- How to use VMware vSAN ReadyNode Configurator - Fri, Dec 17 2021
- VMware Tanzu Kubernetes Toolkit version 1.3 new features - Fri, Dec 10 2021
- Disaster recovery strategies for vCenter Server appliance VM - Fri, Nov 26 2021
While vSphere 7 does not offer any significant changes or new networking capabilities, it does offer the ability to run vSphere with Kubernetes, which previously involved NSX-T installation. However, NSX-T is not required to run Kubernetes clusters with vSphere 7.
As you know, NSX-T has some network requirements that need to be met before installation. vSphere 7, or rather vCenter Server 7, offers a new capability called Multi-homed NICs, which allow having multiple management interfaces for vCenter and fulfilling different network configuration and segmentation needs.
Let's start with the basics first and compare some VSS and VDS features.
vSphere Standard Switch ^
This works pretty much the same as a physical Ethernet switch. VSS knows which virtual machines are logically connected to each of its virtual ports and uses that information to forward traffic to the correct virtual machines. VSS can be connected to physical switches by using physical Ethernet adapters. These adapters are called uplinks, and their important function is to connect the virtual network into a physical network as they are connected to a physical switch.
vSphere Distributed Switch ^
Imagine VDS as a single switch connected with all associated hosts in a data center. The VDS has the role of providing centralized provisioning, administration, and monitoring of virtual networks. When you configure VDS, you can choose the ESXi host to which you attach and propagate this configuration. In this way, you don't have to go one-by-one to each of your ESXi hosts to replicate the configuration.
As you can see, with the evolution of vSphere versions, the VDS has evolved as well. You can see all the versions you can still create on vCenter Server 7. vSphere 6 is no longer on the list.
Standard Port Group ^
When you want to connect network services that are active on your network, you do it through standard port groups. Port groups basically define how a connection is made through the switch to the network. Usually, you have a single standard switch that is associated with one or more port groups. But this is not a limit. You can also create multiple VSSs on your host, each of which can carry multiple port groups.
Distributed Port Group ^
This is a port group that is associated with a vSphere distributed switch. Distributed port groups define how a connection is done through the vSphere distributed switch to the network.
vSphere 7 Standard Switch advanced networking options ^
Some advanced options that are available when you configure a VSS are the possibility of having two or more physical NICs in a team to increase the network capacity of the VSS or a standard port group. You can also configure failover order to create network traffic routing in the event of adapter failure.
Another feature within VSS is that you can select a load balancing algorithm to determine how the standard switch distributes the traffic between the physical NICs in a team.
Configure load balancing on VSS ^
Remember, those are per-vSwitch settings, so if you have three hosts in the cluster, you must replicate those settings manually across all your hosts. Hence, the advantage of distributed vSwitch.
You have several options here:
Route based on originating virtual port
The VSS selects uplinks that are based on the VM port IDs on the VSS or VDS. Default load balancing method. Each VM running on the ESXi host has a virtual port ID on the vSwitch. VSS uses the virtual machine port ID and the number of uplinks in the NIC team. Once the uplink is selected, it always forwards traffic through the same uplink for this VM (while the VM is still running on the same port). Once the VM is migrated or deleted, the port ID on vSwitch is freed.
Route based on source MAC hash
The vSwitch selects uplinks for VMs based on the source and destination IP address of each packet. The system calculates an uplink for the VM based on the VM's MAC address and the number of uplinks in the NIC team.
The advantage is that there is a more even distribution of the traffic than Route Based on Originating Virtual Port. The virtual switch calculates an uplink for every packet. However, this policy consumes somewhat more resources. Another disadvantage is the fact that the vSwitch does not know if the uplink is saturated.
Route based on IP hash
This policy is used when the vSwitch selects uplinks for VMs based on the source and destination IP of each packet. Any VM can use any uplink in the NIC team. The route depends only on the source and destination IP address. The advantage is that each VM can use the bandwidth of any uplink in the team, and the traffic is spread evenly among all uplinks in the NIC team.
Route based on physical (only available for VDS)
The best option. This load balancing policy is based on Route Based on Originating Virtual Port, where the virtual switch checks the actual load of the uplinks and takes steps to reduce it on overloaded uplinks.
Use Explicit Failover Order
No real load balancing is done with this policy. The vSwitch always uses the uplink that is the first in the list of active adapters. If no adapters are available in the "Active" list, then the vSwitch picks the adapter from the "Standby" adapters list.
Contrary to settings at the vSwitch level, we can have a look at the port group level. Remember, each vSwitch can have several port groups. The same load balancing options apply there, too. The only thing that changes is that little checkbox "override," allowing us to have a different policy on the port group level than at the vSwitch level.
Now let's see what it looks like at the distributed port group. You see that we have the option to choose a network load balancing policy based on the "Route Based on Physical NIC Load" here.
Final words ^
This topic is part of a Free Study Guide to pass VMware certification for vSphere 7. We haven't been able to cover everything here. There are vLANS and vLAN tagging options. There are also security policies and traffic shaping policies or resource allocation policies. A lot to cover indeed. Make sure to have the full documentation set of PDFs and browse the HTML online documentation from VMware for vSphere 7.
Subscribe to 4sysops newsletter!
By studying these topics, you'll be able to pass a 2V0–21.20 exam (VCP-DCV 2020). We have a dedicated WordPress page VCP-DCV 2020 Certification.