Vi3!35!25 u2 3i Server Config
Transcript of Vi3!35!25 u2 3i Server Config
-
8/14/2019 Vi3!35!25 u2 3i Server Config
1/214
ESX Server 3i Configuration GuideUpdate 2 and later for
ESX Server 3i version 3.5 and VirtualCenter 2.5
-
8/14/2019 Vi3!35!25 u2 3i Server Config
2/214
VMware, Inc.3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com
2 VMware, Inc.
ESX Server 3i Configuration Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
20072009 VMware, Inc. All rights reserved. This product is protected by U.S. and internationalcopyright and intellectual property laws. VMware products are covered by one or more patents listedat http://www.vmware.com/go/patents.
VMware, the VMware boxes logo and design, Virtual SMP, and VMotion are registered trademarks ortrademarks of VMware, Inc. in the United States and/or other jurisdictions. All other marks and namesmentioned herein may be trademarks of their respective companies.
ESX Server 3i Configuration Guide
Revision: 20090313Item: EN-000032-03
http://www.vmware.com/supportmailto:[email protected]:[email protected]://www.vmware.com/supporthttp://www.vmware.com/support/ -
8/14/2019 Vi3!35!25 u2 3i Server Config
3/214
VMware, Inc. 3
Contents
AboutThisBook 9
1 Introduction 13Networking 14
Storage 14
Security 15
Networking
2 Networking 19NetworkingConcepts 20
ConceptsOverview 20
VirtualSwitches 21
PortGroups 24
NetworkServices 24
ViewingNetworking
Information
in
the
VI Client 24
VirtualNetworkConfigurationforVirtualMachines 26
VMkernelNetworkingConfiguration 28
TCP/IPStackattheVMkernelLevel 29
3 AdvancedNetworking 31VirtualSwitchConfiguration 32
VirtualSwitch
Properties 32
EditingVirtualSwitchProperties 32
CiscoDiscoveryProtocol 35
VirtualSwitchPolicies 36
Layer2SecurityPolicy 37
TrafficShapingPolicy 38
LoadBalancingandFailoverPolicy 40
PortGroupConfiguration 42DNSandRouting 43
-
8/14/2019 Vi3!35!25 u2 3i Server Config
4/214
ESX Server 3i Configuration Guide
4 VMware, Inc.
TCPSegmentationOffloadandJumboFrames 44
EnablingTSO 44
EnablingJumboFrames 45
NetQueueandNetworkingPerformance 46
SettingUpMACAddresses 48
MACAddressesGeneration 48
SettingMACAddresses 49
UsingMACAddresses 50
NetworkingTipsandBestPractices 50
NetworkingBestPractices 50
MountingNFSVolumes 51
NetworkingTips 51
NetworkingTroubleshooting 52
TroubleshootingPhysicalSwitchConfiguration 52
TroubleshootingPortGroupConfiguration 52
Storage
4 IntroductiontoStorage 55StorageOverview 56
TypesofPhysicalStorage 56
LocalStorage 57
NetworkedStorage 58
SupportedStorageAdapters 59
Datastores 59
VMFSDatastores 60
CreatingandGrowingVMFSDatastores 60
ConsiderationswhenCreatingVMFSDatastores 61
SharingaVMFSVolumeAcrossESXServer3iSystems 62
NFSDatastore 63
HowVirtualMachinesAccessStorage 63
ComparingTypesofStorage 64
ViewingStorageInformationintheVMwareInfrastructureClient 65
DisplayingDatastores 65
UnderstandingStorageDeviceNamingintheDisplay 67
ViewingStorageAdapters 68
ConfiguringandManagingStorage 69
-
8/14/2019 Vi3!35!25 u2 3i Server Config
5/214
VMware, Inc. 5
Contents
5 ConfiguringStorage 71LocalStorage 72
AddingLocal
Storage 72
FibreChannelStorage 74
AddingFibreChannelStorage 75
iSCSIStorage 76
iSCSIInitiators 76
NamingRequirements 78
DiscoveryMethods 78
iSCSISecurity 79
ConfiguringHardwareiSCSIInitiatorsandStorage 79
InstallingandViewingHardwareiSCSIInitiators 79
ConfiguringHardwareiSCSIInitiators 81
AddingiSCSIStorageAccessibleThroughHardwareInitiators 86
ConfiguringSoftwareiSCSIInitiatorsandStorage 87
ViewingSoftwareiSCSIInitiators 87
ConfiguringSoftwareiSCSIInitiators 89
AddingiSCSIStorageAccessibleThroughSoftwareInitiators 91
PerformingaRescan 92
NetworkAttachedStorage 93
HowVirtualMachinesUseNFS 93
NFSVolumesandVirtualMachineDelegateUsers 94
ConfiguringESXServer3itoAccessNFSVolumes 95
CreatinganNFSBasedDatastore 95
CreatingaDiagnosticPartition 95
6 ManagingStorage 99ManagingDatastores 99
EditingVMFSDatastores 101
UpgradingDatastores 101
Changing
the
Names
of
Datastores 102AddingExtentstoDatastores 102
ManagingMultiplePaths 103
MultipathingwithLocalStorageandFibreChannelSAN 104
MultipathingwithiSCSISAN 106
ViewingtheCurrentMultipathingStatus 107
SettingMultipathingPoliciesforLUNs 109
DisablingPaths 110
ThevmkfstoolsCommands 110
-
8/14/2019 Vi3!35!25 u2 3i Server Config
6/214
ESX Server 3i Configuration Guide
6 VMware, Inc.
7 RawDeviceMapping 111AboutRawDeviceMapping 111
Benefitsof
Raw
Device
Mapping 113LimitationsofRawDeviceMapping 116
RawDeviceMappingCharacteristics 117
VirtualCompatibilityModeComparedtoPhysicalCompatibilityMode 117
DynamicNameResolution 119
RawDeviceMappingwithVirtualMachineClusters 120
ComparingRawDeviceMappingtoOtherMeansofSCSIDeviceAccess 120
ManagingMappedLUNs 121
VMwareInfrastructureClient 121
CreatingVirtualMachineswithRDMs 121
ManagingPathsforaMappedRawLUN 123
ThevmkfstoolsUtility 124
Security
8 SecurityforESXServer3iSystems 127ESXServer3iArchitectureandSecurityFeatures 128
SecurityandtheVirtualizationLayer 128
SecurityandVirtualMachines 129
SecurityandtheVirtualNetworkingLayer 131
SecurityResourcesandInformation 137
9 SecuringanESXServer3iConfiguration 139SecuringtheNetworkwithFirewalls 139
FirewallsforConfigurationswithaVirtualCenterServer 140
FirewallsforConfigurationsWithoutaVirtualCenterServer 143
TCPandUDPPortsforManagementAccess 144
ConnectingtoVirtualCenterServerThroughaFirewall 146
ConnectingtotheVirtualMachineConsoleThroughaFirewall 146
ConnectingESXServer3iHostsThroughFirewalls 148
ConfiguringFirewallsforSupportedServicesandManagementAgents 148
-
8/14/2019 Vi3!35!25 u2 3i Server Config
7/214
-
8/14/2019 Vi3!35!25 u2 3i Server Config
8/214
ESX Server 3i Configuration Guide
8 VMware, Inc.
11 SecurityDeploymentsandRecommendations 187SecurityApproachesforCommonESXServer3iDeployments 187
Single
Customer
Deployment 188MultipleCustomerRestrictedDeployment 189
MultipleCustomerOpenDeployment 190
ESXServer3iLockdownMode 192
VirtualMachineRecommendations 193
InstallingAntivirusSoftware 193
DisablingCopyandPasteOperationsBetweentheGuestOperatingSystemandRemoteConsole 193
RemovingUnnecessaryHardwareDevices 195
LimitingGuestOperatingSystemWritestoHostMemory 196
ConfiguringLoggingLevelsfortheGuestOperatingSystem 199
Index 203
-
8/14/2019 Vi3!35!25 u2 3i Server Config
9/214
VMware, Inc. 9
Thismanual,theESXServer3iConfigurationGuide,providesinformationonhowto
configurenetworkingforESXServer3i,includinghowtocreatevirtualswitchesand
portsandhowtosetupnetworkingforvirtualmachines,VMotion,andIPstorage.It
alsocoversconfiguringfilesystemandvarioustypesofstoragesuchasiSCSI,FibreChannel,andsoforth.TohelpyouprotectyourESXServer3i,theguideprovidesa
discussionofsecurityfeaturesbuiltintoESXServer3iandthemeasuresyoucantake
tosafeguarditfromattack.Inaddition,itincludesalistofESXServer3itechnical
supportcommandsalongwiththeirVMwareInfrastructureClient(VIClient)
equivalentsandadescriptionofthevmkfstoolsutility.
TheESXServer3iConfigurationGuidecoversESXServer3iversion3.5.Toreadabout
ESX Server 3.5,seehttp://www.vmware.com/support/pubs/vi_pubs.html .
Foreaseofdiscussion,thisbookusesthefollowingproductnamingconventions:
FortopicsspecifictoESXServer3.5,thisbookusesthetermESXServer3.
FortopicsspecifictoESXServer3iversion3.5,thisbookusestheterm
ESX Server 3i.
Fortopics
common
to
both
products,
this
book
uses
the
term
ESX
Server.
Whentheidentificationofaspecificreleaseisimportanttoadiscussion,thisbook
referstotheproductbyitsfull,versionedname.
WhenadiscussionappliestoallversionsofESXServerforVMwareInfrastructure
3,thisbookusesthetermESXServer3.x.
About This Book
http://www.vmware.com/support/pubs/vi_pubs.htmlhttp://www.vmware.com/support/pubs/vi_pubs.html -
8/14/2019 Vi3!35!25 u2 3i Server Config
10/214
ESX Server 3i Configuration Guide
10 VMware, Inc.
Intended Audience
ThismanualisintendedforanyonewhoneedstouseESXServer3i.Theinformationin
thismanualiswrittenforexperiencedWindowsorLinuxsystemadministratorswhoarefamiliarwithvirtualmachinetechnologyanddatacenteroperations.
Document Feedback
VMwarewelcomesyoursuggestionsforimprovingourdocumentation.Ifyouhave
comments,sendyourfeedbackto:
VMware Infrastructure Documentation
TheVMwareInfrastructuredocumentationconsistsofthecombinedVMware
VirtualCenterandESXServerdocumentationset.
Abbreviations Used in FiguresThefiguresinthismanualusetheabbreviationslistedinTable 1.
Technical Support and Education Resources
Thefollowingsectionsdescribethetechnicalsupportresourcesavailabletoyou.You
canaccess
the
most
current
versions
of
this
manual
and
other
books
by
going
to:
http://www.vmware.com/support/pubs
Table 1. Abbreviations
Abbreviation Description
database VirtualCenterdatabase
datastore Storageforthemanagedhost
dsk# Storagediskforthemanagedhost
hostn VirtualCentermanagedhosts
SAN Storageareanetworktypedatastoresharedbetweenmanagedhosts
tmplt Template
user# Userwithaccesspermissions
VC VirtualCenter
VM# Virtualmachinesonamanagedhost
mailto:[email protected]://www.vmware.com/support/pubsmailto:[email protected]://www.vmware.com/support/pubs -
8/14/2019 Vi3!35!25 u2 3i Server Config
11/214
VMware, Inc. 11
About This Book
Online and Telephone Support
Useonlinesupporttosubmittechnicalsupportrequests,viewyourproductand
contractinformation,andregisteryourproducts.Gotohttp://www.vmware.com/support.
Customerswithappropriatesupportcontractsshouldusetelephonesupportforthe
fastestresponseonpriority1issues.Goto
http://www.vmware.com/support/phone_support.html.
Support Offerings
FindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds.Goto
http://www.vmware.com/support/services.
VMware Professional Services
VMwareEducationServicescoursesofferextensivehandsonlabs,casestudy
examples,andcoursematerialsdesignedtobeusedasonthejobreferencetools.
Coursesareavailableonsite,intheclassroom,andliveonline.Foronsitepilot
programs andimplementationbestpractices,VMwareConsultingServicesprovides
offeringsto helpyouassess,plan,build,andmanageyourvirtualenvironment.To
accessinformationabouteducationclasses,certificationprograms,andconsulting
services,gotohttp://www.vmware.com/services.
http://www.vmware.com/supporthttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/support/serviceshttp://www.vmware.com/services/http://www.vmware.com/support/serviceshttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/supporthttp://www.vmware.com/services/ -
8/14/2019 Vi3!35!25 u2 3i Server Config
12/214
ESX Server 3i Configuration Guide
12 VMware, Inc.
-
8/14/2019 Vi3!35!25 u2 3i Server Config
13/214
VMware, Inc. 13
1
TheESXServer3iConfigurationGuidedescribesthetasksyouneedtocompleteto
configureESXServer3ihostnetworking,storage,andsecurity.Inaddition,itprovides
overviews,recommendations,andconceptualdiscussionstohelpyouunderstand
thesetasksandhowtodeployanESXServer3ihosttomeetyourneeds.BeforeusingtheinformationintheESXServer3iConfigurationGuide,readtheIntroductiontoVMware
Infrastructureforanoverviewofsystemarchitectureandthephysicalandvirtual
devicesthatmakeupaVMwareInfrastructuresystem.
Thisintroductionsummarizesthecontentsofthisguidesothatyoucanfindthe
informationyouneed.Thisguidecoversthesesubjects:
ESXServer
3i
network
configurations
ESXServer3istorageconfigurations
ESXServer3isecurityfeatures
Introduction
1
-
8/14/2019 Vi3!35!25 u2 3i Server Config
14/214
ESX Server 3i Configuration Guide
14 VMware, Inc.
Networking
TheESXServer3inetworkingchaptersprovideyouwithaconceptualunderstanding
ofphysicalandvirtualnetworkconcepts,adescriptionofthebasictasksyouneedtocompletetoconfigureyourESXServer3ihostsnetworkconnections,andadiscussion
ofadvancednetworkingtopicsandtasks.Thenetworkingsectioncontainsthe
followingchapters:
NetworkingIntroducesyoutonetworkconceptsandguidesyouthroughthe
mostcommontasksyouneedtocompletewhensettingupthenetworkforthe
ESX Server3ihost.
AdvancedNetworkingCoversadvancednetworkingtaskssuchassettingup
MACaddresses,editingvirtualswitchesandports,andDNSrouting.Inaddition,
itprovidestipsonmakingyournetworkconfigurationmoreefficient.
Storage
TheESXServer3istoragechaptersprovideyouwithabasicunderstandingofstorage,
adescriptionofthebasictasksyouperformtoconfigureandmanageyour
ESX Server 3ihostsstorage,andadiscussionofhowtosetuprawdevicemapping.The
storagesectioncontainsthefollowingchapters:
IntroductiontoStorageIntroducesyoutothetypesofstoragedevicesyoucan
usetoconfigurestoragefortheESXServer3ihost.ItalsoaddressesVMFSandNFS
datastoresyoucandeployforyourstorageneeds.
ConfiguringStorage
Explains
how
to
configure
local
storage,
Fibre
Channel
storage,iSCSIstorage,andNASstorage.
ManagingStorageExplainshowtomanageexistingdatastoresandthefile
systemsthatcomprisedatastores.
RawDeviceMappingDiscussesrawdevicemapping,howtoconfigurethistype
ofstorage,andhowtomanagerawdevicemappingsbysettingupmultipathing,
failover,andsoforth.
-
8/14/2019 Vi3!35!25 u2 3i Server Config
15/214
VMware, Inc. 15
Chapter 1 Introduction
Security
TheESXServer3isecuritychaptersdiscusssafeguardsVMwarehasbuiltinto
ESX Server3iandmeasuresyoucantaketoprotectyourESXServer3ihostfromsecuritythreats.Thesemeasuresincludeusingfirewalls,leveragingthesecurity
featuresofvirtualswitches,andsettingupuserauthentication andpermissions.The
securitysectioncontainsthefollowingchapters:
SecurityforESXServer3iSystemsIntroducesyoutotheESXServer3ifeatures
thathelpyouensureasecureenvironmentforyourdataandgivesyouan
overviewofsystemdesignasitrelatestosecurity.
SecuringanESXServer3iConfigurationExplainshowtoconfigurefirewallports
forESXServer3ihostsandVMwareVirtualCenter,howtousevirtualswitches
andVLANstoensurenetworkisolationforvirtualmachines,andhowtosecure
iSCSIstorage.
AuthenticationandUserManagementDiscusseshowtosetupusers,groups,
permissions,androlestocontrolaccesstoESXServer3ihostsandVirtualCenter.
Italso
discusses
encryption
and
delegate
users.
SecurityDeploymentsandRecommendationsProvidessomesample
deploymentstogiveyouanideaoftheissuesyouneedtoconsiderwhensetting
upyourownESXServer3ideployment.Thischapteralsotellsyouaboutactions
youcantaketofurthersecurevirtualmachines.
-
8/14/2019 Vi3!35!25 u2 3i Server Config
16/214
ESX Server 3i Configuration Guide
16 VMware, Inc.
-
8/14/2019 Vi3!35!25 u2 3i Server Config
17/214
VMware, Inc. 17
Networking
-
8/14/2019 Vi3!35!25 u2 3i Server Config
18/214
ESX Server 3i Configuration Guide
18 VMware, Inc.
-
8/14/2019 Vi3!35!25 u2 3i Server Config
19/214
VMware, Inc. 19
2
ThischapterguidesyouthroughthebasicconceptsofnetworkingintheESX Server3i
environmentandhowtosetupandconfigureanetworkinavirtualinfrastructure
environment.
UsetheVMwareInfrastructureClient(VIClient)toaddnetworkingbasedontwo
categoriesthatreflectthetwotypesofnetworkservices:
Virtualmachines
VMkernel
Thischapterdiscussesthefollowingtopics:
NetworkingConcepts
on
page 20
NetworkServicesonpage 24
ViewingNetworkingInformationintheVI Clientonpage 24
VirtualNetworkConfigurationforVirtualMachinesonpage 26
VMkernelNetworkingConfigurationonpage 28
Networking
2
ESX S 3i C fi ti G id
-
8/14/2019 Vi3!35!25 u2 3i Server Config
20/214
ESX Server 3i Configuration Guide
20 VMware, Inc.
Networking Concepts
Afewconceptsareessentialtoathoroughunderstandingofvirtualnetworking.Ifyou
arenew
to
ESX
Server
3i,
VMware
recommends
you
read
this
section.
Concepts Overview
Aphysicalnetworkisanetworkofphysicalmachinesthatareconnectedsothattheycan
senddatatoandreceivedatafromeachother.VMwareESX Server3irunsonaphysical
machine.
Avirtual
network
is
anetwork
of
virtual
machines
running
on
asingle
physical
machine
thatareconnectedlogicallytoeachothersothattheycansenddatatoandreceivedata
fromeachother.Virtualmachinescanbeconnectedtothevirtualnetworksthatyou
createintheproceduretoaddanetwork.Eachvirtualnetworkisservicedbyasingle
virtualswitch.Avirtualnetworkcanbeconnectedtoaphysicalnetworkbyassociating
oneormorephysicalEthernetadapters,alsoreferredtoasuplinkadapters,withthe
virtualnetworksvirtualswitch.Ifnouplinkadaptersareassociatedwiththevirtual
switch,alltrafficonthevirtualnetworkisconfinedwithinthephysicalhostmachine.
Ifoneormoreuplinkadaptersareassociatedwiththevirtualswitch,virtualmachines
connectedtothatvirtualnetworkarealsoabletoaccessthephysicalnetworks
connectedtotheuplinkadapters.
AphysicalEthernetswitchmanagesnetworktrafficbetweenmachinesonthephysical
network.Aswitchhasmultipleports,eachofwhichcanbeconnectedtoasingleother
machineoranotherswitchonthenetwork.Eachportcanbeconfiguredtobehavein
certain
ways
depending
on
the
needs
of
the
machine
connected
to
it.
The
switch
learns
whichhostsareconnectedtowhichofitsportsandusesthatinformationtoforward
traffictothecorrectphysicalmachines.Switchesarethecoreofaphysicalnetwork.
Multipleswitchescanbeconnectedtogethertoformlargernetworks.
Avirtualswitch,vSwitch,worksmuchlikeaphysicalEthernetswitch.Itdetectswhich
virtualmachinesarelogicallyconnectedtoeachofitsvirtualportsandusesthat
informationtoforwardtraffictothecorrectvirtualmachines.AvSwitchcanbe
connectedto
physical
switches
using
physical
Ethernet
adapters,
also
referred
to
as
uplinkadapters,tojoinvirtualnetworkswithphysicalnetworks.Thistypeof
connectionissimilartoconnectingphysicalswitchestogethertocreatealarger
network.EventhoughavSwitchworksmuchlikeaphysicalswitch,itdoesnothave
someoftheadvancedfunctionalityofaphysicalswitch.SeeVirtualSwitcheson
page 21.
Chapter 2 Networking
-
8/14/2019 Vi3!35!25 u2 3i Server Config
21/214
VMware, Inc. 21
Chapter 2 Networking
Aportgroupspecifiesportconfigurationoptionssuchasbandwidthlimitationsand
VLANtaggingpoliciesforeachmemberport.NetworkservicesconnecttovSwitches
throughportgroups.PortgroupsdefinehowaconnectionismadethroughthevSwitch
tothenetwork.Intypicaluse,oneormoreportgroupsisassociatedwithasinglevSwitch.SeePortGroupsonpage 24.
NICteamingoccurswhenmultipleuplinkadaptersareassociatedwithasinglevSwitch
toformateam.Ateamcaneithersharetheloadoftrafficbetweenphysicalandvirtual
networksamongsomeorallofitsmembersorprovidepassivefailoverintheeventof
ahardwarefailureoranetworkoutage.
VLANsenable
asingle
physical
LAN
segment
to
be
further
segmented
so
that
groups
ofportsareisolatedfromoneanotherasiftheywereonphysicallydifferentsegments.
802.1Qisthestandard.
TheVMkernelTCP/IPnetworkingstackprovidesnetworkconnectivityforan
ESX Server 3ihostandsupportsiSCSI,NFS,andVMotion.Virtualmachinesruntheir
ownsystemsTCP/IPstacks,andconnecttotheVMkernelattheEthernetlevelthrough
virtualswitches.
TCPsegmentationoffload,TSO,allowsaTCP/IPstacktoemitverylargeframes(upto
64k)eventhoughthemaximumtransmissionunit(MTU)oftheinterfaceissmaller.The
networkadapterthenchopsthelargeframeupintoMTUsizedframesandprepends
anadjustedcopyoftheinitialTCP/IPheaders.SeeTCPSegmentationOffloadand
JumboFramesonpage 44.
MigrationwithVMotionenablesapoweredonvirtualmachinetobetransferredfrom
oneESX Server3ihosttoanotherwithoutshuttingdownthevirtualmachine.
The optionalVMotionfeaturerequiresitsownlicensekey.
Virtual Switches
VMwareInfrastructureletsyou,throughtheVMwareInfrastructureClientordirectSDKAPIs,createabstractednetworkdevicescalledvirtualswitches(vSwitches).A
vSwitchcanroutetrafficinternallybetweenvirtualmachinesandlinktoexternal
networks.
NOTE ThenetworkingchapterscoverhowtosetupnetworkingforiSCSIandNFS.
To configurethestorageportionofiSCSIandNFS,seethestoragechapters.
NOTE Youcancreateamaximumof127vSwitchesonasinglehost.
ESX Server 3i Configuration Guide
-
8/14/2019 Vi3!35!25 u2 3i Server Config
22/214
ESX Server 3i Configuration Guide
22 VMware, Inc.
Usevirtualswitchestocombinethebandwidthofmultiplenetworkadaptersand
balancecommunicationstrafficamongthem.Youcanalsoconfigurethemtohandle
physicalNICfailover.
AvSwitchmodelsaphysicalEthernetswitch.Thedefaultnumberoflogicalportsfora
vSwitchis56.However,youcancreateavSwitchwithupto1016portsinESX Server 3i.
Youcanconnectonenetworkadapterofavirtualmachinetoeachport.Eachuplink
adapterassociatedwithavSwitchusesoneport.EachlogicalportonthevSwitchisa
memberofasingleportgroup.EachvSwitchcanalsohaveoneormoreportgroups
assignedtoit.SeePortGroupsonpage 24.
Beforeyou
can
configure
virtual
machines
to
access
anetwork,
you
must
take
the
followingsteps:
1 CreateavSwitchandconfigureittoconnecttothephysicaladapter(s)onthehost
forthephysicalnetwork.
2 CreateavirtualmachineportgroupconnectedtothatvSwitchandgiveitaname
bywhichitwillbereferencedduringvirtualmachineconfiguration.
Whentwo
or
more
virtual
machines
are
connected
to
the
same
vSwitch,
network
traffic
betweenthemisroutedlocally.IfanuplinkadapterisattachedtothevSwitch,each
virtualmachinecanaccesstheexternalnetworkthattheadapterisconnectedtoas
showninFigure 21.
Figure 2-1. Virtual Switch Connections
IntheVI Client,thedetailsfortheselectedvSwitcharepresentedasaninteractive
diagramasshowninFigure 22.ThemostimportantinformationforeachvSwitchisalwaysvisible.
-
8/14/2019 Vi3!35!25 u2 3i Server Config
23/214
ESX Server 3i Configuration Guide
-
8/14/2019 Vi3!35!25 u2 3i Server Config
24/214
24 VMware, Inc.
Port Groups
Portgroupsaggregatemultipleportsunderacommonconfigurationandprovidea
stableanchor
point
for
virtual
machines
connecting
to
labeled
networks.
Each
port
groupisidentifiedbyanetworklabel,whichisuniquetothecurrenthost.
AVLANID,whichrestrictsportgrouptraffictoalogicalEthernetsegmentwithinthe
physicalnetwork,isoptional.
Networklabels
are
used
to
make
virtual
machine
configuration
portable
across
hosts.
Allportgroupsinadatacenterthatarephysicallyconnectedtothesamenetwork
(in thesensethateachcanreceivebroadcastsfromtheothers)shouldbegiventhesame
label.Conversely,iftwoportgroupscannotreceivebroadcastsfromeachother,they
shouldbegivendistinctlabels.
IfyouuseVLANIDs,youwillneedtochangeportgrouplabelsandVLANIDs
togethersothatthelabelsstillproperlyrepresentconnectivity.
Network Services
YouneedtoenabletwotypesofnetworkservicesinESX Server 3i:
Connectingvirtualmachinestothephysicalnetwork
ConnectingVMkernelservices(suchasNFS,iSCSI,orVMotion)tothephysical
network
Viewing Networking Information in the VI Client
TheVIClientdisplaysbothgeneralnetworkinginformationandinformationspecific
tonetworkadapters.
To view general networking information in the VI Client
1 LogontotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
2 ClicktheConfigurationtab,andclickNetworking.
NOTE Youcancreateamaximumof512portgroupsonasinglehost.
NOTE ForaportgrouptoreachportgroupslocatedonotherVLANs,youmustsetthe
VLANIDto4095.
Chapter 2 Networking
-
8/14/2019 Vi3!35!25 u2 3i Server Config
25/214
VMware, Inc. 25
Figure 2-4. General Networking Information
To view network adapter information in the VI Client
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworkAdapters.
Thenetworkadapterspaneldisplaysthefollowinginformation:
DeviceNameofthenetworkadapter
SpeedActualspeedandduplexofthenetworkadapter
ConfiguredConfiguredspeedandduplexofthenetworkadapter
vSwitchvSwitchthatthenetworkadapterisassociatedwith
ObservedIPrangesIPaddressesthatthenetworkadapterhasaccessto
WakeonLANsupportedNetworkadapterabilitytosupportWakeonLAN
IP address
vSwitch
VM network properties pop-up window
network adapterport group
ESX Server 3i Configuration Guide
-
8/14/2019 Vi3!35!25 u2 3i Server Config
26/214
26 VMware, Inc.
Virtual Network Configuration for Virtual Machines
TheVI ClientAddNetworkWizardstepsyouthroughthetaskstocreateavirtual
networkto
which
virtual
machines
can
connect.
These
tasks
include:
Settingtheconnectiontypeforavirtualmachine
AddingthevirtualnetworktoaneworanexistingvSwitch
ConfiguringtheconnectionsettingsforthenetworklabelandtheVLANID
Forinformationonconfiguringnetworkconnectionsforanindividualvirtualmachine,
seetheBasicSystemAdministrationGuide.
Whensettingupvirtualmachinenetworks,considerwhetheryouwanttomigratethe
virtualmachinesinthenetworkbetweenESXServer3ihosts.Ifso,besurethatboth
hostsareinthesamebroadcastdomainthatis,thesameLayer2subnet.
ESXServer3idoesntsupportvirtualmachinemigrationbetweenhostsindifferent
broadcastdomainsbecausethemigratedvirtualmachinemightrequiresystemsand
resourcesthatitwouldnolongerhaveaccesstobyvirtueofbeingmovedtoaseparate
network.Evenifyournetworkconfigurationissetupasahighavailabilityenvironmentorincludesintelligentswitchescapableofresolvingthevirtualmachines
needsacrossdifferentnetworks,youmayexperiencelagtimesastheARPtable
updatesandresumesnetworktrafficforthevirtualmachines.
Virtualmachinesreachphysicalnetworksthroughuplinkadapters.AvSwitchisable
totransferdataonlytoexternalnetworkswhenoneormorenetworkadaptersare
attachedtoit.WhentwoormoreadaptersareattachedtoasinglevSwitch,theyare
transparentlyteamed.
Chapter 2 Networking
-
8/14/2019 Vi3!35!25 u2 3i Server Config
27/214
VMware, Inc. 27
To create or add a virtual network for a virtual machine
1 LogontotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
Virtualswitchesarepresentedinanoverviewplusdetailslayout.
3 Ontherightsideofthescreen,clickAddNetworking.
TheAddNetworkWizardappears.
4 Acceptthedefaultconnectiontype,VirtualMachines.
VirtualMachinesletsyouaddalabelednetworktohandlevirtualmachine
networktraffic.
5 ClickNext.
6 SelectCreateavirtualswitch.
YoucancreateanewvSwitchwithorwithoutEthernetadapters.
IfyoucreateavSwitchwithoutphysicalnetworkadapters,alltrafficonthat
vSwitchisconfinedtothatvSwitch.Nootherhostsonthephysicalnetworkor
virtualmachinesonothervSwitcheswillbeabletosendorreceivetrafficoverthis
vSwitch.
ChangesappearinthePreviewpane.
NOTE TheAddNetworkWizardisreusedfornewportsandportgroups.
ESX Server 3i Configuration Guide
-
8/14/2019 Vi3!35!25 u2 3i Server Config
28/214
28 VMware, Inc.
7 ClickNext.
8 UnderPortGroupProperties,enteranetworklabelthatidentifiestheportgroup
thatyouarecreating.
Usenetworklabelstoidentifymigrationcompatibleconnectionscommontotwo
ormorehosts.
9 IfyouareusingaVLAN,intheVLANIDfield,enteranumberbetween
1 and 4094.
Ifyouareunsureaboutwhattoenter,leavethisblankoraskyournetwork
administrator.Ifyouenter0orleavethefieldblank,theportgroupcanseeonlyuntagged
(nonVLAN)traffic.Ifyouenter4095,theportgroupcanseetrafficonanyVLAN
whileleavingtheVLANtagsintact.
10 ClickNext.
11 AfteryoudeterminethatthevSwitchisconfiguredcorrectly,clickFinish.
VMkernel Networking Configuration
InESX Server 3i,theVMkernelnetworkinginterfaceprovidesnetworkconnectivityfor
theESX Server 3ihostaswellashandlingVMotionandIPstorage.
Movingavirtualmachinefromonehosttoanotheriscalledmigration.Migratinga
poweredonvirtualmachineiscalledVMotion.MigrationwithVMotion,letsyou
migratevirtualmachineswithnodowntime.YourVMkernelnetworkingstackmustbe
setupproperlytoaccommodateVMotion.
IPStoragereferstoanyformofstoragethatusesTCP/IPnetworkcommunicationasits
foundation,whichincludesiSCSIandNFSforESX Server3i.Becausebothofthese
storagetypesarenetworkbased,bothtypescanusethesameVMkernelinterfaceport
group.
ThenetworkservicesprovidedbytheVMkernel(iSCSI,NFS,andVMotion)usea
TCP/IPstackintheVMkernel.EachoftheseTCP/IPstacksaccessesvariousnetworks
byattachingtooneormoreportgroupsononeormorevSwitches.
NOTE Toenablefailover(NICteaming),bindtwoormoreadapterstothesame
switch.Ifoneuplinkadapterisnotoperational,networktrafficisroutedtoanother
adapterattachedtotheswitch.NICteamingrequiresbothEthernetdevicestobe
onthesameEthernetbroadcastdomain.
Chapter 2 Networking
-
8/14/2019 Vi3!35!25 u2 3i Server Config
29/214
VMware, Inc. 29
TCP/IP Stack at the VMkernel Level
TheVMwareVMkernelTCP/IPnetworkingstackhasbeenextendedtohandleiSCSI,
NFS,
and
VMotion
in
the
following
ways: iSCSIasavirtualmachinedatastore.
iSCSIforthedirectmountingof.ISOfiles,whicharepresentedasCDROMsto
virtualmachines.
NFSasavirtualmachinedatastore.
NFSforthedirectmountingof.ISOfiles,whicharepresentedasCDROMsto
virtualmachines.
MigrationwithVMotion.
To set up the VMkernel
1 Logon
to
the
VMware
VI Client
and
select
the
server
from
the
inventory
panel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
3 ClicktheAddNetworkinglink.
TheAddNetworkWizardappears.
4 SelectVMkernel
and
click
Next.
TheNetworkAccesspageappears.
5 SelectthevSwitchtouse,orclickCreateavirtualswitchtocreateanewvSwitch.
6 SelectthecheckboxesforthenetworkadaptersyourvSwitchwilluse.
YourchoicesappearinthePreviewpane.
Selectadapters
for
each
vSwitch
so
that
virtual
machines
or
other
services
that
connectthroughtheadaptercanreachthecorrectEthernetsegment.Ifnoadapters
appearunderCreateanewvirtualswitch,allthenetworkadaptersinthesystem
arebeingusedbyexistingvSwitches.YoucaneithercreateanewvSwitchwithout
anetworkadapterorselectanetworkadapterusedbyanexistingvSwitch.
ForinformationonmovingnetworkadaptersbetweenvSwitches,seeToadd
uplinkadaptersonpage 33.
NOTE ESXServer3isupportsonlyNFSversion3overTCP/IP.
ESX Server 3i Configuration Guide
-
8/14/2019 Vi3!35!25 u2 3i Server Config
30/214
30 VMware, Inc.
7 ClickNext.
TheConnectionSettingspageappears.
8 UnderPort
Group
Properties,
select
or
enter
anetwork
label
and
aVLAN
ID.
NetworkLabelAnamethatidentifiestheportgroupthatyouarecreating.
Thisisthelabelthatyouspecifywhenconfiguringavirtualadaptertobe
attachedtothisportgroup,whenyouconfigureVMkernelservices,suchas
VMotionandIPstorage.
VLANIDIdentifiestheVLANthattheportgroupsnetworktrafficwill
use.
9 SelecttheUsethisportgroupforVMotioncheckboxtoenablethisportgroupto
advertiseitselftoanotherESX Server3iasthenetworkconnectionwhereVMotion
trafficshouldbesent.
YoucanenablethispropertyforonlyoneVMotionandIPstorageportgroupfor
eachESX Server 3ihost.Ifthispropertyisnotenabledforanyportgroup,
migrationwithVMotiontothishostisnotpossible.
10 EntertheIPAddressandSubnetMask,orselectObtainIPsettingautomatically
fortheIPaddressandsubnetmask.
11 ClickEdittosettheVMkernelDefaultGateway.
TheDNSandRoutingConfigurationdialogboxappears.UndertheDNS
Configurationtab,thenameofthehostisenteredintothenamefieldbydefault.
TheDNS
server
addresses
that
were
specified
during
installation
are
also
preselectedasisthedomain.
UndertheRoutingtab,entergatewayinformationfortheVMkernel.Agatewayis
neededifconnectivitytomachinesnotonthesameIPsubnetastheVMkernel.
StaticIPsettingsisthedefault.
12 ClickOKtosaveyourchangesandclosetheDNSConfigurationandRouting
dialogbox.
13 ClickNext.
14 UsetheBackbuttontomakeanychanges.
15 ReviewyourchangesontheReadytoCompletepageandclickFinish.
-
8/14/2019 Vi3!35!25 u2 3i Server Config
31/214
VMware, Inc. 31
3
ThischapterguidesyouthroughadvancednetworkingtopicsinanESX Server 3i
environmentandhowtosetupandchangeadvancednetworkingconfiguration
options.
Thischapterdiscussesthefollowingtopics:
VirtualSwitchConfigurationonpage 32
PortGroupConfigurationonpage 42
DNSandRoutingonpage 43
TCPSegmentationOffloadandJumboFramesonpage 44
ToenableJumboFramesupportonavirtualmachineonpage 45
NetQueueandNetworkingPerformanceonpage 46
SettingUpMACAddressesonpage 48
NetworkingTipsandBestPracticesonpage 50
NetworkingTroubleshootingonpage 52
Advanced Networking 3
ESX Server 3i Configuration Guide
-
8/14/2019 Vi3!35!25 u2 3i Server Config
32/214
32 VMware, Inc.
Virtual Switch Configuration
Thissectionguidesyouthroughconfiguringvirtualswitchpropertiesandnetworking
policiesset
at
the
virtual
switch
level.
Virtual Switch Properties
VirtualswitchsettingscontrolvSwitchwidedefaultsforports,whichcanbe
overriddenbyportgroupsettingsforeachvSwitch.
Editing Virtual Switch Properties
EditingvSwitchpropertiesconsistsof:
Configuringports
Configuringtheuplinknetworkadapters
To edit the number of ports for a vSwitch
1 LogintotheVMwareVI Client,andselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
3 Ontherightsideofthewindow,findthevSwitchthatyouwanttoedit,andclick
PropertiesforthatvSwitch.
4 ClickthePortstab.
5 SelectthevSwitchitemintheConfigurationlistandclickEdit.
6 ClicktheGeneraltabtosetthenumberofports.
7 Choosethenumberofportsyouwanttousefromthedropdownmenu.
8 ClickOK.
To configure the uplink network adapter by changing its speed
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtabandclickNetworking.
3 SelectavSwitchandclickProperties.
4 Inthe
vSwitch
Propertiesdialog
box,
click
the
Network
Adapterstab.
Chapter 3 Advanced Networking
-
8/14/2019 Vi3!35!25 u2 3i Server Config
33/214
VMware, Inc. 33
5 Tochangetheconfiguredspeedandduplexvalueofanetworkadapter,selectthe
networkadapterandclickEdit.
TheStatusdialogboxappears.ThedefaultisAutonegotiate,whichisusuallythe
correctchoice.
6 Toselecttheconnectionspeedmanually,selectthespeed/duplexfromthe
dropdownmenu.
Choosetheconnectionspeedmanuallyifthenetworkadapterandaphysical
switchmightfailtonegotiatetheproperconnectionspeed.Symptomsof
mismatchedspeedandduplexincludelowbandwidthornolinkconnectivityat
all.
Theadapterandthephysicalswitchportitisconnectedtomustbesettothesame
value,thatis,auto/autoorND/NDwhereNDissomespeedandduplex,butnot
auto/ND.
7 ClickOK.
To add uplink adapters
1 LogintotheVMwareVI Client,andselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
3 SelectavSwitchandclickProperties.
4 InthePropertiesdialogboxforthevSwitch,clicktheNetworkAdapterstab.
5 ClickAddtolaunchtheAddAdapterWizard.
YoucanassociatemultipleadapterstoasinglevSwitchtoprovideNICteaming.
Suchateamcansharetrafficandprovidefailover.
6 SelectoneormoreadaptersfromthelistandclickNext.
CAUTION MisconfigurationcanresultinthelossoftheVIClientabilitytoconnect
tothehost.
ESX Server 3i Configuration Guide
-
8/14/2019 Vi3!35!25 u2 3i Server Config
34/214
34 VMware, Inc.
7 Toorderthenetworkadapters,selectanetworkadapterandclickthebuttonsto
moveitupordownintothecategory(ActiveorStandby)thatyouwant.
ActiveAdaptersAdapterscurrentlyusedbythevSwitch.
StandbyAdaptersAdaptersthatbecomeactiveifoneormoreoftheactive
adaptersshouldfail.
8 ClickNext.
9 Reviewtheinformation,usetheBackbuttontochangeanyentries,andclick
FinishtoleavetheAddAdapterWizard.
Thelistofnetworkadaptersreappears,showingthoseadaptersnowclaimedbythevSwitch.
10 ClickClose
TheNetworkingsectionintheConfigurationtabshowsthenetworkadaptersin
theirdesignatedorderandcategories.
Chapter 3 Advanced Networking
-
8/14/2019 Vi3!35!25 u2 3i Server Config
35/214
VMware, Inc. 35
Cisco Discovery Protocol
CiscoDiscoveryProtocol(CDP)allowsESXServer 3iadministratorstodetermine
whichCiscoswitchportisconnectedtoagivenvSwitch.WhenCDPisenabledfora
particularvSwitch,youcanviewpropertiesoftheCiscoswitch(suchasdeviceID,
softwareversion,andtimeout)fromtheVIClient.
InESX Server 3i,CDPissettolisten,whichmeansthatESXServer 3idetectsand
displaysinformationabouttheassociatedCiscoswitchport,butinformationaboutthe
vSwitchisnotavailabletotheCiscoswitchadministrator.
To view Cisco switch information from the VI Client
1 LogintotheVMwareVI Client,andselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtabandclickNetworking.
ESX Server 3i Configuration Guide
-
8/14/2019 Vi3!35!25 u2 3i Server Config
36/214
36 VMware, Inc.
3 ClicktheinfoicontotherightofthevSwitch.
Virtual Switch Policies
YoucanapplyasetofvSwitchwidepoliciesbyselectingthevSwitchatthetopofthe
PortstabandclickingEdit.
Tooverrideanyofthesesettingsforaportgroup,selectthatportgroupandclickEdit.
AnychangestothevSwitchwideconfigurationareappliedtoanyoftheportgroups
onthatvSwitchexceptforthoseconfigurationoptionsthathavebeenoverriddenbythe
portgroup.
Chapter 3 Advanced Networking
Th S h l f
-
8/14/2019 Vi3!35!25 u2 3i Server Config
37/214
VMware, Inc. 37
ThevSwitchpoliciesconsistof:
Layer2Securitypolicy
Traffic
Shaping
policy
LoadBalancingandFailoverpolicy
Layer 2 Security Policy
Layer2isthedatalinklayer.ThethreeelementsoftheLayer2Securitypolicyare
PromiscuousMode,MACAddressChanges,andForgedTransmits.
Innon
promiscuous
mode,
aguest
adapter
listens
to
traffic
only
on
its
own
MAC
address.Inpromiscuousmode,itcanlistentoallthepackets.Bydefault,guestadapters
aresettononpromiscuousmode.
SeeSecuringVirtualSwitchPortsonpage 155.
To edit the Layer 2 Security policy
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtabandclickNetworking.
3 ClickPropertiesforthevSwitchwhoseLayer2Securitypolicyyouwanttoedit.
4 InthePropertiesdialogboxforthevSwitch,clickthePortstab.
5 SelectthevSwitchitemandclickEdit.
6 InthePropertiesdialogboxforthevSwitch,clicktheSecuritytab.
Bydefault,PromiscuousModeissettoReject,MACAddressChanges,and
ForcedTransmitsaresettoAccept.
ThepolicyhereappliestoallvirtualadaptersonthevSwitchexceptwheretheport
groupforthevirtualadapterspecifiesapolicyexception.
7 InthePolicyExceptionspane,selectwhethertorejectoraccepttheLayer2Security
policyexceptions:
PromiscuousMode
RejectHasnoeffectonwhichframesarereceivedbytheadapter.
AcceptCausestheadaptertodetectallframespassedonthevSwitch
thatareallowedundertheVLANpolicyfortheportgroupthatthe
adapterisconnectedto.
ESX Server 3i Configuration Guide
MACAdd Ch
-
8/14/2019 Vi3!35!25 u2 3i Server Config
38/214
38 VMware, Inc.
MACAddressChanges
RejectIfyousettoRejectandtheguestoperatingsystemchangesthe
MACaddressoftheadaptertoanythingotherthanwhatisinthe.vmx
configurationfile,allinboundframesaredropped.
IftheGuestOSchangestheMACaddressbacktomatchtheMAC
addressinthe.vmx configurationfile,inboundframeswillbepassed
again.
AcceptChangingtheMACaddressfromtheGuestOShasthe
intendedeffect:framestothenewMACaddressarereceived.
ForgedTransmits
RejectAnyoutboundframewithasourceMACaddressthatis
differentfromtheonesetontheadapteraredropped.
AcceptNofilteringisperformedandalloutboundframesarepassed.
8 ClickOK.
Traffic Shaping Policy
ESX Server 3ishapestrafficbyestablishingparametersforthreeoutboundtraffic
characteristics:AverageBandwidth,BurstSize,andPeakBandwidth.Youcanset
valuesforthesecharacteristicsthroughtheVI Client,establishingatrafficshaping
policyforeachportgroup.
AverageBandwidthestablishesthenumberofbitspersecondtoallowacrossthe
vSwitchaveragedovertimetheallowedaverageload.
BurstSizeestablishesthemaximumnumberofbytestoallowinaburst.Ifaburst
exceedstheburstsizeparameter,excesspacketsarequeuedforlatertransmission.
Ifthequeueisfull,thepacketsaredropped.Whenyouspecifyvaluesforthesetwo
characteristics,youindicatewhatyouexpectthevSwitchtohandleduringnormal
operation.
Peak
Bandwidthis
the
maximum
bandwidth
the
vSwitch
can
absorb
without
droppingpackets.Iftrafficexceedsthepeakbandwidthyouestablish,excess
packetsarequeuedforlatertransmissionaftertrafficontheconnectionhas
returnedtotheaverageandthereareenoughsparecyclestohandlethequeued
packets.Ifthequeueisfull,thepacketsaredropped.Evenifyouhavespare
bandwidthbecausetheconnectionhasbeenidle,thepeakbandwidthparameter
limitstransmissiontonomorethanpeakuntiltrafficreturnstotheallowed
averageload.
Chapter 3 Advanced Networking
To edit the Traffic Shaping policy
-
8/14/2019 Vi3!35!25 u2 3i Server Config
39/214
VMware, Inc. 39
To edit the Traffic Shaping policy
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardware
configuration
page
for
this
server
appears.
2 ClicktheConfigurationtabandclickNetworking.
3 SelectavSwitchandclickProperties.
4 InthevSwitchPropertiesdialogbox,clickthePortstab.
5 SelectthevSwitchandclickEdit.
TheProperties
dialog
box
for
the
selected
vSwitch
appears.
6 ClicktheTrafficShapingtab.
ThePolicyExceptionspaneappears.Youcanselectivelyoverrideall
trafficshapingfeaturesattheportgroupleveliftrafficshapingisenabled.
Thesearethepoliciestowhichtheperportgroupexceptionsareapplied.
Thepolicyhereisappliedtoeachvirtualadapterattachedtotheportgroup,notto
thevSwitchasawhole.
StatusIfyouenablethepolicyexceptionintheStatusfield,youaresetting
limitsontheamountofnetworkingbandwidthallocationeachvirtualadapter
associatedwiththisparticularportgroup.Ifyoudisablethepolicy,serviceswill
haveafree,clearconnectiontothephysicalnetworkbydefault.
Theremainingfieldsdefinenetworktrafficparameters:
AverageBandwidthAvaluemeasuredoveraparticularperiodoftime.
PeakBandwidthAvaluethatisthemaximumbandwidthallowedandthat
canneverbesmallerthanaveragebandwidth.Thisparameterlimitsthe
maximumbandwidthduringaburst.
BurstSizeAvaluespecifyinghowlargeaburstcanbeinkilobytes(KB).
Thisparametercontrolstheamountofdatathatcanbesentinoneburstwhile
exceedingtheaveragerate.
ESX Server 3i Configuration Guide
Load Balancing and Failover Policy
-
8/14/2019 Vi3!35!25 u2 3i Server Config
40/214
40 VMware, Inc.
Load Balancing and Failover Policy
LoadBalancingandFailoverpoliciesletyoudeterminehownetworktrafficis
distributedbetweenadaptersandhowtoreroutetrafficintheeventofanadapter
failurebyconfiguringthefollowingparameters:
LoadBalancingpolicy
TheLoadBalancingpolicydetermineshowoutgoingtrafficisdistributedamong
thenetworkadaptersassignedtoavSwitch.
FailoverDetection:LinkStatus/BeaconProbing
NetworkAdapterOrder(Active/Standby)
To edit the failover and load balancing policy
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtabandclickNetworking.
3 SelectavSwitchandclickEdit.
4 InthevSwitchPropertiesdialogbox,clickthePortstab.
5 ToedittheFailoverandLoadBalancingvaluesforthevSwitch,selectthevSwitch
itemandclickProperties.
ThePropertiesdialogboxforthevSwitchappears.
6 ClicktheNICTeamingtab.
ThePolicyExceptionsareaappears.Youcanoverridethefailoverorderattheport
grouplevel.Bydefault,newadaptersareactiveforallpolicies.Newadapterscarry
trafficforthevSwitchanditsportgroupunlessyouspecifyotherwise.
7 InthePolicyExceptionspane:
LoadBalancingSpecifyhowtochooseanuplink.
RoutebasedontheoriginatingportIDChooseanuplinkbasedonthe
virtualportwherethetrafficenteredthevirtualswitch.
RoutebasedoniphashChooseanuplinkbasedonahashofthe
sourceand
destination
IP
addresses
of
each
packet.
For
non
IP
packets,
whateverisatthoseoffsetsisusedtocomputethehash.
NOTE IncomingtrafficiscontrolledbytheLoadBalancingpolicyonthephysical
switch.
Chapter 3 Advanced Networking
Route based on sourceMAC hash Choose an uplink based on a hash
-
8/14/2019 Vi3!35!25 u2 3i Server Config
41/214
VMware, Inc. 41
RoutebasedonsourceMAChash Chooseanuplinkbasedonahash
ofthesourceEthernet.
UseexplicitfailoverorderAlwaysusethehighestorderuplinkfrom
thelistofActiveadapterswhichpassesfailoverdetectioncriteria.
NetworkFailoverDetectionSpecifythemethodtouseforfailover
detection.
LinkStatus
onlyReliessolelyonthelinkstatusprovidedbythe
networkadapter.Thisdetectsfailures,suchascablepullsandphysical
switchpowerfailures,butnotconfigurationerrors,suchasaphysical
switchportbeingblockedbyspanningtreeormisconfiguredtothe
wrongVLANorcablepullsontheothersideofaphysicalswitch.
BeaconProbingSendsoutandlistensforbeaconprobesonallnetwork
adaptersintheteamandusesthisinformation,inadditiontolinkstatus,
todeterminelinkfailure.Thisdetectsmanyofthefailuresmentioned
abovethatarenotdetectedbylinkstatusalone.
NotifySwitchesSelectYesorNotonotifyswitchesinthecaseoffailover.
IfyouselectYes,wheneveravirtualnetworkadapterisconnectedtothe
vSwitchorwheneverthatvirtualnetworkadapterstrafficwouldberouted
overadifferentphysicalnetworkadapterintheteamduetoafailoverevent,
anotification
is
sent
out
over
the
network
to
update
the
lookup
tables
on
physicalswitches.Inalmostallcases,thisisdesirableforthelowestlatencyof
failoveroccurrencesandmigrationswithVMotion.
FailbackSelectYesorNotodisableorenablefailback.
Thisoptiondetermineshowaphysicaladapterisreturnedtoactivedutyafter
recoveringfromafailure.IffailbackissettoYes(default),theadapteris
returnedtoactivedutyimmediatelyuponrecovery,displacingthestandby
adapterthattookoveritsslot,ifany.IffailbackissettoNo,afailedadapteris
leftinactiveevenafterrecoveryuntilanothercurrentlyactiveadapterfails,
requiringitsreplacement.
NOTE IPbasedteamingrequiresthatthephysicalswitchbeconfiguredwith
etherchannel.Forallotheroptions,etherchannelshouldbedisabled.
NOTE Donotusethisoptionwhenthevirtualmachinesusingtheportgroup
areusingMicrosoftNetworkLoadBalancinginunicastmode.Nosuchissue
existswithNLBrunninginmulticastmode.
ESX Server 3i Configuration Guide
FailoverOrderSpecifyhowtodistributetheworkloadforadapters.Touse
-
8/14/2019 Vi3!35!25 u2 3i Server Config
42/214
42 VMware, Inc.
p y p
someadaptersbutreserveothersincasetheonesinusefail,setthiscondition
usingthedropdownmenutoplacethemintothetwogroups:
ActiveAdaptersContinuetouseitwhenthenetworkadapter
connectivityisupandactive.
StandbyAdaptersUsethisadapterifoneoftheactiveadapters
connectivityisdown.
UnusedAdaptersArenotused.
Port Group ConfigurationYoucanchangethefollowingportgroupconfigurations:
Portgroupproperties
Labelednetworkpolicies
To edit port group properties
1 LogintotheVMwareVI Client,andselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtabandclickNetworking.
3 Ontherightsideofthewindow,clickPropertiesforanetwork.
ThevSwitchPropertiesdialogboxappears.
4 ClickthePortstab.
5 SelecttheportgroupandclickEdit.
6 InthePropertiesdialogboxfortheportgroup,clicktheGeneraltabtochange:
NetworkLabelIdentifiestheportgroupthatyouarecreating.Specifythis
labelwhenconfiguringavirtualadaptertobeattachedtothisportgroup,
either
when
configuring
virtual
machines
or
VMkernel
services,
such
as
VMotionandIPstorage.
VLANIDIdentifiestheVLANthattheportgroupsnetworktrafficwill
use.
7 ClickOKtoexitthevSwitchPropertiesdialogbox.
Chapter 3 Advanced Networking
To override labeled network policies
-
8/14/2019 Vi3!35!25 u2 3i Server Config
43/214
VMware, Inc. 43
1 Tooverrideanyofthesesettingsforaparticularlabelednetwork,selectthe
network.
2 ClickEdit.
3 ClicktheSecuritytab.
4 Selectthecheckboxforthelabelednetworkpolicythatyouwanttooverride.
5 ClicktheTrafficShapingtab.
6 SelectthecheckboxtooverridetheenabledordisabledStatus.
7 ClicktheNICTeamingtab.
8 Selecttheassociatedcheckboxtooverridetheloadbalancingorfailoverorder
policies.
9 ClickOK.
DNS and RoutingConfigureDNSandroutingthroughtheVI Client.
To change the DNS and Routing configuration
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickDNSand
Routing.
3 Ontherightofthewindow,clickProperties.
4 IntheDNSConfigurationtab,entervaluesfortheNameandDomainfields.
5 ChoosetoeitherobtaintheDNSserveraddressoruseaDNSserveraddress.
6 Specifythedomainsinwhichtolookforhosts.
7 IntheRoutingtab,changedefaultgatewayinformationasneeded.
8 ClickOK.
ESX Server 3i Configuration Guide
TCP Segmentation Offload and Jumbo Frames
-
8/14/2019 Vi3!35!25 u2 3i Server Config
44/214
44 VMware, Inc.
g
TCPSegmentationOffload(TSO)andJumboFramesupportareaddedin
ESX Server 3i.JumboFramesmustbeenabledattheserverlevelusingtheRemoteCLI
toconfiguretheMTUsizeforeachvSwitch.TSOisenabledontheVMkernelinterface
bydefault,butmustbeenabledatthevirtualmachinelevel.
Enabling TSO
TSOsupportthroughtheEnhancedvmxnetnetworkadapterisavailableforvirtual
machinesrunningthefollowingguestoperatingsystems:
MicrosoftWindows2003EnterpriseEditionwithServicePack2(32bitand64bit)
RedHatEnterpriseLinux4(64bit)
RedHatEnterpriseLinux5(32bitand64bit)
SuSELinuxEnterpriseServer10(32bitand64bit)
ToenableTSOatthevirtualmachinelevel,youmustreplacetheexistingvmxnetor
FlexiblevirtualnetworkadapterswithEnhancedvmxnetvirtualnetworkadapters.ThismayresultinachangeintheMACaddressofthevirtualnetworkadapter.
To enable TSO support for a virtual machine
1 LogintotheVI Clientandselectthevirtualmachinefromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheSummarytab,andclickEdit
Settings.
3 SelectthenetworkadapterfromtheHardwarelist.
4 RecordthenetworksettingsandMACaddressthatthenetworkadapterisusing.
5 ClickRemovetoremovethenetworkadapterfromthevirtualmachine.
6 ClickAdd.
7 SelectEthernetAdapterandclickNext.
8 IntheAdapterTypegroup,selectEnhancedvmxnet.
9 SelectthenetworksettingandMACaddressthattheoldnetworkadapterwas
usingandclickNext.
10 ClickFinish.
Chapter 3 Advanced Networking
11 ClickOK.
-
8/14/2019 Vi3!35!25 u2 3i Server Config
45/214
VMware, Inc. 45
12 IfthevirtualmachineisnotsettoupgradeVMwareToolsateachpoweron,you
mustupgradeVMwareToolsmanually.SeetheBasicSystemAdministrationGuide.
TSOisenabledbydefaultonaVMkernelinterface.IfTSOgetsdisabledforaparticular
VMkernelinterface,theonlywaytoenableTSOistodeletethatVMkernelinterfaceand
recreateitwithTSOenabled.SeeVMkernelNetworkingConfiguration onpage 28.
Enabling Jumbo Frames
JumboFramesallowESXServer3itosendlargerframesoutontothephysicalnetwork.
ThenetworkmustsupportJumboFramesendtoendforJumboFramestobeeffective.JumboFramesupto9kB(9000Bytes)aresupported.JumboFramesarenotsupported
forVMkernelnetworkinginterfacesinESX Server 3i.
JumboFramesmustbeenabledforeachvSwitchthroughtheRemoteCLIonyour
ESX Server3ihostandforeachvirtualmachinebychoosingtheEnhancedvmxnet
networkadapterintheVIClient.BeforeenablingJumboFrames,checkwithyour
hardwarevendortoensureyourphysicalnetworkadaptersupportsJumboFrames.
To create a Jumbo Frames-enabled vSwitch
1 LogintoyourESXServer3iRemoteCLI.
TheRCLIrequiresloginverificationwitheachcommand.SeetheRemote
CommandLineInterfaceInstallationandReference.
2 Usetheesxcfg-vswitch -m commandtosettheMTUsize
forthevSwitch.
ThiscommandsetstheMTUforalluplinksonthatvSwitch.TheMTUsizeshould
besettothelargestMTUsizeamongallthevirtualnetworkadaptersconnectedto
thevSwitch.
3 Usetheesxcfg-vswitch -lcommandtodisplayalistofvSwitchesonthehost,
andcheckthattheconfigurationofthevSwitchiscorrect.
To enable Jumbo Frame support on a virtual machine
1 LogintotheVI Clientandselectthevirtualmachinefromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheSummarytab,andclickEdit
Settings.
NOTE ESXServer3supportsamaximumMTUsizeof9000.
ESX Server 3i Configuration Guide
3 SelectthenetworkadapterfromtheHardwarelist.
-
8/14/2019 Vi3!35!25 u2 3i Server Config
46/214
46 VMware, Inc.
4 RecordthenetworkandMACaddressthatthenetworkadapterisusing.
5 Click
Remove
to
remove
the
network
adapter
from
the
virtual
machine.6 ClickAdd.
7 SelectEthernetAdapterandclickNext.
8 IntheAdapterTypegroup,selectEnhancedvmxnet.
9 SelectthenetworkthattheoldnetworkadapterwasusingandclickNext.
10 ClickFinish.
11 SelectthenewnetworkadapterfromtheHardwarelist.
12 UnderMACAddress,selectManual,andentertheMACaddressthattheold
networkadapterwasusing.
13 ClickOK.
14 Insidetheguestoperatingsystem,configurethenetworkadaptertoallowJumbo
Frames.Seeyourguestoperatingsystemsdocumentationfordetails.
15 Configureallphysicalswitchesandanyphysicalorvirtualmachinestowhichthis
virtualmachineconnectstosupportJumboFrames.
NetQueue and Networking Performance
NetQueueinESXServer3itakesadvantageofthecapabilityofsomenetworkadapters
todelivernetworktraffictothesysteminmultiplereceivequeuesthatcanbeprocessed
separately.ThisallowsprocessingtobescaledtomultipleCPUs,improving
receivesizenetworkingperformance.
To enable NetQueue on an ESX Server 3i host
1 LogintotheVI Clientandselecttheserverfromtheinventorypanel.
2 Clickthe
Configuration
tab,
and
click
Advanced
Settings.
3 SelectVMkernel.
4 SelectVMkernel.Boot.netNetQueueEnable andclickOK.
Chapter 3 Advanced Networking
5 UsetheRemoteCommandLineInterfacetoconfigureyourNICdrivertouse
NetQueue
-
8/14/2019 Vi3!35!25 u2 3i Server Config
47/214
VMware, Inc. 47
NetQueue.
TheRCLIrequiresloginverificationwitheachcommand.SeetheRemote
CommandLine
Interface
Installation
and
Reference.
Ifyouareusingthes2ioNICdriver,usethevicfg-module -s
"intr_type=2 rx_ring_num=8" s2iocommandtosettheappropriate
parametersonthes2iomodule.
IfyouareusingtheixgbeNICdriver,usethevicfg-module -s
InterruptType=2 MQ=1 VMDQ=16 ixgbecommandtosettheappropriate
parameterson
the
ixgbe
module.
Forthirdpartydrivers,contactthethirdpartyvendorforappropriate
configurations.
6 ReboottheESXServer3ihost.
To disable NetQueue on an ESX Server 3i host
1 Log
in
to
the
VI Client
and
select
the
server
from
the
inventory
panel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickAdvancedSettings.
3 DeselectVMkernel.Boot.netNetQueueEnable andclickOK.
4 UsetheRemoteCommandLineInterfacetodisableNetQueueonyourNICdriver.
TheRCLI
requires
log
in
verification
with
each
command.
See
the
Remote
CommandLineInterfaceInstallationandReference.
5 Usethevicfg-module -s "" [module name]command.
Forexample,ifyouareusingthes2ioNICdriver,usevicfg-module -s "" s2io
6 ReboottheESXServer3ihost.
ESX Server 3i Configuration Guide
Setting Up MAC Addresses
-
8/14/2019 Vi3!35!25 u2 3i Server Config
48/214
48 VMware, Inc.
MACaddressesaregeneratedforvirtualnetworkadaptersusedbytheVMkerneland
virtualmachines.Inmostcases,theseMACaddressesareappropriate.However,you
mightneedtosetaMACaddressforavirtualnetworkadapterasinthefollowing
cases:
Virtualnetworkadaptersondifferentphysicalserverssharethesamesubnetand
areassignedthesameMACaddress,causingaconflict.
Youwanttoensurethatavirtualnetworkadapteralwayshasthesame
MAC address.
ThefollowingsectionsdescribehowMACaddressesaregeneratedandhowyoucan
settheMACaddressforavirtualnetworkadapter.
MAC Addresses Generation
Eachvirtualnetworkadapterinavirtualmachineisassigneditsownunique
MAC address.AMACaddressisasixbytenumber.Eachnetworkadapter
manufacturerisassignedauniquethreebyteprefixcalledanOUI(OrganizationallyUniqueIdentifier)thatitcanusetogenerateuniqueMACaddresses.
VMwarehasthreeOUIs:
OneforgeneratedMACaddresses.
OneformanuallysetMACaddresses.
One
that
was
used
for
pre
ESX
3
virtual
machines,
but
is
no
longer
used
with
ESX Server 3i.
ThefirstthreebytesoftheMACaddressthatisgeneratedforeachvirtualnetwork
adapterhavethisvalue.ThisMACaddressgenerationalgorithmproducestheother
threebytes.ThealgorithmguaranteesuniqueMACaddresseswithinamachineand
attemptstoprovideuniqueMACaddressesacrossmachines.
Thenetworkadaptersforeachvirtualmachineonthesamesubnetshouldhaveunique
MACaddresses.Otherwise,theycanbehaveunpredictably.Thealgorithmputsalimitonthenumberofrunningandsuspendedvirtualmachinesatanyonetimeonany
givenserver.Italsodoesnothandleallcaseswhenvirtualmachinesondistinct
physicalmachinesshareasubnet.
TheVMwareUniversallyUniqueIdentifier(UUID)generatesMACaddressesthatare
checkedforanyconflicts.ThegeneratedMACaddressesarecreatedusingthreeparts:
theVMwareOUI,theSMBIOSUUIDforthephysicalESX Server 3imachine,anda
hashbasedonthenameoftheentitythattheMACaddressisbeinggeneratedfor.
Chapter 3 Advanced Networking
AftertheMACaddresshasbeengenerated,itdoesnotchangeunlessthevirtual
machineismovedtoadifferentlocation,forexample,toadifferentpathonthesame
-
8/14/2019 Vi3!35!25 u2 3i Server Config
49/214
VMware, Inc. 49
, p , p
server.TheMACaddressintheconfigurationfileofthevirtualmachineissaved.
All MACaddressesthathavebeenassignedtonetworkadaptersofrunningand
suspendedvirtualmachinesonagivenphysicalmachinearetracked.
TheMACaddressofapoweredoffvirtualmachineisnotcheckedagainstthoseof
runningorsuspendedvirtualmachines.Itispossiblethatwhenavirtualmachineis
poweredonagain,itcanacquireadifferentMACaddress.Thisacquisitionisduetoa
conflictwithavirtualmachinethatwaspoweredonwhenthisvirtualmachinewas
poweredoff.
Setting MAC Addresses
Tocircumventthelimitof256virtualnetworkadaptersperphysicalmachineand
possibleMACaddressconflictsbetweenvirtualmachines,systemadministrators can
manuallyassignMACaddresses.VMwareusesthisOUIformanuallygenerated
addresses:00:50:56.
The
MAC
address
range
is00:50:56:00:00:00-00:50:56:3F:FF:FF
Youcansettheaddressesbyaddingthefollowinglinetoavirtualmachines
configurationfile:
ethernet .address = 00:50:56:XX:YY:ZZ
wherereferstothenumberoftheEthernetadapter,XX isavalid
hexadecimalnumberbetween00and3F,andYYandZZarevalidhexadecimalnumbersbetween00andFF.ThevalueforXXmustnotbegreaterthan3Ftoavoidconflictwith
MACaddressesthataregeneratedbytheVMwareWorkstationandVMwareServer
products.ThemaximumvalueforamanuallygeneratedMACaddressis
ethernet.address = 00:50:56:3F:FF:FF
Youmustalsosettheoptioninavirtualmachinesconfigurationfile:
ethernet.addressType="static"
BecauseVMwareESX Server 3ivirtualmachinesdonotsupportarbitrary
MAC addresses,theaboveformatmustbeused.Aslongasyouchooseauniquevalue
forXX:YY:ZZ amongyourhardcodedaddresses,conflictsbetweentheautomatically
assignedMACaddressesandthemanuallyassignedonesshouldneveroccur.
ESX Server 3i Configuration Guide
Using MAC Addresses
Y h d d i l hi i l NIC
-
8/14/2019 Vi3!35!25 u2 3i Server Config
50/214
50 VMware, Inc.
YoucanchangeapowereddownvirtualmachinesvirtualNICstouse
staticallyassignedMACaddressesusingtheVIClient.
To set up a MAC address
1 LogintotheVI Clientandselectthevirtualmachinefromtheinventorypanel.
2 ClicktheSummarytab,andclickEditSettings.
3 SelectthenetworkadapterfromtheHardwarelist.
4 In
the
MAC
Address
group,
select
Manual.5 EnterthedesiredstaticMACaddress,andclickOK.
Networking Tips and Best Practices
Thissectionprovidesinformationabout:
Networkingbestpractices
Networkingtips
Networking Best Practices
Considerthesebestpracticesforconfiguringyournetwork:
Separatenetworkservicesfromoneanothertoachievegreatersecurityorbetter
performance.
Ifyouwantaparticularsetofvirtualmachinestofunctionatthehighest
performancelevels,putthemonaseparatephysicalnetworkadapter.
This separationallowsforaportionofthetotalnetworkingworkloadtobemore
evenlysharedacrossmultipleCPUs.Theisolatedvirtualmachinesarethenmore
abletoservetrafficfromaWebclient,forinstance.
KeeptheVMotionconnectiononaseparatenetworkdevotedtoVMotion.
When migrationwithVMotionoccurs,thecontentsoftheguestoperatingsystemsmemoryaretransmittedoverthenetwork.YoucandothiseitherbyusingVLANs
tosegmentasinglephysicalnetworkorbyusingseparatephysicalnetworks
(the latterispreferable)
Chapter 3 Advanced Networking
Mounting NFS Volumes
In ESX Server 3i the model of how ESX Server 3i accesses NFS storage of ISO images
-
8/14/2019 Vi3!35!25 u2 3i Server Config
51/214
VMware, Inc. 51
InESX Server 3i,themodelofhowESX Server 3iaccessesNFSstorageofISOimages
thatareusedasvirtualCDROMsforvirtualmachinesisdifferentfromthemodelused
inESX Server2.x.
ESX Server 3ihassupportforVMkernelbasedNFSmounts.Thenewmodelisto
mountyourNFSvolumewiththeISOimagesthroughtheVMkernelNFSfunctionality.
AllNFSvolumesmountedinthiswayappearasdatastoresintheVI Client.Thevirtual
machineconfigurationeditorallowsyoutobrowsetheESXServerfilesystemforISO
imagestobeusedasvirtualCDROMdevices.
Networking Tips
Considerthefollowingnetworkhints:
Theeasiestwaytophysicallyseparatenetworkservicesandtodedicatea
particularsetofnetworkadapterstoaspecificnetworkserviceistocreatea
vSwitchforeachservice.Ifthisisnotpossible,theycanbeseparatedfromeach
otheronasinglevSwitchbyattachingthemtoportgroupswithdifferentVLAN
IDs.Ineithercase,confirmwithyournetworkadministratorthatthenetworksorVLANsyouchooseareisolatedintherestofyourenvironment,thatis,norouters
connectthem.
YoucanaddandremovenetworkadaptersfromthevSwitchwithoutaffectingthe
virtualmachinesorthenetworkservicethatisrunningbehindthatvSwitch.Ifyou
removedalltherunninghardware,thevirtualmachineswouldstillbeableto
communicateamongstthemselves.Moreover,ifyouleftonenetworkadapter
intact,allofthevirtualmachineswouldstillbeabletoconnectwiththephysicalnetwork.
Useportgroupswithdifferentsetsofactiveadaptersintheirteamingpolicyto
separatevirtualmachinesintogroups.Thesecanuseseparateadaptersaslongas
alladaptersareupbutstillfallbacktosharingintheeventofanetworkor
hardwarefailure.
Deployfirewalls
in
virtual
machines
that
route
between
virtual
networks
with
uplinkstophysicalnetworksandpurevirtualnetworkswithnouplinkstoprotect
yourmostsensitivevirtualmachines.
ESX Server 3i Configuration Guide
Networking Troubleshooting
Thi ti id th h t bl h ti t ki i
-
8/14/2019 Vi3!35!25 u2 3i Server Config
52/214
52 VMware, Inc.
Thissectionguidesyouthroughtroubleshootingcommonnetworkingissues.
Troubleshooting Physical Switch Configuration
Insomecases,youmightlosevSwitchconnectivitywhenafailoverorfailbackevent
occurs.ThiscausestheMACaddressesusedbyvirtualmachinesassociatedwiththat
vSwitchtoappearonadifferentswitchportthantheypreviouslydid.
Toavoidthisproblem,putyourphysicalswitchinportfastorportfasttrunkmode.
Troubleshooting Port Group Configuration
Changingthenameofaportgroupwhenvirtualmachinesarealreadyconnectedto
thatportgroupcausesthevirtualmachinesconfiguredtoconnecttothatportgroupto
haveinvalidnetworkconfiguration.
Theconnectionfromvirtualnetworkadapterstoportgroupsismadebyname,andthe
nameiswhatisstoredinthevirtualmachineconfiguration.Changingthenameofa
portgroupdoesnotcauseamassreconfigurationofallthevirtualmachinesconnectedtothatportgroup.Virtualmachinesthatarealreadypoweredonwillcontinueto
functionuntiltheyarepoweredoffbecausetheirconnectionstothenetworkhave
alreadybeenestablished.
Thebestprincipleistoavoidrenamingnetworksaftertheyareinuse.Afteryourename
aportgroup,youmustreconfigureeachassociatedvirtualmachineusingtheRemote
CLItoreflectthenewportgroupname.
-
8/14/2019 Vi3!35!25 u2 3i Server Config
53/214
VMware, Inc. 53
Storage
ESX Server 3i Configuration Guide
-
8/14/2019 Vi3!35!25 u2 3i Server Config
54/214
54 VMware, Inc.
4
-
8/14/2019 Vi3!35!25 u2 3i Server Config
55/214
VMware, Inc. 55
TheStoragesectioncontainsoverviewinformationaboutavailablestorageoptionsfor
ESXServer3iandexplainshowtoconfigureyourESXServer3isystemsoitcanuseand
managedifferenttypesofstorage.
Forinformation
on
specific
activities
that
astorage
administrator
might
need
to
performonastorageside,seetheFibreChannelSANConfigurationGuideandtheiSCSI
SANConfigurationGuide.
Thischaptercoversthefollowingtopics:
StorageOverviewonpage 56
TypesofPhysicalStorageonpage 56
SupportedStorageAdaptersonpage 59
Datastoresonpage 59
HowVirtualMachinesAccessStorageonpage 63
ComparingTypesofStorageonpage 64
ViewingStorageInformationintheVMwareInfrastructureClientonpage 65
ConfiguringandManagingStorageonpage 69
Introduction to Storage 4
ESX Server 3i Configuration Guide
Storage Overview
AnESXServer3ivirtualmachineusesavirtualharddisktostoreitsoperatingsystem,
-
8/14/2019 Vi3!35!25 u2 3i Server Config
56/214
56 VMware, Inc.
p g y ,
programfiles,andotherdataassociatedwithitsactivities.Avirtualdiskisalarge
physicalfile,orasetoffiles,thatcanbecopied,moved,archived,andbackedupaseasilyasanyotherfile.Tostorevirtualdiskfilesandbeabletomanipulatethefiles,
ESX Server3irequiresspecializeddedicatedstoragespace.
ESXServer3iusesstoragespaceonavarietyofphysicalstoragedevices,includingyour
hostsinternalandexternalstoragedevices,ornetworkedstoragedevices.Thestorage
deviceisaphysicaldiskordiskarraydedicatedtothespecifictasksofstoringand
protectingdata.
ESXServer3icandiscoverstoragedevicesithasaccesstoandformatthemas
datastores.Thedatastoreisaspeciallogicalcontainer,analogoustoafilesystemona
logicalvolume,whereESXServer3iplacesvirtualdiskfilesandotherfilesthat
encapsulateessentialcomponentsofavirtualmachine.Deployedondifferentdevices,
thedatastoreshidespecificsofeachstorageproductandprovideauniformmodelfor
storingvirtualmachinefiles.
UsingtheVIClient,youcansetupdatastoresinadvanceonanystoragedevicethatyourESXServer3idiscovers.
Tolearnhowtoaccessandconfigureyourstoragedevices,aswellashowtocreateand
managedatastores,seethefollowingchapters:
ConfiguringStorageonpage 71
ManagingStorageonpage 99
Afteryoucreatethedatastores,youcanusethemtostorevirtualmachinefiles.
For informationoncreatingvirtualmachines,seeBasicSystemAdministration.
Types of Physical Storage
ESXServer3istoragemanagementprocessstartswithastoragespacethatyourstorage
administratorpreallocatesondifferentstoragedevices.
ESXServer3isupportsthefollowingtypesofstoragedevices:
LocalStoresvirtualmachinefilesoninternalorexternalstoragedevicesorarrays
attachedtoyourESXServer3ihostthroughadirectconnection.
NetworkedStoresvirtualmachinefilesonexternalsharedstoragedevicesor
arrayslocatedoutsideofyourESXServer3ihost.Thehostcommunicateswiththe
networkeddevicesthroughahighspeednetwork.
Chapter 4 Introduction to Storage
Local Storage
LocalstoragedevicescanbeinternalharddiskslocatedinsideyourESXServer3ihost,
-
8/14/2019 Vi3!35!25 u2 3i Server Config
57/214
VMware, Inc. 57
orexternalstoragesystems,locatedoutsideandconnectedtothehostdirectly.
Localstoragedevicesdonotrequireastoragenetworktocommunicatewithyour
ESX Server3i.Allyouneedisacableconnectedtothestoragedeviceand,when
required,acompatibleHBAinyourESXServer3ihost.
Generally,youcanconnectmultipleESXServer3ihoststoasinglelocalstoragesystem.
Theactualnumberofhostsyouconnectvariesdependingonthetypeofstoragedevice
andtopologyyouuse.
Manystoragesystemssupportredundantconnectionpathstoensurefaulttolerance.Formoreinformationonmultipathing,seeManagingMultiplePathsonpage 103.
WhenmultipleESXServer3ihostsconnecttothelocalstorageunit,theyaccessstorage
LUNsintheunsharedmode.TheunsharedmodedoesnotpermitseveralESXServer 3i
hoststoaccessthesameVMFSdatastoreconcurrently.However,afewSASstorage
systemsoffersharedaccesstomultipleESXServer3ihosts.Thistypeofaccesspermits
multipleESXServer3ihoststoaccessthesameVMFSdatastoreonaLUN.SeeSharing
aVMFSVolumeAcrossESXServer3iSystemsonpage 62.
ESXServer3isupportsavarietyofinternalorexternallocalstoragedevices,including
SCSI,IDE,SATA,andSASstoragesystems.Nomatterwhichtypeofstorageyouuse,
ESXServer3ihidesaphysicalstoragelayerfromvirtualmachines.
Whensettingupyourlocalstorage,keepinmindthefollowing:
YoucannotuseIDE/ATAdrivestostorevirtualmachines.
UselocalSATAstorage,bothinternalandexternal,inunsharedmodeonly.
SATA storagedoesnotsupportsharingthesameLUNsand,therefore,thesame
VMFSdatastoreacrossmultipleESXServer3ihosts.
WhenusingSATAstorage,ensurethatyourSATAdrivesareconnectedthrough
supporteddualSATA/SAScontrollers.
Some
SAS
storage
systems
can
offer
shared
access
to
the
same
LUNs
(and, therefore,thesameVMFSdatastores)tomultipleESXServer3ihosts.For
information,seeStorage/SANCompatibilityGuideforESXServer3.xat
www.vmware.com/support/pubs/vi_pubs.html.
Forinformationonsupportedlocalstoragedevices,seeI/OCompatibilityGuideat
www.vmware.com/support/pubs/vi_pubs.html.
ESX Server 3i Configuration Guide
Networked Storage
Networkedstoragedevicesareexternalstoragedevices,orarrays,thatyour
ESX S 3i i l hi fil l Th ESX S 3i h
http://www.vmware.com/support/pubs/vi_pubs.htmlhttp://www.vmware.com/support/pubs/vi_pubs.htmlhttp://www.vmware.com/support/pubs/vi_pubs.htmlhttp://www.vmware.com/support/pubs/vi_pubs.html -
8/14/2019 Vi3!35!25 u2 3i Server Config
58/214
58 VMware, Inc.
ESX Server 3iusestostorevirtualmachinefilesremotely.TheESXServer3ihost
accessesthesedevicesoverahighspeednetwork.
ESXServer3isupportsthefollowingnetworkedstoragetechnologies:
FibreChannel(FC)SANStoresvirtualmachinefilesremotelyonanFCStorage
AreaNetwork(SAN).FCSANisaspecializedhighspeednetworkthatconnects
yourESXServer3ihoststohighperformancestoragedevices.Thenetworkuses
FibreChannelprotocoltotransportSCSItrafficfromvirtualmachinestotheFC
SANdevices.
ToconnecttotheFCSAN,yourESXServer3ihostshouldbeequippedwithFibre
Channelhostbusadapters(HBAs).Inaddition,yourhostrequiresFibreChannel
switchesthathelproutestoragetraffic.
InternetSCSI(iSCSI)SANStoresvirtualmachinefilesonremoteiSCSIstorage
devices.iSCSIpackagesSCSIstoragetrafficintotheTCP/IPprotocolsoitcantravel
throughstandardTCP/IPnetworksinsteadofthespecializedFCnetwork.With
iSCSIconnection,yourESXServer3ihostservesasinitiatorthatcommunicates
withatarget,locatedinremoteiSCSIstoragesystems.
ESXServer3ioffersthefollowingtypesofiSCSIconnection:
HardwareInitiatediSCSIYourESXServer3ihostconnectstostorage
throughaspecialthirdpartyHBAwiththeiSCSIoverTCP/IPcapability.
SoftwareInitiatediSCSIYourESXServer3iusesasoftwarebasediSCSI
codeintheVMkerneltoconnecttostorage.WiththistypeofiSCSIconnection,
yourhostneedsonlyastandardnetworkadapterfornetworkconnectivity.
NetworkAttachedStorage(NAS)Storesvirtualmachinefilesonremotefile
serversaccessedoverstandardTCP/IPnetwork.TheNFSclientbuiltinto
ESX Server3iusesthenetworkfilesystem(NFS)protocolversion3tocommunicate
withtheNAS/NFSservers.Fornetworkconnectivity,theESXServer3ihost
requiresastandardnetworkadapter.
Formoreinformationonsupportednetworkedstoragedevices,seeStorage/SAN
CompatibilityGuideatwww.vmware.com/pdf/vi3_san_guide.pdf.
Chapter 4 Introduction to Storage
Supported Storage Adapters
Dependingonthetypeofstorageavailabletoyou,yourESXServer3isystemmight
d d h id i i ifi d i k
http://www.vmware.com/pdf/vi3_san_guide.pdfhttp://www.vmware.com/pdf/vi3_san_guide.pdf -
8/14/2019 Vi3!35!25 u2 3i Server Config
59/214
VMware, Inc. 59
needadaptersthatprovideconnectivitytoaspecificstoragedeviceornetwork.
ESX Server3isupportsdifferentclassesofadapters,includingSCSI,iSCSI,RAID,FibreChannel,andEthernet.ESXServer3iaccessestheadaptersdirectlythroughdevice
driversintheVMkernel.
FordetailsonthetypesofadaptersESXServer3isupports,seeI/OCompatibilityGuide
atwww.vmware.com/support/pubs/vi_pubs.html.
DatastoresYouusetheVIClienttoaccessdifferenttypesofstoragedevicesyourESXServer3ihost
discoversandtodeploydatastoresonthem.Datastoresarespeciallogicalcontainers,
analogoustofilesystems,thathidespecificsofeachstoragedeviceandprovidea
uniformmodelforstoringvirtualmachinefiles.
DatastorescanbealsousedforstoringISOimages,virtualmachinetemplates,and
floppyimages.Formoreinformation,seeBasicSystemAdministrationat
www.vmware.com/support/pubs/.
Dependingonthetypeofstorageyouuse,ESXServer3idatastorescanhavethe
followingfilesystemformats:
VMFS(VMwareFileSystem)Specialhighperformancefilesystemoptimized
forstoringESXServer3ivirtualmachines.ESXServer3icandeployVMFSonany
SCSIbasedlocalornetworkedstoragedevice,includingFibreChannelandiSCSI
SANequipment.
AsanalternativetousingtheVMFSdatastore,yourvirtualmachinecanhave
directaccesstorawdevicesusingamappingfile(RDM)asaproxy.Formore
informationonRDMs,seeRawDeviceMappingonpage 111.
NFS(NetworkFileSystem)FilesystemonaNASstoragedevice.ESXServer3i
supportsNFSversion3overTCP/IP.ESXServer3icanaccessadesignatedNFS
volumelocated
on
an
NFS
server.
ESX
Server
3i
mounts
the
NFS
volume
and
uses
itforitsstorageneeds.
ESX Server 3i Configuration Guide
VMFS Datastores
WhenyourESXServer3ihostaccessesSCSIbasedstoragedevicessuchasSCSI,iSCSI,
or FC SAN the storage space is presented to your ESX Server 3i as a LUN A LUN is a
http://www.vmware.com/support/pubs/vi_pubs.htmlhttp://www.vmware.com/support/pubs/http://www.vmware.com/support/pubs/http://www.vmware.com/support/pubs/vi_pubs.html -
8/14/2019 Vi3!35!25 u2 3i Server Config
60/214
60 VMware, Inc.
orFCSAN,thestoragespaceispresentedtoyourESXServer3iasaLUN.ALUNisa
logicalvolumethatrepresentsstoragespaceonasinglephysicaldiskoronanumberofdisksaggregatedinadiskarray.AsingleLUNcanbecreatedfromtheentirespace
onthestoragediskorarray,orfromapartofthespace,calledpartition.TheLUNthat
usesdiskspaceonmorethanonephysicaldiskorpartitionstillpresentsitselfasa
singlelogicalvolumetoyourESXServer3i.
ESXServer3icanformatLUNsasVMFSdatastores.VMFSdatastoresprimarilyserve
asrepositoriesforvirtualmachines.Youcanstoremultiplevirtualmachinesonthe
sameVMFSvolume.Eachvirtualmachine,encapsulatedinasetoffiles,occupiesaseparatesingledirectory.Fortheoperatingsysteminsidethevirtualmachine,VMFS
preservestheinternalfilesystemsemantics,whichensurescorrectapplicationbehavior
anddataintegrityforapplicationsrunninginvirtualmachines.
Inaddition,youcanusetheVMFSdatastorestostoreotherfiles,suchasvirtual
machinetemplatesandISOimages.
VMFSsupports
the
following
file
and
block
sizes
enabling
your
virtual
machines
to
run
eventhemostdataintensiveapplications,includingdatabases,ERP,andCRMin
virtualmachines:
Maximumvirtualdisksize:2TB
Maximumfilesize:2TB
Blocksize:1MBto8MB
Creating and Growing VMFS Datastores
YouusetheVIClienttosetupaVMFSdatastoreinadvanceonanySCSIbasedstorage
devicethatyourESXServer3idiscovers.ESXServer3iletsyouhaveupto256VMFS
datastorespersystemwiththeminimumvolumesize1.2GB.
ForinformationoncreatingVMFSdatastoresontheSCSIbasedstoragedevices,seethefollowingsections:
AddingLocalStorageonpage 72
AddingFibreChannelStorageonpage 75
AddingiSCSIStorageAccessibleThroughHardwareInitiatorsonpage 86
Adding
iSCSI
Storage
Accessible
Through
Software
Initiators
on
page 91
NOTE YoushouldalwayshaveonlyoneVMFSdatastoreperLUN.
Chapter 4 Introduction to Storage
AfteryoucreatetheVMFSdatastore,youcanedititsproperties.Formoreinformation,
seeEditingVMFSDatastoresonpage 101.
IfyourVMFSdatastorerequiresmorespace,youcandynamicallyincreasetheVMFS
-
8/14/2019 Vi3!35!25 u2 3i Server Config
61/214
VMware, Inc. 61
y q p , y y y
volume,up
to
64TB,
by
adding
an
extent.
Extent
is
aLUN
on
aphysical
storage
device
thatcanbedynamicallyaddedtoanyexistingVMFSdatastore.Thedatastorecan
stretchovermultipleextents,yetappearasasinglevolume.
Considerations when Creating VMFS Datastores
YouneedtoplanhowtosetupstorageforyourESXServer3isystemsbeforeyou
formatstoragedeviceswithaVMFSdatastore.
Youmightwantfewer,largerVMFSvolumesforthefollowingreasons:
Moreflexibilitytocreatevirtualmachineswithoutgoingbacktothestorage
administratorformorespace.
Moreflexibilityforresizingvirtualdisks,doingsnapshots,andsoon.
FewerVMFSdatastorestomanage.
Youmightwantmore,smallerVMFSvolumesforthefollowingreasons:
LesscontentiononeachVMFSdatastoreduetolockingandSCSIreservation
issues.
Lesswastedstoragespace.
DifferentapplicationsmightneeddifferentRAIDcharacteristics.
Moreflexibility,asthemultipathingpolicyanddisksharesaresetperLUN.
UseofMicrosoftClusterServicerequiresthateachclusterdiskresourceisinits
ownLUN.
Youmightdecidetoconfiguresomeofyourserverstousefewer,largerVMFSvolumes
andotherserverstousemore,smallerVMFSvolumes.
NOTE YoucannotreformataVMFSvolumethatisinusebyaremoteESXServer3i
host.Ifyouattempttodoso,youreceiveawarningtothiseffectthatspecifiesthename
ofthevolumeinuseandtheMACaddressofahostNICthatisusingit.Thiswarning
alsoappearsintheVMkernelandVMkwarninglogfiles.
ESX Server 3i Configuration Guide
Sharing a VMFS Volume Across ESX Server 3i Systems
Asaclusterfilesystem,VMFSletsmultipleESXServer3ihostsaccessthesameVMFS
datastoreconcurrently.Youcanconnectupto32hoststoasingleVMFSvolume.
-
8/14/2019 Vi3!35!25 u2 3i Server Config
62/214
62 VMware, Inc.
y p g
Figure 4-1. Sharing a VMFS Volume Across ESX Server 3i Hosts
Toensurethatthesamevirtualmachineisnotaccessedbymultipleserversatthesame
time,VMFSprovidesondisklocking.
SharingthesameVMFSvolumeacrossmultipleESXServer3ihostsgivesyouthe
followingadvantages:
YoucanuseVMwareDRSandVMwareHA.
Youcandistributevirtualmachinesacrossdifferentphysicalservers.Thatmeans
yourunamixofvirtualmachinesoneachgivenserversothatnotallexperience
highdemandinthesameareaatthesametime.
Ifaserverfails,youcanrestartvirtualmachinesonanotherphysicalserver.Incase
ofafailure,
the
on
disk
lock
for
each
virtual
machine
is
released.
FormoreinformationonVMwareDRSandVMwareHA,seeResourceManagement
Guideatwww.vmware.com/support/pubs/.
VMFS volume
ESX
Server A
ESX
Server B
ESX
Server C
virtual
disk
files
VM1 VM2 VM3
disk1
disk2
disk3
Chapter 4 Introduction to Storage
Youcanperformlivemigrationofrunningvirtualmachinesfromonephysical
servertoanotherusingVMotion.
FormoreinformationonVMotion,seeBasicSystemAdministrationat
http://www.vmware.com/support/pubs/http://www.vmware.com/support/pubs/http://www.vmware.com/support/pubs/ -
8/14/2019 Vi3!35!25 u2 3i Server Config
63/214
VMware, Inc. 63
www.vmware.com/support/pubs/.
YoucanuseVMwareConsolidatedBackup,whichletsaproxyserver,calledVCB
proxy,backupasnapshotofavirtualmachinewhilethevirtualmachineis
poweredonandisreadingandwritingtoitsstorage.
FormoreinformationonConsolidatedBackup,seeVirtualMachineBackupGuideat
www.vmware.com/support/pubs/.
NFS Datastore
ESXServer3icanaccessadesignatedNFSvolumelocatedonaNASserver,mountthis
volume,anduseitforitsstorageneeds.YoucanuseNFSvolumestostoreandboot
virtualmachinesinthesamewayyouuseVMFSdatastores.
ESXServer3isupportsthefollowingsharedstoragecapabilitiesonNFSvolumes:
UseVMotion.
UseVMwareDRSandVMwareHA.
MountISOimages,whicharepresentedasCDROMstovirtualmachines.
Createvirtualmachinesnapshots.Formoreinformationonsnapshots,seeBasic
SystemAdministrationatwww.vmware.com/support/pubs/.
How Virtual Machines Access Storage
Whenavirtualmachinecommunicateswithitsvirtualdiskstoredonadatastore,it
issuesSCSIcommands.Becausedatastorescanexistonvarioustypesofphysical
storage,thesecommandsareencapsulatedintootherformsdependingontheprotocol
theESXServer3ihostusestoconnecttoastoragedevice.ESXServer3isupportsFibre
Channel(FC),InternetSCSI(iSCSI),andNFSprotocols.
NomatterwhichtypeofstoragedeviceyourESXServer3iuses,thevirtualdiskalwaysappearstothevirtualmachineasamountedSCSIdevice.Thevirtualdiskhidesa
physicalstoragelayerfromthevirtualmachinesoperatingsystem.Thisallowsyouto
runevenoperatingsystemsnotcertifiedforspecificstorageequipment,suchasSAN,
insidethevirtualmachine.
ThediagraminFigure 42depictsfivevirtualmachinesusingdifferenttypesofstorage
toillustratethedifferencesbetweeneachtype.
ESX Server 3i Configuration Guide
Figure 4-2. Virtual machines accessing different types of storage
ESX Server
requires TCP/IP connectivity
http://www.vmware.com/support/pu