In this post we will cover following topics:
- Create and manage vSS components according to a deployment plan:
- VMkernel ports on standard switches
- Advanced vSS settings
- Configure TCP/IP stack on a host
- Create a custom TCP/IP stack
- Configure and analyze vSS settings using command line tools
Lets get started by going through each topic one by one.
Create and Manage vSphere Standard Switch
When Esxi is installed, a standard switch aka vSS is also created by default. Working mechanism of a standard switch is very similar to a physical switch in the sense that a standard switch works at layer 2, forwards frames to other switch ports based on the MAC address, and supports features such as VLANs and port channels.
Esxi host physical NIC’s serves as uplinks to the standard switches and through these uplinks vSS communicate with the rest of the network. A vSS provide the network connectivity:
- between virtual machines within the same ESXi host.
- between virtual machines on different ESXi hosts.
- between virtual and physical machines on the network.
- for VMkernel access to networks for vMotion, iSCSI, NFS, or Fault Tolerance logging (and management on ESXi).
How to create a vSS
To create a new vSS, select an Esxi host from inventory and navigate to Manage > Networking > Virtual Switches and click on “Add host networking” icon.
Select “Physical Network Adapter” to add uplinks to the vSS
Select “New standard switch”
Click on + button to add physical adapters to the new vSS.
From the list of free adapters, select which adapter’s will be connected to the new vSS.
Hit finish to complete the new vSS creation wizard.
This is how the newly created vSS will looks like.
VMkernel ports on Standard Switches
To create a VMkernel portgroup, again click on Add host networking and select VMkernel Network adapter option.
Select the newly created vSS.
Provide a name for the VMkernel portgroup and enable the appropriate service to be associated with this portgroup. I created this portgroup for connecting iSCSI storage so I did not selected any service here.
Supply the IP information and hit next.
Hit finish after reviewing settings.
Configuring vSS Advance Settings
Once a vSS has been created, you can configure the advanced settings by selecting an Esxi host and navigating to Manage > Networking > Virtual Switches > vSS > Edit Settings.
Following advance settings can be configured:
A: MTU Settings: Default value is 1500. You can change this value to a higher value if you want to use jumbo frames in your environment. If you set any value greater than 1500, then you have to set the same at portgroup level as well.
B: Security Policies: vSS supports following security policies:
- Promiscuous mode: This is set to Reject by default. If its set to Accept then guest adapters in promiscuous mode will receive all frames passed on the virtual switch that are allowed under the VLAN
- MAC address changes: This is set to Accept by default. In default mode Esxi host accepts request to change the effective MAC address to a different one. When set to Reject, it blocks the Esxi host from accepting this request to change the MAC and the port that the VM used to send the request will be disabled until the effective MAC address matches the initial MAC address
- Forged transmit: Set to Accept by default. In accept mode, Esxi host does not compare source and effective MAC address, to protect against MAC impersonation. When its set to Reject, it allwos the host to compare source MAC address from the guest VM to its effective MAC for its adapter, if they dont match the packets will be dropped
C: Traffic Shaping : Traffic shaping is disabled by default. vSS can only traffic shape outgoing traffic from switch. For incoming traffic, we need to migrate from vSS to vDS.
D: Teaming and Failover: I have written a detailed post on this topic in past so I am not covering it again.
Configure TCP/IP stack on a host
By default 3 TCP/IP stacks are configured on an Esxi host : default, vMotion and Provisioning. These can be viewed from web client by selecting Esxi host > Manage > Networking > TCP/IP Configuration
Default TCP/IP stacks can be edited to change information like DNS settings, Default gateway and Congestion control algorithm.
Create a custom TCP/IP stack
I wrote an article on this topic in past. Here is the excerpt of that
With vSphere 6, a custom TCP/IP stack cannot be created in the Web Client interface and we have to rely on Esxi CLI for this. However once a custom stack has been created from command line, you can edit the properties of newly created stack from Web Client.
To create a new TCP/IP stack, SSH to Esxi host and use below command:
# esxcli network ip netstack add –N “Name_of_Stack”
1 |
<span style="color: #000000;"><em>[root@esxi05:~] esxcli network ip netstack add -N "VR-Traffic"</em></span> |
Once the custom stack is created, you can modify the properties by logging into Web Client and navigating to Esxi Host > Manage > Networking > TCP/IP configuration
Once a stack is configured, you can associate this with a newly created VMkernel portgroup. You can’t edit any VMkernel portgroup that were created before creating a custom stack.
Configure and analyze vSS settings using command line tools
A vSS can be configured using the CLI. Esxcli network vswitch command is used to do the networking configuration of a vswitch (Standard or vDS). Some examples are listed as below:
To list all Standard vSwitch present on the Esxi host
1 |
<span style="color: #000000;"><em># esxcli network vswitch standard list</em></span> |
Adding a new vSwitch to Esxi host
1 |
<span style="color: #000000;"><em># esxcli network vswitch standard add –v=vSwitch5</em></span> |
Adding a new vswitch with specific number of ports
1 |
<span style="color: #000000;"><em># esxcli network vswitch standard add –v=vSwitch5 --ports=256</em></span> |
Create a new portgroup in a standard vswitch
The following command is used to create a new portgroup on a standard vSwitch
1 |
<span style="color: #000000;"><em># esxcli network vswitch standard portgroup add –p=”FT NW” –v=vSwitch6</em></span> |
Removing a portgroup from a vSwitch
Below command will delete a portgroup from a standard vswitch
1 |
<span style="color: #000000;"><em># esxcli network vswitch standard portgroup remove –p=”FT NW” –v=vSwitch1</em></span> |
Configuring CDP on Standard switches
Enable CDP on a vswitch
# esxcli network vswitch standard set –c= cdp mode –v=vSwitch name
The accepted values for CDP is listen, advertise and both
1 |
<span style="color: #000000;"><em># esxcli network vswitch standard set –c=listen –v=vSwitch5</em></span> |
To disable CDP on a vswitch
1 |
<span style="color: #000000;"><em># esxcli network vswitch standard set –c=down –v=vSwitch5</em></span> |
Adding an uplink to an existing vSwitch
1 |
<span style="color: #000000;"><em># esxcli network vswitch standard uplink add -u=vmnic1 -v=vSwitch1</em></span> |
The above command will add a new uplink vmnic1 to the vswitch1
Removing an existing uplink from a vSwitch
1 |
<span style="color: #000000;"><em># esxcli network vswitch standard uplink remove -u=vmnic1 -v=vSwitch1</em></span> |
To list all the NICS present in Esxi host
The command used to see all the vmnics present on an Esxi host and their associated properties like link status, duplex speed, MTU value and Mac Address etc is
1 |
<span style="color: #000000;"><em># esxcli network nic list</em></span> |
To check properties of a single vmknic
1 |
<span style="color: #000000;"><em># esxcli network nic get -n vmnic1</em></span> |
For troubleshooting purposes, you can view statistics for a given NIC by running:
1 |
<span style="color: #000000;"><em># esxcli network nic stats get -n vmnic1</em></span> |
To Shutdown a vmnic
To shutdown vmnic on your Esxi host the command is
1 |
<span style="color: #000000;"><em># esxcli network nic down –n=vmnic_name</em></span> |
After running the above command verify from your vCenter server console whether nic is disconnected or not
To reconnect a vmnic
1 |
<span style="color: #000000;"><em># esxcli network nic up –n=vmnic_name</em></span> |
Checking the ARP table of your Esxi host
1 |
<span style="color: #000000;"><em># esxcli network ip neighbor list</em></span> |
DNS server settings
List all the DNS servers configured on your Esxi host
1 |
<span style="color: #000000;"><em># esxcli network ip dns server list</em></span> |
Configuring and Modifying Routing Table of your Esxi host
Checking the current status of routing table of your Esxi host
1 |
<span style="color: #000000;"><em># esxcli network ip route ipv4 list</em></span> |
To add a new route to your Esxi host
The command to add a new route in your host is
1 |
<span style="color: #000000;"><em># esxcli network ip route ipv4 add –n=network_add –g=gateway address</em></span> |
Configuring Esxi firewall settings
To check the current firewall settings
1 |
<span style="color: #000000;"><em># esxcli network firewall ruleset list</em></span> |
This command will list what are the services that are allowed/not allowed to pass through Esxi firewall
And that’s it for this post. I hope you find this post informational. Feel free to share this on social media if it is worth sharing. Be sociable 🙂