In this post we will cover following topics:
- Create and manage vSS components according to a deployment plan:
- VMkernel ports on standard switches
- Advanced vSS settings
- Configure TCP/IP stack on a host
- Create a custom TCP/IP stack
- Configure and analyze vSS settings using command line tools
Lets get started by going through each topic one by one.
Create and Manage vSphere Standard Switch
When Esxi is installed, a standard switch aka vSS is also created by default. Working mechanism of a standard switch is very similar to a physical switch in the sense that a standard switch works at layer 2, forwards frames to other switch ports based on the MAC address, and supports features such as VLANs and port channels.
Esxi host physical NIC’s serves as uplinks to the standard switches and through these uplinks vSS communicate with the rest of the network. A vSS provide the network connectivity:
- between virtual machines within the same ESXi host.
- between virtual machines on different ESXi hosts.
- between virtual and physical machines on the network.
- for VMkernel access to networks for vMotion, iSCSI, NFS, or Fault Tolerance logging (and management on ESXi).
How to create a vSS
To create a new vSS, select an Esxi host from inventory and navigate to Manage > Networking > Virtual Switches and click on “Add host networking” icon.
Select “Physical Network Adapter” to add uplinks to the vSS
Select “New standard switch”
Click on + button to add physical adapters to the new vSS.
From the list of free adapters, select which adapter’s will be connected to the new vSS.
Hit finish to complete the new vSS creation wizard.
This is how the newly created vSS will looks like.
VMkernel ports on Standard Switches
To create a VMkernel portgroup, again click on Add host networking and select VMkernel Network adapter option.
Select the newly created vSS.
Provide a name for the VMkernel portgroup and enable the appropriate service to be associated with this portgroup. I created this portgroup for connecting iSCSI storage so I did not selected any service here.
Supply the IP information and hit next.
Hit finish after reviewing settings.
Configuring vSS Advance Settings
Once a vSS has been created, you can configure the advanced settings by selecting an Esxi host and navigating to Manage > Networking > Virtual Switches > vSS > Edit Settings.
Following advance settings can be configured:
A: MTU Settings: Default value is 1500. You can change this value to a higher value if you want to use jumbo frames in your environment. If you set any value greater than 1500, then you have to set the same at portgroup level as well.
B: Security Policies: vSS supports following security policies:
- Promiscuous mode: This is set to Reject by default. If its set to Accept then guest adapters in promiscuous mode will receive all frames passed on the virtual switch that are allowed under the VLAN
- MAC address changes: This is set to Accept by default. In default mode Esxi host accepts request to change the effective MAC address to a different one. When set to Reject, it blocks the Esxi host from accepting this request to change the MAC and the port that the VM used to send the request will be disabled until the effective MAC address matches the initial MAC address
- Forged transmit: Set to Accept by default. In accept mode, Esxi host does not compare source and effective MAC address, to protect against MAC impersonation. When its set to Reject, it allwos the host to compare source MAC address from the guest VM to its effective MAC for its adapter, if they dont match the packets will be dropped
C: Traffic Shaping : Traffic shaping is disabled by default. vSS can only traffic shape outgoing traffic from switch. For incoming traffic, we need to migrate from vSS to vDS.
D: Teaming and Failover: I have written a detailed post on this topic in past so I am not covering it again.
Configure TCP/IP stack on a host
By default 3 TCP/IP stacks are configured on an Esxi host : default, vMotion and Provisioning. These can be viewed from web client by selecting Esxi host > Manage > Networking > TCP/IP Configuration
Default TCP/IP stacks can be edited to change information like DNS settings, Default gateway and Congestion control algorithm.
Create a custom TCP/IP stack
I wrote an article on this topic in past. Here is the excerpt of that
With vSphere 6, a custom TCP/IP stack cannot be created in the Web Client interface and we have to rely on Esxi CLI for this. However once a custom stack has been created from command line, you can edit the properties of newly created stack from Web Client.
To create a new TCP/IP stack, SSH to Esxi host and use below command:
# esxcli network ip netstack add –N “Name_of_Stack”
[root@esxi05:~] esxcli network ip netstack add -N "VR-Traffic"
Once the custom stack is created, you can modify the properties by logging into Web Client and navigating to Esxi Host > Manage > Networking > TCP/IP configuration
Once a stack is configured, you can associate this with a newly created VMkernel portgroup. You can’t edit any VMkernel portgroup that were created before creating a custom stack.
Configure and analyze vSS settings using command line tools
A vSS can be configured using the CLI. Esxcli network vswitch command is used to do the networking configuration of a vswitch (Standard or vDS). Some examples are listed as below:
To list all Standard vSwitch present on the Esxi host
# esxcli network vswitch standard list
Adding a new vSwitch to Esxi host
# esxcli network vswitch standard add –v=vSwitch5
Adding a new vswitch with specific number of ports
# esxcli network vswitch standard add –v=vSwitch5 --ports=256
Create a new portgroup in a standard vswitch
The following command is used to create a new portgroup on a standard vSwitch
# esxcli network vswitch standard portgroup add –p=”FT NW” –v=vSwitch6
Removing a portgroup from a vSwitch
Below command will delete a portgroup from a standard vswitch
# esxcli network vswitch standard portgroup remove –p=”FT NW” –v=vSwitch1
Configuring CDP on Standard switches
Enable CDP on a vswitch
# esxcli network vswitch standard set –c= cdp mode –v=vSwitch name
The accepted values for CDP is listen, advertise and both
# esxcli network vswitch standard set –c=listen –v=vSwitch5
To disable CDP on a vswitch
# esxcli network vswitch standard set –c=down –v=vSwitch5
Adding an uplink to an existing vSwitch
# esxcli network vswitch standard uplink add -u=vmnic1 -v=vSwitch1
The above command will add a new uplink vmnic1 to the vswitch1
Removing an existing uplink from a vSwitch
# esxcli network vswitch standard uplink remove -u=vmnic1 -v=vSwitch1
To list all the NICS present in Esxi host
The command used to see all the vmnics present on an Esxi host and their associated properties like link status, duplex speed, MTU value and Mac Address etc is
# esxcli network nic list
To check properties of a single vmknic
# esxcli network nic get -n vmnic1
For troubleshooting purposes, you can view statistics for a given NIC by running:
# esxcli network nic stats get -n vmnic1
To Shutdown a vmnic
To shutdown vmnic on your Esxi host the command is
# esxcli network nic down –n=vmnic_name
After running the above command verify from your vCenter server console whether nic is disconnected or not
To reconnect a vmnic
# esxcli network nic up –n=vmnic_name
Checking the ARP table of your Esxi host
# esxcli network ip neighbor list
DNS server settings
List all the DNS servers configured on your Esxi host
# esxcli network ip dns server list
Configuring and Modifying Routing Table of your Esxi host
Checking the current status of routing table of your Esxi host
# esxcli network ip route ipv4 list
To add a new route to your Esxi host
The command to add a new route in your host is
# esxcli network ip route ipv4 add –n=network_add –g=gateway address
Configuring Esxi firewall settings
To check the current firewall settings
# esxcli network firewall ruleset list
This command will list what are the services that are allowed/not allowed to pass through Esxi firewall
And that’s it for this post. I hope you find this post informational. Feel free to share this on social media if it is worth sharing. Be sociable 🙂