Here are my top five exciting new networking features in vSphere 5. (I threw in a couple bonus features as well.)
1. Network I/O Control enhancements
With more virtual machines (VMs) consolidated onto fewer physical servers using fewer network interface cards (NICs), there is more opportunity for network congestion. VMware released Network I/O Control in vSphere 4.1 to address this problem and guarantee virtual network bandwidth for certain types of traffic. This VMware networking feature ensures that your Fault Tolerance traffic or iSCSI storage area network traffic is prioritized over Web traffic or file transfers, for instance.
In VMware vSphere 5, the company enhanced Network I/O Control in a number of ways. Previous versions of vSphere offered six pre-configured traffic types it could prioritize, but admins couldn’t define sets of VMs that could receive a higher amount of virtual network resources. In VMware vSphere 5, you can now create user-defined network resource pools (Figure 1).
These custom traffic types allow you to specify which port groups (that contain one or multiple VMs) will get what network priority. This enhancement to VMware networking is especially useful for service providers who have multiple tenants or companies that want to prioritize different traffic types, such as test and development vs. production.
Another enhancement to Network I/O Control is support for host-based replication (HBR) traffic. VMware vSphere 5 offers replication from one ESXi host to another, so Network I/O Control now supports the prioritization of this traffic to ensure that HBR can maintain the bandwidth it needs to get the job done.
I also want to point out new 802.1p tagging, which isn’t part of Network I/O Control but does provide quality of service. 802.1p tagging is used to tag network packets at the Ethernet MAC level. With this VMware networking feature, packets are tagged as they exit the ESXi host and go to the physical network. Most enterprise networks use 802.1p today, so the physical network switches will respect these 802.1p tags and provide the quality of service your tier-one traffic requires.
2. ESXi firewall
With ESX Server and its service console going away with vSphere 5, each ESXi 5 host now has a built-in firewall that is stateless and service-oriented. Being stateless, the firewall does not perform stateful packet inspection. Being service-oriented means that, by default, it doesn’t rely on traditional firewall rules but, instead, prompts the administrator to check or uncheck the services that can traverse the server’s management interface.
Yes, the ESXi firewall is only applicable to the server’s management interface, not to VMs running on the server. You can add custom services, but it has to be done from a command line interface. Here’s what the ESXi firewall configuration looks like from the vSphere Client:
3. VSphere Distributed Switch PowerCLI cmdlets
You can use PowerCLI to administer the vSphere distributed switch in VMware vSphere 5 using a fling from VMware Labs. It’s not an officially VMware-supported feature in vSphere 5, but you can write your own PowerCLI scripts to manage the vSwitch.
4. New virtual NIC driver
Another VMware networking feature in vSphere 5 is a new virtual hardware version --version 8. The VM HW version 8 allows admins to add a new driver for a virtual NIC called the e1000e, which provides support for PCI-Express adaptors and improves network performance. One downside is that you can’t change to the new e1000e virtual NIC adaptor through the GUI; you have to do it via the command line.
5. Port mirroring and NetFlow
The last exciting VMware networking feature I’d like to mention is support for port mirroring and NetFlow in vSphere 5. These features help you analyze and troubleshoot the virtual network.
Port mirroring allows you to copy all traffic from one port to another to analyze through network protocol analyzers. In previous versions, you could put a protocol analyzer (also called a sniffer) on the virtual network, but it would have been on a single vSwitch using promiscuous mode. The new distributed switch port mirroring actually mirrors ports across multiple hosts to a single virtual NIC or even to a physical NIC, going out to the physical network.
NetFlow, on the other hand, monitors the types of traffic and conversation statistics of virtual network traffic. NetFlow data doesn’t report on the actual traffic from the network, but rather who is talking to whom and what their topic of conversation is. When NetFlow is enabled on a distributed switch, you can then use a NetFlow analyzer such as Xangati’s to analyze traffic performance and troubleshoot VMware networking problems.
As a bonus to my top-five list, I should also mention that there are a number of improvements to iSCSI that ease VMware networking in vSphere 5. You can now fully configure its enhanced user interface through the vSphere Client. Plus, vSphere 5 offers the ability to boot stateless ESXi servers over the network.
This was first published in December 2011