Virtual networking can become complex in VMware vSphere 7. In this post you will learn about the difference between vSphere Standard Switch (VSS) and vSphere Distributed switch (VDS) in vSphere 7.

While vSphere 7 does not offer any significant changes or new networking capabilities, it does offer the ability to run vSphere with Kubernetes, which previously involved NSX-T installation. However, NSX-T is not required to run Kubernetes clusters with vSphere 7.

As you know, NSX-T has some network requirements that need to be met before installation. vSphere 7, or rather vCenter Server 7, offers a new capability called Multi-homed NICs, which allow having multiple management interfaces for vCenter and fulfilling different network configuration and segmentation needs.

Let's start with the basics first and compare some VSS and VDS features.

vSphere Standard Switch

This works pretty much the same as a physical Ethernet switch. VSS knows which virtual machines are logically connected to each of its virtual ports and uses that information to forward traffic to the correct virtual machines. VSS can be connected to physical switches by using physical Ethernet adapters. These adapters are called uplinks, and their important function is to connect the virtual network into a physical network as they are connected to a physical switch.

Connectivity with the vSphere Standard Switch

Connectivity with the vSphere Standard Switch

vSphere Distributed Switch

Imagine VDS as a single switch connected with all associated hosts in a data center. The VDS has the role of providing centralized provisioning, administration, and monitoring of virtual networks. When you configure VDS, you can choose the ESXi host to which you attach and propagate this configuration. In this way, you don't have to go one-by-one to each of your ESXi hosts to replicate the configuration.

As you can see, with the evolution of vSphere versions, the VDS has evolved as well. You can see all the versions you can still create on vCenter Server 7. vSphere 6 is no longer on the list.

Create a new VDS at the datacenter leve

Create a new VDS at the datacenter leve

Standard Port Group

When you want to connect network services that are active on your network, you do it through standard port groups. Port groups basically define how a connection is made through the switch to the network. Usually, you have a single standard switch that is associated with one or more port groups. But this is not a limit. You can also create multiple VSSs on your host, each of which can carry multiple port groups.

Distributed Port Group

This is a port group that is associated with a vSphere distributed switch. Distributed port groups define how a connection is done through the vSphere distributed switch to the network.

vSphere 7 Standard Switch advanced networking options

Some advanced options that are available when you configure a VSS are the possibility of having two or more physical NICs in a team to increase the network capacity of the VSS or a standard port group. You can also configure failover order to create network traffic routing in the event of adapter failure.

Another feature within VSS is that you can select a load balancing algorithm to determine how the standard switch distributes the traffic between the physical NICs in a team.

Configure load balancing on VSS

Remember, those are per-vSwitch settings, so if you have three hosts in the cluster, you must replicate those settings manually across all your hosts. Hence, the advantage of distributed vSwitch.

You have several options here:

Route based on originating virtual port

The VSS selects uplinks that are based on the VM port IDs on the VSS or VDS. Default load balancing method. Each VM running on the ESXi host has a virtual port ID on the vSwitch. VSS uses the virtual machine port ID and the number of uplinks in the NIC team. Once the uplink is selected, it always forwards traffic through the same uplink for this VM (while the VM is still running on the same port). Once the VM is migrated or deleted, the port ID on vSwitch is freed.

Route based on source MAC hash

The vSwitch selects uplinks for VMs based on the source and destination IP address of each packet. The system calculates an uplink for the VM based on the VM's MAC address and the number of uplinks in the NIC team.

The advantage is that there is a more even distribution of the traffic than Route Based on Originating Virtual Port. The virtual switch calculates an uplink for every packet. However, this policy consumes somewhat more resources. Another disadvantage is the fact that the vSwitch does not know if the uplink is saturated.

Route based on IP hash

This policy is used when the vSwitch selects uplinks for VMs based on the source and destination IP of each packet. Any VM can use any uplink in the NIC team. The route depends only on the source and destination IP address. The advantage is that each VM can use the bandwidth of any uplink in the team, and the traffic is spread evenly among all uplinks in the NIC team.

Route based on physical (only available for VDS)

The best option. This load balancing policy is based on Route Based on Originating Virtual Port, where the virtual switch checks the actual load of the uplinks and takes steps to reduce it on overloaded uplinks.

Use Explicit Failover Order

No real load balancing is done with this policy. The vSwitch always uses the uplink that is the first in the list of active adapters. If no adapters are available in the "Active" list, then the vSwitch picks the adapter from the "Standby" adapters list.

Changing load balancing policy on vSwitch

Changing load balancing policy on vSwitch

Contrary to settings at the vSwitch level, we can have a look at the port group level. Remember, each vSwitch can have several port groups. The same load balancing options apply there, too. The only thing that changes is that little checkbox "override," allowing us to have a different policy on the port group level than at the vSwitch level.

Changing load balancing policy on port group

Changing load balancing policy on port group

Now let's see what it looks like at the distributed port group. You see that we have the option to choose a network load balancing policy based on the "Route Based on Physical NIC Load" here.

Changing load balancing policy on a distributed port group

Changing load balancing policy on a distributed port group

Final words

This topic is part of a Free Study Guide to pass VMware certification for vSphere 7. We haven't been able to cover everything here. There are vLANS and vLAN tagging options. There are also security policies and traffic shaping policies or resource allocation policies. A lot to cover indeed. Make sure to have the full documentation set of PDFs and browse the HTML online documentation from VMware for vSphere 7.

Subscribe to 4sysops newsletter!

By studying these topics, you'll be able to pass a 2V0–21.20 exam (VCP-DCV 2020). We have a dedicated WordPress page VCP-DCV 2020 Certification.


Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account