VMware vSphere ^TM

With the release of vSphere 4.0, VMware introduced the vSphere Distributed Switch. VDS eases the management burden of per host virtual switch configuration by treating the network as an aggregated resource. Individual host-level virtual switches are abstracted into a single large VDS that spans multiple hosts at the Datacenter level. In this design, the data plane remains local to each VDS, but the management plane is centralized with vCenter Server acting as the control point for all configured VDS instances.

Each vCenter Server instance can support up to 128 VDSs and each VDS can manage up to 500 hosts. Many of the concepts involved in configuring and managing a Standard Switch are carried forward with the VDS, with changes made to enable managing multiple switches.

Distributed Virtual Port Groups (DV Port Groups) are port groups associated with a VDS and specify port configuration options for each member port. DV Port Groups define how a connection is made through the VDS to the Network. Configuration parameters are similar to those available with Port Groups on Standard Switches. The VLAN ID, traffic shaping parameters, port security, teaming and load balancing configuration, and other settings are configured here. Each VDS supports up to 10000 static port groups.

Distributed Virtual Uplinks (dvUplinks) are a new concept introduced with VDS. dvUplinks provide a level of abstraction for the physical NICs (vmnics) on each host. NIC teaming, load balancing, and failover policies on the VDS and DV Port Groups are applied to the dvUplinks and not the vmnics on individual hosts. Each vmnic on each host is mapped to a dvUplinks, permitting teaming and failover consistency irrespective of vmnic assignments.

Private VLANs
Private VLAN (PVLAN) support enables broader compatibility with existing networking environments using Private VLAN technology. Private VLANs enable users to restrict communication between virtual machines on the same VLAN or network segment, significantly reducing the number of subnets needed for certain network configurations.

Network vMotion
Network vMotion is the tracking of virtual machine networking state (e.g. counters, port statistics) as the virtual machine moves from host to host on a VDS. This provides a consistent view of a virtual network interface regardless of the VM location or vMotion migration history. This greatly simplifies network monitoring and troubleshooting activities where vMotion is used to migrate VMs between hosts.

Bi-directional Traffic Shaping
VDS expands upon the egress only traffic shaping feature of Standard Switches with bi-directional traffic shaping capabilities. Egress (from virtual machine to network) and now ingress (from network into virtual machine) traffic shaping policies can now be applied on DV Port Group Definitions. Traffic shaping is useful in cases where you may wish to limit the traffic to or from a VM or group of VMs to either protect a VM or other traffic in an oversubscribed network. Policies are defined by three characteristics: average bandwidth, peak bandwidth, and burst size.

Third Party Virtual Switch Support
VDS includes switch extensibility for seamless integration of 3rd party control planes, data planes, and user interfaces. These include the Cisco Nexus 1000v and IBM 5000v.

Network connectivity issues caused by configuration errors are often difficult to identify. This particularly is the case in an organization where the network administrators and vSphere administrators take management ownership of, respectively, physical network switches and vSphere hosts. vSphere 5.1 introduced a network health check that monitors the following three network parameters at regular intervals:

1. VLAN
2. MTU
3. Network adapter teaming

At a regular interval, layer 2 Ethernet probing packets are sent and received across the physical uplink interfaces of the VDS. Depending on the configuration of the network device, which is connected directly to the VDS through the physical uplink interfaces, REQ and ACK packets are received or dropped. When packets are dropped, it indicates that there is a configuration issue, and that warning is displayed in the VMware vSphere® Client™ view.

The VDS configuration is managed through vCenter Server, and all the virtual network configuration details are stored in the VMware vCenter™ database. vSphere 5.1 adds the capability to backup and restore VDS configuration information. Users can take snapshots of the VDS configuration as well as port group–level configuration. The VDS backup information can be used to build a revision control system that tracks and provides controls over changes to virtual network configurations. This enables the user to restore any prior network configuration, including after a vCenter Server database failure situation. The stored VDS configurations can also be used as a template to create similar VDS configurations in other environments.

The vSphere management network is configured on every host and is used to communicate with vCenter Server and to interact with other hosts during VMware vSphere® High Availability (vSphere HA) configuration and operation. It is critical with regard to centrally managing hosts through vCenter Server. If the management network on the host goes down or there is a misconfiguration, vCenter Server can’t connect to the host and therefore can’t centrally manage the vSphere infrastructure.
The automatic rollback and recovery feature introduced in vSphere 5.1 addresses all user concerns regarding use of the management network on a VDS. First, the automatic rollback feature automatically detects any configuration changes on the management network. If the host can't reach the vCenter Server system after changes are applied, the change is rolled back to the previous working configuration. Second, users also have an option to reconfigure the management network of the VDS per host through the DCUI.

Link Aggregation Control Protocol (LACP) is a standards-based method to control the bundling of several physical network links together to form a logical channel for increased bandwidth and redundancy purposes. LACP enables a network device to negotiate an automatic bundling of links by sending LACP packets to the peer. vSphere 5.1 added support for standards-based link aggregation protocol.

Single Root I/O Virtualization is a standard that allows one PCI express (PCIe) adapter to be presented as multiple separate logical devices to virtual machines. The hypervisor manages the physical function (PF) while the virtual functions (VFs) are exposed to the virtual machines. In the hypervisor, SR-IOV capable network devices offer the benefits of direct I/O, which includes reduced latency and reduced host CPU utilization. The VMware vSphere platform’s VM Direct Path (pass through) functionality provides similar benefits to the customer, but requires a physical adapter per virtual machine. In SR-IOV the pass through functionality can be provided from a single adapter to multiple virtual machines through Virtual Functions.

BPDUs are data messages or packets that are exchanged across switches to detect loops in a network. These packets are part of the Spanning Tree Protocol (STP) and are used to discover the network topology. The VMware virtual switches (VDS and VSS) do not support STP and thus do not participate in BPDU exchange across external physical access switches over the uplinks. vSphere 5.1 adds a BPDU filter feature that allows customer to filter BPDU packets that are generated by virtual machines and thus prevents any Denial of Service attack situation. This feature is available on VMware vSphere Standard and Distributed switches, and can be enabled by changing the advanced “Net” settings on ESXi host.

Scalability ImprovementsThe following table lists the VDS scale numbers for vSphere 5.1: