSphere Distributed Switch
Add Hosts to a vSphere Distributed Switch in the vSphere Networking Guide on page 31.

add-host-vds

add-manage-host-vds

Analyse impacted services. Level of impact:

  • No impact
  • Important impact
  • Critical impact

– Add/Configure/Remove dvPort groups
Distributed Port Groups in the vSphere Networking Guide on page 43.

add-dportgroup

new-dportgroup-settings

– Add/Remove uplink adapters to dvUplink groups
Configure Physical Network Adapters on a vSphere Distributed Switch in the vSphere Networking Guide on page 33.

Increase or decrease the number of uplink adapters in the Web Client -> Networking -> vDS Switch -> Manage -> Settings -> Properties -> Edit
add-uplinks

Uplinks can be renamed to be more descriptive.
uplink-names

– Configure vSphere Distributed Switch general and dvPort group settings
Distributed Port Groups in the vSphere Networking Guide on page 43.

Port binding:

  • Static binding
    Assigns a port to a virtual machine when the virtual machine is connected to the PortGroup.
  • Dynamic binding <- Deprecated
  • Ephemeral – no binding
    No port binding.

Port allocation:

  • Elastic
    Elastic port groups automatically increase or decrease the number of ports as needed. 8 ports are created by default, a new set of 8 ports is created as needed.
  • Fixed
    A fixed number of ports are configured and created (128 by default).

– Create/Configure/Remove virtual adapters
Create a VMkernel Adapter on a Host Associated with a vSphere Distributed Switch in the vSphere Networking Guide on page 58.

Remove a VMkernel Adapter in the vSphere Networking Guide on page 62.

Can be done on the host using the Web Client -> Host and Clusters -> Host -> Manage -> Networking -> VMkernel adapters
Can also be done from Add and Manage Hosts on the vDS.

VMkernel Services:

  • vMotion traffic
  • Provisioning traffic
  • Fault Tolerance traffic
  • Management traffic
  • vSphere Replication traffic
  • vSphere Replication NFC traffic
  • Virtual SAN

VMkernel adapter can be migrated (Reassigned) to a port group on a vDS.
migrate-vmk

– Migrate virtual machines to/from a vSphere Distributed Switch
Migrate Virtual Machine Networking to the vSphere Distributed Switch in the vSphere Networking Guide on page 37.

migrate-vms

Select the Source and Destination networks
migrate-source-destination

Select VMs to migrate
migrate-select-vms

– Configure LACP on Uplink portgroups
LACP Support on a vSphere Distributed Switch in the vSphere Networking Guide on page 65.

Web Client -> Networking -> vDS Switch -> Manage -> Settings -> LACP

Create Link Aggregation Groups (LAG)
create-lag
LAG Mode:

  • Passive
    LAG ports respond to LACP packets they receive but do not initiate LACP negotiations.
  • Active
    LAG ports in active mode. LAG ports initiate negotiations with LACP Port Channel.

LAG load balancing mode:

  • Source and destination IP address, TCP/UDP port and VLAN
  • Source and destination IP address and VLAN
  • Source and destination MAC address
  • Source and destination TCP/UDP port
  • Source port ID
  • VLAN

The load balancing hashing algorithm must be set to the same as the hashing algorithm set on the LACP port channel on the physical switch.

Migrate Network Traffic to Link Aggregation Groups (LAG)
migrate-to-lag
Migrate Network Traffic to Link Aggregation Groups workflow:

  1. Set the LAG as a standby uplink on distributed port groups
  2. Reassign physical Network adapters of the hosts to the LAG ports
  3. Set the LAG to be the only active uplink on the distributed port groups

– Describe vDS Security Polices/Settings

The three network security policies:

  • Promiscuous mode – Default setting: Reject
    Setting this to Accept allows the guest operating system to receive all traffic observed on the connected vSwitch or PortGroup (think Hub instead of switch).
  • MAC address changes – Default setting: Reject
    Host accepts requests to change the effective MAC
    address to a different address than the initial MAC address.
  • Forged transmits – Default setting: Reject
    Host does not compare source and effective MAC addresses transmitted from a virtual machine.

Each of these can be set to Reject or Accept.

Network security policies can be set on each vDS PortGroup.

– Configure dvPort group blocking policies
Port Blocking Policies in the vSphere Networking Guide on page 128.

Ports can be blocked to prohibit them from sending or receiving data.

Port blocking can be enabled on a port group to block all ports on the port group.
block-all-ports

Individual vDS or uplink ports can be blocked using the Web Client -> Networking -> vDS -> Manage -> Ports
Select the port and edit the settings of the port. From the Miscellaneous menu select the Override checkbox and set Block port to yes.
block-single-port

– Configure load balancing and failover policies
Load Balancing Algorithms Available for Virtual Switches in the vSphere Networking Guide on page 91.
vDS load balancing:

  • Route based on IP hash
  • Route based on source MAC hash
  • Route based on originating virtual port
  • Use explicit failover order
  • Route based on physical NIC load (Only available on vDS)

Virtual switch failover order:

  • Active uplinks
  • Standby uplinks
  • Unused uplinks

– Configure VLAN/PVLAN settings
VLAN Policy in the vSphere Networking Guide on page 99.

VLAN type:

  • None
  • VLAN
  • VLAN trunking
  • Private VLAN

Private VLANs in the vSphere Networking Guide on page 130.

Types of PVLANs:

  • Promiscuous
  • Community
    Communicates with promiscuous ports and ports within the same Community.
  • Isolated
    Communicates only with promiscuous ports.

– Configure traffic shaping policies
Traffic Shaping Policy in the vSphere Networking Guide on page 103.

vDS supports both ingress and egress traffic shaping
pg-traffic-shaping

Traffic shaping policy is applied to each port in the port group.

  • Average bandwidth in kbits (Kb) per second.
    Bits per second to allow across a port, averaged over time.
  • Peak bandwidth in kbits (Kb) per second.
    Maximum number of bits per second to allow across a port when it is sending or receiving a burst of traffic.
  • Burst size in kbytes (KB) per second.
    Maximum number of bytes to allow in a burst.

Traffic Filtering and Marking Policy in the vSphere Networking Guide on page 108.

Traffic filtering and marking:

  • CoS tagging
  • DSCP tagging

Network traffic rule actions can be to Tag, Allow, or Drop.
network-traffic-rule

– Enable TCP Segmentation Offload support for a virtual machine
TCP Segmentation Offload in the vSphere Networking Guide on page 148.

TCP Segmentation Offload (TSO) improves the performance of ESXi hosts by reducing the overhead of the CPU for TCP/IP network operations. When TSO is enabled, the network adapter divides larger data chunks into TCP segments instead of the CPU.

To determine if TSO is supported on a physical network adapter use esxcli network nic tso get
esxcli-get-tso

Enable TSO on an ESXi host by setting the Advanced System Setting Net.UseHwTSO (for IPv4) and Net.UseHwTSO6 (for IPv6) to 1

To enable TSO on a Linux VM run ethtool -K ethX tso on (where X is the ethernet interface number)

TSO is enabled on a Window virtual machine by default when using VMXNET2 and VMXNET3 network adapters.

– Enable Jumbo Frames support on appropriate components
Jumbo Frames in the vSphere Networking Guide on page 146.

To enable Jumbo Frames set MTU to 9000. This needs to be set end to end for Jumbo Frames to work correctly.
9000 bytes is the maximum frame size that you can configure in vSphere.

mtu-vds

Jumbo Frames can be enabled on a vSwitch, vDS, and VMkernel Adapter.

Enabling Jumbo Frame support on a virtual machine requires using the enhanced VMXNET adapter.

– Determine appropriate VLAN configuration for a vSphere implementation
VLAN Configuration in the vSphere Networking Guide on page 129.

VLAN Tagging Modes:

  • EST – External Switch Tagging
    VLAN ID is set to None or 0. The physical switch preforms VLAN tagging.
  • VST – Virtual Switch Tagging
    VLAN set between 1 and 4094. The virtual switch performs VLAN tagging.
  • VGT – Virtual Guest Tagging.
    VLAN set to 4095 (vSwitch) or VLAN trunking on vDS. VLANs are tagged at the virtual guest.

More Section Objectives in the VCP6-DCV Delta Exam Study Guide Index

I hope you found this helpful. Feel free to add anything associated with this section using the comments below. Happy studying.

Leave a Reply

Your email address will not be published. Required fields are marked *

eighteen + two =