Friday, May 13, 2016

VMware Distributed Switch


              vSphare Distributed switch or vDS

 vSphare Distributed switch or vDS:-vDS Spans multiple ESXI hosts in a cluster instead of each hosts having its own set of vSwitches...... Provides a centralized “network controlling mechanism” across all the ESXi hosts.........And reduces network complexity in clustered ESXi environments....... simplifies the addition of new hosts to an ESXi cluster environment with guaranteed consistency of network configuration across the cluster.

Features:-
(i) Inbound traffic shaping
(ii) VM’s network port block
(iii) Private VLANs
(iv) Load-based teaming system
(v) Datacenter-level network management
               (vi) Network vMotion
               (vii) vSphere switch APIs
               (viii) Per-port policy settings
               (ix) Individual Port’s state monitoring
               (x) Link Layer Discovery Protocol (LLDP)
 (xi) User-defined traffic paths for QOS
(xii) Monitoring NetFlow
(xiii) Port Mirroring

Inbound traffic shaping:- This port group setting that can throttle or control the aggregate bandwidth inbound to the switch. vSS has outbound traffic shaping only while vDS has both.

VM’s network port block:- We can block a Specific switch ports for a specified VMs use.

Private VLANs:- In essence, a PVLAN is a VLAN within a VLAN. PVLANs in your vSphere environment can be kept from seeing each other.

Load-based teaming:- This teaming system evaluate current load on each link and make frame forwarding decisions to balance load.

Datacenter-level network management:- A vDS is managed from the vCenter server as a single switch. This provides a centralized network control mechanism and guarantees consistency of network configuration across the entire ESXI host connected.




Network vMotion:- Because a port group that is on a vDS is actually connected to multiple hosts. While vMotion a VM can migrate from one host to another without changing ports and port group settings such as security, traffic shaping, and NIC teaming etc.

vSphere switch APIs:-Through this APIs third-party distributed switches such as the Cisco Nexus 1000v can be used as a, virtual appliance (VA).

Per-port policy settings:- Most of the configuration on a vDS is at the port group level, but it can be overridden at the individual port level giving tremendous flexibility.

Individual Port’s state monitoring:- Each port on vDS can be managed and monitored independently of all other ports helping quickly identify port issues.

Link Layer Discovery Protocol:- Similar to Cisco's, Cisco Discovery Protocol (CDP),Link Layer Discovery Protocol (LLDP) enables vDSs to discover other devices such as switches and routers that are directly connected (linked) to them.

User-defined traffic paths for QOS:- You can set up a quality of service (QoS) (of a sort), by defining the traffic paths by types of VMware traffic. In earlier versions of vDSs, you could define traffic as vMotion, Management, storage and others, but now you can define your own categories.

Monitoring NetFlow:- This enables you to easily monitor virtual network flows with the same tools that you use to monitor traffic flows in the physical network. Your vDS can forward virtual NetFlow information to a monitoring machine in your external network.

Port Mirroring:- Port mirroring sends a copy of -"packets to be sent"- to a monitoring station so that traffic flows can be monitored without the IPS/IDS (intrusion prevention and detection system)skewing the data.


dvUplink groups:-Each host keeps its own network configuration in a hidden switch that is created when you add a host to a vDS. dvUplink groups connect those hidden switches that are contained in your hosts to vDS and then from there to the physical world.



PVLAN or Private VLAN:-In essence, a PVLAN is a VLAN within a VLAN. The PVLANs in your vSphere network can be kept from seeing each other. In other words by using PVLANs, you can isolate hosts from seeing each other while keeping them on the same IP subnet

PVLANs are configured in pairs: the primary VLAN and any secondary VLANs. The primary VLAN is considered the downstream VLAN; that is, traffic to the host travels along the primary VLAN. The secondary VLAN is considered the upstream VLAN; that is, traffic from the host travels along the secondary VLAN. There are 3 types of PVLANS:-



1. Community: This a private VLAN used to create a separate network to be shared by more than one VM in the primary VLAN. VM's on community VLANs can communicate only to other VMs on the same community or to VMs on a promiscuous VLAN.

2. Isolated: This is a private VLAN used to create a separate network for one VM in your primary VLAN. It can be used to isolate a highly sensitive VM. If a VM is in an isolated VLAN, it will not communicate with any other VMs in other isolated VLANs or in other community VLANs. It can communicate only with promiscuous VLANs.

3. Promiscuous: VMs on this VLAN are reachable and can be reached by any VM in the same primary VLAN. In PVLAN parlance, a promiscuous port is allowed to send and receive Layer 2 frames to any other port in the VLAN. This type of port is typically reserved for the default gateway for an IP subnet — for example, a Layer 3 router.




Cisco Discovery Protocol (CDP):- a Cisco protocol for exchanging information between network devices.

Link Layer Discovery Protocol (LLDP):- An industry standardized form of CDP. Through LLDP, ESXi hosts participating in a dvSwitch can exchange discovery information to physical switches. Discovery information includes information on the physical NIC use and the vSwitch involved.

vDS versions available-4.0 ,4.1, 5.0, 5.1, 5.5, 6.0

vSphare license for dvSwitch- Enterprise Plus

Can a ESXi host use vSS and vDS together- Yes.. you can use vSS and vDS together. Even you can leave your VMkernel ports in standard switch while keeping your entire VMport groups on Distributed switch

Difference between vSS and vDS Trafic shaping-
With vSphere Standard Switches, you could apply traffic-shaping policies only to egress (outbound) traffic but with a Distributed switch, you can apply traffic-shaping policies to both ingress (inbound) and egress traffic.

Difference between vSS and vDS Load Balancing-
version 4.1 and version 5.0 vDS support a new load balancing type,
Route Based On Physical NIC Load. When this load-balancing policy is selected, ESXi checks the utilization of the uplinks every 30 seconds for congestion. In this case, congestion is defined as either transmit or receive traffic greater than 75 percent mean utilization over a 30-second period. If congestion is detected on an uplink, ESXi will dynamically reassign the VM to a different uplink.

vDS Total Ports and Available ports-

With vSphere Standard Switches, the VMkernel reserved eight ports (8) for its own use, creating a discrepancy between the total numbers of ports listed in different places.

 For every host added to a Distributed switch (vDS), four ports (4) by default are added to the “vDS Uplinks” port group which are reserved for uplinks. So, a vDS with three hosts would have 140 total ports with 128 available, a vDS with four hosts would have 144 total ports with 128 available, and so forth.

     vDS  Distributed Switch                vSS    Standard switch

2 Hosts =128+(4X2)=136           Maximum Port per vSwitch 4096
3 Hosts=128+(4X3)=140            Maximum Port per Host 4096-8
4 Hosts=128+(4X4)=144                                    =4088


Posted by at

1 comment:

Subscribe to: Post Comments (Atom)