There is a free utility called ESXi MAC learning dvFilter released by VMware Labs last week. This utility is provided as a VIB and installs on the physical ESXi host, not on the virtual ESXi hosts.
I learned about it by reading posts from William Lam and Andreas Peetz. ESXi Mac Learning dvFilter is kind of a complementary utility to VMware tools for nested ESXi hosts. Nested ESXi tools allows working with nested ESXi hosts as if it were a usual VMs with VMware tools installed.
A while back I've done a video on how-to build a custom ISO image with VMware tools for nested ESXi. Custom ISO of VMware hypervizor with the VM tools “baked in”. The building process and working with ISO files is very useful if you're learning towards a VCP or VCAP exam as you can build a full blown nested lab by auto-deploy, host profiles and so on and really get good preparation for the exam with only single host. Even quite modest machine can be used for nested virtualization.
ESXi Mac Learning dvFilter – why it's useful?
When activating promiscuous mode on portgroup configured on physical ESXi where are the nested ESXi hosts connected, the traffic flow multiplies network packets. That's the behaviour before the tool implemented. After installing the tool the network traffic is back to normal and there is less CPU overhead too.
Andreas explains it better:
This ensures that the vESXi hosts do not only receive the network packets for their own management interfaces, but also for the nested VMs that they run themselves. But it has a drawback: Because of the promiscuous mode all network packets will be copied to all vESXi hosts all the time, and that leads to a lot of unnecessary network traffic and a notable compute overhead.
How to use it?
01. Download the ESXi Mac Learning dvFilter here
02. Upload to a datastore visible to your ESXi and run this command
esxcli software vib install -v /vmfs/volumes/[DATASTORE-NAME]/vmware-esx-dvfilter-maclearn-0.1-ESX-5.0.vib -f
So in my example I uploaded it to one of my shared datastore:
esxcli software vib install -v /vmfs/volumes/[drobo01]/vmware-esx-dvfilter-maclearn-0.1-ESX-5.0.vib -f
04. Each of your virtual ESXi hosts needs those two additional lines in VMX config file (if you having only single vNIC). In my case i had four vNICS so I had to add 8 lines to my VMX file.
Here are the lines:
05. Check that the host has loaded the filter with this command:
You should see an input like this.
The full screenshot looks like this as my nested ESXi VM has 4 NICs attached. Quite a long to display though…
The tool was was build by Christian Dickman and William Lam.
Quote from VMware Labs:
MAC learning functionality solves performance problems for use cases like nested ESX. This ESX extension adds functionality to ESX to support MAC-learning on vswitch ports. For most ESX use cases, MAC learning is not required as ESX knows exactly which MAC address will be used by a VM. However, for applications like running nested ESX, i.e. ESX as a guest-VM on ESX, the situation is different.
As an ESX VM may emit packets for a multitude of different MAC addresses, it currently requires the vswitch port to be put in “promiscuous mode”. That however will lead to too many packets delivered into the ESX VM, as it leads to all packets on the vswitch being seen by all ESX VMs. When running several ESX VMs, this can lead to very significant CPU overhead and noticeable degradation in network throughput. Combining MAC learning with “promiscuous mode” solves this problem.
The MAC learning functionality is delivered as a high speed VMkernel extension that can be enabled on a per-port basis. It works on legacy standard switches as well as Virtual Distributed Switches.
I have recorded a video from the installation process.
The ESXi Mac learning dvFilter is compatible with ESXi 5.0 and higher.
I hope this post and video has helped someone to learn more about nested ESXi and VMware virtualization technology. Enjoy and big thanks to the VMware engineers.