Table of Contents
- What is the vSphere Standard Switch (VSS)?
- Standard Port Groups
- Viewing vSphere Standard Switches and Port Groups
- Configuring a vSphere Standard Switch in vSphere 6.7 and higher
- Using PowerCLI to Interact with vSphere Standard Switches
- What is the vSphere Distributed Switch (VDS)?
- vSphere Distributed Switch Advanced Networking Features
- Supported Virtual Switch for VMware NSX
- VDS Special Network Abstractions
- Dvuplink
- Distributed Port Groups
- What Happens to a VDS when vCenter is Down?
- Conclusion
When it comes to virtual networking in VMware vSphere, the virtual switch is at the heart of what allows the vSphere virtual machines to talk to one another as well as interface with the physical network.
There are two types of VMware vSphere virtual switches that are used to connect virtual machines:
- vSphere Standard Switch (VSS)
- vSphere Distributed Switch (VDS)
Both types of VMware vSphere virtual switches allow vSphere administrators to control vSphere virtual machine traffic. However, there are differences as well as similarities between these virtual switches.
This post on the VMware virtual switch types will be a two-part series. In this first post, we’ll look at the following:
- Overview of VMware vSphere Standard Switch (VSS) & vSphere Distributed Switch (VDS)
- Creating VSS step by step configuration, and use cases
- How is the architecture and management of the VDS different from the VSS?
- VDS Advanced networking features and special network abstractions
What is the vSphere Standard Switch (VSS)?
The default virtual switch that is enabled when you install VMware vSphere ESXi is the vSphere Standard Switch.
When you install ESXi, the default management port group is attached to the first vSphere Standard Switch that is created by the installation – vSwitch0. There is no special license that is needed for creating vSphere Standard Switches. As a case in point, the free version of ESXi allows you to freely use the VSS.
The vSphere Standard Switch is used to provide network connectivity to hosts and virtual machines. The physical NICs on the physical ESXi hosts are connected to the uplink ports on the vSphere Standard Switch. Then, virtual machines running in vSphere use virtual network adapters or vNICs to connect to port groups on the VSS. The vSphere Standard Switch can make use of more than one physical NIC from the ESXi host to handle network traffic to and from the port groups configured.
By either connecting physical NICs to the port groups on a vSphere Standard Switch, you can either have an isolated virtual switch (one where only VMs on the port group can communicate) or a virtual switch that is connected to the physical network.
The vSphere Standard Switch is a very host-centric networking construct as it is configured from the ESXi host perspective. This means that no matter how many hosts you have running in your cluster, you will need to configure the same vSphere Standard Switch for each host so they are consistently configured.
While this may not be an issue for two or three ESXi hosts, if you have hundreds of ESXi hosts to configure between multiple clusters, it can become a very tedious operation to make sure the vSphere Standard Switch exists on each host and is identically configured across your clusters. So, the bottom line with the vSphere Standard Switch is that it doesn’t scale very well from a management perspective.
Standard Port Groups
A vSphere Standard Switch contains constructs referred to as a port group.
What are the port groups?
The port group is a logical grouping of virtual ports in a virtual switch that allows vSphere administrators to apply policies to a group of ports in the virtual switch. One of the many settings that can be configured for a port group is the VLAN ID. The port group is identified by a network label (a name) that must be unique within the scope of the current host it is created on.
Viewing vSphere Standard Switches and Port Groups
In the networking view of the vSphere Client, you can easily see the vSphere Standard Switches that exist in the vSphere environment. The icons for the vSphere Standard Switch are designated with the “globe” shaped icons underneath your datacenter object. Below, you see the default VM Network that is created with the install of ESXi.
You can configure, add, delete, and manage the vSphere Standard Switch under the context of the ESXi host settings. Navigate to the ESXi host > Configure > Networking > Virtual Switches to manage and configure your vSphere Stand Switches.
Let’s take a look at the settings contained in the properties of a vSphere Standard Switch and see what configuration items are contained therein.
On the first Properties page contained in the properties of the vSphere Standard Switch, you can adjust the MTU Bytes of the VSS. This is where you can enable jumbo frames if needed.
Under the Security settings, you can enable Promiscuous mode, MAC address changes, and Forged transmits. These are especially common to enable if you are running nested virtualization using vSphere Standard Switches.
On the third page of the VSS properties, you can change the Traffic shaping configuration.
Lastly, the Teaming and failover settings provide control over load balancing configuration, network failure detection, failback, and the failover order of the network cards.
Configuring a vSphere Standard Switch in vSphere 6.7 and higher
To create a new vSphere Standard Switch, you do this in the context of the ESXi host. Navigate to “Your ESXi host” > Configure > Virtual Switches > Add Networking.
The first step is selecting the Connection type to create. Since we want to create a new VSS for virtual machine traffic, we choose the Virtual Machine Port Group for a Standard Switch option.
Select to create a New standard switch. You can also configure the MTU value for the vSphere Standard Switch.
Next, you need to assign a free physical network adapter to the new vSphere Standard Switch. If you want to create an Isolated VSS you can simply “Next” without assigning an adapter. To assign an adapter, click the “green plus” sign underneath the Assigned Adapters.
The Add Physical Adapters to the Switch dialog box will display free physical network adapters to assign to the new vSphere Standard Switch.
The new physical adapter is added to the new vSphere Standard Switch. Click Next.
On the Connection settings screen, you configure the Network label and the VLAN ID for use with the new vSphere Standard Switch.
Finally, you are ready to complete the Add Networking wizard to create a new vSphere Standard Switch.
After adding the new switch, you will see it appear in the Configure > Networking > Virtual Switches section in the vSphere Client.
Using PowerCLI to Interact with vSphere Standard Switches
PowerShell and specifically PowerCLI, VMware’s PowerShell module, is a great way to quickly and easily interact with vSphere environments, including vSphere networking.
Below are a few great little PowerCLI one-liners to interact with your vSphere Standard Switches, including viewing, creating, removing, and adding physical network adapters to them.
- get-virtualswitch [[-VMHost]
] - new-virtualswitch [[-VMHost]
] [-Name] [[-NumPorts] ] [[-Nic] ] [-Server ] - Remove-VirtualSwitch [[-VirtualSwitch]
] - Add-VirtualSwitchPhysicalNetworkAdapter [-VMHostPhysicalNic]
[-VirtualNicPortgroup ] - Remove-VirtualSwitchPhysicalNetworkAdapter [-VMHostNetworkAdapter]
]
What is the vSphere Distributed Switch (VDS)?
As we have covered, the vSphere Standard Switch is the basic vSphere virtual switch that allows connectivity to your VMware vSphere environment.
What if you want more features and capabilities, such as the ability to have a supported LAG solution with LACP?
What if you need a virtual switch network solution that easily scales with a large amount of vSphere ESXi hosts?
What about advanced networking features for using converged networking configurations with software-defined storage like VMware vSAN?
For all of these use cases and feature requirements, you will want to make use of the vSphere Distributed Switch.
Let’s take a closer look at Distributed Switch.
The Distributed Switch is like a vSphere Standard Switch on “steroids”. It is more powerful, more scalable, and has more features. The VDS extends the features and capabilities of virtual networks found in the vSphere environment. Additionally, the process to manage and provision the vSphere Distributed Switch across multiple ESXi hosts at scale is much simpler.
Why wouldn’t you always use the VMware Distributed Switch in any environment?
Perhaps the main reason that vSphere Standard Switches are used is they are available by default with any license level. However, the vSphere Distributed Switch is a feature that is only available at the Enterprise Plus license level for vSphere.
Note If you have a vSAN license, you get the vSphere Distributed Switch for free which allows making use of Network I/O Control right out of the box with vSAN.
How is the architecture and management of the vSphere Distributed Switch different from the vSphere Standard Switch?
With the vSphere Standard Switch, the vSphere admin configures and maintains each VSS switch individually across each ESXi host since the VSS contains both the data and management plane functionality with each VSS switch configuration.
VMware has decoupled the management plane from the data plane with the VDS. The data plane allows the VDS to perform packet switching, filtering, VLAN tagging, etc, while the management plane controls the data plane in a centralized manner.
The vSphere Distributed Switch management plane is centralized with VMware vCenter Server. This means instead of creating the vSphere Distributed Switch at the ESXi host level over and over, it is created at the vCenter Server level once. Then you simply choose which ESXi hosts to associate with the vSphere Distributed Switch. This is a much simpler and much more efficient process for provisioning virtual networking across your vSphere environment.
Since the vSphere Distributed Switch is a vCenter Server construct, it is limited to the scope of the vSphere Datacenter. Interestingly, this means it is not limited by hosts in a cluster. You can create a vSphere Distributed Switch and assign it to vSphere cluster hosts and standalone ESXi hosts.
This architecture brings about several advantages including:
- Centralized management – configured at the vCenter Server level and added to the ESXi hosts from there
- Configuration consistency – Helps to eliminate mistakes that can come from configuring VSS switches at each ESXi host
- Scalability – Much more powerful scalability of virtual networking across the vSphere environment
vSphere Distributed Switch Advanced Networking Features
Outside of being much easier to manage at scale than the vSphere Standard Switch the advanced networking features included with vSphere Distributed Switches greatly extend possibilities of the virtual networks configured in vSphere.
These include the following:
- Network I/O Control – Utilizes an idea similar to resource pools that are used on the compute side of things for the virtual network. With Network I/O Control, you create limits and shares on the network for network resource pools. Network traffic is aggregated into resource pools according to the traffic type
- Maintains the state of the network for virtual machines as they move across hosts in the vSphere cluster, enabling monitoring and centralized firewall
- Support for SR-IOV to enable low-latency and high-I/O workloads
- Contains a BPDU filter to prevent VMs from sending BPDUs to the physical switch
- Load Based Teaming or LBT that takes the network workload into account when choosing the physical uplink with load balancing. It is essentially route-based on a physical NIC load
- Distributed Port Mirroring – Allows mirroring packets from any number of distributed ports to other distributed ports
- Private VLANs – Use of Private VLANs can help increase the number of available VLANs as well as bolster security
services
Supported Virtual Switch for VMware NSX
Another extremely important reason for using vSphere Distributed Switches is VMware NSX. In an NSX domain, NSX services are not supported on vSphere Standard Switches. VM workloads must be connected to vSphere Distributed Switches to use NSX services and features. For each host cluster that will participate in NSX, all hosts within the cluster must be attached to a common VDS.
VDS Special Network Abstractions
The vSphere Distributed Switch provides a couple of special networking abstractions that allow the VDS to implement consistent virtual networking. These include the dvuplink port group and the Distributed Port Group.
Let’s look at these special vSphere Distributed Switch constructs.
Dvuplink
When you create a vSphere Distributed Switch a special dvuplink port group is created. This port group can have one or more uplinks. The dvuplinks is the logical construct of the vSphere Distributed Switch that maps to the physical connections of the ESXi hosts. The dvuplinks port group name can be customized and is a great practice to use descriptive names in the process which can make troubleshooting much easier.
Distributed Port Groups
Much like the vSphere Standard Switch port group, the vSphere Distributed Switch port groups provide network connectivity to VMs and house VMkernel ports. They too are identified by a unique network label. This is where functionality like NIC teaming, failover, load balancing, VLANs, security policies, traffic shaping, and other features are configured.
The vSphere Distributed Switch port group configuration like the vSphere Distributed Switch itself is configured on the vCenter Server and then is automatically propagated to the associated ESXi hosts. This is done through the use of the host proxy switches that make up the data plane on the host.
The vSphere Distributed Switch port groups are elastic and can dynamically scale up and down. This makes much more efficient use of host resources.
The traffic flow path from a virtual machine through the vSphere Distributed Switch port group to the physical network depends on the teaming and failover settings configured. When multiple physical host NICs are associated with a vSphere Distributed Switch port group, the packets from the virtual machines can traverse either uplink to the physical network.
What Happens to a VDS when vCenter is Down?
VMware wisely designed the architecture of the vSphere Distributed Switch with the management plane and the data plane split. Only the management plane exists in vCenter Server. The data plane is housed on the ESXi hosts themselves. This means that no switching traffic is actually passed through the vCenter Server and all switching activities are handled by the ESXi host.
Each ESXi host contains a cached copy of the vSphere Distributed Switch configuration that is updated automatically every five minutes. When vCenter has failed or is down, the VDS will continue to function normally and all virtual machine traffic will go unaffected by the vCenter outage.
Once vCenter Server is back, up and running, the ESXi hosts will synchronize with vCenter once again to ensure the copy of the VDS(s) held locally are up to date with vCenter.
Conclusion
In the second post, we’ll look at the vSphere Distributed Switch properties, its configuration, the difference & similarities of VSS and VDS, Migrating between VSS and VDS and Back and vSphere Virtual Switch Best Practices.
Related Posts:
vSphere Standard Switch and Distributed Switch Part 2
How to Configure Standard Switch in VMware vSphere Part 1
How to Configure Standard Switch in VMware vSphere Part 2
Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.
