VMware vSphere 7 and virtual networking is a large topic. In this post, we'll describe some bases and talk about VMkernel networking. This post is a part of a free Study Guide when preparing to pass the VMware VCP-DCV certification exam.
In our free guide, we cover all topics from VCP-DCV 2021 exam that are listed on the original VMware blueprint that has 80 objectives.
You might want to pass a VCP exam with less work? Hmm, yes, for now, it's still possible as VMware will give you the same title, VCP-DCV 2021 while you'll pass not the 2V0-21.20, but the 2V0-21.19, based on vSphere 6.7.
VMware maintains this exam until June 21st 2021. Note that we have a Free Study Guide based on vSphere 6.7 for that exam and you can download it as a PDF from our partner.
So, let's get started. Few words and definitions which you'll hear quite often.
- Physical network – A network of physical machines that are connected so that they can send data to and receive data from each other. VMware ESXi runs on a physical machine.
- Virtual Network – virtual machines running on a physical machine that are connected logically to each other so that they can send data to and receive data from each other. The VMs are also connected to the physical world. The virtual network also provides services such as vmkernel services which are necessary to maintain management connections, vMotion, VSAN, iSCSI, Fault Tolerance (FT) etc.
A vSphere Standard Switch is very similar to a physical Ethernet switch. Virtual machine network adapters and physical NICs on the host use the logical ports on the switch as each adapter uses one port. Each logical port on the standard switch is a member of a single port group.
We assume that you know already the networking terminology and their meanings. Things such as TCP/IP, MAC address, IP address, Ether Channel, LACP, …
Let's describe some networking creation concepts, for vSphere standard switch (vSS).
- vSphere Standard Switch (vSS) – it's like a physical Ethernet switch where you have VMs connected and those can communicate with each other as the switch forward traffic to each of those VMs.
- Standard Port group – portgroup specifies port configuration options (VLAN, bandwidth limitation). A single standard switch has usually one or more portgroups.
- Uplink – Ethernet adapters, also referred to as uplink adapters, to join virtual networks with physical networks.
A VLAN ID, which restricts port group traffic to a logical Ethernet segment within the physical network, is optional. For port groups to receive the traffic that the same host sees, but from more than one VLAN, the VLAN ID must be set to virtual guest tagging (VGT) VLAN 4095.
To Create VSS
Open vSphere Web client > Hosts and clusters, select host > Configure > Networking > Virtual Switches > Add Networking
You'll need to select one of the 3 different options:
- VMkernel Network Adapter – Chose this one if you want to create a new VMkernel Adapter and associate some services (VSAN, FT, VMOTION)
- VM Port Group – Chose this one if you want to create a virtual machine port group
- Physical Network Adapter – Chose this one if you want to create and manage physical adapters on ESXi host
Continue the assistant to create your vSS and network.
VMkernel adapters are part of every host. The management network for example is essentially based on VMkernel networking, but this is not the only one. VMkernel network adapters have, or can have several functions:
Management Traffic – configuration and management communication for the host, vCenter Server, and HA traffic. When ESXi is first installed, a VMkernel adapter is created with management-selected checkbox.
vMotion Traffic – when you check this box, the VMkernel adapter is able to be used for vMotion. You can use mutiple physical NICs for faster migration. By default, vMotion traffic is not encrypted.
Provisioning traffic – Basically, this type of traffic is used for VM cold migrations, cloning, and snapshot migration.
IP Storage and discovery – This is an important role for VMkernel adapter, as this role allows you to connect to ISCSI and NFS storage. You can use several physical NICs and “bind” each to a single VMkernel to enable multipathing for additional throughput and redundancy. This role is not a checkbox you simply activate though.
Fault Tolerance traffic – One of the features you can enable, Fault Tolerance, allows you to create a second mirror copy of a VM. To keep both machines precisely the same requires a lot of
network traffic. This role must be enabled and is used for that traffic.
vSphere Replication traffic – As it sounds like, this role handles the replication traffic sent to a vSphere Replication server.
vSAN traffic – Mandatory to check if you configured vSAN. The resync of VSAN objects and retrieval needs a very high amount of network bandwidth, so it would be best to have this on as fast of a connection as you can. vSAN does support multiple VMkernels for vSAN but not on the same subnet.
The VMkernel port is a virtual adapter, which means it is a special device with which the vSphere host communicates with the outside world. Thus, any service at the second or third level is delivered to the vSphere host.
The VMkernel Networking Layer allows you to connect to the host. Also, it processes the system traffic of IP storage, vSphere vMotion, vSAN, Fault Tolerance, and others. As an example for vSphere replication: You can create many different VMkernel adapters use them on the source and target vSphere Replication hosts in order to isolate replication data traffic.
So, basically vSphere supports different TCP/IP stacks each of them isolated from each other.
- Default TCP/IP Stack – This default stack provides networking support for management traffic between vCenter Server and ESXi hosts, and other system services such as FT or iSCSI.
- vMotion TCP/IP stack – Use the vMotion TCP/IP to provide better isolation for the vMotion traffic. After you create a VMkernel adapter on the vMotion TCP/IP stack, you can use only this stack for vMotion on this host.
- Provisioning TCP/IP stack – Supports the traffic for virtual machine cold migration, cloning, and snapshot migration. You can use the provisioning TCP/IP to handle Network File Copy (NFC) traffic during long-distance vMotion
- Custom TCP/IP stacks – You can add custom TCP/IP stacks at the VMkernel level to handle the networking traffic of custom applications.
Find other chapters on the main page of the guide – VCP7-DCV Study Guide – VCP-DCV 2021 Certification,
VMware Direct download/buy links:
- VMware vSphere 7.0 Essentials PLUS
- VMware vSphere 7.0 Essentials
- VMware vSphere 7.0 Enterprise PLUS
- vSphere Essentials Per Incident Support
- Upgrade to vSphere Enterprise Plus
- VMware Current Promotions
More posts from ESX Virtualization:
- vSphere 7 U2 Released
- vSphere 7.0 Download Now Available
- vSphere 7.0 Page [All details about vSphere and related products here]
- VMware vSphere 7.0 Announced – vCenter Server Details
- VMware vSphere 7.0 DRS Improvements – What's New
- How to Patch vCenter Server Appliance (VCSA) – [Guide]
- What is The Difference between VMware vSphere, ESXi and vCenter
- How to Configure VMware High Availability (HA) Cluster