6 Replies Latest reply on Apr 9, 2020 8:10 AM by Darren_DnFn

    vSphere vCSA 6.7u3 Networking

    Darren_DnFn Novice

      Hello,

      Before diving into the problem I am having, let me give you a brief background. Previous to my current job, I would say I was pretty comfortable using VMware Workstation Pro 14 or 15. Having not worked in Lab environment before, I had not had any experience with VMware ESXi hypervisor 6.5 or 6.7. Over time, I have become increasing comfortable with the hypervisor and is now the primary "software" that we use on most of our servers in our lab. I also recently figured how to configure virtual standard switches in ESXi to be able to connect my VMs to different networks.

       

      Since our lab is becoming more virtual rather than physical, we are at the point now, where we have a lot of different ESXi servers to manage. I would say around 60% of our servers are running hypervisors. While we only have about 20 servers, in our portion of the lab, as you can imagine that is a lot of different ESXi GUIs to log into. I also know that you can attach a hypervisor to Workstation Pro and manage your VMs from there, however that doesn't seem like the most appropriate way of doing things. Being able to have up to date template VMs (Windows Server, CentOS, etc) and being able to deploy VMs to any hypervisor would be a huge time saver.

       

      This is where I think vSphere will come in handy. While I would much rather go with a hyper-converged solution, such as VxRail, those kinds of appliances are not exactly within our budget for this year; very pricey. As such this makes vSphere a necessarily evil, until we can afford an HCI solution. That being said I have a question about how to set up vSphere through the vCSA 6.7u3 web-interface (HTML version).

       

      There are plenty of good guides for installing vCSA, and I was able to get it installed, but I am at a lost when it comes to virtual networking. There doesn't to be a lot of good post-config guides, and any of the guides I have found are very complex and hard to understand (networking has never really been by forte). In vSphere rather than virtual standard switches, you are suppose to use distributed virtual switches. I am not sure if I fully grasp the concepts of distributed switches, so let me give an example of what I would like to set up.

       

      Since we work in a lab, we have lots of switches at our disposal. So rather than having to mess with VLANs and switchport security, we can just throw in another switch. Also, because of security reasons some of these networks are not allowed to communicate with each other, and therefore cannot be on the same switch or router. For simplicity I will refer to the networks that are allowed to communicate with each other in some capacity. Here is an example of a physical setup, that I would like to turn in a virtual counterpart in vSphere:

      • Switch 1: Network = 100.100.1.0/24
      • Switch 2: Network = 60.60.1.0/24
      • Switch 3: Network = 8.8.1.0/24
        • I have servers in the lab with 4 NICs, so each ethernet cable can go to a different network.
        • These three networks communicate via NAT.
        • All three networks have external access to the internet.
        • Once configured in vSphere I would like to be able to attach one or more of these networks to the VMs of my choosing.
        • Note: These networks are just examples, and not the actual networks I am using.

       

      I would really appreciate some guidance on how to configure this, preferably step by step would be nice, since I not familiar with vSphere.

      Thanks in advance for your help,

      and hope everyone is staying safe and healthy

        • 1. Re: vSphere vCSA 6.7u3 Networking
          a.p. Guru
          User ModeratorsCommunity WarriorsvExpert

          It's actually simpler than you probably think.

          First of all, remember that virtual switches, and portgroups - regardless of the virtual switch type - are configured for the ESXi hosts. The vCSA (vCenter Server) is just another virtual machine, which manages the hosts.

          If you use different networks/subnets on different physical switches, do the same on the virtual switches. In case of tagged (802.1Q) ports on physical switches, which carry the same VLANs, you may attach a single vSwitch to these physical ports, and create different virtual machine port groups with different VLAN-IDs. The VMs' virtuel network adapters are then connected to these virtual machine port groups as required.

          So using vSwitches is basically not much different from using physical switches.


          André

          1 person found this helpful
          • 2. Re: vSphere vCSA 6.7u3 Networking
            Darren_DnFn Novice

            Hi André,

            Thanks for replying. So if I am understanding this correctly, to have three different networks from different physical switches in vCSA is to create a distributed switch for each network, similar to how you would configure a virtual standard virtual switch? If this is the case can you assign an ESXi host to multiple distributes switches?

             

            I am not sure how the tagging and VLAN-IDs come into play in my case. Like I said, we don't really use VLANs on our switches, everything is on the default VLAN; with a few exceptions. Since the switches I use, have most if not all their ports assigned the default VLAN, the VLAN-ID would be the same. If I remember correctly port-groups are optional, so would I even need to create and use them?

            • 3. Re: vSphere vCSA 6.7u3 Networking
              a.p. Guru
              Community WarriorsvExpertUser Moderators

              I just mentioned VLANs to explain the basics.

              If this is the case can you assign an ESXi host to multiple distributes switches?

              You can have up to 16 virtual switches on each host.

              If I remember correctly port-groups are optional ...

              No, the VMs' virtual network adapters are connected to port groups, so you need at least one VM portgroup on each vSwitch.

               

              André

              1 person found this helpful
              • 4. Re: vSphere vCSA 6.7u3 Networking
                Darren_DnFn Novice

                Hi André,

                Oh okay I think I get it. I believe I tried something like when I tried to do it at first, but I probably set it up wrong. I was just reading an article on distributed switches, and it recommended to leave your management network, vmnic0, alone since this a pre-configured virtual standard switch. So to see if I properly wrapped my head around this let me update my example to what it would look like in vSphere:

                 

                • Server with 4 NICs
                  • NIC0 attached to Switch0, Network = 100.100.1.0/24, All ports = VLAN0
                    • this would be vmnic0, which is part of the Management Network and would be left as is
                  • NIC1 attached to Switch1, Network = 60.60.1.0/24, All ports = VLAN0
                    • this would be vmnic1, so we can make a VDS for this network
                      • Let's call it VDS1, with a default port group of DPG1
                  • NIC2 attached to Switch2, Network = 8.8.1.0/24, All ports = VLAN0
                    • this would be vmnic2, so we can make a VDS for this network
                      • Let's call it VDS2, with a default port group of DPG2
                  • Since in this example we only have three different networks we will have an extra NIC on the server for future use
                  • You then attach the ESXi to one or more VDS's if you want it to have multiple networks

                 

                Does the above example sound about right? Also, this may be a silly question but what do the uplinks represent when you create a VDS? Not all of our servers are the same, and most of them only have 2 NICs. Are uplinks the virtual equivalent of how many NICs you have on a host?

                • 5. Re: vSphere vCSA 6.7u3 Networking
                  a.p. Guru
                  Community WarriorsUser ModeratorsvExpert

                  With your in environment, the configuration sounds valid. Using standard, or distributed virtual switches - unless you want to use advanced features - dosn't really make a difference in this case.

                  ... it recommended to leave your management network, vmnic0, alone since this a pre-configured virtual standard switch

                  Where did you read this? If you are going to use distributed virtual switches, why would you want to "waste" NICs for only management traffic. The built in migration wizard lets you migrate the Management Network to a dVS. In your case - with the Management Network on its own physical switch - it may not make a difference though.

                  but what do the uplinks represent when you create a VDS?

                  Distributed switches have an uplink port group to which you will map the physical NICs, so that you can have different hardware, and/or a different number of uplinks to each distributed switch (if you ever want to do this). With standard virtual switches, you map the uplinks directly to the vSwitch.

                  Not all of our servers are the same, and most of them only have 2 NICs. Are uplinks the virtual equivalent of how many NICs you have on a host?

                  Yes, when I'm talking of uplinks, I'm referring to physical network ports. They are named "vmnic" in vSphere. With your current network configuration, you will only be able to use two subnets on hosts with two network ports. That's where VLANs come into play, so that you can have basically any number of subnets, independent of the number of physical connections.


                  André

                  1 person found this helpful
                  • 6. Re: vSphere vCSA 6.7u3 Networking
                    Darren_DnFn Novice

                    Hi André,

                     

                    Thanks for clarifying, I think I get it know. Basically uplinks allow the traffic to get through the ports. I think I might consider VLANs, since it will let servers with only 2 NICs connect to different networks. I will have to refresh my memory on VLAN trunking, so that these three switches and distinct networks on each can communicate with each other over layer 2, and not just through NAT.