In the first part of this series, we looked at Overview of VMware vSphere Standard Switch (VSS) & vSphere Distributed Switch (VDS), how to create VSS and how is the architecture and management of the VDS different from the VSS.
In this second part, we’ll look at the following:
- vSphere Distributed Switches & Port Groups
- VDS – step by step configuration
- Difference & similarities between VSS and VDS
- Migrating between VSS and VDS and Back
Along with these, we’ll also look at the vSphere Virtual Switch Best Practices.
Viewing vSphere Distributed Switches and Port Groups
Let’s take a look at the properties of a vSphere Distributed Switch port group and see the options available to the vSphere administrator.
It becomes readily apparent you have more configuration settings available with the vSphere Distributed Switch port group.
On the VLAN settings screen of the vSphere Distributed Switch properties, you see the VLAN type configuration. Note the Private VLAN option with the vSphere Distributed Switch.
On the Security screen, you can configure the promiscuous mode, MAC address changes, and Forged transmits for the vSphere Distributed Switch port group.
One the Teaming and failover screen, you see many different settings for various teaming and failover functionality. Note with the vSphere Distributed Switch port group the Route based on physical NIC load as one of the options for load balancing.
Traffic shaping settings allow both Ingress traffic shaping and Egress traffic shaping.
The Monitoring screen allows you to either enable or disable monitoring of the vSphere Distributed Switch port group.
The Miscellaneous settings screen allows you to enable Block all ports.
Creating a vSphere Distributed Switch
As discussed, the vSphere Distributed Switch is created at the vCenter Server level and pushed down to the ESXi hosts as they are associated with the VDS. So, we create the new VDS in the Networking view of the vSphere Client.
Navigate to the Networking settings in the vSphere Client. Right-click the vSphere Datacenter node and select Distributed Switch > New Distributed Switch.
This launches the New Distributed Switch wizard. The first thing you configure is the Name and Location. Choose a name for the new VDS.
Select the version of the new vSphere Distributed Switch. Below are the available versions in the wizard.
| Option | Description |
|---|---|
| Version 6.6.0 | Compatible with ESXi version 6.7 and later. |
| Version 6.5.0 | Compatible with ESXi version 6.5 and later. Features released with later vSphere Distributed Switch versions are not supported. |
| Version 6.0.0 | Compatible with ESXi version 6.0 and later. Features released with later vSphere Distributed Switch versions are not supported. |
In the Configure Settings screen, you configure the number of uplinks, Network I/O Control settings, and also name the first default Port group name.
Ready to complete the New Distributed Switch wizard.
You will then see the new vSphere Distributed Switch in the list of available Networks under the Networking view of the vSphere Client.
With the vSphere Distributed Switch, creating the new VDS is only part of the task.
We next need to add ESXi hosts to the new VDS. Let’s see how.
Add ESXi Hosts to a vSphere Distributed Switch
Next, we need to add the ESXi hosts to the new vSphere Distributed Switch. To do that, we right-click on the new vSphere Distributed Switch and choose Add and Manage Hosts.
The first part of the Add and Manage Hosts wizard is choosing the action you want to take. Since we are wanting to associate ESXi hosts to a new vSphere Distributed Switch, we choose the Add hosts option.
On the Select hosts screen, click the “green plus” sign to open the Select New Hosts dialog box.
On the Select New Hosts dialog box, place a checkbox next to the hosts you want to add to the new vSphere Distributed Switch. Think about the ease of which this allows adding the same configured VDS to all of the hosts selected. With the VSS, you would have to configure a new VSS switch on each ESXi hosts and make sure the settings are identical for vMotion’ing VMs and other reasons.
Now, the new ESXi hosts are selected.
For each ESXi host, it needs a physical network adapter attached as an uplink to the new VDS.
Note: we have vmnic2 free on both hosts.
Click the Assign uplink button.
On the Select an Uplink dialog box, click the specific uplink or Auto-assign. You can also click the box Apply this uplink assignment to the rest of the hosts. Doing this you can save a lot of time with configuring the physical network adapter assignments as you select this option once and it is applied to each host you are adding.
The physical network adapters are now assigned to the ESXi hosts. Note they show as (Assigned) and also displays which uplink slot the chosen physical network adapter is going to be assigned to.
On the Manage VMkernel adapter screen, you can manage and assign VMkernel network adapters to the distributed switch.
Additionally, you can Migrate VM networking to select virtual machines or network adapters to migrate to the distributed switch if you choose. Since our VDS is going to be used for Virtual Machine traffic, there are no VMkernel ports to migrate over.
Finally, you reach the Ready to complete screen, now review your settings and selections and Click Finish.
Comparing Features of vSphere Standard Switch vs vSphere Distributed Switch
The following table is a comparison of the various features offered by either a VSS or VDS virtual switch. Note the VSS is fairly limited when compared to the more advanced features found in the VDS.
Migrating Between VSS and VDS and Back
The vSphere Standard Switch and the vSphere Distributed provide great migration flexibility. However, you will want to make sure you have multiple network adapters to work with so there is easy rollback between a failed migration in either direction.
Keep in mind the following points for migrating between both VSS and VDS and going the other direction.
- Have multiple network adapters
- First, move a network adapter from VSS to VDS or VDS to VSS
- Make sure you have the relevant port groups created, tagged with the appropriate VLANs for migrating both VMkernel and virtual machines
- Once a network adapter is assigned to the destination switch type and virtual switch port groups are in place, you can migrate VMkernel ports and virtual machines
- Keep in mind the migration to VDS is performed at the vCenter Server Networking level and migration to VSS is performed at the ESXi host Network Settings
The basic outline of the process in either direction after configuring the destination virtual switch and port group requirements will look like:
- Peel off one of the network adapters from the source virtual switch and assign it to the destination switch
- Move VMkernel ports to the destination virtual switch
- Verify connectivity to and between all resources
- Move virtual machines to the new port groups on the destination virtual switch
- Move all network adapters from the source virtual switch to the destination virtual switch
vSphere Virtual Switch Best Practices
There are some best practices that are common to both types of vSphere virtual switches as well as some that are a little more tailored to each type of switch.
Below are a few common best practices to keep in mind when working with both vSphere Standard Switches and vSphere Distributed Switches.
- Use multiple physical uplinks for each virtual switch for redundancy
- Deploy the same number of physical network adapters and port speeds to all the hosts connected to either type of switch
- Make use of Network I/O Control when using multiple traffic types traversing a single adapter
- Be sure your MTU sizes match between the port groups and the virtual switch themselves
- Give consideration to your failover configuration and order
- Use VLANs for traffic separation without having to use extensive amounts of physical network adapters
- Use Private VLANs when there is a need for even more separation and isolation
- If using a VDS, keep a VSS provisioned on each host for emergency connectivity in case something catastrophic happens with the VDS
- Using VDS virtual switches underscores the need to backup vCenter Server. Since the VDS configuration is held with vCenter, make sure you are backing up your VCSA appliance using the built-in backup solution in the VAMI interface
- Keep virtual switch configurations consistent when using VSS virtual switches
Use PowerCLI, if possible, to roll out VSS configurations consistently across ESXi hosts to help to eliminate configuration drift
Concluding Thoughts
VMware vSphere virtual networking provides vSphere administrators with powerful options to control and manage network traffic in and out of virtual machines in the vSphere infrastructure. The two types of virtual switches in vSphere: vSphere Standard Switch (VSS) and vSphere Distributed Switch (VDS) both allow really great connectivity options for vSphere environments.
While the vSphere Standard Switch is a very capable basic switch that can run very large vSphere production environments, the vSphere Distributed Switch is the more powerful, scalable option of the two. The vSphere Distributed Switch’s separated management and data planes allow centralized management while still allowing the ESXi hosts to carry traffic even when vCenter Server is unavailable. It requires an Enterprise Plus or a vSAN license to make use of it. If you are looking at operating your VMware vSphere environment at scale, the VDS switch is certainly the best choice and provides many of the features and capabilities required for more advanced networking configurations as well as with VMware’s NSX software-defined networking solution.
Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.
