VCAP6-DCV Deploy Objective 3.1

In this post we will cover following topics:

  • Create and manage vSS components according to a deployment plan:
    • VMkernel ports on standard switches
    • Advanced vSS settings
  • Configure TCP/IP stack on a host
  • Create a custom TCP/IP stack
  • Configure and analyze vSS settings using command line tools

Lets get started by going through each topic one by one.

                                          Create and Manage vSphere Standard Switch

When Esxi is installed, a standard switch aka vSS is also created by default. Working mechanism of a standard switch is very similar to a physical switch in the sense that a standard switch works at layer 2, forwards frames to other switch ports based on the MAC address, and supports features such as VLANs and port channels.

Esxi host physical NIC’s serves as uplinks to the standard switches and through these uplinks vSS communicate with the rest of the network. A vSS provide the network connectivity:

  • between virtual machines within the same ESXi host.
  • between virtual machines on different ESXi hosts.
  • between virtual and physical machines on the network.
  • for VMkernel access to networks for vMotion, iSCSI, NFS, or Fault Tolerance logging (and management on ESXi).

How to create a vSS

To create a new vSS, select an Esxi host from inventory and navigate to Manage > Networking > Virtual Switches and click on “Add host networking” icon.

nw-3.PNG

Select “Physical Network Adapter” to add uplinks to the vSS

nw-4

Select “New standard switch”

nw-5

Click on + button to add physical adapters to the new vSS.

nw-6

From the list of free adapters, select which adapter’s will be connected to the new vSS.

nw-7

Hit finish to complete the new vSS creation wizard.

nw-8

This is how the newly created vSS will looks like. 

nw-9

                                                    VMkernel ports on Standard Switches

To create a VMkernel portgroup, again click on Add host networking and select VMkernel Network adapter option.

nw-10

Select the newly created vSS.

nw-11

Provide a name for the VMkernel portgroup and enable the appropriate service to be associated with this portgroup. I created this portgroup for connecting iSCSI storage so I did not selected any service here.

nw-12

Supply the IP information and hit next.

nw-13

Hit finish after reviewing settings.

nw-14

                                                     Configuring vSS Advance Settings

Once a vSS has been created, you can configure the advanced settings by selecting an Esxi host and navigating to Manage > Networking > Virtual Switches > vSS > Edit Settings.  

nw-16

Following advance settings can be configured:

A: MTU Settings: Default value is 1500. You can change this value to a higher value if you want to use jumbo frames in your environment. If you set any value greater than 1500, then you have to set the same at portgroup level as well.

nw-17

B: Security Policies: vSS supports following security policies:

  • Promiscuous mode: This is set to Reject by default. If its set to Accept then guest adapters in promiscuous mode will receive all frames passed on the virtual switch that are allowed under the VLAN
  • MAC address changes: This is set to Accept by default. In default mode Esxi host accepts request to change the effective MAC address to a different one.  When set to Reject, it blocks the Esxi host from accepting this request to change the MAC and the port that the VM used to send the request will be disabled until the effective MAC address matches the initial MAC address
  • Forged transmit: Set to Accept by default. In accept mode, Esxi host does not compare source and effective MAC address, to protect against MAC impersonation. When its set to Reject, it allwos the host to compare source MAC address from the guest VM to its effective MAC for its adapter, if they dont match the packets will be dropped

nw-18

C: Traffic Shaping : Traffic shaping is disabled by default. vSS can only traffic shape outgoing traffic from switch. For incoming traffic, we need to migrate from vSS to vDS.

nw-19

D: Teaming and Failover: I have written a detailed post on this topic in past so I am not covering it again.

nw-20

                                                       Configure TCP/IP stack on a host

By default 3 TCP/IP stacks are configured on an Esxi host : default, vMotion and Provisioning.  These can be viewed from web client by selecting Esxi host > Manage > Networking > TCP/IP Configuration

nw-21.PNG

Default TCP/IP stacks can be edited to change information like DNS settings, Default gateway and Congestion control algorithm.

This slideshow requires JavaScript.

                                                    Create a custom TCP/IP stack

I wrote an article on this topic in past. Here is the excerpt of that

With vSphere 6, a custom TCP/IP stack cannot be created in the Web Client interface and we have to rely on Esxi CLI for this. However once a custom stack has been created from command line, you can edit the properties of newly created stack from Web Client.

To create a new TCP/IP stack, SSH to Esxi host and use below command:

# esxcli network ip netstack add –N “Name_of_Stack”

[root@esxi05:~] esxcli network ip netstack add -N "VR-Traffic"

Once the custom stack is created, you can modify the properties by logging into Web Client and navigating to Esxi Host > Manage > Networking > TCP/IP configuration

tcpip-1.PNG

 

Once a stack is configured, you can associate this with a newly created VMkernel portgroup. You can’t edit any VMkernel portgroup that were created before creating a custom stack.

                               Configure and analyze vSS settings using command line tools

A vSS can be configured using the CLI. Esxcli network vswitch command is used to do the networking configuration of a vswitch (Standard or vDS). Some examples are listed as below:

To list all Standard vSwitch present on the Esxi host

# esxcli network vswitch standard list

CLN-2

Adding a new vSwitch to Esxi host

# esxcli network vswitch standard add –v=vSwitch5

Adding a new vswitch with specific number of ports

# esxcli network vswitch standard add –v=vSwitch5 --ports=256

Create a new portgroup in a standard vswitch

The following command is used to create a new portgroup on a standard vSwitch

# esxcli network vswitch standard portgroup add –p=”FT NW”  –v=vSwitch6

Removing a portgroup from a vSwitch

Below command will delete a portgroup from a standard vswitch

# esxcli network vswitch standard portgroup remove –p=”FT NW”  –v=vSwitch1

Configuring CDP on Standard switches

Enable CDP on a vswitch

# esxcli network vswitch standard set  –c= cdp mode –v=vSwitch name

The accepted values for CDP is listen, advertise and both

# esxcli network vswitch standard set –c=listen –v=vSwitch5

To disable CDP on a vswitch

# esxcli network vswitch standard set  –c=down –v=vSwitch5

Adding an uplink to an existing vSwitch

# esxcli network vswitch standard uplink add -u=vmnic1 -v=vSwitch1

The above command will add a new uplink vmnic1 to the vswitch1

Removing an existing uplink from a vSwitch

# esxcli network vswitch standard uplink remove -u=vmnic1 -v=vSwitch1

To list all the NICS present in Esxi host

The command used to see all the vmnics present on an Esxi host and their associated properties like link status, duplex speed, MTU value and Mac Address etc is

# esxcli network nic list

To check properties of a single vmknic

# esxcli network nic get -n vmnic1

For troubleshooting purposes, you can view statistics for a given NIC by running:

# esxcli network nic stats get -n vmnic1

To Shutdown a vmnic

To shutdown vmnic on your Esxi host the command is

# esxcli network nic down –n=vmnic_name

After running the above command verify from your vCenter server console whether nic is disconnected or not

To reconnect a vmnic

# esxcli network nic up –n=vmnic_name

Checking the ARP table of your Esxi host

# esxcli network ip neighbor list

CLN-29

DNS server settings

List all the DNS servers configured on your Esxi host

# esxcli network ip dns server list

Configuring and Modifying Routing Table of your Esxi host

Checking the current status of routing table of your Esxi host

# esxcli network ip route ipv4 list

CLN-33

To add a new route to your Esxi host

The command to add a new route in your host is

# esxcli network ip route ipv4 add –n=network_add –g=gateway address

Configuring Esxi firewall settings

To check the current firewall settings

# esxcli network firewall ruleset list

This command will list what are the services that are allowed/not allowed to pass through Esxi firewall

And that’s it for this post. I hope you find this post informational. Feel free to share this on social media if it is worth sharing. Be sociable 🙂