VMware and virtualization have been part of IT life for over a decade now but there is still a wide gap of understanding in the world around how some of these features work and when to use one over the other. In an effort to educate users on the fundamentals of VMware and answer a few questions, here's a breakdown of the virtual switches within a VMware vSphere environment.
One feature that makes vSphere great is that it offers options for networking. VMware provides two options for switches: the vSphere Standard Switch (VSS) and the vSphere Distributed Switch (VDS). Both options provide the same basic functionality, but VDS offers a greater set of features. The VDS option also allows for third-party switch makers to create virtual switches to plug into vSphere, including the Cisco 1000V and the IBM 5000 switches.
The IBM switch is a bit of vaporware in the sense that I've never seen or heard of anyone using it, while the Cisco 1000V is very much a real enterprise option. The 1000V offers a virtual switch that runs the Nexus OS from Cisco and is managed much like a physical switch. It also has a large install base, but it still trails behind the two VMware options.
There are a few basic principles that apply to all of the virtual networking options in a vSphere environment.
- Uplinks -- These are the physical network adapters in each vSphere host that connect to the physical network switches that connect the greater network together.
- VLANs -- A method used to divide a single Layer-2 network into multiple broadcast domains. This creates virtual LANs (VLANs) and allows the traffic to be tagged to allow switches and routers to route and separate traffic accordingly. There are many reasons to use or not use VLANs, but it's commonly used to group hosts with common sets of requirements.
- Portgroups -- Portgroups are logical groups of ports that use the same VLAN or group of VLANs. This allows VMs to be linked to a portgroup which gives them access to the networks that they require. They are used to present VLANs to the virtual switches.
The vSphere Standard Switch
The VSS is included with every version of vSphere that VMware sells and has been in existence since the beginning, maturing and growing over the years. Even with it being the basic switching option, it does offer some powerful features that are still widely used by numerous customers. The VSS doesn't have any requirements for vCenter or any other vSphere hosts. In its most basic form, it can run on a single standalone host.
Many people encounter this as they build a vSphere host for the first time. Upon installing vSphere, the host will have a single VSS in its most elementary form. You can then further configure it and make it part of a large vSphere cluster or migrate to VDS.
A VSS has the option to utilize the number of uplinks that you wish to use, meaning that if you build a vSphere cluster and use VSS, the hosts in the cluster could have a varying number of uplinks. While this would not follow best practices, it is possible and could be done for varying requirements.
The biggest thing to grasp about VSS is that there really are separate individual switches on each vSphere host. They are configured separately, meaning that you will need to configure portgroups, uplinks, load balancing, security functions and anything else on a host-by-host basis. This can cause an increased level of effort to set up and opens up the door for making errors.
To reduce the level of effort and cut down on errors, many admins rely on PowerShell to script most of the configuration of their VSS. This is very powerful if you understand PowerShell, but for those who do not, it can be a big task.
The vSphere Distributed Switch
The VDS is the enterprise virtual switch offering from VMware. It is only included in the highest level of licensing, vSphere Enterprise Plus. This is the top-of-the-line license from VMware that offers access to all of its advanced vSphere and vCenter features. But the licensing requirements can put using the VDS out of reach for some customers who cannot justify the expense of Enterprise Plus licenses.
With VDS, you create a virtual switch that can serve multiple hosts in one cluster or multiple clusters. This differs from VSS, which has a switch on each host. With VDS, you create a virtual switch and then add your hosts to it. The portgroups are created on the central switch allowing them to be used by all members of the VDS. This cuts down on effort and errors by only having to configure options once centrally.
Other than the centralized management features of a VDS, there are also a number of advanced features that are not available with VSS, including these key features:
- Health monitoring -- Monitors the health of the uplink connections by monitoring VLANs, Teaming/Failover policies and MTU size.
- Network I/O Control (NIOC) -- A method of grouping traffic and applying limits and shares to the groups to give priority to traffic types or create a level playing field.
- Private VLANs -- A method to create private networks that allow or prevent communication of VMs within each given private VLAN.
- Load-based teaming (LBT) -- There are a number of teaming options available for uplinks in vSphere, and they all handle failover in case of any issues. But LBT is the only option that will actively balance the traffic should a single link reach 75% capacity for a 30-second period.
- NetFlow support -- An industry standard for IP traffic monitoring.
- Port mirroring -- Another method used for networking management or troubleshooting. Allows traffic on one port to be mirrored/cloned to another.
- Configuration backup -- Allows for the backup and restore of the VDS settings. Helpful in recovering from an outage or error.
By now, you should have a solid understanding of the differences between the virtual switching options available with VMware vSphere. I hope this will help if you are considering which license level you should purchase, or if you own VDS licensing already but are not utilizing.
How do VMware Server, Virtual Server and XenExpress measure up in terms of virtual switch security?
Attention resellers: What you need to know about VMware’s standard and distributed virtual switches