05.01.09
The Great vSwitch Debate – Part 7
OK…if you’ve followed along this far, you’re either 1) enjoying what you’re reading, 2) a glutton for punishmnet, or 3) really, really bored. Hopefully, it’s #1 and you’re here because you’ve read the first six posts in this series and you just can’t wait for me to add #7! If you’ve not read the first six posts, I recommend that you go back and do so now. The first six posts were:
- The Great vSwitch Debate – Part 1
In this post, I discussed vSwitch functions, Port Groups, VLAN tagging/trunking, valid communications paths, and some other basic vSwitch information. - The Great vSwitch Debate – Part 2
In Part 2, I covered the vSwitch security features (Promiscuous Mode, MAC Address Change, and Forged Transmits) as well as network traffic shaping options. - The Great vSwitch Debate – Part 3
Here I discussed the various load balancing options that are available in a VMware vSwitch. - The Great vSwitch Debate – Part 4
In Part 4, I covered fault detection and the Cisco Discovery Protocol. - The Great vSwitch Debate – Part 5
In Part 5, I talked about the various networks that you have to contend with in an ESX environment as well as an approach to help in deciding which networks to combine, if you have to. - The Great vSwitch Debate – Part 6
I introduced the first host configuration. In this part, I talked about my recommendations for when you have eight pNICs and offered up a couple alternatives, including one for using an iSCSI initiator from within a VM.
In this Part 7, I’m going to discuss configurations for systems with two, four, and six pNICS. The same ground rules I established in Part 6 are going to apply here – for those who are skipping ahead or who have short memories, here they are: Read the rest of this entry »
04.23.09
Updated: Reaction to: “How to Correctly Explain the Architectural Differences Between Hyper-V and ESX”
Oh, goodness! It seems that Greg Shields’ attempt at “How to Correctly Explain the Architectural Differences Between Hyper-V and ESX” isn’t all that correct. Oh, he starts out pretty well, classifying both Hyper-V and ESX as Type-1 hypervisors, which is correct. Where he goes astray is when he claims that Hyper-V utilizes “paravirtualization” and ESX relies on “hardware emulation” – wrong! Read the rest of this entry »
04.20.09
The Great vSwitch Debate – Part 6
OK, so the count is up to five posts on vSwitches. If you’ve not read these posts, I recommend that you go back and do so now. The first five posts were:
- The Great vSwitch Debate – Part 1
In this post, I discussed vSwitch functions, Port Groups, VLAN tagging/trunking, valid communications paths, and some other basic vSwitch information. - The Great vSwitch Debate – Part 2
In Part 2, I covered the vSwitch security features (Promiscuous Mode, MAC Address Change, and Forged Transmits) as well as network traffic shaping options. - The Great vSwitch Debate – Part 3
Here I discussed the various load balancing options that are available in a VMware vSwitch. - The Great vSwitch Debate – Part 4
In Part 4, I covered fault detection and the Cisco Discovery Protocol. - The Great vSwitch Debate – Part 5
In Part 5, I talked about the various networks that you have to contend with in an ESX environment as well as an approach to help in deciding which networks to combine, if you have to.
Now, in Part 6, we finally start talking about host configurations! I started a thread over on the VMTN Community forums for people to provide input about content they would like to see in this series. VMTN user RobVM asked about a configuration with eight pNICs and iSCSI connectivity, so I’ll tackle that first. But before we do, let me lay some ground rules: Read the rest of this entry »
04.17.09
The Great vSwitch Debate – Part 5
So far, we’ve been through four posts on vSwitches. If you’ve not read these posts, I recommend that you go back and do so now (or you can read this post and then go back – there are not many dependencies). The first four posts were:
- The Great vSwitch Debate – Part 1
In this post, I discussed vSwitch functions, Port Groups, VLAN tagging/trunking, valid communications paths, and some other basic vSwitch information. - The Great vSwitch Debate – Part 2
In Part 2, I covered the vSwitch security features (Promiscuous Mode, MAC Address Change, and Forged Transmits) as well as network traffic shaping options. - The Great vSwitch Debate – Part 3
Here I discussed the various load balancing options that are available in a VMware vSwitch. - The Great vSwitch Debate – Part 4
In Part 4, I covered fault detection and the Cisco Discovery Protocol.
Now, in Part 5, I’m going to identify the various “networks” that you interact with in a VMware environment and also provide my recommendation for a configuration with only two pNICs. On with the show! Read the rest of this entry »
04.10.09
The Great vSwitch Debate – Part 4
OK, we’re now up to Part 4 in this series of articles. With a title like “The Great vSwitch Debate” I bet you’re wondering when the debate’s going to start – well, not yet. I’ve still got a few more details to cover about what makes a vSwitch tick before I can really get into the discussion of what’s the best way to configure your vSwitches.
So far, we’ve been through three posts on vSwitches. If you’ve not read these posts, I recommend that you go back and do so now (or you can read this post and then go back – there are not many dependencies). The first three posts were:
- The Great vSwitch Debate – Part 1
In this post, I discussed vSwitch functions, Port Groups, VLAN tagging/trunking, valid communications paths, and some other basic vSwitch information. - The Great vSwitch Debate – Part 2
In Part 2, I covered the vSwitch security features (Promiscuous Mode, MAC Address Change, and Forged Transmits) as well as network traffic shaping options. - The Great vSwitch Debate – Part 3
Here I discussed the various load balancing options that are available in a VMware vSwitch.
So, what does that leave for Part 4? Plenty! In this edition, we’re going to talk about how a vSwitch detects path failures and also dip our toes into the Cisco Discovery Protocol waters. Now, on to the next topic! Read the rest of this entry »
04.06.09
HyTrust Appliance
I had the pleasure of having Eric Chiu and Ken Crandall of HyTrust (http://www.linkedin.com/companies/hytrust & http://www.hytrust.com/) give me a pre-release demo of their soon to be released product, the HyTrust Appliance. I hesitate to call the device a “security appliance”, although it is – and much more. My take on the HyTrust Appliance is that it is a device (either a physical hardware appliance or a VM appliance) whose goal, at a high level, is to provide a centralized point for administrative access to your VMware Infrastructure components. Why would you want such a thing? Here are four good reasons: Read the rest of this entry »
04.05.09
The Great vSwitch Debate – Part 3
OK…in Part 1 of this series, we introduced the concept of a vSwitch and touched on some of the options available. In Part 2, we talked about some of the security features available in the vSwitch. In this Part 3, we’re going to talk about the load balancing features that are available in the vSwitch.
In a vSwitch, load balancing policies describe the different techniques that will be used for distributing the network traffic from all the virtual machines that are connected to the vSwitch and its subordinate Port Groups across the physical NICs associated with the vSwitch. There are several options available for load balancing as shown below:
- Load Balancing Policies
- vSwitch Port Based (default)
- MAC Address Based
- IP Hash Based
- Explicit Failover Order Read the rest of this entry »
03.29.09
The Great vSwitch Debate – Part 2
Table of Contents
- The Great vSwitch Debate – Part 1
In this post, I discuss vSwitch functions, Port Groups, VLAN tagging/trunking, valid communications paths, and some other basic vSwitch information. - The Great vSwitch Debate – Part 2
In Part 2, I cover the vSwitch security features (Promiscuous Mode, MAC Address Change, and Forged Transmits) as well as network traffic shaping options. - The Great vSwitch Debate – Part 3
Here I discuss the various load balancing options that are available in a VMware vSwitch. - The Great vSwitch Debate – Part 4
In Part 4, I cover fault detection and the Cisco Discovery Protocol. - The Great vSwitch Debate – Part 5
In Part 5, I talk about the various networks that you have to contend with in an ESX environment as well as an approach to help in deciding which networks to combine, if you have to. - The Great vSwitch Debate – Part 6
I introduce the first host configuration. In this part, I talk about my recommendations for when you have eight pNICs and offer up a couple alternatives, including one for using an iSCSI initiator from within a VM. - The Great vSwitch Debate – Part 7
I discuss configurations for systems with two, four, and six pNICS. - The Great vSwitch Debate – Part 8
In this, the final article in the series, I discuss the importance of naming standards.
Part 2
This article is a continuation of the first in a series. See The Great vSwitch Debate – Part 1 for the beginning of the series.
In this Part Two of the series on vSwitch configurations, I want to address some of the advanced configuration options, but first – I need to go back and revisit the end of Part 1. There, I was discussing the routing of traffic between VMs on the same and different port groups on a single vSwitch. I presented the figure below (Figure 1) to describe what I was talking about.
Figure 1. Port Group Communications Paths
The Great vSwitch Debate – Part 1
Table of Contents
- The Great vSwitch Debate – Part 1
In this post, I discuss vSwitch functions, Port Groups, VLAN tagging/trunking, valid communications paths, and some other basic vSwitch information. - The Great vSwitch Debate – Part 2
In Part 2, I cover the vSwitch security features (Promiscuous Mode, MAC Address Change, and Forged Transmits) as well as network traffic shaping options. - The Great vSwitch Debate – Part 3
Here I discuss the various load balancing options that are available in a VMware vSwitch. - The Great vSwitch Debate – Part 4
In Part 4, I cover fault detection and the Cisco Discovery Protocol. - The Great vSwitch Debate – Part 5
In Part 5, I talk about the various networks that you have to contend with in an ESX environment as well as an approach to help in deciding which networks to combine, if you have to. - The Great vSwitch Debate – Part 6
I introduce the first host configuration. In this part, I talk about my recommendations for when you have eight pNICs and offer up a couple alternatives, including one for using an iSCSI initiator from within a VM. - The Great vSwitch Debate – Part 7
I discuss configurations for systems with two, four, and six pNICS. - The Great vSwitch Debate – Part 8
In this, the final article in the series, I discuss the importance of naming standards.
Part 1
There are many articles out discussing “best practices” for configuring virtual switches (vSwitches) in a VMware Infrastructure 3 (VI3) environment – well, here’s the first in a series of articles that present vSwitch recommendations that conform to the rules of “Virtualization According to Ken”.
For purposes of clarity, unless otherwise specified, all discussion herein applies to both VMware ESX Server (ESX) and VMware ESXi Server (ESXi). When I want to make it clear that I’m referencing both, I’ll use the construct ESX/i.
First, let’s start out by defining exactly what a VMware vSwitch is: Read the rest of this entry »
03.09.09
When is it OK to default on your VI?
I’ve noticed something about engineers. They’re never happy with the way something is configured out of the box – there’s always a better way! Well, I have a different philosophy:
“If you don’t have a very good reason to change a default value, don’t change it!”
To me, this seems totally obvious – in most cases, the default values are there for a reason.
