Advanced Networking

Runecast Academy Series 1 – Part 8. Advanced Networking

vSphere Distributed Switch – Overview

The vSphere Distributed Switch (VDS) provides centralized management and visibility of the Virtual Machine (VM) and Host networks across your virtual environment. It follows the same Uplink and Portgroup concepts as the vSphere Standard Switch (VSS) but, unlike it, the VDS is created and managed at the vCenter Server level. This greatly reduces operational costs and minimizes potential misconfiguration across hosts in a cluster.

The VDS configuration is stored in the vCenter Server database and any modifications to it must be done via the vCenter Server. The VDS operates at virtual Datacenter level, therefore you can have hosts from different clusters connected to the same VDS.

When a host is added to the VDS or the VDS is modified, the configuration is pushed down to all ESXi hosts connected to that Distributed Switch. This keeps the network operational in case the vCenter Server suffers a failure or it goes down for maintenance.

Important: Changing VDS configuration or VDS Portgroup assignment of VMs is not allowed if the vCenter Server is not accessible. During this time you can only change the VM assignment to the VSS portgroup.

vSphere Distributed Switch – Features

Besides the centralized management, the vSphere Distributed Switch provides all functionality that the VSS does and also adds much more to the table. Below are some of the key differentiating features:

• Network I/O Control – provides control over the network bandwidth in a similar way as CPU and Memory for VMs. By increasing the NIC throughput, it becomes increasingly common that multiple services are sharing the same uplink ports. To avoid the situation where a single service saturates the whole available bandwidth, Network I/O Control allows setting of Shares, Limits, and Reservations for VM and different types of system traffic.
• NetFlow – VDS allows specifying a NetFlow collector. It can analyze all the traffic passed through the switch and provide additional insights and analysis of the traffic.
• Health Check – provides regular health checks for VLAN and MTUs misconfiguration as well as for the teaming and failover policies against the physical switch configuration.
• “Route Based on Physical NIC Load” NIC teaming policy – can perform a kind of dynamic load-balancing. The distributed switch tests the uplinks every 30 seconds, and if their load exceeds 75 percent of usage, the port ID of the virtual machine with the highest I/O is moved to a different uplink.
• Link Aggregation Control Protocol (LACP) – you can configure one or multiple Link Aggregation Groups (LAGs) to aggregate the bandwidth of physical NICs on ESXi hosts that are connected to LACP port channels on the switch. Special care needs to be applied to the physical switch configuration to ensure proper operation. LACP is not supported on the vSphere Standard Switch.

These are some of the most important features that can help tip the scale to purchase an Enterprise Plus license, which allows you to use Distributed Switches. There are additional features like Private vLANs, port level overrides, port mirroring etc., which can also help you maintain an optimal and secure virtual environment.

Backup and Upgrade of vSphere Distributed Switch

New vSphere releases may introduce a newer version of the vSphere Distributed Switch. Once the vCenter Server and all the hosts are upgraded, it’s a best practice to upgrade the VDS as well. The process is quite simple and usually doesn’t introduce any kind of downtime or failures. However, always make sure to review the release notes to validate if there could be any impact.

Did you know that you can export your Distributed Switch configuration? It’s as simple as right clicking on your VDS and selecting Export Configuration…. The result is a .zip file with all your switch and port group configurations (if specified). You can then restore the entire VDS, import it to another vCenter, or even restore the configuration of individual port groups.

What’s this I hear about NSX, then?

VMware NSX is your natural next step if you want to take full advantage of SDN (Software-Defined Network) in your datacenter. The topic is beyond the scope of this article, but you as a VMware Admin should be aware of the concept.

VMware NSX is a network virtualization and security platform that provides the abstraction of network services from the underlying hardware. This abstraction is achieved by the use of an overlay encapsulation protocol called VXLAN (Virtual Extensible LAN) in NSX-V, and Geneve in the more modern NSX-T. These allow the creation of Layer 2 logical networks that are encapsulated in standard Layer 3 IP packets. It increases the scalability and is in the core of the SDN.

With VMware NSX, functions like switching, routing, firewalling and load balancing are brought closer to the application and distributed across the environment, allowing granular access control and limiting unnecessary traffic. It also brings greater scope for automation. If you’d like to learn more about NSX reach out to us on Twitter and let us know!

Summary

While the vSphere Standard Switch provides basic network connectivity for hosts and VMs, vSphere Distributed Switch is the go to option when it comes down to enterprise-level virtual environments. The operational improvements – along with many additional features only available with VDS – can justify the cost for a vSphere Enterprise Plus license, which is required for using Distributed switches. Also, a VDS is the foundation for moving to full SDDC and adopting SDN in the form of VMware NSX.