ESX Virtualization

VMware ESXi, vSphere, VMware Backup, Hyper-V... how-to, videos....

Nakivo Backup and Replication - #1 Backup solution for Virtual, physical, cloud, NAS and SaaS

VCP6.7-DCV Objective 7.1 – Manage Virtual Networking

By | Last Updated:

Shares

Today's post is another post covering VMware official blueprint which we have as a guideline when working on our VCP-DCV 2019 Certification Study Guide. The topic's name is VCP6.7-DCV Objective 7.1 – Manage Virtual Networking and we will try to squeeze as much as we can to a single blog post.

You should, however, study not only from our guide, but you should also have experience with vSphere 6.7 and have also the whole documentation set which is referenced in the official VMware blueprint. Our guide is no mean to be perfect, it's just another source to study from, with a lot of screenshot from our lab.

VMware vSphere has by default all hosts configured with vSphere standard switch (VSS). vSphere Distributed Switch (VDS) can be created and configured through vCenter server only for customers having the appropriate licensing or running VMware VSAN.

Use the official documentation as well as your home lab for the study. Follow the progress of the VCP6.7-DCV Study Guide page for further updates.

To become VCP-DCV 2019 certified you have 3 different choices of exam:

  1. Professional vSphere 6.7 Exam 2019
  2. VCP6.5-DCV: VMware Certified Professional 6.5 – Data Center Virtualization exam (our VCP6.5-DCV Study Guide Page which is complete)
  3. VCP6.5-DCV DELTA: VMware Certified Professional 6.5 – Data Center Virtualization Delta exam

NoteYou must be VCP5, or VCP6. If, not, you must attend a class and you have no “Delta” exam option.

This guide is available as Free PDF!

Free Download at Nakivo – VCP6.7-DCV Study Guide.

VCP-DCV 2019 Study Guide

VCP-DCV 2019 Study Guide

To manage virtual networking, you'll first configure and use vSphere Standard Switch (VSS). It's because VDS config can be done through vCenter server only. vSphere Standard switch configuration is accessible via the vSphere Web client. Select host > configure > networking

Network Policies:

Policies which are applied at the switch level propagate to all standard port groups.

The virtual standard switches (VSS) can have the following policies and settings:

  • Traffic shaping (outbound only)
  • VLANs (none, VLAN ID, All) – at the portgroup level config
  • MTU
  • Teaming and failover
  • Security

If you set VLAN policy to 4095 (All) it allows you to pass All VLANs, and the tagging is done at the Guest OS level

vSphere distributed switches (vDS) policies and settings:

  • Traffic filtering and marking
  • MTU
  • VLANs (none, VLAN ID, VLAN trunking, PVLANs)
  • Monitoring (NetFlow)
  • Security
  • Traffic Shaping – inbound and outbound (ingress/egress)
  • LACP
  • Port mirroring
  • Health check for VLAN and MTU, teaming and failover – allows checking the status of the overall config.
  • And Teaming and failover like on VSS switch.

Check it out: I highly recommend reading our post from previous study guide – VCP6.5-DCV Objective 2.1 – Configure policies/features and verify vSphere networking

Note: Policies for vSwitches differs. Not all policies for vSphere Distributed Switch (vDS) are available for vSphere Standard Switch (vSS).

vSphere Distributed Switch

Need to go to Networking TAB > Right click Datacenter > Distributed Switch > New Distributed Switch

After you create VDS, you need to add hosts. But before doing that you should:

  • Create distributed port groups for VM networking
  • Create distributed port groups for VMkernel services, such as vMotion, VSAN, FT etc…
  • Configure a number of uplinks on the distributed switch for all physical NICs that you want to connect to the switch

VDS has 3 different network security policies:

  • Promiscuous mode – Reject is by default. In case you set to Accept > the guest OS will receive all traffic observed on the connected vSwitch or PortGroup.
  • MAC address changes – Reject is by default. In case you set to Accept > then the host will accept requests to change the effective MAC address to a different address than the initial MAC address.
  • Forged transmits – Reject is by default. In case you set to Accept > then the host does not compare source and effective MAC addresses transmitted from a virtual machine.

vDS load balancing (LNB):

  • Route based on IP hash – The virtual switch selects uplinks for virtual machines based on the source and destination IP address of each packet.
  • Route based on source MAC hash – The virtual switch selects an uplink for a virtual machine based on the virtual machine MAC address. To calculate an uplink for a virtual machine, the virtual switch uses the virtual machine MAC address and the number of uplinks in the NIC team.
  • Route based on originating virtual port – Each virtual machine running on an ESXi host has an associated virtual port ID on the virtual switch. To calculate an uplink for a virtual machine, the virtual switch uses the virtual machine port ID and the number of uplinks in the NIC team. After the virtual switch selects an uplink for a virtual machine, it always forwards traffic through the same uplink for this virtual machine as long as the machine runs on the same port. The virtual switch calculates uplinks for virtual machines only once, unless uplinks are added or removed from the NIC team.
  • Use explicit failover order – No actual load balancing is available with this policy. The virtual switch always uses the uplink that stands first in the list of Active adapters from the failover order and that passes failover detection criteria. If no uplinks in the Active list are available, the virtual switch uses the uplinks from the Standby list.
  • Route based on physical NIC load (Only available on vDS) – based on Route Based on Originating Virtual Port, where the virtual switch checks the actual load of the uplinks and takes steps to reduce it on overloaded uplinks. Available only for vSphere Distributed Switch. The distributed switch calculates uplinks for virtual machines by taking their port ID and the number of uplinks in the NIC team. The distributed switch tests the uplinks every 30 seconds, and if their load exceeds 75 percent of usage, the port ID of the virtual machine with the highest I/O is moved to a different uplink.

I highly recommend getting a vSphere 6.7 Networking PDF and study from it as our blog post isn't really complete. You should also practice in the lab, heavily, as networking is one of the core vSphere components. While networking and VSS might not be as difficult to configure and use, VDS, on the other hand, has much more option and configuration parameters.

More from ESX Virtualization

Stay tuned through RSS, and social media channels (TwitterFBYouTube)

Shares
Vote !

About Vladan SEGET

This website is maintained by Vladan SEGET. Vladan is as an Independent consultant, professional blogger, vExpert x16, Veeam Vanguard x9, VCAP-DCA/DCD, ESX Virtualization site has started as a simple bookmarking site, but quickly found a large following of readers and subscribers.

Connect on: Facebook. Feel free to network via Twitter @vladan.