VMware Cloud Community
SathishMu
Contributor
Contributor

Using Standard switch for vSphere management (vmk) adapters

I am aware of the adoption of the Distributed switch and we are utilizing the same extensively. But there is a prevalent thought that VDS is used for the VM port groups and it is a "best practice" to use standard switch for the management traffic or the port groups that are tied with vmk adapters. One thought process which makes sense is to still have the freedom to manipulate port groups at the host level when there is a vCenter outage or in the process of restoring the vCenter. I would like to put this out and get an idea if this is still a valid thought or adopting vDS all out is the best practice? Thoughts or feedback?

Tags (2)
Reply
0 Kudos
5 Replies
daphnissov
Immortal
Immortal

The main impetus behind the vDS was to avoid having to make identical changes to multiple hosts and instead make one change which automatically gets propagated to all member hosts. This works well and is quite the time savings when provisioning VM port groups and making changes there. But port groups used for kernel services don't often undergo as rapid changes (or at all). In those cases, much of the vDS (not all) doesn't really come into play. And it's perfectly acceptable to go with a hybrid approach whereby your VM traffic lives on a vDS and your kernel services (or just management) reside on a vSS. This is fairly common. But when it comes to vCenter outage situations, this can easily be fixed by having one port group set to ephemeral binding mode. This will allow you to attach vCenter to the port group when its services aren't online thereby mitigating the circular dependency issue. So there are multiple approaches here and all of them can be valid design options, but the vCenter "rescue" port group on a vDS is a very simple thing to have which avoids needing a vSS.

Reply
0 Kudos
SathishMu
Contributor
Contributor

Thank you for the feedback

Reply
0 Kudos
5mall5nail5
Enthusiast
Enthusiast

IMHO this is an "old hat" version of thinking.  Create an ephemeral port group in vDS and you should be covered for a vCenter outage.  Sure, if vCenter is down you can't provision to vDS via vRA, etc., but you can't reference templates anyway.  There's a lot of fear around vDS but in good practice you can alleviate a lot of it.

Reply
0 Kudos
Alex_Romeo
Leadership
Leadership

Hi,

Usually the management rarely changes after creating it. I always create a VSS...which is always a good idea because it allows you to manage the 100 ESX hosts in case of vCenter failure.

However, if there are so many hosts to manage, you can evaluate the option expressed in the other answers.
The chosen solution is personal.

Alessandro Romeo

Blog: https://www.aleadmin.it/
Reply
0 Kudos
ChrisFD2
VMware Employee
VMware Employee

Personally I like all workloads through a single vDS, especially on hosts which only have a small number of network adapters, such as 2x10Gb NICs. Then leverage NIOC to limit Management traffic and vMotion traffic while ensuring production networks and/or storage having a higher share. As above, create an Ephemeral port group for vCenter restores or use a leg from the vDS to create a vSS in those situations.

Regards,
Chris
VCIX-DCV 2023 | VCIX-NV 2023 | vExpert *** | CCNA R&S
Reply
0 Kudos