VCAP-DCA 5 Objective 2.3 – Deploy & Maintain Scalable Virtual Networking

Objective 2.3 – Deploy & Maintain Scalable Virtual Networking

For this objective I used the following resources:

  • vSphere Networking Documentation
  • VMware Virtual Networking Concepts Whitepaper
  • VMware KB Article 1006558
  • VMware KB Article 1006778
  • VMware KB Article 1005577
  • VMware KB Article 1002722
  • VMware KB Article 1004088
  • VMware KB Article 1004048
  • VMware KB Article 1001938

Knowledge

Identify VMware NIC Teaming Polices

  • Load Balancing – Determines how OUTGOING traffic is distributed among the network adapters assigned to a vSwitch. Four options are available:
    1. Route based on the originating port ID (Default) – Choose an uplink based on the virtual port where the traffic entered the virtual switch
    2. Route based on IP Hash – Choose an uplink based on a hash of the source and destination IP addresses of each packet. For non-IP packets, whatever is at those offsets is used to compute the hash (See VMware KB Article 1001938 “ESX/ESXi host requirements for link aggregation” for further reading)
    3. Route based on source MAC Hash – Choose an uplink based on a hash of the source Ethernet
    4. Use explicit failover order – Always use the highest order uplink from the list of Active adapters which passes failover detection criteria
  • Network Failover Detection – Controls the link status and beacon probing. Beaconing is not supported with guest VLAN tagging. Two options for use:
    1. Link Status Only – Relies solely on the link status that the network adapter provides. This option detects failures, such as cable pulls and physical switch power failures, but not configuration errors, such as a physical switch port being blocked by spanning tree or that is misconfigured to the wrong VLAN or cable pulls on the other side of a physical switch.
    2. Beacon Probing – Sends out and listens for beacon probes on all NICs in the team and uses this information, in addition to link status, to determine link failure. This detects many of the failures previously mentioned that are not detected by link stats alone (See VMware KB Article 1005577 “What is beacon probing?” on how beacon probing works and how to properly implement).
  • Notify Switches –  Select Yes or No to notify switches in the case of failover. If you select Yes, whenever a virtual NIC is connected to the vSwitch or whenever that virtual NIC’s traffic would be routed over a different physical network to update the lookup tables on physical switches. In almost all cases, this process is desirable for the lowest latency of failover occurrences and migrations with vMotion

Note – Do not use this option when the virtual machines using the port group are using Microsoft Network Load Balancing in unicast mode. No such issue exists with NLB running in multicast mode. For proper implementation of MS NLB have a look at VMware KB Article 1006558 “Sample Configuration – Network Load Balancing (NLB) Multicast Mode Configuration” or VMware KB Article 1006778 “Sample Configuration – Network Load Balancing (NLB) UNICAST Mode Configuration”.

  • Failback – Select Yes or No to disable or enabled failback. This option determines how a physical adapter is returned to active duty after recovering from a failure. If failback is set to Yes (default), the adapter is returned to active duty immediately upon recovery, displacing the standby adapter that took over its slot, if any. If failback is set to No, a failed adapter is left inactive even after recovery until another currently active adapter fails, requiring its replacement.
  • Failover Order – Specify how to distribute the work load for uplinks, If you want to use some uplinks but reserve others for emergencies in case the uplinks in use fail, set this condition by moving them into different groups:
    • Active Uplinks – Continue to use the uplink when the network adapter connectivity is up and active
    • Standby Uplinks – Use this uplink if one of the active adapter’s connectivity is down
    • Unused Uplinks – Do not use this uplink

Information above taken from the vSphere Networking documentation and the VMware Virtual Networking Concepts whitepaper. For a brief video on configuring NIC teaming see VMware KB Article 1004088 “NIC teaming in ESXi and ESX”.

Identify Common Network Protocols

A brief list of what I think are “common” protocols:

  • HTTP – TCP Port 80
  • HTTPS – TCP Port 443
  • Telnet – TCP Port 23
  • SSH – TCP Port 22
  • SNMP – UDP Port 161
  • DNS – TCUP/UDP Port 53

Skills and Abilities

Understand the NIC Teaming Failover Types and Related Physical Network Settings

Review information under “Identify VMware NIC Teaming Policies”. For information on l physical network settings to use the IP Hash load balancing policy review the following VMware KB Articles:

Determine and Apply Failover Settings

Review information under “Identify VMware NIC Teaming Policies”

Configure Explicit Failover to Conform with VMware Best Practices

See VMware KB Article 1002722 “Dedicating specific NICs to portgroups while maintaining NIC teaming and failover for the vSwitch” for an example of this configuration

Configure Portgroups to Properly Isolate Network Traffice

Review the VMware KB Article listed above as well as leverage the use of VLAN tagging on a vSwitch/portgroups to further isolate network traffc