Objective 3.4 of VCAP6-Deploy exam covers following topics
- Perform a vDS Health Check for teaming, MTU, mismatches, etc.
- Configure port groups to properly isolate network traffic
- Use command line tools to troubleshoot and identify configuration issues
- Use command line tools to troubleshoot and identify VLAN configurations
- Use DCUI network tool to correct network connectivity issue
Lets discuss about these topics one by one.
Perform a vDS Health Check for teaming, MTU, mismatches, etc.
The network configuration for the vSphere infrastructure is a very cumbersome task and if the process is not automated then there are chances of configuration error. Typical network configuration includes tasks like configuring VLAN, Setting uplinks, NIC teaming, configuring VLAN etc.
Now if anyone of the above configuratin is misconfigured, it can lead to host disconnection, VM traffic not traversing to destination, storage disconnection (if using iSCSI) or any other issues.
In earlier versions of vSphere, there were no tools available that could help resolve such misconfigurations across the physical and virtual switches. VMware introduced Network health check in vSphere 5.1 to counter configuration errors.
The common configuration errors that health check identifies are:
- VLAN: Checks whether vSphere distributed switch VLAN settings match trunk port configuration on the adjacent physical switch ports.
- MTU: Checks whether the physical access switch port MTU setting based on per VLAN matches the vSphere distributed switch MTU setting.
- NIC teaming: Checks whether the physical access switch ports EtherChannel setting matches the distributed switch distributed port group IP Hash teaming policy settings.
The default interval for performing the configuration check is one minute.
To enable Health check on the vDS , Select a vDS from list and navigate to Manage > Settings > Health Check. Click on Edit button to enable health check
You can enable both VLAN & MTU and Teaming & failover option
Overall health of vDS can be checked by selecting a vDS and navigating to Monitor > Health. If things are not green, fix them asap.
Configure port groups to properly isolate network traffic
As a best practice, VMware recommends dedicated VMkernel portgroups mapped to a dedivated uplink for handling each type of traffic such as management, vMotion, vSAN, iSCSI storage traffic etc.
Modern day servers comes with two 0 GB NIC or 40 GB NIC, so its not possible to map each VMkernel portgroup to a dedicated uplink. For this case, we use network resource pools and QOS etc to segregate the traffic and assining appropriate priority to each traffic type.
Objective of this topic is to help administrators to understand how to create portgroups and define uplinks etc so that separation of duty for network traffic can be achieved.
I have covered the steps for this in one if my blogpost that I wrote in past, so I am not going to repeat the steps here.
This is how my lab environment looks like:
Use Command Line Tools to Troubleshoot and Identify Configuration Issues
Using esxcli network command, we can fetch all information about the virtual network
In past I already wrote a blog on how to configure vSphere networks using command line so I am not going to cover everything again. Few useful commands are:
Get info about VMkernel interfaces : esxcli network ip interface list
Get info of all VMkernel IP configuration: esxcli network ip interface ipv4 get
Get info of specific vmkernel portgroup: esxcli network ip interface ipv4 get -i vmk1
To list info about vSS: esxcli network vswitch standard list
To get info about vDS: esxcli network vswitch dvs vmware list
To check host physical interface and its configuration: esxcli network nic list
Get info of the DNS servers used: esxcli network ip dns server list
Get info of DNS search domain: esxcli network ip dns search list
Use command line tools to troubleshoot and identify VLAN configurations
Unfortunately there are not many commands available under esxicli network command space for vDS.
To see port group and VLAN information on vDS : esxcli network vswitch dvs vmware list or esxcfg-vswitch -l
- To list VLAN information on port groups: esxcli network vswitch standard portgroup list
- To change the VLAN ID on a portgroup in vSS: esxcli network vswitch standard portgroup set -p <portgroup> –v <VLAN-D>
- Disable VLAN for Port Group: esxcli network vswitch standard portgroup set –v 0 -p <Portgroup-Name>
Use DCUI network tool to correct network connectivity issue
Using DCUI, you can perform following:
1: Test management network connectivity
2: Restart Managemnt Network
3: Reconfigure Management Network
4: Restore misconfigured vSS or vDS
and that’s it for this post.
I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing. Be sociable 🙂