aenagy
Hot Shot
Hot Shot

Port binding: dynamic vs. ephemeral

As I study for my VCP6-DCV I'm trying to get a better understanding of dynamic vs. ephemeral port binding for dvPortGroups. After doing some research (see below) I need to conform some things.

1) Because ephemeral ports act like ports on standard port groups and VMware refers to this as "no binding" what VMware really means is that port binding is in effect delegated to the ESXi hosts.

2) Therefore, the difference between dynamic vs. ephemeral is that in the case of dynamic ports the vdSwitch does the actual port binding (at VM power-on), but in the case of ephemeral ports the host is doing the port binding.

3) Does this mean that ephemeral ports don't count against the "Ports per distributed switch" and "Distributed virtual network switch ports per vCenter" configuration maximums?

[1] vNetwork Distributed PortGroup (dvPortGroup) configuration (1010593) (http://kb.vmware.com/kb/1010593)

[2] Configuring vNetwork Distributed Switch for VMware View (http://myvirtualcloud.net/configuring-vnetwork-distributed-switch-for-vmware-view/)

[3] Static, Dynamic and Ephemeral Binding in Distributed Switches (http://www.vmskills.com/2010/10/static-dynamic-and-ephemeral-binding-in.html)

[4] ESXi/ESX Configuration Maximums (1003497) (http://kb.vmware.com/kb/1003497)

0 Kudos
2 Replies
vijayrana968
Virtuoso
Virtuoso

For first and second statement, Yes. Please refer to below KB.

3) No, it does count against limit with VDS and vCenter since adding multiple ephemeral port push toward vCenter maximums. This limit is 1016 ports. For vSphere 4.x, 5.x limits you have link below and for vSphere 6.x please refer to https://www.vmware.com/pdf/vsphere6/r60/vsphere-60-configuration-maximums.pdf 

Ephemeral binding

In a port group configured with ephemeral binding, a port is created and assigned to a virtual machine by the host when the virtual machine is powered on and its NIC is in a connected state. When the virtual machine powers off or the NIC of the virtual machine is disconnected, the port is deleted.

You can assign a virtual machine to a distributed port group with ephemeral port binding on ESX/ESXi and vCenter, giving you the flexibility to manage virtual machine connections through the host when vCenter is down. Although only ephemeral binding allows you to modify virtual machine network connections when vCenter is down, network traffic is unaffected by vCenter failure regardless of port binding type.

Note: Ephemeral port groups must be used only for recovery purposes when you want to provision ports directly on host bypassing vCenter Server, not for any other case. This is true for several reasons:

  • Scalability

    An ESX/ESXi 4.x host can support up to 1016 ephemeral port groups and an ESXi 5.x host can support up to 256 ephemeral port groups. Since ephemeral port groups are always pushed to hosts, this effectively is also the vCenter Server limit. For more information, see Configuration Maximums for VMware vSphere 5.0 and Configuration Maximums for VMware vSphere 4.1.

  • Performance

    Every operation, including add-host and virtual machine power operation, is slower comparatively because ports are created/destroyed in the operation code path. Virtual machine operations are far more frequent than add-host or switch-operations, so ephemeral ports are more demanding in general.

  • Non-persistent (that is, "ephemeral") ports

    Port-level permissions and controls are lost across power cycles, so no historical context is saved.
0 Kudos
aenagy
Hot Shot
Hot Shot

3) No, it does count against limit with VDS and vCenter since adding multiple ephemeral port push toward vCenter maximums. This limit is 1016 ports. For vSphere 4.x, 5.x limits you have link below and for vSphere 6.x please refer to https://www.vmware.com/pdf/vsphere6/r60/vsphere-60-configuration-maximums.pdf

I understand this (Maximum active ports per host (VDS and VSS) = 1016) differently. This is a per host limit, not a vCenter/DVS limit. Precisely because the DVS is not managing the port binding (because it has been delegated to the host) ephemeral ports do not count against either the "Ports per distributed switch" or "Distributed virtual network switch ports per vCenter" configuration maximums. This goes back to point #1 about VMware referring to ephemeral ports as "no binding" because the DVS is not tracking the binding.

In a hypothetical situation if I added enough hosts to vCenter with ephemeral port groups and bind them to 1016 vNICs per host I could exceed the vCenter/VDS limit (60k in the case of vSphere 6.0).

Yes/No/Maybe?

0 Kudos