Category Archives: Networking
Configure NetFlow Settings
NetFlow is a network analysis tool that you can use to monitor network monitoring and virtual machine traffic.
NetFlow is available on vSphere distributed switch version 5.0.0 and later.
Procedure
1 Log in to the vSphere Client and select the Networking inventory view.
2 Right-click the vSphere distributed switch in the inventory pane, and select Edit Settings.
3 Navigate to the NetFlow tab.
The sampling rate determines what portion of data, NetFlow collects, with the sampling rate number
determining how often NetFlow collects the packets. A collector with a sampling rate of 2 collects data
from every other packet. A collector with a sampling rate of 5 collects data from every fifth packet.
9 Click OK.
How to enable Port Mirroring
Working With Port Mirroring
Port mirroring allows you to mirror a distributed port’s traffic to other distributed ports or specific physical
switch ports.
Create a Port Mirroring Session
Create a port mirroring session to mirror vSphere distributed switch traffic to specific physical switch ports.
Prerequisites
Needs a vSphere distributed switch version 5.0.0 or later.
Specify Port Mirroring Name and Session Details
Specify the name, description, and session details for the new port mirroring session.
Procedure
1 Log in to the vSphere Client and select the Networking inventory view.
2 Right-click the vSphere distributed switch in the inventory pane, and select Edit Settings.
3 On the Port Mirroring tab, click Add.
4 Enter a Name and Description for the port mirroring session.
Click Next.
Choose Port Mirroring Destinations
Click Next.
Choose Port Mirroring Destinations
Select Port, or uplink as destinations for the port mirroring session.
Port Mirroring is checked against the VLAN forwarding policy. If the VLAN of the original frames is not equal to or trunked by the destination port, the frames are not mirrored.
You can optionally enable port mirroring now or later now.
How to enable IPv6 on vSphere
Please note IPv6 is disabled by default.
Prerequisites
Required privilege: Host.Configuration.Network Configuration
Procedure
1 From the vSphere Client Home page, click Hosts and Clusters.
2 Select the host and click the Configuration tab.
3 Click the Networking link under Hardware.
4 In the vSphere Standard Switch view, click the Properties link.
5 Select Enable IPv6 support on this host system and click OK.
6 Reboot the host.
How to Manage Policies for Multiple Port Groups on a vDS
You can modify networking policies for multiple port groups on a distributed switch.
Prerequisites
Create a vSphere distributed switch with one or more port groups.
Procedure
1 Log in to the vSphere Client and select the Networking inventory view.
2 Right-click the distributed switch and select Manage Port Groups.
3 Select the policy categories to modify.
For purpose of this discussion let’s select Teaming and Failover policy
So next screen are specific to Teaming and Failover policy only.
How to block Port Blocking in vDS
Port blocking policies allow you to selectively block ports from sending or receiving data.
Port Blocking Policy for a Distributed Port Group
The Miscellaneous policies dialog allows you to configure various distributed port group policies.
Procedure
1 Log in to the vSphere Client and select the Networking inventory view.
2 Right-click the distributed port group in the inventory pane, and select Edit Settings.
3 Select Policies.
4 In the Miscellaneous group, choose whether to Block all ports in this distributed port group.
5 Click OK.
How to enable NetFlow
Monitoring Policy
The monitoring policy enables or disables NetFlow monitoring on a distributed port or port group.
NetFlow settings are configured at the vSphere distributed switch level.
Edit the Monitoring Policy on a Distributed Port Group
With the Monitoring policy, you can enable or disable NetFlow monitoring on a distributed port group.
Procedure
1 Log in to the vSphere Client and select the Networking inventory view.
2 Right-click the distributed port group in the inventory pane, and select Edit Settings.
3 Select Policies.
4 In the Monitoring group, select the NetFlow Status from the drop down menu.
5 Click OK
Edit the Resource Allocation Policy on a Distributed Port
Associate a distributed port with a network resource pool to give you greater control over the bandwidth given to the port.
Prerequisites
Enable Network I/O Control on the host and create one or more user-defined network resource pools.
Procedure
1. Log in to the vSphere Client and select the Networking inventory view.
2. Select the vSphere distributed switch in the inventory pane.
3. On the Ports tab, right-click the port to modify and select Edit Settings.
4. Select Policies.
5. In the Resource Allocation group, select the Network Resource Pool to associate the port with from the drop-down menu.
6. Click OK.
Notes for Storage Guide 02
For Guide 01 click here
NetFlow is a network analysis tool that you can use to monitor network monitoring and virtual machine traffic.
NetFlow is available on vSphere distributed switch version 5.0.0 and later.
Switch discovery protocols allow vSphere administrators to determine which switch port is connected to a given vSphere standard switch or vSphere distributed switch.
vSphere 5.0 supports Cisco Discovery Protocol (CDP) and Link Layer Discovery Protocol (LLDP).
CDP is available for both vSphere standard switches and vSphere distributed switches connected to Cisco physical switches.
LLDP is only available for vSphere distributed switches version 5.0.0 and later.
When CDP or LLDP is enabled for a particular vSphere distributed switch or vSphere standard switch,
you can view properties of the peer physical switch such as device ID, software version, and timeout from the vSphere Client.
Enable Cisco Discovery Protocol on a vSphere Distributed Switch
Procedure
1. Log in to the vSphere Client and select the Networking inventory view.
2. Right-click the vSphere distributed switch in the inventory pane, and select Edit Settings.
3. On the Properties tab, select Advanced.
4. Select Enabled from the Status drop-down menu.
5. Select Cisco Discovery Protocol from the Type drop-down menu.
6. Select the CDP mode from the Operation drop-down menu.
7. Click OK.
MAC Addresses
MAC addresses are generated for virtual network adapters that virtual machines and network services use.
In most cases, the generated MAC addresses are appropriate. However, you might need to set a MAC address
for a virtual network adapter, as in the following cases:
· Virtual network adapters on different physical hosts share the same subnet and are assigned the same
MAC address, causing a conflict.
· To ensure that a virtual network adapter always has the same MAC address.
To circumvent the limit of 256 virtual network adapters per physical machine and possible MAC address conflicts
between virtual machines, system administrators can manually assign MAC addresses.
By default, VMware uses the Organizationally Unique Identifier (OUI) 00:50:56 for manually generated
addresses, but all unique manually generated addresses are supported.
You can set the addresses by adding the following line to a virtual machine‘s configuration file:
ethernetnumber.address = 00:50:56:XX:YY:ZZ
where <number> refers to the number of the Ethernet adapter,
XX is a valid hexadecimal number between 00 and 3F (in decimal it is 63),
and YY and ZZ are valid hexadecimal numbers between 00 and FF(in decimal it is 255).
The value for XX must not be greater than 3F to avoid conflict with MAC addresses that are generated
by the VMware Workstation and VMware Server products.
The maximum value for a manually generated MAC address is:
ethernetnumber.address = 00:50:56:3F:FF:FF (in decimal 00:50:56:63:255:255)
You must also set the option in a virtual machine’s configuration file:
ethernetnumber.addressType=”static”
The first three bytes of the MAC address that is generated for each virtual network adapter consists of the OUI.
The MAC address-generation algorithm produces the other three bytes. The algorithm guarantees unique
MAC addresses within a machine and attempts to provide unique MAC addresses across machines.
The network adapters for each virtual machine on the same subnet should have unique MAC addresses.
Otherwise, they can behave unpredictably. The algorithm puts a limit on the number of running and suspended
virtual machines at any one time on any given host. It also does not handle all cases when virtual machines on
distinct physical machines share a subnet.
Who is responsible for generating MAC addresses in vSphere environment?
The VMware Universally Unique Identifier (UUID) generates MAC addresses that are checked for conflicts.
The generated MAC addresses are created by using three parts: the VMware OUI, the SMBIOS UUID for the physical ESXi machine, and a hash based on the name of the entity that the MAC address is being generated for.
When does MAC address changes?
After the MAC address has been generated, it does not change unless the virtual machine is moved to a different location, for example, to a different path on the same server. The MAC address in the configuration file of the virtual machine is saved.
All MAC addresses that have been assigned to network adapters of running and suspended virtual machines on a given physical machine are tracked. The MAC address of a powered off virtual machine is not checked against those of running or suspended virtual machines. It is possible that when a virtual machine is powered on again, it can acquire a different MAC address. This acquisition is caused by a conflict with a virtual machine that was powered on when this virtual machine was powered off.
For Guide 01 click here
Notes for Storage Guide 01
|
Load Balancing and Failover Policy |
You can edit your load balancing and failover policy by configuring the following parameters:
Load Balancing policy determines how outgoing traffic is distributed among the network adapters associated
with a switch or port group.
|
NOTE Incoming traffic is controlled by the load balancing policy on the physical switch. |
Failover Detection controls the link status and beacon probing.
Beaconing is not supported with guest VLAN tagging.
Network Adapter Order can be active or standby.
List down one of the reason why you should enable port fast
In some cases, you might lose standard switch connectivity when a failover or failback event occurs.
This causes the MAC addresses used by virtual machines associated with that standard switch
to appear on a different switch port than they previously did. To avoid this problem, put your
physical switch in portfast or portfast trunk mode
In network detection failover detection, what are the limitations of “Link Status Only”
This policy does not detect configuration errors, such as a physical switch port being blocked by
spanning tree or misconfigured to the wrong VLAN or cable pulls on the other side of a
physical switch. This policy relies solely on the link status that the network adapter provides.
This option detects only failures, such as cable pulls and physical switch power failures.
In network detection failover detection, when it is recommended not to use beacon Probing
It is recommend not using beacon probing when you are using IP hash load balancing policies.
Beacon probing sends out and listens for beacon probes on all NICs in the team and uses this
information, in addition to link status, to determine link failure. This option detects many of
the failures mentioned above that are not detected by link status alone.
In almost all cases, Notify Switches policy is set to Yes as it is desirable for the lowest
latency of failover occurrences and migrations with vMotion. But there is one use case
where it is recommended setting Notify Switches to No?
=>If you are going to use Microsoft Network Load Balancing in unicast mode, it is recommended
to set this option to No.
When you select Yes, whenever a virtual NIC is connected to the standard switch or whenever
that virtual NIC’s traffic is routed over a different physical NIC in the team because of a failover
event, a notification is sent over the network to update the lookup tables on the physical switches.
In which two cases you should not keep any network adapter in Standby Adapters list
=>When you are using iSCSI Multipathing, your VMkernel interface must be configured to have
one active adapter and when using IP-hash load balancing.
|
Security Policy |
Networking security policies determine how the adapter filters inbound and outbound frames.
The three elements of the security policy are promiscuous mode; MAC address changes, and forged transmits.
In nonpromiscuous mode, a guest adapter listens only to traffic forwarded to own MAC address.
In promiscuous mode, it can listen to all the frames. By default, guest adapters are set to nonpromiscuous mode.
In Mac Address Changes - If you set the MAC Address Changes to Reject and the guest operating system
changes the MAC address of the adapter to anything other than what is in the .vmx configuration file,
all inbound frames are dropped.
In Forget Transmits - Any outbound frame with a source MAC address that is different from the
one currently set on the adapter are dropped.
|
Traffic Shaping Policy |
A traffic shaping policy is defined by average bandwidth, peak bandwidth, and burst size.
You can establish a traffic shaping policy for each port group and each distributed port or distributed port group.
ESXi shapes outbound network traffic on standard switches and inbound and outbound traffic on distributed switches.
Traffic shaping restricts the network bandwidth available on a port, but can also be configured to
allow bursts of traffic to flow through at higher speeds.
The Status policy here is applied to each virtual adapter attached to the port group, not to the standard switch
as a whole. If you enable the policy exception in the Status field, you set limits on the amount of networking
bandwidth allocation for each virtual adapter associated with this particular port group. If you disable the
policy, services have a clear connection to the physical network by default.
Configure Passthrough Devices on a Host and Virtual Machine
Configure Passthrough Devices on a Host
Let’s first configure passthrough networking devices on a host.
Procedure
1. Select a host from the inventory panel of the vSphere Client.
2. On the Configuration tab, click Advanced Settings.
The Passthrough Configuration page appears, listing all available passthrough devices. A green icon indicates that a device is enabled and active. An orange icon indicates that the state of the device has changed and the host must be rebooted before the device can be used.
4. Click Edit.
5. Select the devices to be used for passthrough and click OK.
As seen below device has orange icon, it means in order to use this device we will need to reboot ESXi host
After device is enabled and host is reboot, Icon turns green as shown below
Configure a PCI Device on a Virtual Machine
Now let’s configure a passthrough PCI device on a virtual machine.
Procedure
1. Select a virtual machine from the inventory panel of the vSphere Client.
2. From the Inventory menu, select Virtual Machine > Edit Settings.
3. On the Hardware tab, click Add.
4. Select PCI Device and click Next.
5. Select the passthrough device to use, and click Next.
6. Click Finish.
Adding a DirectPath device to a virtual machine sets memory reservation to the memory size of the virtual machine.
