Port-groups, vSphere 5 and Jumbo (iSCSI) frames

We will implement a UCS system with EMC iSCSI storage. Since this is my first time, I'm a little insecure in design, although I have acquired a lot of knowledge to read in this forum and meanders.

We will use the 1000V.

1. is it allowed to use only a GROUP of ports uplink with the following exchanges: mgmt, vmotion, iscsi, vm network, external network?

My confusion here is what jumboframes? Should we not separate for this connection? In this design all executives are using jumboframes (or are this set by portgroup?)

I read something about the use of the class of frames extended Service. Maybe it's the idea here.

2. I read in a thread do not include mgmt and VMotion in the 1000V and put it on a vs. Is this correct?

In this case, the design of uplink would be:

1: Mgmt + vMotion (2 vNIC, VSS)

2: iSCSi (2 vNIC, 1000v)

3 data VM, external traffic (2 vNIC, 1000v)

All network cards for parameter as active, Virtual port id teaming

Answers online.

Kind regards

Robert

Atle Dale wrote:

I have 2 follow-up questions:

1. What is the reason I cannot use a 1000V uplink profile for the vMotion and management? Is it just for simplicity people do it that way? Or can I do it if I want? What do you do?

[Robert] There is no reason. Many customers run all their virtual networking on the 1000v. This way they don't need vmware admins to manage virtual switches - keeps it all in the hands of the networking team where it belongs. Management Port profiles should be set as "system vlans" to ensure access to manage your hosts is always forwarding. With the 1000v you can also leverage CBWFQ which can auto-classify traffic types such as "Management", "Vmotion", "1000v Control", "IP Storage" etc.

2. Shouldn't I use MTU size 9216?

[Robert] UCS supports up to 9000 then assumed overhead. Depending on the switch you'll want to set it at either 9000 or 9216 (whichever it supports).

3. How do I do this step: "

Ensure the switch north of the UCS Interconnects are marking the iSCSI target return traffic with the same CoS marking as UCS has configured for jumbo MTU. You can use one of the other available classes on UCS for this - Bronze, Silver, Gold, Platinum."

Does the Cisco switch also use the same terms "Bronze", Silver", "Gold" or "Platimum" for the classes? Should I configure the trunk with the same CoSes?

[Robert] The Plat, Gold, Silver, Bronze are user friendly words used in UCS Classes of Service to represent a defineable CoS value between 0 to 7 (where 0 is the lowest value and 6 is highest value). COS 7 is reserved for internal traffic. COS value "any" equals to best effort. Weight values range from 1 to 10. The bandwidth percentage can be determined by adding the channel weights for all channels then divide the channel weight you wish to calculate the percentage for by the sum of all weights.

Example. You have UCS and an upstream N5K with your iSCSI target directly connected to an N5K interface. If your vNICs were assigne a QoS policy using "Silver" (which has a default CoS 2 value), then you would want to do the same upstream by a) configuring the N5K system MTU of 9216 and tag all traffic from the iSCSI Array target's interface with a CoS 2. The specifics for configuring the switch are specific to the model and SW version. N5K is different than N7K and different than IOS. Configuring Jumbo frames and CoS marking is pretty well documented all over.

Once UCS receives the traffic with the appropriate CoS marking it will honor the QoS and dump the traffic back into the Silver queue. This is the "best" way to configure it but I find most people just end up changing the "Best Effort" class to 9000 MTU for simplicity sake - which doesn't require any upstream tinkering with CoS marking. Just have to enable Jumbo MTU support upstream.

4. Concerning Nk1: Jason Nash has said to include vMotion in the System VLANs. You do not recommend this in previous threads. Why?

[Robert] You have to understand what a system vlan is first. I've tirelessly explained this on vaiours posts . System VLANs allow an interface to always be forwarding. You can't shut down a system vlan interface. Also, when a VEM is reboot, a system vlan interface will be FWDing before the VEM attaches to the VSM to securely retrieve it's programming. Think of the Chicken & Egg scenario. You have to be able to FWD some traffic in order to reach the VSM in the first place - so we allow a very small subnet of interfaces to FWD before the VSM send the VEM's programming - Management, IP Storage and Control/Packet only. All other non-system VLANs are rightfully BLKing until the VSM passes the VEM its policy. This secures interfaces from sending traffic in the event any port profiles or policies have changed since last reboot or module insertion. Now keeping all this in mind, can you tell me the instance where you've just reboot your ESX and need the VMotion interface fowarding traffic BEFORE communicating with the VSM? If the VSM was not reachable (or both VSMs down) the VMs virtual interface would not even be able to be created on the receiving VEM. Any virtual ports moved or created require VSM & VEM communication. So no, the vMotion interface vlans do NOT need to be set as system VLANs. There's also a max of 16 port profiles that can have system vlans defined, so why chew up one unnecessarily?

5. Do I have to set spanning-tree commands and to enable global BPDU Filter/Guard on both the 1000V side and the uplink switch?

[Robert] The VSM doesn't participate in STP so it will never send BPDU's. However, since VMs can act like bridges & routers these days, we advise to add two commands to your upstream VEM uplinks - PortFast and BPDUFilter. PortFast so the interface is FWD faster (since there's no STP on the VSM anyway) and BPDUFilter to ignore any received BPDU's from VMs. I prefer to ignore them then using BPDU Gaurd - which will shutdown the interface if BPDU's are received.

Thanks,

Atle, Norway

Edit:

Do you have some recommendations on the weigting of the CoS?

[Robert] I don't personally. Others customer can chime in on their suggestions, but each environement is different. VMotion is very bursty so I wouldn't set that too high. IP storage is critical so I would bump that up a bit. The rest is up to you. See how it works, check your QoS & CoS verification commands to monitor and adjust your settings as required.

E.g:

IP storage: 35

Vmotion: 35

Vmdata: 30

and I can then assign management VM-kernels to the Vmdata Cos.

Message was edited by: Atle Dale

Tags: Cisco DataCenter

Similar Questions

Add Virtual Machine Port Group vSwitch (network and Vlan ID tag) by Script

Hello
I want to add a port group of VM for about 200 guests vSwitch. This can be done manually, but if anyone can help me to do it with the help of Powercli. We have guests organized on the basis of clusters.
Virtual machine port group.
Tag network:-XYZ
VLAN ID: XYZ
Thank you
Pranab

You could do something like that
```
$clusterName = "cluster"
$pgName = "test2"
$vlanId = "1111"
$vSwName = "vSwitch1"

Get-Cluster -Name $clusterName | Get-VMHost | Get-VirtualSwitch -Name $vSwName | New-VirtualPortGroup -Name $pgName -VLanId $vlanId
```
It will add the portgroup to the vSwitch on all hosts in the cluster

____________

Blog: LucD notes

Twitter: lucd22

vSphere 5 and Dell Equallogic iSCSI

Hi all
I need some suggestions on how to implement my iSCSI network
I habe 2 x power R520 edges with 2 network cards to edge, 4 x PCI Nic and 1 x Dual Port Nic Cards-> network so 8 total
and an Equallogic PS4100 with 2 controllers and 2 network cards on each controller
I have 2 Dell switches for my iSCSI network.
The address of the Equallogic MGMT is 10.10.1.100
The group IP address is 10.10.1.101 - or should these IP in the iSCSI network
My iSCSI network should be
192.168.1.x / 24
do I need to a single network or do I have to use 2 different networks in order to obtain the failover job.
I plan 2 or 4 NICs for iSCSI vmkernel traffic - what do you suggest?
If I use 4 network cards - use 2 vmkernel ports with 2 links and aggregation of links on the switches? Or can I use 4 ports vmkernel and round robin?
ESX1
vnmic0 192.168.1.1
vmnic1 192.168.1.2
ESX2
vnmic0 192.168.1.3
vmnic1 192.168.1.4
EqualLogic
eth0 192.168.1.5
eth1 192.168.1.6
ESX1 + ESX2
vmnic0 - iSCSI01
vmnic1 - iSCSI02
SwitchA
vmnic0 Esx1, vmnic1 ESX2, eth0, eth1 ControllerB controlled
SwitchB
vmnic1 ESX1, vmnic0 ESX2, the controller has ControllerB eth0, eth1
Do I have to master two switches?
concerning
Bestfriend

Hello

I recommend 2 virtual switches with 2 network cards in each. Multipathing in fixed for each switch if it's an active-passive array and Round Robin if it is an active-active array.

1 VLAN should be fine.

MTU = 9000 in all the components of your infrastructure iSCSI (jumbo frames).

Try to have HA in each part of your infrastructure and you sure you don't have 1 vSwitch connected to the 2 ports on the same HBA and using the same switch...

If you have the option to make the "fast track" in your switch, do it.

CHAP authentication more secure, you can (if initiator software, I think that they are, mutual CHAP)

You don't need chest 2 switches.

Try to keep your number of VMs distributed among your LUN (to not collapse them with SCSI reservations)

That's all I can think of at this time. I hope this has helped you! If that were the case, do not forget to assign the corresponding points, so we are all winners!

Kind regards

elgreco81

How is it that I can ping between ESXi vmkernel interfaces with the sizes of package exceeding the value set in my passage upstream and one located in my vmkernel port group itself?

I have a 10 GB dell powerconnect 8024f the switch and the firmware is OLD, but the port config shows maximum frame size = 9000 to all cable ports
2 guests ESXi 5.5 wired, build 1331820, put each host computer network is managed by a single port dual qlogic 8150 ANC
When I connect to my windows VM to check my new 10 GB connectivity (it is configured for jumbo mtu = 9000 frames) and ping-l 8190 against ESXi vmkernel interface that was MTU of 1500, I get an answer without any packet loss... How can it be if the port is configured for only 1500 MTU? I thought that the two vmkernel port group and vswitch properties must have 9000 mtu defined, it appears that the vswitch properties override the port group properties.
But I know I must be missing something, a few important concepts, somewhere, because when I connect to ESXi via ssh I can ping devices with values greater than 8190 and not just windows virtual machines that reside on the same host where the ping uses the internal bus, but I am referring to the connections of the host of other ESXi on the switch management.
In summary - how the VMkernel does ping and response to pings of bigger sizes greater than the value of the switch upstream? and why do ping with large packets get answers when the vmkernel port group is always set at 1500, is this a bug or is this feature obsolete? I remember specifically in ESXi5 that I had to configure the vmkernel port group and the vswitch for this property to work.

Unless you specify "Don ' t fragment" (-f for Windows) you will be able to use any size package successfully.

For ESXi, take a look at Troubleshooting ESXi Jumbo Frames.

André

Automate the network port group selection in vsphere replication

Hi, when you use the vsphere replication tool to recover servers in the data center of DR, the tool does not gives option to select network settings. I have to manually add the port groups and turn on the system remotely vcenter. Is it possible to automate this process, when the replication of a major part of the vms ~ 100-150. I would like to know if there is another way to fix the process and avoid the manual load.
I use replication of vsphere device version 5.8
Thank you

The only way to automate this process is through the Site Recovery Manager. Automate and orchestrate BC/DR is a big part of the value offered by SRM. The other advantage is the ability to test your recovery plans without disruption of service.

Does that answer your question?

iSCSI Initiator Port Group error

Problem adding in the vmk second to an existing iSCSI vSwitch. Original config was 2 vmks - all worked successfully. 1 vmk has been removed to solve network problems.
Re-created the 2nd vmk, but when going down one of the cards the unused category as soon as active network OK is selected the message "this vmkernel port group contains a NETWORK card.
which is related to an iSCSI initiator. Change its settings could disrupt the connection to the iSCSI data store"is displayed. The response options are Yes or no. A screenshot is attached.
vCenter is version 5.0 U1b. The host is ESXi5.0 U2 and mode of maintenance with none of the guests. The host on the local disk not stop SAN. I can safely click Yes, then go back and
move the vmnic or is there a better way to fix this problem. Thank you.

Thanks for sharing the information. Please try below steps:

Step 1. Remove links in the existing port and reboot the host.

Step 2. Change the port iSCSI and vmnic preferred value to active group and move the second unused NETWORK card.

Step 3. Change group 2-port iSCSI and vmnic preferred value in the active State and move the other card unused NETWORK.

Step 4. Add vmk1 and vmk2 under links in the port iScsi initiator network configuration.

I hope steps above will help to solve the problem. If you encounter the error even if you please let me know.

vSphere 5 and iSCSI LACP

Hello - this is my first post here so please, be gentle.
I tried to find information about configuring LACP in vSphere, ESXi 5. Let me give a brief overview of my environment and the objectives that we strive to achieve. We use NICs 1 GB on 6710 VDX Brocade fabric switches.
We have a small cluster of vSphere, ESXi 5 standard edition. We have 6 physical network interface cards in each host - 2 are associated to the network of the VM, 2 are associated for vMotion/management, and the last two are vmKernal ports one two separate subnets connected using MPIO to our Compellent SAN iSCSI. This has been our test bench and we use the nic teaming in ESXi 5 running "Route based on the originating virtual port ID" with no specific switch-side config. We have other servers only using LACP 802.3ad configured on the host and the switch that work very well - gives us a better failure protection that we use two switches and plug in a link in each switch. We would like to do the same with ESXi hosts.
Our new project is coming to virtualize a larger number of systems we currently serve. We want to do is expand our use VM to include a large (30 - big for us) number of SQL servers. The basic functions of these systems require a decent amount of e/s SAN backend. The physical servers we would be virtualize emballerions a density close to 4 / 1 or up to 8:1 with this conversion. We are concerned that having just the 2 iSCSI nic MPIO paths will not be sufficient to support the increased load of I/O.
We would like to know if you are using LACP on the two subnet iSCSI connections and join 2 + NIC for each connection is viable in ESXi 5 and with iSCSI technology and what configuration parameters that we set up to do this.
In addition, this project would be to use Enterprise Edition VMWare vSphere 5 - DRS or distributed switching introduced other complications or benfits for this configuration?
Thanks for any helpful input or direction of already published documents.
Scott

I find using LACP / etherchannel is rarely effective or useful in VMware environments.

For iSCSI storage, my standard configuration is to use 2 uplinks with binding of iSCSI ports. Here are the screenshots of the configuration.

Need a script to create standard vSwitch with virtual and several computer port group VLAN

I want to create standard vSwitch for all hosts in the cluster for virtual machine port group and add one or more groups of ports VLAN for the same standard vswitch.
Kind regards
Shan

Try something like this

$clusterName = "mycluster.

$nics = "vmnic0", "vmnic1.

$vlans = 123456789

foreach ($esx in (Get-Cluster-name $clusterName |)) Get - VMHost)) {}

$sw = New - VirtualSwitch - name swX - VMHost $esx - Nic $nics - confirm: $false

$vlans | %{

New-VirtualPortGroup-name "PG $($_)" - VLanId $_ - VirtualSwitch $sw - confirm: $false

}

}

Consolidation and failover for the uplink on the Distributed switch port group

Hello
I have a problem with the implementation of a distributed switch, and I don't know I'm missing something!
I have a few guests with 4 of each physical cards. On the host eash I configured 2 virtual switches (say A and B), with 2 physical network by vSwitch using etherchannel adapter. Everything works fine for etherchannel and route based on the hash of the IP for the latter.
Recently, I decided to create two distributed switches and move the respective physical ports of virtual switches to this distributed switches. Once again, I want to configure etherchannel and route based on the hash of the IP. But when I open the settings for the uplink port group, aggregation and failover policies are grayed out and cannot be changed. Apparently they inherit configuration also but I don't know where!

Chantal says:

Once again, I want to configure etherchannel and route based on the hash of the IP. But when I open the settings for the uplink port group, aggregation and failover policies are grayed out and cannot be changed. Apparently they inherit configuration also but I don't know where!

You must set the card NIC teaming policy on trade in reality and not on the uplink group more expected.

Size max for NFS and VMFS (iscsi, FCP) datastore on vSphere 4.1 and 5.0

Hello
What is the maximum size for NFS and VMFS (iscsi and FCP) data created on vSphere 4.1, 5.0, and 4.0 stores?
Thank you
Tony

Hi Tony,.

You should find the answers in the various maxima of Configuration documents:
Good luck.

Concerning

Franck

Port of vSphere groups 5

Simple question about port groups. If you use dynamic or static links? As a general rule, which is the best option? Is there a reason why you would choose one over the other?

Static is usually the best option.

See also: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1022312

Kind regards

Mario

What is the different NIC Teaming policy between vSwitch properties setting and Port-Group

Hello
I know that there r two ways to set NIC Teaming policy: vSwtich or Port Group. What is the different?
Who is the highest priority? Could the port group properties overrides the setting of vSwtich? Or just inherit.
ARO
Ding

Yes-

Port group

Hello world
I'm new to vmware, I have a standard switch and,.
I have to add a vlan. I have 4 esxi hosts in a cluster.
I have connected to the vsphere client. I clicked on one of the host (say host1) configuration - networking - add network-connection type machine virtual vswitch1 (which is my standard switch).
Under the port group properties, I gave VLANID-90.
It of over or do I need to change more.
But I don't see what vlan under host 2, 3 and 4.

Hello

I'm trying to understand: you try to configure the computer virtual portgroup host1 and see a new portgroup to host 2-3-4?

Adding a vlan in virtual switch means add a machine virtual portgroup, and these steps must be made to achieve this:

1. Add vlan physical switch (and the junction ports that are connected to the host)

2.1 if you have a distributed vSwitch, simply add a portgroup distributed with the id vlan correct (the configuration is split at the host that are connected to this virtual switch)

2.2 If you have a Standard switch you must create a group of ports of std in vSwitch for each host that is to be connected (this is your case)

2.3 If you have a standard switch and you want to do this in a single "action", you must use a powershell script

Hope this might be helpful...

NSX Distributed Firewall - can you firewall connected vNIC distributed to port groups

Hello
If your virtual machines were connected to various groups of distributed (I.e. VLANs) port on a vSphere distributed switch, then you installed NSX, NSX allows create you firewall rules that apply to these VM vNIC is related to these same groups distributed port? I wasn't sure if you were first to migrate virtual machines to virtual switches before NSX allowed to assign firewall rules.
Thank you.

We can use NSX dFW windout enable virtualization of network (VXLAN and controller NSX) on the Cluster.

DFW NSX can operate on both VSS or vDS

NSX DFW works at the level of VM vNIC, which means that a virtual machine is always protected, regardless of how it is connected to the logical network.

VM can be connected to a port group VLAN supported VDS or a logical switch (port-group supported by VXLAN).

VMKernel port group

Here is the configuration of the network of one of our hosts ESX 4.1:
(1) the virtual computer network
(2) Service with 1 IP console
(3) VMKernel with 1 IP for vMotion and iSCSI, called as VMKernel_iSCI
I can see there are 4 NICs attached to this host.
Now, I just know, that same using iSCSI and vMotion VMKernel is not a good practice.
question 1
So I would like to know how is the mapping of the ESX host's network. Is this;
1 NETWORK card = 1 VM Network
1 NETWORK card = 1 Service Console
1 card NETWORK = 1 which is currently used for iscsi and vmotion VMKernel port group
In a standard switch, there are 2 network cards configured.
2nd question
I want to delete 1 port VMKernal vmotion (VMKernel_iSCI) and create a dedicated for vmotion.
I know that I have will require another IP address, but what of NIC, it will be;
1 NETWORK card = VMKernel_iSCSI
1 NETWORK card = VMKernel_vMotion
Please explain.
Thank you
Mihir

From a pure technical point of view, it will work, as long as your network is configured properly (i.e. taking advantage of VLAN and the separate subnets on management, vMotion and iSCSI). However, I am worried about the bandwidth and quarrels with such a configuration.

BTW. except if you've already seen it, I would recommend that you take a look at http://www.vmware.com/files/pdf/virtual_networking_concepts.pdf

André

Port-groups, vSphere 5 and Jumbo (iSCSI) frames

Similar Questions

Maybe you are looking for