Virtual switches

Similar Questions

• NSX 6.1.5 - distribute Firewall rules are not applied to the empty virtual switches

  Hi all

  We have a big problem since we have improved the NSX to version 6.1.3 to 6.1.5.

  I get a bug following this procedure:

  . In vSphere Client--> NSX, create a new virtual switch

  . Distribuer distribute the firewall, create a rule to deny traffic between two survey periods. Example: source: all, destination: all, service: all, Action: reject, applies: the new virtual switch

  . Connect two VMS to the virtual switch and you can test the other (this is false due to the firewall rule)

  . Publish ANY changes on the firewall distribute (could not be related to our rule. Example to change its name to another rule), and the rule starts to operate.

  Additional steps:

  . Remove the firewall rule

  . Identify the virtual machines in the virtual switch

  . Re-create the firewall with applies rule: the virtual switch (still empty)

  . Connect the virtual machines and ping between them. Yet once, the rule does not work.

  . Publish ANY changes on distributed firewalls and the rule starts to operate.

  NSX version 6.1.3 and 6.2.0 both work correctly. But I can't downgrade to 6.1.3 or upgrade to 6.2.0. 6.2.1 upgrade involves the upgrade of several other components.

  I use the following versions:

  . NSX 6.1.5

  . vCenter Version 5.5.0 Build 2414847

  . ESXi, 5.5.0, 2718055

  Please, any ideas?

  Thank you very much

  D.

  She seems to be a bug in 6.1.5 NSX and there is no solution for this yet. There are workarounds, but none of them apply to my "fully automated" environment

  We need to wait for a fix or upgrade to NSX 6.2.1 requiring an upgrade of several components as well.

  D.

• Virtual switch distributed on ESXi integrated Client Host

  Any plans to support vDS on the embedded host customer?

  If the distributed virtual switches are supported, I can't find how to set up their own good that I was able to configure virtual Standard switches.

  I haven't used client embedded myself yet, but in order to create or configure the vDS, you need to vCenter server you manage using vSphere Client/vSphere Web Client. vSS are by the host-based virtual switches that can be created and managed at the host level, so you can create those who use client Embedded or stand-alone vSphere client.

• Can not pass traffic with label of vmware virtual switch fabric 10 GB

  Hello

  I need to understand how to move traffic labeled VMware VST to these virtual Fabric switch. Blades IBM HS22 connecting internally to the virtual switch between ports 1 to 14. I use 2 external ports (17-18), one connects to the Netgear switch and another to the other switch to virtual fabric. Did the same on the other virtual fabric switch. My Synology rackstation is configured with LUN iscsi that connect to the Netgear switch and I would like to connect my HS 22 rackstation blades. My main concern is that I can't ping the IP of netgear on the same interface vlan. I can ping my Synology diskstation to the netgear which are in the same vlan. NETGEAR and BNT switches are connected by cables DAC SFP +.

  

  Even VLAN is also configured on Netgear switch. The default pvid is set as 1 on all interfaces, can I disable this? Do I need to use tagpvid-penetration on all interfaces.

  SH run

  Current configuration:
  !
  version "7.8.7.
  switch type "IBM Networking OS virtual fabric 10 Gb Switch Module for IBM BladeCenter"
  iscli-new
  !
  timezone system 295
  ! Europe/Denmark
  Advanced System
  !

  SNMP-name of the server "BNT01".
  !
  hostname "BNT01".
  !
  !
  enable access userbbi
  !
  INT1 interface port
  switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
  output
  !
  INT2 interface port
  switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
  output
  !
  INT3 interface port
  switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
  output
  !
  INT4 interface port
  switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
  output
  !
  INT5 interface port
  switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
  output
  !
  INT6 interface port
  switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
  output
  !
  INT7 interface port
  switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
  output
  !

  INT8 interface port
  switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
  output
  !
  INT9 interface port
  switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
  output
  !
  INT10 interface port
  switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
  output
  !
  INT11 interface port
  switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
  output
  !

  INT12 interface port
  switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
  output
  !
  INT13 interface port
  switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
  output
  !
  interface INT14 port
  switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
  output
  !
  EXT1 interface port
  switchport mode trunk
  switchport trunk allowed vlan 1, 16-50, 3998-4000
  output
  !
  EXT2 interface port
  switchport mode trunk
  switchport trunk allowed vlan 1, 16-50, 3998-4000
  output
  !

  !
  VLAN 1
  the name "Default".
  !
  VLAN 16
  name "VLAN16".
  !
  VLAN 17
  name "VLAN17".
  !
  VLAN 18
  name "VLAN18".
  !
  VLAN 19
  name "VLAN19".
  !
  VLAN 20
  name "VLAN20.
  !

  .

  .

  .

  .

  .

  .

  ..

  VLAN 46
  name "VLAN46".
  !
  VLAN 47
  name "VLAN47".
  !
  VLAN 48
  name "VLAN48".
  !
  VLAN 49
  name "VLAN49".
  !
  VLAN 50
  name "VLAN50".
  !
  VLAN 3998
  name "iscsi".
  !
  VLAN 3999
  name "vmotion".
  !
  VLAN 4000
  name "mgmt".
  !
  !
  !
  spanning tree mst configuration
  lethosting-name "region1".
  revision 2
  output
  !
  spanning tree mst mode
  !
  spanning tree mst configuration
  example of 1 vlan 16-50
  instance 2 vlan 3997,4000
  example 3 vlan 3998-3999
  output

  The configuration is for Teddy. I donno what I'm missing here? Any ideas would be very appreciated.

  Yes. Finally managed to do work. Tagged traffic now connects blades with ESXI 5.5 U2 to the Synology rackstation.

  It was the same thing we had. ESXi 6.0 is not supported by this adapter emulex. Also ESXi 5.5 does not I think with the iSCSI driver. So I have updated drivers using esxcli.

  VMware

  Updated network driver

  / tmp # software esxcli vib install v - /tmp/elxnet-10.0.575.9-1OEM.550.0.0.1331820.x86_64.vib
  Result of the installation
  Message: The update completed successfully, but the system must be restarted for the changes to be effective.
  Restart required: true
  VIBs installed: Emulex_bootbank_elxnet_10.0.575.9 - 1OEM.550.0.0.1331820
  VIBs removed: VMware_bootbank_elxnet_10.0.100.0v - 1vmw.550.0.0.1331820
  VIBs ignored:

  ISCSI driver update

  / tmp # software esxcli vib install v - /tmp/scsi-be2iscsi-4.6.261.0-1OEM.550.0.0.1198611.x86_64.vib
  Result of the installation
  Message: The update completed successfully, but the system must be restarted for the changes to be effective.
  Restart required: true
  VIBs installed: Emulex_bootbank_scsi - be2iscsi_4.6.261.0 - 1OEM.550.0.0.1198611
  VIBs deleted:
  VIBs ignored:
  / tmp # software esxcli vib install v - /tmp/ima-be2iscsi-4.6.261.0-1OEM.550.0.0.1198611.i386.vib
  Result of the installation
  Message: The update completed successfully, but the system must be restarted for the changes to be effective.
  Restart required: true
  VIBs installed: Emulex_bootbank_ima - be2iscsi_4.6.261.0 - 1OEM.550.0.0.1198611
  VIBs deleted:
  VIBs ignored:

  esxcli system set to true EI maintenanceMode
  esxcli system shutdown reboot - r = driverupdate d = 10

  After that, I created iSCSI vmkernel ports with the grouping. Ping has started working and now I can connect to the storage

• Mix the virtual switch different type in a Cluster and a data center.

  Can I mix standard virtual switch and a virtual switch distributed in different hosts to a Cluster/DataCenter? Can I vMotion virtual machine to a host of switch distributed to a host of standard switch and vice versa? Let's assume that the hosts have the same port group name (but have virtual swaitch different type), in the same data center, and have the same subnet IP vMotion.

  You can mix standard switches and distributed, that's what we call hybrid architecture... but to be able to migrate virtual machines between virtual switches, you must the vSphere 6 and again there are some limitations, like not be able to migrate from VDS vs.

  Have a look here for more details on the cross switch vMotion: http://www.vladan.fr/vmotion-enhancements-vsphere-6-0/

• Flow of virtual switch

  I have a simple confirmation request.

  I have a standard virtual switch created from 4 physical nic, each with 10 GB uplink.

  This virtual switch throughput will be still only 10 GB or 40 GB?

  If it is 40 GB so how traffic is load-balanced through each physical network adapter, it is divided evenly?

  Is there a way I can find what virtual machines on this virutal turnout traffice going through physical nic at a time given time?

  The virtual network adapter (which in this case is probably a vmxnet3 adapter) is connected internally to the virtual switch, not to the link bottom-up itself. In fact, it is the same as in a physical world. Think of an Internet router. If this router has internal port 100MBit/s, that's what you'll see on your PC, but you will be very probably do not have a 100 Mbps Internet connection!

  André

• How to change the security policy of a group of distributed in a distributed virtual switch ports?

  Hello

  I am trying to write a Perl script that can modify the security policy of a group of distributed in a distributed virtual switch ports. I can access the values of security policy by using the following:

  
  

  $port_group_view-> config - > defaultPortConfig-> securityPolicy - > allowPromiscuous-> value

  $port_group_view-> config - > defaultPortConfig-> securityPolicy - > forgedTransmits-> value

  $port_group_view-> config - > defaultPortConfig-> securityPolicy - > macChanges-> value

  I try to use the method ReconfigureDVPortgroup_Task() of the managed object DistributedVirtualPortGroup. While creating a new instance of DVPortgroupConfigSpec, within the data spec config defaultPortConfig property object there is property of security policy and I couldn't find any other property pointing me to that I can update the security policy. I discovered that it is accessible via defaultPortConfig, stretching from VMwareDVSPortSetting where securityPolicy is a property of VMwareDVSPortSetting.

  What is the way to update? I am bit confused about terminology Extends and extended by and how it relates to the other.

  Concerning

  Akmal

  It is in DVPortgroupConfigSpec, but you will need to use the extended VMwareDVSPortSetting object.

  My $dvpg_spec = new DVPortgroupConfigSpec();

  $dvpg_spec-> {defaultPortConfig} = new VMwareDVSPortSetting();

  $dvpg_spec-> {defaultPortConfig} {securityPolicy} = new DVSSecurityPolicy();

  $dvpg_spec-> {defaultPortConfig} {securityPolicy} {allowPromiscuous} = new BoolPolicy (value-online 1, inherited-0 online);

  $dvpg_spec-> {defaultPortConfig} {securityPolicy} {forgedTransmits} = new BoolPolicy (value-online 1, inherited-0 online);

  $dvpg_spec-> {defaultPortConfig} {securityPolicy} {macChanges} = new BoolPolicy (value-online 1, inherited-0 online);

  You could probably simplify this by getting the config spec VGA and change it before using it in the ReconfigureDVPorgroup_Task() method.

• A Question about VM traffic through a virtual switch

  I have a question please. I though I read somewhere that if you have 2 virtual machines on the same host ESXi and they are on the same VLAN, when these virtual machines want to talk to each other that they don't let the ESXi host through physical network cards.

  Now, I read in the documentation which is only correct if the virtual network, they are on doesn't have an attached physical network adapter. In other words, you create a group of uplink / Port without an attached physical network adapter.

  So, since I'm using a distributed switch and say I have a Port named Phoung(VLAN 2) group that has an attached physical network adapter. Now I have 2 virtual machines on the same host ESXi on this VLAN and when they talk to each other the traffic will remain in the ESXi host, or will still be out of the physical network to the network card and come back.

  Read various documents on this subject has me a little confused. Thank you very much.

  Where did you read that the traffic will leave the virtual switch?

  If I have something miss me the traffic leaves the host if either the virtual machine is on different subnets (i.e. need to delivery), or if they are on different virtual switches.

  André

• DNS will work within a private network that includes only a virtual switch?

  I have a private network defined in free ESXi 5.5 using only one virtual switch.

  Virtual machines on this virtual switch can ssh them using their IP addresses.

  I have configured the DNS on one of the virtual machines in this private network, but it will not

  resolve hostnames to IP addresses.

  Simple question, DNS can run on a private network that is composed

  only a switch virtual ESXi?

  Yes it will work, but you first need to register all the names of virtual machines and the IP address on the DNS server and point the entry of DNS server on the virtual machines to IP address of the DNS server that you deployed.

• Virtual switch with virtual bases DMZ

  Hi all

  trying to wrap my hands around it.  Sure you can have an ESXi installation without creating a virtual switch OK?  I have a scenario where they have 3 all current hosts to run ESXi 5.x.  It have a physical NIC card which is plugged in the demilitarized zone on the firewall and another NETWORK card inside network.  They want to get up some virtual machines in the DMZ.  I was under the impression that if dididn can't you have a virtual switch with a virtual DMZ then it would be a security risk.  Is the separate physical NIC enough?

  Thanks in advance!

  It doesn't matter what you need a virtual switch in order to have something to connect to the VM too.  If you like inside the network and a DMZ network then you can set up a separate virtual switch for each NETWORK card, that way you have separation virtual switch and physical NIC.  This way VM is placed only on the demilitarized zone would only speak and other DMZ VM inside VM is placed on the virtual switch inside would only speak to those.  Because of the way virtualization works it should be not to mention and the operating system is not between the two.  Now if that's enough, it's your security staff.  Some COMPUTER security requires a complete physical separation of workloads DMZ, some require only virtual separation.

• Distributed Virtual Switch supporting guests with different numbers of natachasery

  Our environment has had the same ESXi host model for some time. Each has interfaces from 2 to 10 GB for the traffic of the virtual machine. We use a virtual switch distributed with 2 uplinks. Now, we stand at a new environment where there are 2 types of hosts. (1) a small workload ESXi host with interfaces of 2 to 10 GB and (2) a large load of work sESXI host with 4 to 10 GB interfaces. They are seperasted in 2 groups (large and small workload workload).

  I had planned to share a Distributed Switch between the 2 groups, so I could move freely between them according to the needs. The only distinction of level of ESXi host is the power of horse and the I/O bandwidth (storage and networks VM will be used will be the same). It dawned on me that the distributed switch is configured with a particular number of uplinks. I'm trying to picture how this will work in this situation? I thought that I create a vSwitch distributed with 4 uplinks and finish by only using 2 of these uplinks when adding a small amount of work ESXi host to it. This is a valid configuration. Should I disable or do something special with the uplinks unused? I have not met this configuration so I wanted some tips on the correct configuration.

  I have validated this configuration as described previously. A dVS with 4 uplinks can take care of the guests with "up to" 4 interfaces. Hosts with only 2 interfaces will have 2 of the 4 links rising dVS associated with natachasery while the other 2 will remain unused. In my case, I decided to use the uplink 1 and 2. Uplinks 3 and 4 are not used with these hosts.

• Unable to add host to the distributed virtual switch

  Hello

  I'm trying to add a host to a virtual switch distributed through API (ReconfigureDvs_Task).

  I'll put the following text:

  VMWareDVSConfigSpec - configVersion, host

  DistributedVirtualSwitchHostMemberConfigSpec - operation, host, support

  DistributedVirtualSwitchHostMemberPnicBacking - pnicSpec

  DistributedVirtualSwitchHostMemberPnicSpec - pnicDevice

  Reconfigre_DvsTask fails with the following error in vcenter:

  An error occurred during the configuration of the host. the exception (vim.fault.PlatformConfigFault)

  VCenter newspapers also have the following information about this error:

  [error 04244 "utilshostMethod"] [HostMethodDispatcher::ProcessTaskResult] The appeal [createDistributedVirtualSwitch] host [host-*] failed with the exception [vim.fault.PlatformConfigFault]

  [error 03856 opID 'operationhostOp' = a0963b99] [MoDVSwitch::SendHostMemberChangeToHostsInParallel] failed calling host dvs Manager (op = add): got [exception vim.fault.PlatformConfigFault:]

  -> (vim.fault.PlatformConfigFault) {}

  -> dynamicType = < unset >

  -> faultCause = (vmodl. NULL in MethodFault),

  -> faultMessage = (vmodl. [LocalizableMessage)

  -> (vmodl. LocalizableMessage) {}

  -> dynamicType = < unset >

  -> key = "com.vmware.esx.hostctl.default"

  -> arg = (vmodl. [KeyAnyValue)

  -> (vmodl. KeyAnyValue) {}

  -> dynamicType = < unset >

  -> key = "reason."

  -> value = "error Sysinfo on operation returned status: busy.» See the VMkernel detailed error information log. "

  -->             }

  -->          ],

  -> message = ' operation failed, the diagnostic report: error Sysinfo on operation returned status: busy.» See the VMkernel detailed error information log. "

  -->       }

  -->    ],

  -> text = ""

  -> msg = "an error occurred during the configuration of the host."

  ->}]

  Any help will be greatly appreciated.

  Thank you!

  try to add the host by using some unused network cards...

• Configuration of virtual switch distributed to a display environment

  Are there specific practices around implementation of control network IO for a display environment. It is always better to separate the service console and keep on a standard virtual switch?

  I think that now its all what you're most comftorable with.  How many cards you like who could dictate how you would be put in place?

• Distributed Virtual Switch 5.1 update

  Hi all

  We have a vmware vsphere Cluster with 7 v 5.1 ESXi hosts 838463

  We have the form of upgrade version 5.0 to 5.1 ESXi ESXi and vCenter Server since version 5.0 to 5.1 September 2012.

  Now, I noticed that (just a little late...  ;-)) all the distributed virtual switches (we have 2 DVS) need to upgrade.  Version of DVS resulted, in fact, to be 5.0.

  (I saw in vSphere client connected to the server vCenter Server - networking).

  I wasn't expecting this behavior, DVS independent upgrade of host or vcenter server upgrade?

  It is possible DVS upgrade during the normal activity of the infrastructure?

  Thanks in advance

  Anna

  Think about the situation,

  don't forget that a dVS is a virtual switch split on all hosts, if the dVS has been automatically upgraded to the new version and there were incompatibilities or new features that were not available in the switch downstream you might run the risk of a network outage.

  in my opinion rightly done VMware cela a phyiscal post upgrade task,

• Consulta mejor opcion para configurar networking "virtual Switch".

  Hola todos espero esten very well...

  Tengo una consulta tengo q instalar 4 ESXI vphere 4.5 en mi granja servidores para el cual tengo q hacer ESXI a cluster are q el material nuevo are muy diferente al los servidores ago instalados.

  Tengo una consulta con respecto a part of networking

  nosotros tenemos currently assigned a con x amount of vmnic virtual switch a virtual swicht este para los servidores in una vlan especifica

  Office of y tambien tenemos otro con virtual switch x amount of vmnic para our Máquinas, o sea maquinas office q usan como desktop users con otro vlan especifica

  hace poco lei q best practices keep comunicación en esta era una en UN virtual switch solo?

  Partamos respond as las best no son solo eso practices, good practices there no estan en piedra, por cada uno debe set so what requested una best practice in particular to asil o has nuestro stage o an our needs.

  Dejando en esto claro, you have several options, partiendo por the config as you currently have there than in any caso esta mala.

  Según lo than tiendo tienes 2 vSwitch, uno para servidores office y otro para escritorios office, con cada vSwitch a number x of physical NICS.  Esta config you permite urban el trafico ambos types for office, asegurando además cierto nivel redundancia the conexion en Máquinas.

  Otra opcion, works that you are using VLAN, you have a vSwitch solo con todas las NIC that usan los 2 vSwitch configurados currently.  In unico vSwitch puedes crear este 2 exchanges, cada uno con una VLAN para urban el trafico las maquinas office, para lo cual las NIC physical deben estar his in modo los fisicos, pasando both switches trunk VLAN.  Esta config you permite una mayor red redundancia marine y ancho Mayor of banda, use todas las are for VLAN cada that could cards available for en el vSwitch network.

  Both options igual son of validas y lo you depende Niños y como are the Red architecture of you plataforma.

  Saludos!

• A distributed virtual switch and create Portgroup

  I'm looking to automate the "creation" of the distributed virtual switches and exchanges.

  I was unable to justify these functions in the released PowerCLI.

  I only found orders that allow me to refer to an "existing" Distributed Virtual Switch.
  I've seen references to a "adventure".  But all the dates related to the 'adventure' seem to be well over a year.

  What programmatic support exists for 'creation' of distributed virtual switches and exchanges?

  Luc's response was right, that if you cannot use the fling then the module is probably the best place to watch right now.  While we cannot commit future versions, I can say that vDS is high on our list of priorities and we hope a future release will include supported cmdlets to work with.