View
1.727
Download
0
Category
Preview:
DESCRIPTION
Citation preview
ProfessionalVMware.com
VCAP Brownbag, 8/17/2011Damian Karlson
VCAP Blueprint Section 2Objective 2.1: Implement & Manage Complex
Virtual NetworksObjective 2.2 : Configure and Maintain VLANs,
PVLANs and VLAN SettingsObjective 2.3: Deploy and Maintain Scalable
Virtual NetworkingObjective 2.4: Administer vNetwork
Distributed Switch Settings
SNMP & MoreIPv6: Host Configuration > Networking > PropertiesNetQueue: Host Configuration > Advanced
Settings > VMkernel/Boot; also use esxcfg-advcfgSNMP
vCenter: Administration > vCenter Settings > SNMP Notification traps only
ESX/ESXi ESXi only has VMware embedded SNMP agent. ESX has
Net-SNMP & VMware embedded Can only be managed through vicfg-snmp (remote CLI or
vMA), which opens the appropriate firewall ports. Configure communities first, then destination
Comparing vSS & vDSvSS (virtual standard switches) – same virtual
switching technology we all know and loveSwitches defined on each host in a clusterPortgroup/VLAN/uplink configurations can be tedious
vDS (virtual distributed switches) – introduced with vSphere 4.0Unified switch across hosts in a clusterSeparation of control and data planesExtensible through 3rd party switches (Cisco NK1v)Traffic stats available; shaping available at dvPortGroup
and dvUplink portgroup levelsIngress traffic shaping
Create & Manage vSwitchesFull range of vSS config needs supported
Some things only available through CLI, such as MTU
Partial range of vDS config needs supportedSome things not available through CLI, such as
PVLANs or creating dvPortGroupsTools are the usual suspects: esxcfg-vswitch,
esxcfg-nics, esxcfg-vswif, esxcfg-route, esxcfg-vmknic, PowerCLI, vMA
VLAN TaggingVST (virtual switch tagging)
VLANs defined at vSwitch level; physical switch accepts all or range
EST (external switch tagging)VLANs are set to 0 at vSwitch; physical switch
does all taggingVGT (virtual guest tagging)
VM tags thru virtual NIC propertiesvSwitch set to 4095; physical switch accepts all
or range
Private VLANsPVLANs are VLANs within VLANs. Requires physical
switch support.Original VLAN is the primary, additional VLANs are
secondary VLANs.Secondary VLANs come in 3 flavors:
Promiscuous VLANs have the same primary and secondary VLAN ID. Can talk to anyone in the same primary.
Isolated VLANs can only talk to hosts in a promiscuous VLAN
Community VLANs only talk to each other, and to the promiscuous VLAN
VLAN ConfigurationVLANs on vSS are defined at the portgroup levelPVLANs are defined at the vDS level first, then
can be selected at the portgroup levelDistributed switches can have VLANs defined at
the dvPortGroup level and the dvUplink PortGroup level
vDS VLAN options“None” for EST“VLAN” for VST“VLAN Trunking” for VGT or multiple VST
Uplink teamingRoute based on IP hash
Requires Etherchannel or equivalent. Req’d for FT
Explicit failoverCan be used to balance load & provide
availability in certain situationsRoute based on source MACRoute based on virtual port ID
Network IsolationIsolate vMotion, NFS, iSCSI, FTSeparate storage from VM networksUse VLANsWhen teaming use physical NICs on different
busses
vDS Port BindingsStatic
Port is assigned at all times, until the VM is removed from the port group
VM can only be connected through vCenterDynamic
Port is assigned when VM is on and vmnic is connected, otherwise it is disconnected.
VMs with dynamic ports can only be powered on/off through vCenter
EphemeraldvPorts can be assigned through ESX/ESXi or vCenterPort assigning works like dynamicUsually only reserved for emergency/recovery/vCenter down
vSS to vDS Port MigrationsCreate vDS
UplinksPortgroupsVLANs
Break vSS team and assign one uplink to vDSNetworking > Migrate Virtual Machine
NetworkSelect source and destination; select VMs;
migrateRemove vSS portgroups and switch as needed
ResourcesSean Crookston’s guide (updated on
damiankarlson.com)Ed Grigson’s guideEric Sloof’s VCAP testKendrick Coleman’s VCAP-DCA pageTrainsignal TroubleshootingPersonal experience and practice, practice,
practice
Recommended