VCAP6-DCV Deploy Objective 3.4

Objective 3.4 of VCAP6-Deploy exam covers following topics

  • Perform a vDS Health Check for teaming, MTU, mismatches, etc.
  • Configure port groups to properly isolate network traffic
  • Use command line tools to troubleshoot and identify configuration issues
  • Use command line tools to troubleshoot and identify VLAN configurations
  • Use DCUI network tool to correct network connectivity issue

Lets discuss about these topics one by one.

                      Perform a vDS Health Check for teaming, MTU, mismatches, etc.

The network configuration for the vSphere infrastructure is a very cumbersome task and if the process is not automated then there are chances of configuration error. Typical network configuration includes tasks like configuring VLAN, Setting uplinks, NIC teaming, configuring VLAN etc. 

Now if anyone of the above configuratin is misconfigured, it can lead to host disconnection, VM traffic not traversing to destination, storage disconnection (if using iSCSI) or any other issues.

In earlier versions of vSphere, there were no tools available that could help resolve such misconfigurations across the physical and virtual switches. VMware introduced Network health check in vSphere 5.1 to counter configuration errors. 

The common configuration errors that health check identifies are:

  • VLAN: Checks whether vSphere distributed switch VLAN settings match trunk port configuration on the adjacent physical switch ports.
  • MTU: Checks whether the physical access switch port MTU setting based on per VLAN matches the vSphere distributed switch MTU setting.
  • NIC teaming: Checks whether the physical access switch ports EtherChannel setting matches the distributed switch distributed port group IP Hash teaming policy settings.

The default interval for performing the configuration check is one minute.

To enable Health check on the vDS , Select a vDS from list and navigate to Manage > Settings > Health Check. Click on Edit button to enable health check

nhc-1.PNG

You can enable both VLAN & MTU and Teaming & failover option

nhc-2.PNG

Overall health of vDS can be checked by selecting a vDS and navigating to Monitor > Health. If things are not green, fix them asap.

nhc-3.PNG

                                 Configure port groups to properly isolate network traffic

As a best practice, VMware recommends dedicated VMkernel portgroups mapped to a dedivated uplink for handling each type of traffic such as management, vMotion, vSAN, iSCSI storage traffic etc.

Modern day servers comes with two 0 GB NIC or 40 GB NIC, so its not possible to map each VMkernel portgroup to a dedicated uplink. For this case, we use network resource pools and QOS etc to segregate the traffic and assining appropriate priority to each traffic type.

Objective of this topic is to help administrators to understand how to create portgroups and define uplinks etc so that separation of duty for network traffic can be achieved.

I have covered the steps for this in one if my blogpost that I wrote in past, so I am not going to repeat the steps here.

This is how my lab environment looks like:

pg-1.PNG

                  Use Command Line Tools to Troubleshoot and Identify Configuration Issues

Using esxcli network command, we can fetch all information about the virtual network

In past I already wrote a blog on how to configure vSphere networks using command line so I am not going to cover everything again. Few useful commands are:

Get info about VMkernel interfaces : esxcli network ip interface list

Get info of all VMkernel IP configuration: esxcli network ip interface ipv4 get

Get info of specific vmkernel portgroup: esxcli network ip interface ipv4 get -i vmk1

To list info about vSS: esxcli network vswitch standard list

To get info about vDS: esxcli network vswitch dvs vmware list

To check host physical interface and its configuration: esxcli network nic list

Get info of the DNS servers used: esxcli network ip dns server list

Get info of DNS search domain: esxcli network ip dns search list

                 Use command line tools to troubleshoot and identify VLAN configurations

Unfortunately there are not many commands available under esxicli network command space for vDS. 

To see port group and VLAN information on vDS : esxcli network vswitch dvs vmware list or esxcfg-vswitch -l

vds-1.PNG

vds-2.PNG

  • To list VLAN information on port groups: esxcli network vswitch standard portgroup list
  • To change the VLAN ID on a portgroup in vSS: esxcli network vswitch standard portgroup set -p <portgroup> –v <VLAN-D>
  • Disable VLAN for Port Group: esxcli network vswitch standard portgroup set –v 0 -p <Portgroup-Name>

                             Use DCUI network tool to correct network connectivity issue

Using DCUI, you can perform following:

1:  Test management network connectivity

dcuitest-1.PNG

2: Restart Managemnt Network

dcuitest-2

3: Reconfigure Management Network

dcuitest-4.PNG

4: Restore misconfigured vSS or vDS

dcuitest-3

and that’s it for this post.

I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing. Be sociable 🙂