VMware Advance Troubleshooting Workshop - Day 3
44
Introduction to vSphere Networking Day 3 VMware vSphere: Install, Configure, Manage
-
Upload
vepsun-education -
Category
Technology
-
view
80 -
download
7
Transcript of VMware Advance Troubleshooting Workshop - Day 3
Introduction to vSphere Networking
Day 3
VMware vSphere: Install, Configure, Manage
Introduction to vSphere Distributed Switches
Learner Objectives
By the end of this lesson, you should be able to meet the following objectives:• List the benefits of using vSphere distributed switches• Describe the distributed switch architecture• Create a distributed switch• Manage the distributed switch• Describe the properties of a distributed switch
Benefits of vSphere Distributed Switches
The vSphere distributed switch greatly extends vSphere networking features and centralizes vSphere management.
vSphere distributed switches have the following benefits over standard switches:• vSphere distributed switch simplifies data center administration.• vSphere distributed switch configuration is consistent across all the hosts that
use it.• vSphere distributed switch behavior is consistent with the behavior of standard
switches.• vSphere distributed switch supports advanced features, such as private
VLANs, NetFlow, and port mirroring.• vSphere distributed switch enables networking statistics and policies to migrate
with virtual machines during a migration with VMware vSphere® vMotion®.• vSphere distributed switch allows for customization and third-party
development.
Feature Standard Switch Distributed SwitchLayer 2 switch
VLAN segmentation
IPv6 support
802.1Q tagging
NIC teaming
Outbound traffic shaping
Inbound traffic shaping
VM network port block
Private VLANs
Load-based teaming
Data center-level management
vSphere vMotion migration over a network
Per-port policy settings
Port state monitoring
NetFlow
Port mirroring
vSS and vDS Comparison
Distributed Switch Architecture
vCenter Server
Host 1 Host 2
Virtual
PhysicalPhysical NICs (Uplinks)
Distributed Ports and Port Groups
Distributed Switch(Control Plane)
UplinkPort Groups
Hidden Virtual Switches(I/O Plane)
Management Port Management Port
vSphere vMotion Port
vSphere vMotion Port
ESXi01 ESXi02
Virtual
PhysicalUplinks
DistributedSwitch VDS01
vmnic1
Distributed Switch Example
You create a distributed switch named VDS01. You create a port group named Production, which will be used for virtual machine networking. You assign uplinks vmnic1 on host ESXi01 and vmnic1 on host ESXi02 to the distributed switch.
vmnic0 vmnic2 vmnic1vmnic0 vmnic2
ProductionUplink
Port Group
Viewing a Distributed Switch
You can view a host’s distributed switch configuration by clicking the Manage tab and clicking the Networking link.
View distributed switch settings.
Distributed switch settings.
Creating a Distributed Switch
You can create a distributed switch on a data center to handle the networking configuration of multiple hosts at the same time from a central place.
Editing General and Advanced Distributed Switch Properties
General settings for a distributed switch include the switch name and the number of uplinks.
Basic multicast filtering mode forwards multicast traffic for virtual machines according to the destination multicast group MAC address.
Migrating Network Adapters to a Distributed Switch
For hosts associated with a distributed switch, you can migrate network adapters from a standard switch to the distributed switch.
Migrate physical or virtual network adapters to this
distributed switch.
Assigning a Physical NIC of a Host to a Distributed Switch
You can assign physical NICs of a host that is associated with a distributed switch to an uplink port on the host proxy switch.
Manage the physical network adapters connected to the selected switch.
Connecting Virtual Machines to a Distributed Switch
You connect virtual machines to distributed switches by connecting their associated virtual network adapters to distributed port groups.
For a single virtual machine, modify the network adapter configuration of the virtual
machine.
For a group of virtual machines, migrate virtual machines from a virtual network to a distributed
switch.
Editing Distributed Port Group General Properties
You can edit general distributed port group settings, such as the distributed port group name, the port settings, and the network resource pool.
Port binding options include static, dynamic, and ephemeral (no port binding).
Editing Distributed Port Group Advanced Properties
From the advanced settings of a distributed port group, you can configure the per-port overriding of the policies that are set at the port group level.
About the VMkernel Networking Level
The VMkernel networking layer provides connectivity to hosts and handles the standard system traffic of VMware vSphere® vMotion®, IP storage, VMware vSphere® Fault Tolerance, VMware Virtual SAN™, and others.
You can also create VMkernel adapters on the source and target VMware vSphere® Replication™ hosts to isolate the replication data traffic.
TCP/IP stacks at the VMkernel level:• Default TCP/IP stack• vMotion TCP/IP stack• Provisioning TCP/IP stack• Custom TCP/IP stacks
Creating a VMkernel Adapter on a Host Associated with a Distributed Switch
You create a VMkernel adapter on a host that is associated with a distributed switch to provide network connectivity to the host and to handle the traffic for vSphere vMotion, IP storage, vSphere Fault Tolerance logging, Virtual SAN, and others.
Click Add host networking to start the Add Networking wizard.
Click VMkernel Network Adapter.
Netflow
Netflow is configured on the settings of your dvSwitch (Right-click dvSwitch->Edit Settings) on the NetFlow tab. There are a number of items we can configure here. First off, our collector IP and port. This is the IP and port of the actual NetFlow collector where we are sending the data too. To allow all of your traffic to appear as coming from a single source, rather than multipleESX management networks you can specify an IP address for the dvSwitch here as well. This doesn't actually live on your network, just shows up in your NetFlow collector.
DirectPath I/O
DirectPath I/O allows virtual machine access to physical PCI functions on platforms with an I/O Memory Management Unit.
The following features are unavailable for virtual machines configured with DirectPath:
• Hot adding and removing of virtual devices
• Suspend and resume
• Record and replay
• Fault tolerance
• High availability
• DRS (limited availability. The virtual machine can be part of a cluster, but cannot migrate across hosts)
• Snapshots
Private VLANS
Private VLANs are used to solve VLAN ID limitations by adding a further segmentation of the logical broadcast domain into multiple smaller broadcast subdomains.
Ports on a secondary VLAN can be either Isolated, communicating only with promiscuous ports, or Community, communicating with both promiscuous ports and other ports on the same secondary VLAN.
DirectPath I/O vs SR-IOV
SR-IOV offers performance benefits and tradeoffs similar to those of DirectPath I/O. DirectPath I/O and SR- IOV have similar functionality but you use them to accomplish different things.
SR-IOV is beneficial in workloads with very high packet rates or very low latency requirements. Like DirectPath I/O, SR-IOV is not compatible with certain core virtualization features, such as vMotion. SR-IOV does, however, allow for a single physical device to be shared amongst multiple guests.
With DirectPath I/O you can map only one physical function to one virtual machine. SR-IOV lets you share a single physical device, allowing multiple virtual machines to connect directly to the physical function.
Troubleshooting Distributed Switch Issues (1)
Under certain conditions, the virtual machines that are on the same distributed port group but on different hosts cannot communicate with one another.
Problems:• Virtual machines residing on the same port group but on different hosts are
unable to communicate.• Pings from one virtual machine to another fail. You cannot migrate the virtual
machines between the hosts by using vSphere vMotion.
Causes:• On some of the hosts, no physical NICs are assigned to active or standby
uplinks in a NIC team. The failover order of a distributed port group is not correctly configured.
• The physical NICs on the hosts assigned to the active or standby uplinks reside on different VLANs on the physical switch. The physical NICs on different VLANs are not visible to one another and thus fail to communicate.
Troubleshooting Distributed Switch Issues (2)
Solutions:• In the topology of the distributed switch, check which host does not have
physical NICs assigned to an active or standby uplink on the distributed port group. Assign at least one physical NIC on that host to an active uplink on the port group.
• In the topology of the distributed switch, check the VLAN IDs of the physical NICs assigned to the active uplinks on the distributed port group. On all hosts, assign physical NICs from the same VLAN to an active uplink on the distributed port group.
Physical Network Considerations
Your virtual networking environment relies on the physical network infrastructure. As a vSphere administrator, you should discuss your vSphere networking needs with your network administration team.
The following issues are topics for discussion:• Number of physical switches• Network bandwidth that is required• Physical switch configuration support for 802.3ad, for NIC teaming• Physical switch configuration support for 802.1Q, for VLAN tagging• Physical switch configuration support for Link Aggregation Control Protocol
(LACP)• Network port security• Link Layer Discovery Protocol (LLDP) and Cisco Discovery Protocol (CDP) and
their operation modes, such as: – Listen, broadcast, listen and broadcast, and disabled
Review of Learner Objectives
You should be able to meet the following objectives:• List the benefits of using vSphere distributed switches• Describe the distributed switch architecture• Create a distributed switch• Manage the distributed switch• Describe the properties of a distributed switch
Key Points• Three connection types can exist on a virtual switch: virtual machine port
group, VMkernel, and physical uplinks.• A standard switch is a virtual switch configuration for a single host. • Network policies set at the standard switch level can be overridden at the port
group level.• A distributed switch provides centralized management and monitoring of the
networking configuration of all hosts that are associated with the switch. • You set up a distributed switch at the data center level on a vCenter Server
system. The settings of the distributed switch are propagated to all hosts that are associated with the switch.
• Distributed port groups define how a connection is made through the distributed switch to the network.
Questions?
Network Troubleshooting
Review of Distributed Switch Network Connectivity
The cause of a network connectivity problem might be in the virtual machines, the vCenter Server system, or the ESXi hosts that have NICs assigned to the distributed switch and the physical network.
vCenter Server
ESXi Host ESXi HostVirtual
PhysicalPhysical NICs (Uplinks)
Distributed Ports and Port Groups
Distributed Switch(Control Plane)
UplinkPort Groups
Hidden Virtual Switches
(I/O Plane)
Management Port
Management Port
vSphere vMotion PortVM VM VM VMVM State
Distributed Switch Rollback
The distributed switch rollback is triggered when invalid updates are made to distributed switch-related objects
Examples of events that might trigger a distributed switch rollback:• Changing the MTU of a distributed switch• Changing the following settings in the distributed port group of the
management VMkernel network adapter:– NIC teaming and failover– VLAN– Traffic shaping
If an invalid configuration occurs, one or more hosts might be out of synchronization with the distributed switch.
Recovering from a Distributed Switch Misconfiguration
Always back up your distributed switch before you make a change to its configuration:• If your distributed switch loses network connectivity because of a
misconfiguration, you can restore from your latest backup.
vSphere Web Client provides you with features to back up and restore distributed switch configuration:• Export: Back up your distributed switch configuration.• Restore: Reset the configuration of a distributed switch from an exported
configuration file.• Import: Create a distributed switch from an exported configuration file.
The export, restore, and import functions are available only with vSphere Web Client. They are not available with VMware vSphere® Client™.
Backing Up a Distributed Switch Configuration
You can back up a distributed switch configuration by exporting the configuration to a file.
Exporting enables you to do the following tasks:• Make a backup of your distributed switch configuration.• Create a template of a distributed switch configuration.• Create a revision control system for your distributed switch configuration.
Restoring and Importing a Distributed Switch Configuration
After you export a distributed switch configuration, you can use the restore or the import function to reset the configuration or to create a distributed switch.
You can use restore to reset a distributed switch configuration that is corrupted.
You can use import to create a distributed switch, for example, on a different vCenter Server system.
Review of Learner Objectives
You should be able to meet the following objectives:• Provide a network troubleshooting overview• Analyze and troubleshoot standard switch problems• Analyze and troubleshoot virtual machine connectivity problems• Analyze and troubleshoot management network problems• Analyze and troubleshoot distributed switch problems
Key Points• Virtual network connectivity problems might occur with standard switches,
distributed switches, virtual machines, or management networks.• A virtual machine connectivity problem might exist in the physical layer, the
virtual layer, or the guest operating system.• The ping command is useful when troubleshooting ESXi host and virtual
machine connectivity issues.• When an ESXi host frequently disconnects from vCenter Server, heartbeat
packets are being lost between vCenter Server and the ESXi host.• vSphere network rollback prevents accidental misconfiguration of management
networking and loss of connectivity.• A good practice is to back up your distributed switch configuration with the
vSphere Web Client whenever you make a change to the configuration.• You can use the restore or the import function to reset the distributed switch
configuration.
Questions?
© 2015 VMware Inc. All rights reserved.5-35
NSX
VMware NSX is the network virtualization platform for the Software-Defined Data Center.
NSX embeds networking and security functionality that is typically handled in hardware directly into the hypervisor. The NSX network virtualization platform fundamentally transforms the data center’s network operational model like server virtualization did 10 years ago, and is helping thousands of customers realize the full potential of an SDDC.
Virtual Networks and Network Virtualization
Distributed Switch
VLAN50 VLAN60 VLAN70
ESXi
Distributed Switch
VXLAN 5050
VXLAN 5060
VXLAN 5070
ESXi
VLAN TRUNKING 50, 60
The configurations show the difference between virtual networking and network virtualization.
VMware NSX Components (1)
VMware NSX includes the following components:• VMware NSX Manager™: Represents the management plane of the solution.
It provides the single point of configuration and REST API entry points. NSX Manager is registered with vCenter Server and there is a 1:1 mapping.
• VMware NSX Controller™ cluster: An advanced distributed state management system that provides control plane functions for logical switching and routing. It maintains information about all hosts, logical switches, and distributed logical routers. Represents the control plane of the solution.
• VMware NSX Virtual Switch™: Abstracts the physical network and provides access-level switching in the hypervisor. It is based on VMware vSphere® Distributed Switch™, with additional components (VXLAN, distributed logical router, firewall) to enable services. The additional components are installed as VIB packages on the ESXi hosts when the clusters are prepared through NSX Manager.
• Edge services gateway: Provides access to all the VMware NSX Edge™ services, such as firewall, NAT, DHCP, VPN, load balancing, and high availability.
VMware NSX Components (2)
VMware NSX includes the following components:• VXLAN (logical switches): An overlay protocol that provides creation of
logical layer 2 networks over existing IP networks on existing physical infrastructure without the need to rearchitect any of the data center networks.
• Distributed logical router: Provides optimal east-west routing at the hypervisor level in a distributed fashion. Virtual machines that reside on the same host on different subnets can communicate with one another without having to traverse a traditional routing interface.
• Distributed logical firewall: Allows segmentation of virtual data center entities such as virtual machines based on VM names and attributes, user identity, and vCenter Server objects, in addition to traditional networking attributes such as IP addresses and ports. Provides firewall filtering at line rate and is distributed across all the hosts.
• Service Composer: Helps provision and assign network and security services to applications in a virtual infrastructure. The services are mapped to a security group and they are applied to the virtual machines in the security group using a security policy.
VMware NSX Logical Switch Example
Logical switches extend layer 2 connectivity across layer 3 boundaries.
vSphere Host
Logical Switch
172.16.10.11/24
Physical Network
vSphere Host vSphere Host
10.20.10.10/24 10.20.20.11/24 10.20.30.12/24
172.16.10.12/24
VM1
VM2
VXLAN 5001 172.16.10.13/24
VM3
vCloud Networking and Security (vCNS)
vCloud Networking and Security (vCNS) is a solution that can be used to block traffic between virtual machines. vCNS can be a bit intimidating so this is a quick, getting started, guide on how you can test it out in your environment.
VMware announced the End of Availability (EOA) for vCNS with the Q1 2015 general availability of vCloud Suite 6. This product was EOA’d as a standalone product in September 2013. All the functionalities of vCNS is replaced by NSX.
Review of Learner Objectives
You should be able to meet the following objectives:• Describe network virtualization with VMware NSX• Describe overlay networks• Describe benefits of network virtualization
Key Points
• Software powers the evolution of networks and data center infrastructure.• Using the software-defined data center, organizations can meet business
demands efficiently and flexibly.• Using vSphere and VMware NSX, you can create virtual networks that
provide a complete set of network services.• VMware NSX can increase data center security by enabling a rich set of
security services with micro segmentation.
Questions?
