Networking
Networking health check
This feature is aimed to assist with the divide that is
often seen between vSphere Administrators and Network Administrators. Often configuration errors can occur when
there are a large number of uplinks to be configured for the vSphere
infrastructure.
The process checks the following items are configured
correctly on the VCD switch.
- VLAN
- MTU
- Network Teaming Adapter
VMware document states that this feature works by sending
probing packets over the layer 2 network every minutes, to the network
equipment connected directly to the DVS uplinks. REG and ACK packets are sent to probe the
network. If these packets are dropped or
rejected a configuration problem is highlighted on the DVS.
VDS management rollback and recovery
One of the major problems with VDS in the past was if there
was a complete DC failure and the vCenter was virtualized (VMware
recommendation) then when hosts were recovered the networking would not be
restored until the vCenter was online to provide the VDS configuration to the
hosts. However when the host containing
the vCenter came online, it had no networking because the vCenter was not
available to lay down the VDS configuration. This often resulted in the
management being placed on a separate VSS.
vSphere 5.1 avoids this buy introducing management rollback.
If when the hosts are up and running they cant communicate with each
other. An automatic rollback to a last
working configuration is performed (VSS) this will allow for the hosts to
communicate with the vCenter and then when the vCenter is fully operational the
VDS is recreated. vSphere 5.1 also
allows for interaction of the VDS configuration at the DUCI now as well to
provide better troubleshooting.
Link Aggregation control protocol
This has always been a massive point of confusion for
administrators. vSphere documentation
has often miss used LACP terms in stating what is and what isn’t
supported. However this has now been
clarified in vSphere 5.1
Previously static Link Aggregation was supported however now
full Dynamic LACP is supported. But only on VDS.
Bridge Protocol Data Unit Filter
This is a new feature ad builds on top of the
recommendations to disabled STP and enable Port Fast on uplink switches for
both VSS and VDS. It is now recommended
to enable bridge protocol unit filtering to stop loop behavior being
detected. The VMware documentation
details the behavior below.
VMware virtual switches do not generate BPDU packets. But if a virtual
machine sends them, they will be forwarded to the physical switch port over the
uplink. When the physical switch port, configured with the BPDU guard setting,
detects the packet, that port will be put in err-disabled state. In this
err-disabled state, the switch port is completely shut down, which prevents
effecting STP. However, the vSphere environment will detect this port failure
and will move the virtual machine traffic over another uplink that is connected
to another physical switch port. The BPDU packets will be seen on this new
physical switch port, and the switch will block that port as well. This
ultimately will cause a denial-of-service (DoS) attack situation across the
virtual infrastructure cluster.
This configuration is recommendation by VMware and is
enabled on the VDS, not the physical uplinked switch. This will be tested and
added to the standard building blocks documentation.
Increases in scalability
No comments:
Post a Comment