facebooktwitteryoutube
Home About VCP Virtual Home Lab VCP6 Study Guide VCAP6-DCV Deploy Study guide VCAP6 – DCV Design Collection
in blueprint - 09 Jun, 2016
by mordi - no comments
VCAP-DCV Deploy Objective 3.2 – Part 2

In this post we will continue to discuss how we Deploy and Manage a vSphere 6.x Network Infrastructure

We are going to cover the following objective from the blueprint :

  • Migrate a vSS network to a hybrid or full vDS solution
  • Analyze vDS settings using command line tools
  • Determine which appropriate discovery protocol to use for specific hardware vendors
  • Configure VLANs/PVLANs according to a deployment plan
  • Create / Apply traffic marking and filtering rules

Lab Setup:

Using VMware workstation:

  • Microsoft Servers 2012R2 for Services (DNS , DHCP, etc…)
  • installed esx0
  • Installed VCSA

 Documents used:

  • vSphere 6 Networking Guide

 

Migrate a vSS network to a hybrid or full vDS solution:

Here are the steps and screenshots on how to migrate from vSS to vDS (I will not use screenshots for creation of the new vDS since we did it several time before)

The plan:

  • Create new vDS
  • In the new vDS create new Port Group name MainVLAN
  • In the new vDS create new management Port Group name mgmt
  • Assign all ESXi hosts in the cluster to the new vDS
  • Migrate VMkernel from vSS to vDS to the new mgmt Port Group
  • Migrate all VM’s to the MainVlan Port Group

Screenshots:

Migration of vmnic0 on all hosts to vDS (make sure you have a available uplink for it)

m1

Do the same for all hosts

m2

Assign the vSS0 vmk0 from all hosts to mgmt Port Group

m3

m4

 

m5

Now lets migrate the VM to the MainVLAN

m6

Select the Source and Destination networks

m7

m8

m9

Select the VMs to move to the new switch

m10

Verify

m11

 

Analyze vDS settings using command line tools:

So my understanding from this subject is that we ONLY get information from the CLI and not actually configure vDS via the CLI , so lets get started:

Here are the following command that you can run on your host to get information about the switch:

  • To list Distributed Switch configuration – esxcli network vswitch dvs vmware list 
  • To list vmkernel interfaces and their configuration – esxcli network nic list  
  • To list physical adapters and their link state – esxcli network ip interface list

vDS_CLI

 

Determine which appropriate discovery protocol to use for specific hardware vendors:

In vSphere there are two discovery protocols CDP and :LLDP. CDP is only for CISCO hardware and LLDP is for the rest .(I believe that cisco now support LLDP)

You change change from CDP to LLDP by editing the switch settings:

cdp_lldp1

Configure VLANs/PVLANs according to a deployment plan:

VLAN’s:

there are 3 type of VLAN’s you can configure :

External Switch Tagging (EST) – The physical switch performs the VLAN tagging. The host network adapters are connected to access ports on the physical switch

Virtual Switch Tagging (VST) – The virtual switch performs the VLAN tagging before the packets leave the host. The host network adapters must be connected to trunk ports on the physical switch

Virtual Group Tagging (VGT) – The virtual machine performs the VLAN tagging. The virtual switch preserves the VLAN tags when it forwards the packets between the virtual machine networking stack and external switch. The host network adapters must be connected to trunk ports on the physical switch.

Configure VLANs in a switch is done per port group:

  • For EST you dont need to configure a VLAN ID
  • For VST you configure the VLAN number using the VLAN option
  • For VGT you configure the VLAN range using the VLAN trunking option

 

  • VLAN1

 

Private VLAN’s:

Private VLANS are basically VLAN’s within VLAN , there are three type of private VLAN’s  Promiscuous,community and isolated

  • Promiscuous –  Ports on a private VLAN can communicate with ports configured as the primary VLAN.,
  • Isolated –  Can communicate only with promiscuous ports,
  • Community-  Can communicate  with both promiscuous ports and other ports on the same secondary VLAN.

VLAN2

Create / Apply traffic marking and filtering rules:

By using the traffic filtering and marking policy you can protect the virtual network from unwanted traffic and security attacks or apply a QoS tag to a certain type of traffic

To enable traffic filtering and marking you will have to do it on the port group or an uplink port group level.

filters1

To tag a specific traffic you use the tag action and specify a rules. In VMware Networking Guide there is an example how to tag VoIP traffic from a specific subnet (see screenshot)
filters3

To filter specific target , use the Drop/Allow in the action box in the example below see how to filter ICMP traffic

filters4

Thanks for reading

Mordi.

 

 

 

Leave a Reply