Just as an FYI, these posts are not an all-inclusive list of what I learned, clarifications I made, and questions I raised. My goal is to highlight what I think were the most important items in each category.
What I learned:
- The data plane of a distributed switch is implemented with a hidden vSwitch in the VMkernel on each ESX host. This makes sense as networking continues to function even if vCenter Server goes down.
- HA restarts VMs first by priority and second in alphabetical order. This means if you have ten VMs set with a high restart priority they will be restarted before any other VMs and in order based on name. This makes sense, however I never realized the significance of a VM name.
Clarifications I made:
- Instructors: If you set all three security policies on a portgroup (i.e. promiscuous mode, MAC address changes, and forced transmits) to reject then a cloned Windows VM whether sysprepped or not will not be allowed on the network.
Comments: This is true ONLY IF the Windows VM IS NOT sysprepped. The reason for this is because the MAC address assigned to the VM does not match the actual MAC address of the cloned system unless the cloned system is sysprepped. I believe for security purposes the policy should default to rejecting all three exceptions. - Instructors: Traffic shaping can only be configured on a per-portgroup basis.
Comments: This makes sense as I have only seen configuration of traffic shaping listed under portgroups. This means in order to guarantee traffic shaping on a per-VM basis each VM would need to be assigned a dedicated portgroup (multiple VMs could share the same VLAN, but different portgroups with the same VLAN would need to be configured for each VM). In addition, traffic shaping happens on the physical NICs and not on the BUS. This means two VMs on the same ESX host attached to the same portgroup cannot be restricted via VMware traffic shaping.
Questions I raised:
- Is there any impact (e.g. performance) to increasing the number of ports per vSwitch? They said yes, but could not quantify.
- How many vSwitches should you have? They said it should be the same physical as it is logical (i.e. one-to-one mapping). I agree!
- How is a static binding on a distributed switch ensured? They said vCenter Server handles it, but could not elaborate how.
© 2010, Steve Flanders. All rights reserved.