Configuring and Managing

Virtual Networks

Module 5

© 2018 VMware, Inc.

You Are Here

1. Course Introduction 7. Virtual Machine Management

2. Introduction to vSphere and the 8. Resource Management and
Software-Defined Data Center Monitoring
3. Creating Virtual Machines 9. vSphere HA, vSphere Fault
Tolerance, and Protecting Data
4. vCenter Server
10. vSphere DRS
5. Configuring and Managing Virtual
Networks 11. vSphere Update Manager
6. Configuring and Managing Virtual 12. vSphere Troubleshooting
Storage

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-2

Importance
Virtual machines must be able to communicate with other virtual machines and physical
machines. Remote host management and IP-based storage must be able to operate effectively.
Failure to properly configure ESXi networking can negatively affect the operations of your virtual
infrastructure.

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-3

Module Lessons
Lesson 1: Introduction to vSphere Standard Switches
Lesson 2: Configuring Standard Switch Policies

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-4

Lesson 1: Introduction to vSphere
Standard Switches

© 2018 VMware Inc. All rights reserved.

Learner Objectives
By the end of this lesson, you should be able to meet the following objectives:
• Describe the virtual switch connection types
• Configure and view standard switch configurations, such as virtual machine port groups,
VMkernel ports, VLANs, and security features
• Compare the features of standard switches and distributed switches

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-6

Types of Virtual Switch Connections
Virtual switches provide the connectivity between virtual machines on the same host or on
different hosts. Virtual switches also support VMkernel network access for remote host
management, vSphere vMotion migration, iSCSI, and NFS.
A virtual switch has specific connection types:
• Virtual machine port groups
• VMkernel port: For IP storage, vSphere vMotion migration, VMware vSphere® Fault Tolerance,
vSAN, VMware vSphere® Replication™, and the ESXi management network
• Uplink ports

Virtual Machine Port Groups VMkernel Ports

Production TestDev DMZ vSphere Management

vMotion
Virtual Switch

Uplink Ports

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-7

About Standard Switches
A standard switch provides connections for virtual machines to communicate with one another,
whether they are on the same host or on different hosts.

VM VM VM
1 2 3
vNIC vNIC vNIC vNIC

IP Storage Management
VMkernel Network

Test VLAN 101

Production VLAN 102
IP Storage VLAN 103
Management VLAN 104

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-8

Viewing the Configuration of Standard Switches
You can view a host’s standard switch configuration by selecting Virtual switches on the
Configure tab.

Display port group

properties.
Edit or delete the
port or port
group.

VMkernel
port group

Virtual machine
port group

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-9

About VLANs
ESXi supports 802.1Q VLAN tagging.
VM VM
Virtual switch tagging is one of the tagging
policies supported:
• Frames from a virtual machine are tagged
as they exit the virtual switch.
VMkernel VLAN VLAN
• Tagged frames arriving at a virtual switch 105 106
are untagged before they are sent to the
destination virtual machine. Virtual Switch

• The effect on performance is minimal.

Physical NIC
ESXi provides VLAN support by assigning a
VLAN ID to a port group. Physical Switch
Trunk Port

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-10

Types of Virtual Switches
A virtual network supports the following types of virtual switches:
• Standard switches:
– Virtual switch configuration for a single host.
• Distributed switches:
– Virtual switch configured for an entire data center.
– Up to 2,000 hosts can be attached to the same distributed switch.
– Consistent configuration across all attached hosts.
– Hosts must either have Enterprise Plus license or belong to a vSAN cluster.
Both switch types are elastic: ports are created and removed automatically.

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-11

Distributed Switch Architecture

Management Port Management Port

vSphere vMotion vSphere vMotion

Port Port
Distributed Ports
and Port Groups
Distributed Switch vCenter
(Control Plane) Server
Uplink
Port Group

Hidden Virtual
Switches
(I/O Plane) Virtual

Physical NICs Physical

(Uplinks)

Host 1 Host 2

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-12

Standard Switch and Distributed Switch Feature Comparison
Feature Standard Switch Distributed Switch
Layer 2 switch
VLAN segmentation
IPv6 support
802.1Q tagging
NIC teaming
Outbound traffic shaping
Inbound traffic shaping
VM network port block
Private VLANs
Load-based teaming
Data center-level management
vSphere vMotion migration over a network
Per-port policy settings
Port state monitoring
NetFlow
Port mirroring

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-13

Review of Learner Objectives
You should be able to meet the following objectives:
• Describe the virtual switch connection types
• Configure and view standard switch configurations, such as virtual machine port groups,
VMkernel ports, VLANs, and security features
• Compare the features of standard switches and distributed switches

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-14

Lesson 2: Configuring Standard
Switch Policies

© 2018 VMware Inc. All rights reserved.

Learner Objectives
By the end of this lesson, you should be able to meet the following objectives:
• Explain how to set the security policies for a standard switch port group
• Explain how to set the traffic-shaping policies for a standard switch port group
• Explain how to set the NIC teaming and failover policies for a standard switch port group

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-16

Network Switch and Port Policies
Policies that are set at the standard switch level apply to all port groups on the standard switch by
default.
Available network policies:
• Security
• Traffic shaping
• NIC teaming and failover
Policies are defined at the following levels:
• Standard switch level:
– Default policies for all the ports on the standard switch.
• Port group level:
– Effective policies: Policies defined at this level override the default policies that are set at the
standard switch level.

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-17

Configuring Security Policies
Administrators can define security policies at both the standard switch level and the port group
level:
• Promiscuous mode: Allows a virtual switch or port group to forward all traffic regardless of the
destination.
• MAC address changes: Accept or reject inbound traffic when the MAC address is altered by
the guest.
• Forged transmits: Accept or reject outbound traffic when the MAC address is altered by the
guest.

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-18

Traffic-Shaping Policies
Network traffic shaping is a mechanism for limiting a virtual machine’s consumption of available
network bandwidth.
Average rate, peak rate, and burst size are configurable.

Outbound Bandwidth

Peak Bandwidth

Average

Time
Burst Size = Bandwidth x Time

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-19

Configuring Traffic Shaping
A traffic-shaping policy is defined by average bandwidth, peak bandwidth, and burst size. You can
establish a traffic-shaping policy for each port group and each distributed port or distributed port
group:
• Traffic shaping is disabled by default.
• Parameters apply to each virtual NIC in the standard switch.
• On a standard switch, traffic shaping controls only outbound traffic, that is, traffic travelling from
the VMs to the virtual switch and out onto the physical network.

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-20

NIC Teaming and Failover Policies
Administrators can edit the NIC teaming and failover policy by configuring specific options.

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-21

Load-Balancing Method: Originating Virtual Port ID
Routing based on the originating port ID is called virtual port ID load balancing.

Virtual
Switch
Physical
Switch

Virtual NICs Physical NICs

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-22

Load-Balancing Method: Source MAC Hash
The diagram shows routing based on source MAC hash.

Virtual
Switch Physical
Switch

Virtual Physical
NICs NICs

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-23

Load-Balancing Method: Source and Destination IP Hash
The diagram shows routing based on IP hash.

Virtual Physical
Switch Switch

Virtual NICs Physical NICs

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-24

Detecting and Handling Network Failure
The VMkernel can use link status or beaconing, or both, to detect a network failure.
Network failure is detected by the VMkernel, which monitors the link state and performs beacon
probing.
The VMkernel notifies physical switches of changes in the physical location of a MAC address.
Failover is implemented by the VMkernel based on configurable parameters:
• Failback: How the physical adapter is returned to active duty after recovering from failure.
• Load-balancing option: Use explicit failover order. Always use the vmnic uplink at the top of the
active adapter list.

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-25

Lab 4: Using Standard Switches
Create a standard switch and a port group
1. View the Standard Switch Configuration
2. Create a Standard Switch with a Virtual Machine Port Group
3. Attach Your Virtual Machines to the New Virtual Machine Port Group

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-26

Review of Learner Objectives
You should be able to meet the following objectives:
• Explain how to set the security policies for a standard switch port group
• Explain how to set the traffic-shaping policies for a standard switch port group
• Explain how to set the NIC teaming and failover policies for a standard switch port group

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-27

Key Points
• The following connection types can exist on a virtual switch: virtual machine port group,
VMkernel, and physical uplinks.
• A standard switch is a virtual switch configuration for a single host.
• Network policies set at the standard switch level can be overridden at the port group level.
• A distributed switch provides centralized management and monitoring of the networking
configuration of all hosts that are associated with the switch.
Questions?

© 2018 VMware, Inc. VMware vSphere: Install, Configure, Manage | 5-28