vi3 301 201 server config
TRANSCRIPT
-
8/9/2019 Vi3 301 201 Server Config
1/312
Server Configuration GuideESX Server 3.0.1 and VirtualCenter 2.0.1
-
8/9/2019 Vi3 301 201 Server Config
2/312
VMware, Inc.3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com
2 VMware, Inc.
Server Configuration Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
20072009 VMware, Inc. All rights reserved. This product is protected by U.S. and internationalcopyright and intellectual property laws. VMware products are covered by one or more patents listed
at http://www.vmware.com/go/patents.
VMware, the VMware boxes logo and design, Virtual SMP, and VMotion are registered trademarks ortrademarks of VMware, Inc. in the United States and/or other jurisdictions. All other marks and namesmentioned herein may be trademarks of their respective companies.
Server Configuration Guide
Revision: 20090814Item: VI-ENG-Q206-215
http://www.vmware.com/supportmailto:[email protected]:[email protected]://www.vmware.com/supporthttp://www.vmware.com/support/ -
8/9/2019 Vi3 301 201 Server Config
3/312
VMware, Inc. 3
Contents
Preface 11
1 Introduction 15Networking 15
Storage 16
Security 16
Appendixes 17
Networking
2 Networking 21NetworkingConcepts 22
ConceptsOverview 22
VirtualSwitches 23
PortGroups 26
NetworkServices 27
ViewingNetworkingInformationintheVI Client 27
NetworkingTasks 29
VirtualNetworkConfigurationforVirtualMachines 29
VMkernelConfiguration 33
TCP/IPStackattheVirtualMachineMonitorLevel 34
ImplicationsandGuidelines 34
ServiceConsoleConfiguration 37
BasicServiceConsoleConfigurationTasks 37
UsingDHCPfortheServiceConsole 43
3 AdvancedNetworking 45AdvancedNetworkingTasks 46
VirtualSwitchConfiguration 46
VirtualSwitchProperties 46
EditingVirtualSwitchProperties 46
-
8/9/2019 Vi3 301 201 Server Config
4/312
Server Configuration Guide
4 VMware, Inc.
VirtualSwitchPolicies 53
Layer2SecurityPolicy 53
TrafficShapingPolicy 55
LoadBalancingandFailoverPolicy 56
PortGroupConfiguration 60
DNSandRouting 62
SettingUpMACAddresses 64
MACAddressesGeneration 65
SettingMACAddresses 66
UsingMACAddresses 66
NetworkingTipsandBestPractices 67
NetworkingBestPractices 67
MountingNFSVolumes 67
NetworkingTips 68
4 NetworkingScenariosandTroubleshooting 69
NetworkingConfiguration
for
Software
iSCSI
Storage 70
ConfiguringNetworkingonBladeServers 76
Troubleshooting 80
TroubleshootingServiceConsoleNetworking 80
TroubleshootingNetworkAdapterConfiguration 82
TroubleshootingPhysicalSwitchConfiguration 82
TroubleshootingPortGroupConfiguration 82
Storage
5 IntroductiontoStorage 87StorageConcepts 88
StorageOverview 89
Datastores
and
File
Systems 90FileSystemFormats 91
TypesofStorage 91
SupportedStorageAdapters 92
HowVirtualMachinesAccessStorage 92
ViewingStorageInformationintheVirtualInfrastructureClient 93
DisplayingDatastores 94
ViewingStorageAdapters 95
UnderstandingStorageDeviceNamingintheDisplay 96
-
8/9/2019 Vi3 301 201 Server Config
5/312
VMware, Inc. 5
Contents
VMwareFileSystem 97
VMFSVersions 97
CreatingandGrowingVMFS 98
ConsiderationswhenCreatingVMFS 98
VMFSSharingCapabilities 99
StoringMultipleVirtualMachinesonaVMFSVolume 99
SharingaVMFSVolumeAcrossESXServers 100
ConfiguringandManagingStorage 101
6 Configuring
Storage 103LocalSCSIDiskStorage 104AddingLocalSCSIStorage 104
FibreChannelStorage 106
AddingFibreChannelStorage 108
iSCSIStorage 110
AboutiSCSIStorage 110
iSCSIInitiators 110
NamingRequirements 112
DiscoveryMethods 112
iSCSISecurity 112
ConfiguringHardwareInitiatediSCSIStorage 113
InstallingiSCSIHardwareInitiator 113
ViewingiSCSIHardwareInitiator 113
ConfiguringiSCSI
Hardware
Initiator 115
AddingHardwareInitiatediSCSIStorage 120
ConfiguringSoftwareInitiatediSCSIStorage 121
ViewingSoftwareiSCSIInitiator 122
ConfiguringiSCSISoftwareInitiator 124
AddingSoftwareInitiatediSCSIStorage 129
PerformingaRescan 131
NetworkAttached
Storage 132
SharedStorageCapabilities 133
HowVirtualMachinesUseNFS 133
NFSVolumesandVirtualMachineDelegateUsers 134
ConfiguringESXServertoAccessNFSVolumes 135
CreatinganNFSBasedDatastore 135
-
8/9/2019 Vi3 301 201 Server Config
6/312
Server Configuration Guide
6 VMware, Inc.
7 ManagingStorage 137ManagingDatastoresandFileSystems 138
Adding
New
Datastores 138RemovingExistingDatastores 139
EditingExistingVMFSbasedDatastores 139
UpgradingDatastores 139
ChangingtheNamesofDatastores 140
AddingExtentstoDatastores 141
ManagingPathsforFibreChannelandiSCSI 143
ViewingtheCurrentMultipathingState 145
ActivePaths 146
SettingMultipathingPoliciesforLUNs 147
DisablingandEnablingPaths 148
SettingthePreferredPath(FixedPathPolicyOnly) 149
ThevmkfstoolsCommands 150
8 RawDeviceMapping 151AboutRawDeviceMapping 152
Terminology 153
BenefitsofRawDeviceMapping 153
LimitationsofRawDeviceMapping 156
RawDeviceMappingCharacteristics 156
VirtualCompatibilityModeVersusPhysicalCompatibilityMode 157
DynamicNameResolution 158
RawDeviceMappingwithVirtualMachineClusters 160ComparingRawDeviceMappingtoOtherMeansofSCSIDeviceAccess 160
ManagingMappedLUNs 161
VMwareVirtualInfrastructureClient 161
MappingaSANLUN 161
ManagingPathsforaMappedRawLUN 163
ThevmkfstoolsUtility 164
FileSystemOperations 164
Security
9 SecurityforESXServerSystems 167ESXServerArchitectureandSecurityFeatures 168
SecurityandtheVirtualizationLayer 168SecurityandVirtualMachines 168
-
8/9/2019 Vi3 301 201 Server Config
7/312
VMware, Inc. 7
Contents
SecurityandtheServiceConsole 171
SecurityandtheVirtualNetworkingLayer 173
SecurityResourcesandInformation 179
10 SecuringanESXServerConfiguration 181SecuringtheNetworkwithFirewalls 181
FirewallsforConfigurationswithaVirtualCenterServer 182
FirewallsforConfigurationsWithoutaVirtualCenterServer 185
TCPandUDPPortsforManagementAccess 187
ConnectingtoVirtualCenterServerThroughaFirewall 189
ConnectingtotheVirtualMachineConsoleThroughaFirewall 189
ConnectingESXServerHostsThroughFirewalls 191
OpeningFirewallPortsforSupportedServicesandManagementAgents 192
SecuringVirtualMachineswithVLANs 194
SecurityConsiderationsforVLANs 197
VirtualSwitchProtectionandVLANs 199
SecuringVirtualSwitchPorts 201
SecuringiSCSIStorage 203SecuringiSCSIDevicesThroughAuthentication 204
ProtectinganiSCSISAN 208
11 AuthenticationandUserManagement 211SecuringESXServerThroughAuthenticationandPermissions 211
AboutUsers,Groups,Permissions,andRoles 213
UnderstandingUsers 214
UnderstandingGroups 215
UnderstandingPermissions 215
UnderstandingRoles 217
WorkingwithUsersandGroupsonESXServerHosts 219
ViewingandExportingUsersandGroupInformation 219
WorkingwiththeUsersTable 221
WorkingwiththeGroupsTable 224
EncryptionandSecurityCertificatesforESXServer 227
AddingCertificatesandModifyingESXServerWebProxySettings 227
RegeneratingCertificates 232
VirtualMachineDelegatesforNFSStorage 232
12 Service
Console
Security 237GeneralSecurityRecommendations 238
-
8/9/2019 Vi3 301 201 Server Config
8/312
Server Configuration Guide
8 VMware, Inc.
LoggingOntotheServiceConsole 239
ServiceConsoleFirewallConfiguration 239
ChangingtheServiceConsoleSecurityLevel 240
OpeningandClosingPortsintheServiceConsoleFirewall 242
PasswordRestrictions 243
PasswordAging 244
PasswordComplexity 245
ChangingthePasswordPlugin 250
CipherStrength 251
setuidandsetgidApplications 252
DefaultsetuidApplications 252DefaultsetgidApplications 254
SSHSecurity 254
SecurityPatchesandSecurityVulnerabilityScanningSoftware 256
13 SecurityDeploymentsandRecommendations 259SecurityApproachesforCommonESXServerDeployments 259
SingleCustomerDeployment 259
MultipleCustomerRestrictedDeployment 261
MultipleCustomerOpenDeployment 263
VirtualMachineRecommendations 265
InstallingAntivirusSoftware 265
DisablingCopyandPasteOperationsBetweentheGuestOperatingSystemandRemoteConsole 265
RemovingUnnecessaryHardwareDevices 266PreventingtheGuestOperatingSystemProcessesfromFloodingtheESXServer
Host 269
DisablingLoggingfortheGuestOperatingSystem 270
Appendixes
A ESXTechnicalSupportCommands 275OtherCommands 280
B Usingvmkfstools 281vmkfstoolsCommandSyntax 282
vSuboption 283
vmkfstoolsOptions 283FileSystemOptions 284
-
8/9/2019 Vi3 301 201 Server Config
9/312
VMware, Inc. 9
Contents
CreatingaVMFSFileSystem 284
ExtendinganExistingVMFS3Volume 285
ListingAttributesofaVMFSVolume 285
UpgradingaVMFS2toVMFS3 286
VirtualDiskOptions 287
SupportedDiskFormats 288
CreatingaVirtualDisk 288
InitializingaVirtualDisk 289
InflatingaThinVirtualDisk 289
DeletingaVirtualDisk 289
RenamingaVirtualDisk 289
CloningaVirtualorRawDisk 290
MigratingVMwareWorkstation andVMwareGSXServerVirtualMachines 290
ExtendingaVirtualDisk 291
MigratingaVMFS2VirtualDisktoVMFS3 291
Creating
a
Virtual
Compatibility
Mode
Raw
Device
Mapping 291ListingAttributesofanRDM 292
CreatingaPhysicalCompatibilityModeRawDeviceMapping 292
CreatingaRawDeviceDescriptorFile 292
DisplayingVirtualDiskGeometry 293
DeviceOptions 293
ScanningAdapters 293
ManagingSCSI
Reservations
of
LUNs 294
ExamplesUsingvmkfstools 295
CreateaNewVMFS3FileSystem 295
AddaPartitiontoVMFS3FileSystem 295
CreateaNewVirtualDisk 295
CloneaVirtualDisk 296
CreateaRawDeviceMapping 296
ScananAdapterforChanges 296
Index 297
-
8/9/2019 Vi3 301 201 Server Config
10/312
Server Configuration Guide
10 VMware, Inc.
-
8/9/2019 Vi3 301 201 Server Config
11/312
VMware, Inc. 11
ThisprefacedescribesthecontentsoftheServerConfigurationGuideandprovidespointerstoVMwaretechnicalandeducationalresources.
This
preface
contains
the
following
topics: AboutThisBookonpage 11
TechnicalSupportandEducationResourcesonpage 14
About This Book
Thismanual,theServerConfigurationGuide,providesinformationonhowtoconfigurenetworkingforESXServer,includinghowtocreatevirtualswitchesandportsandhowtosetupnetworkingforvirtualmachines,VMotion,IPstorage,andtheserviceconsole.
ItalsocoversconfiguringfilesystemandvarioustypesofstoragesuchasiSCSI,Fibre
Channel,andsoforth.TohelpyouprotectyourESXServerinstallation,theguide
providesadiscussionofsecurityfeaturesbuiltintoESXServerandthemeasuresyou
cantaketosafeguarditfromattack.Inaddition,itincludesalistofESXServertechnical
supportcommandsalongwiththeirVIClientequivalentsandadescriptionofthe
vmkfstoolsutility.
Preface
-
8/9/2019 Vi3 301 201 Server Config
12/312
Server Configuration Guide
12 VMware, Inc.
Revision History
Thismanualisrevisedwitheachreleaseoftheproductorwhennecessary.Arevised
versioncan
contain
minor
or
major
changes.
Table P
1provides
you
with
the
revision
historyofthismanual.
Intended Audience
Thismanualisintendedforanyonewhoneedstoinstall,upgrade,oruseESXServer3.
TheinformationinthismanualiswrittenforexperiencedWindowsorLinuxsystem
administratorswhoarefamiliarwithvirtualmachinetechnologyanddatacenteroperations.
Document Feedback
Ifyouhavecommentsaboutthisdocumentation,submityourfeedbackto:
VMware Infrastructure Documentation
TheVMwareInfrastructuredocumentationconsistsofthecombinedVirtualCenterand
ESXServerdocumentationset.
Youcanaccessthemostcurrentversionsofthismanualandotherbooksbygoingto:
http://www.vmware.com/support/pubs
Table P-1. Revision History
Revision Description
20060615 ESXServer3.0andVirtualCenter2.0versionoftheVMwareInfrastructure3ServerConfigurationGuide.Thisisthefirsteditionofthismanual.
20060925 ESXServer
3.0.1
and
VirtualCenter
2.0.1
version
of
the
VMware
Infrastructure 3ServerConfigurationGuide.Thiseditionincludesminorchangestostorageandnetworkingconfigurationinformation.
mailto:[email protected]://www.vmware.com/support/pubshttp://www.vmware.com/support/pubsmailto:[email protected] -
8/9/2019 Vi3 301 201 Server Config
13/312
VMware, Inc. 13
Preface
Conventions
Table P2illustratesthetypographicconventionsusedinthismanual.
Abbreviations Used in Graphics
Thegraphics
in
this
manual
use
the
abbreviations
listed
in
Table P
3.
Table P-2. Conventions Used in This Manual
Style Elements
Blue(onlineonly) Crossreferencesandemailaddresses
Blueboldface(onlineonly) Links
Blackboldface Userinterfaceelementssuchasbuttonnamesandmenuitems
Monospace Commands,filenames,directories,andpaths
Monospace bold Userinput
Italic Documenttitles,glossaryterms,andoccasionalemphasis
Variableandparameternames
Table P-3. Abbreviations
Abbreviation Description
VC VirtualCenter
VI VirtualInfrastructureClient
server VirtualCenterServer
database VirtualCenterdatabase
hostn VirtualCentermanagedhosts
VM# Virtualmachinesonamanagedhost
user# Userwithaccesspermissions
dsk# Storagediskforthemanagedhost
datastore Storageforthemanagedhost
SAN Storageareanetworktypedatastoresharedbetweenmanagedhosts
tmplt Template
-
8/9/2019 Vi3 301 201 Server Config
14/312
Server Configuration Guide
14 VMware, Inc.
Technical Support and Education Resources
Thefollowingsectionsdescribethetechnicalsupportresourcesavailabletoyou.
Self-Service Support
UsetheVMwareTechnologyNetwork(VMTN)forselfhelptoolsandtechnical
information:
Productinformationhttp://www.vmware.com/products/
Technologyinformationhttp://www.vmware.com/vcommunity/technology
Documentationhttp://www.vmware.com/support/pubs
VMTNKnowledgeBasehttp://www.vmware.com/support/kb
Discussionforumshttp://www.vmware.com/community
Usergroupshttp://www.vmware.com/vcommunity/usergroups.html
FormoreinformationabouttheVMwareTechnologyNetwork,goto
http://www.vmtn.net.
Online and Telephone Support
Useonlinesupporttosubmittechnicalsupportrequests,viewyourproductand
contractinformation,andregisteryourproducts.Goto
http://www.vmware.com/support .
Customerswithappropriatesupportcontractsshouldusetelephonesupportforthefastestresponseonpriority1issues.Goto
http://www.vmware.com/support/phone_support.html .
Support Offerings
FindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds.Goto
http://www.vmware.com/support/services.
VMware Education Services
VMwarecoursesofferextensivehandsonlabs,casestudyexamples,andcourse
materialsdesignedtobeusedasonthejobreferencetools.Formoreinformationabout
VMwareEducationServices,gotohttp://mylearn1.vmware.com/mgrreg/index.cfm.
http://www.vmware.com/products/http://www.vmware.com/vcommunity/technologyhttp://www.vmware.com/support/pubshttp://www.vmware.com/support/kbhttp://www.vmware.com/communityhttp://www.vmware.com/vcommunity/usergroups.htmlhttp://www.vmware.com/vcommunityhttp://www.vmware.com/supporthttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/support/serviceshttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://www.vmware.com/support/serviceshttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/supporthttp://www.vmware.com/vcommunityhttp://www.vmware.com/vcommunity/usergroups.htmlhttp://www.vmware.com/communityhttp://www.vmware.com/support/kbhttp://www.vmware.com/support/pubshttp://www.vmware.com/vcommunity/technologyhttp://www.vmware.com/products/ -
8/9/2019 Vi3 301 201 Server Config
15/312
VMware, Inc. 15
1
TheServerConfigurationGuidedescribesthetasksyouneedtocompletetoconfigureESXServerhostnetworking,storage,andsecurity.Inaddition,itprovidesoverviews,
recommendations,andconceptualdiscussionstohelpyouunderstandthesetasksand
howtodeployanESXServerhosttomeetyourneeds.BeforeusingtheinformationintheServerConfigurationGuide,readtheIntroductiontoVirtualInfrastructureforanoverviewofsystemarchitectureandthephysicalandvirtualdevicesthatmakeupa
VirtualInfrastructuresystem.
Thisintroductionsummarizesthecontentsofthisguidesothatyoucanfindthe
informationyouneed.Thisguidecoversthesesubjects:
ESX
Server
network
configurations ESXServerstorageconfigurations
ESXServersecurityfeatures
ESXcommandreference
Thevmkfstoolscommand
Networking
TheESXServernetworkingchaptersprovideyouwithaconceptualunderstandingof
physicalandvirtualnetworkconcepts,adescriptionofthebasictasksyouneedto
completetoconfigureyourESXServerhostsnetworkconnections,andadiscussionof
advancednetworkingtopicsandtasks.Thenetworkingsectioncontainsthefollowing
chapters:
Introduction
1
-
8/9/2019 Vi3 301 201 Server Config
16/312
Server Configuration Guide
16 VMware, Inc.
NetworkingIntroducesyoutonetworkconceptsandguidesyouthroughthe
mostcommontasksyouneedtocompletewhensettingupthenetworkfortheESX
Serverhost.
AdvancedNetworkingCoversadvancednetworkingtaskssuchassettingup
MACaddresses,editingvirtualswitchesandports,andDNSrouting.Inaddition,
itprovidestipsonmakingyournetworkconfigurationmoreefficient.
NetworkingScenariosandTroubleshootingDescribescommonnetworking
configurationandtroubleshootingscenarios.
StorageTheESXServerstoragechaptersprovideyouwithabasicunderstandingofstorage,a
descriptionofthebasictasksyouperformtoconfigureandmanageyourESXServer
hostsstorage,andadiscussionofhowtosetuprawdevicemapping.Thestorage
sectioncontainsthefollowingchapters:
IntroductiontoStorageIntroducesyoutothetypesofstorageyoucan
configurefortheESXServerhost.
ConfiguringStorageExplainshowtoconfigurelocalSCSIstorage,Fibre
Channelstorage,andiSCSIstorage.ItalsoaddressesVMFSstorageand
networkattachedstorage.
ManagingStorageExplainshowtomanageexistingdatastoresandthefile
systemsthatcomprisedatastores.
Raw
Device
MappingDiscusses
raw
device
mapping,
how
to
configure
this
typeofstorage,andhowtomanagerawdevicemappingsbysettingup
multipathing,failover,andsoforth.
Security
TheESXServersecuritychaptersdiscusssafeguardsVMwarehasbuiltintoESXServer
andmeasuresyoucantaketoprotectyourESXServerhostfromsecuritythreats.These
measuresincludeusingfirewalls,leveragingthesecurityfeaturesofvirtualswitches,andsettingupuserauthenticationandpermissions.Thesecuritysectioncontainsthe
followingchapters:
SecurityforESXServerSystemsIntroducesyoutotheESXServerfeatures
thathelpyouensureasecureenvironmentforyourdataandgivesyouan
overviewofsystemdesignasitrelatestosecurity.
Securing
an
ESX
Server
Configuration
Explains
how
to
configure
firewall
portsforESXServerhostsandVMwareVirtualCenter,howtousevirtualswitches
-
8/9/2019 Vi3 301 201 Server Config
17/312
VMware, Inc. 17
Chapter 1 Introduction
andVLANstoensurenetworkisolationforvirtualmachines,andhowtosecure
iSCSIstorage.
Authentication
and
User
Management
Discusses
how
to
set
up
users,
groups,
permissions,androlestocontrolaccesstoESXServerhostsandVirtualCenter.It
alsodiscussesencryptionanddelegateusers.
ServiceConsoleSecurityDiscussesthesecurityfeaturesbuiltintotheservice
consoleandshowsyouhowtoconfigurethesefeatures.
SecurityDeploymentsandRecommendations Providessomesample
deploymentstogiveyouanideaoftheissuesyouneedtoconsiderwhensetting
upyourownESXServerdeployment.Thischapteralsotellsyouaboutactionsyoucantaketofurthersecurevirtualmachines.
Appendixes
TheServerConfigurationGuideincludesappendixesthatprovidespecializedinformationyoumayfindusefulwhenconfiguringanESXServerhost.
ESXTechnical
Support
CommandsCoverstheESXServerconfiguration
commandsthatcanbeissuedthroughacommandlineshellsuchasSSH.While
thesecommandsareavailableforyouruse,youshouldnotconsiderthemtobean
APIuponwhichyoucanbuildscripts.Thesecommandsaresubjecttochangeand
VMwaredoesnotsupportapplicationsandscriptsthatrelyonESXServer
configurationcommands.ThisappendixprovidesyouwithVMwareVirtual
InfrastructureClientequivalentsforthesecommands.
UsingvmkfstoolsCoversthevmkfstoolsutility,whichyoucanusetoperform
managementandmigrationtasksforiSCSIdisks.
-
8/9/2019 Vi3 301 201 Server Config
18/312
Server Configuration Guide
18 VMware, Inc.
-
8/9/2019 Vi3 301 201 Server Config
19/312
VMware, Inc. 19
Networking
S C fi ti G id
-
8/9/2019 Vi3 301 201 Server Config
20/312
Server Configuration Guide
20 VMware, Inc.
-
8/9/2019 Vi3 301 201 Server Config
21/312
VMware, Inc. 21
2
ThischapterguidesyouthroughthebasicconceptsofnetworkingintheESX Server
environmentandhowtosetupandconfigureanetworkinavirtualinfrastructure
environment.
UsetheVirtualInfrastructure(VI)Clienttoaddnetworkingbasedonthreecategories
thatreflectthethreetypesofnetworkservices:
Virtualmachines
VMkernel
Serviceconsole
Thischaptercoversthefollowingtopics:
NetworkingConceptsonpage 22
NetworkServicesonpage 27
ViewingNetworkingInformationintheVI Clientonpage 27
NetworkingTasksonpage 29
VirtualNetworkConfigurationforVirtualMachinesonpage 29
VMkernelConfigurationonpage 33
ServiceConsoleConfigurationonpage 37
Networking
2
-
8/9/2019 Vi3 301 201 Server Config
22/312
Chapter 2 Networking
-
8/9/2019 Vi3 301 201 Server Config
23/312
VMware, Inc. 23
p g
tothenetwork.Intypicaluse,oneormoreportgroupsisassociatedwithasingle
vSwitch.Formoreinformationonportgroups,seePortGroupsonpage 26.
NICteamingoccurswhenmultipleuplinkadaptersareassociatedwithasinglevSwitchtoformateam.Ateamcaneithersharetheloadoftrafficbetweenphysicalandvirtual
networksamongsomeorallofitsmembersorprovidepassivefailoverintheeventof
ahardwarefailureoranetworkoutage.
VLANsenableasinglephysicalLANsegmenttobefurthersegmentedsothatgroups
ofportsareisolatedfromoneanotherasiftheywereonphysicallydifferentsegments.
802.1Qisthestandard.
TheVMkernelTCP/IPnetworkingstacksupportsiSCSI,NFS,andVMotion.VirtualmachinesruntheirownsystemsTCP/IPstacks,andconnecttotheVMkernelatthe
Ethernetlevelthroughvirtualswitches.TwonewfeaturesinESX Server3,iSCSIand
NFS,arereferredasIPstorageinthischapter.IPstoragereferstoanyformofstoragethatusesTCP/IPnetworkcommunicationasitsfoundation.iSCSIcanbeusedasa
virtualmachinedatastore,andNFScanbeusedasavirtualmachinedatastoreandfor
directmountingof.ISOfiles,whicharepresentedasCDROMstovirtualmachines.
MigrationwithVMotionenablesapoweredonvirtualmachinetobetransferredfromoneESX Serverhosttoanotherwithoutshuttingdownthevirtualmachine.The
optionalVMotionfeaturerequiresitsownlicensekey.
Virtual Switches
VirtualInfrastructure(VI)Clientletsyoucreateabstractednetworkdevicescalled
virtualswitches(vSwitches).AvSwitchcanroutetrafficinternallybetweenvirtual
machinesandlinktoexternalnetworks.
Usevirtualswitchestocombinethebandwidthofmultiplenetworkadaptersand
balancecommunicationstrafficamongthem.Theycanalsobeconfiguredtohandle
physicalNICfailover.
AvSwitchmodelsaphysicalEthernetswitch.Thedefaultnumberoflogicalportsfora
vSwitchis56.However,avSwitchcanbecreatedwithupto1016portsinESX Server
3.0.Youcanconnectonenetworkadapterofavirtualmachinetoeachport.Eachuplink
adapterassociated
with
avSwitch
uses
one
port.
Each
logical
port
on
the
vSwitch
is
a
NOTE ThenetworkingchapterscoverhowtosetupnetworkingforiSCSIandNFS.To
configurethestorageportionofiSCSIandNFS,seethestoragechapters.
NOTE Youcancreateamaximumof248vSwitchesonasinglehost.(SEEUPDATE)
Server Configuration Guide
-
8/9/2019 Vi3 301 201 Server Config
24/312
24 VMware, Inc.
memberofasingleportgroup.EachvSwitchcanalsohaveoneormoreportgroups
assignedtoit.SeePortGroupsonpage 26.
Beforeyoucanconfigurevirtualmachinestoaccessanetwork,youmustcreateatleast
onevSwitch.WhentwoormorevirtualmachinesareconnectedtothesamevSwitch,
networktrafficbetweenthemisroutedlocally.Ifanuplinkadapterisattachedtothe
vSwitch,eachvirtualmachinecanaccesstheexternalnetworkthattheadapteris
connectedtoasshowninFigure 21.
Figure 2-1. Virtual Switch Connections
IntheVI Client,thedetailsfortheselectedvSwitcharepresentedasaninteractive
diagramasshowninFigure 22.ThemostimportantinformationforeachvSwitchis
alwaysvisible.
Chapter 2 Networking
-
8/9/2019 Vi3 301 201 Server Config
25/312
VMware, Inc. 25
Figure 2-2. Virtual Switch Interactive Diagram
Clickthebluespeechicontoselectivelyrevealsecondaryandtertiaryinformation.
ApopupwindowdisplaysdetailedpropertiesasshowninFigure 23.
blue speech icon
Server Configuration Guide
-
8/9/2019 Vi3 301 201 Server Config
26/312
26 VMware, Inc.
Figure 2-3. Virtual Switch Detailed Properties
Port GroupsPortgroupsaggregatemultipleportsunderacommonconfigurationandprovidea
stableanchorpointforvirtualmachinesconnectingtolabelednetworks.Eachport
groupisidentifiedbyanetworklabel,whichisuniquetothecurrenthost.AVLANID,
whichrestrictsportgrouptraffictoalogicalEthernetsegmentwithinthephysical
network,isoptional.
Labelednetworksareproperlyconfiguredonlywhenallportgroupsusingthesame
networklabelareabletoseethesamebroadcasttraffic.BecauseaVLANcanrestrict
visibilityonaphysicalnetwork,itmightbenecessarytosynchronizethenetworklabel
andVLANIDcontrolswhenoneofthemischanged.Morethanoneportgroupcanuse
thesameVLANID.
NOTE Youcan
create
amaximum
of
512
port
groups
on
asingle
host.
NOTE InorderforaportgrouptoreachportgroupslocatedonotherVLANs,youmustset
theVLANIDto4095.
Chapter 2 Networking
-
8/9/2019 Vi3 301 201 Server Config
27/312
VMware, Inc. 27
Network Services
YouneedtoenabletwotypesofnetworkservicesinESX Server:
Connectingvirtualmachinestothephysicalnetwork
ConnectingVMkernelservices(suchasNFS,iSCSI,orVMotion)tothephysical
network
Theserviceconsole,whichrunsthemanagementservices,issetupbydefaultduring
theinstallationofESX Server.
Viewing Networking Information in the VI ClientTheVIClientdisplaysbothgeneralnetworkinginformationandinformationspecific
tonetworkadapters.
To view general networking information in the VI Client
1 LogontotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
ThenetworkingpaneldisplaysthefollowinginformationasshowninFigure 24:
Virtualswitches
Adapterinformationforeachadapter
Linkstatus
Apparentspeedandduplex
ServiceconsoleandVMkernelTCP/IPservices
IPaddress
Serviceconsole
Virtualdevicename
Virtualmachines
Powerstatus
Connectionstatus
Portgroup
Networklabelcommontoallthreeportconfigurationtypes
-
8/9/2019 Vi3 301 201 Server Config
28/312
Chapter 2 Networking
-
8/9/2019 Vi3 301 201 Server Config
29/312
VMware, Inc. 29
vSwitchvSwitchthatthenetworkadapterisassociatedwith
NetworksIPaddressesthatthenetworkadapterhasaccessto
Networking Tasks
Thischapteroutlineshowtoperformthefollowingnetworkingtasks
Tocreateoraddavirtualnetworkforavirtualmachineonpage 30
Settingtheconnectiontypeforavirtualmachine.
Addingthevirtualnetworktoaneworanexistingvirtualswitch.
ConfiguringthenetworklabelandVLANIDconnectionsettings.
TosetuptheVMkernelonpage 34
SettingtheconnectiontypefortheVMkernel.
Addingthevirtualnetworktoaneworanexistingvirtualswitch.
Configuringthenetworklabel,VLANID,TCP/IP,andgatewayconnection
settings.
Toconfigureserviceconsolenetworkingonpage 37
Settingtheconnectiontypefortheserviceconsole.
Addingthevirtualnetworktoaneworanexistingvirtualswitch.
Configuringthenetworklabel,VLANID,DHCP/StaticIP,andgateway
connectionsettings.
Tosetthedefaultgatewayonpage 41
Todisplayserviceconsoleinformationonpage 43
Virtual Network Configuration for Virtual Machines
TheVI ClientAddNetworkWizardstepsyouthroughthetaskstocreateavirtual
networkforavirtualmachine.Thesetasksinclude:
Settingtheconnectiontypeforavirtualmachine
AddingthevirtualnetworktoaneworanexistingvSwitch
ConfiguringtheconnectionsettingsforthenetworklabelandtheVLANID
Whensettingupvirtualmachinenetworks,considerwhetheryouwanttomigratethe
virtualmachinesinthenetworkbetweenESXServerhosts.Ifso,besurethatbothhostsareinthesamebroadcastdomainthatis,thesameLayer2subnet.
Server Configuration Guide
-
8/9/2019 Vi3 301 201 Server Config
30/312
30 VMware, Inc.
ESXServerdoesntsupportvirtualmachinemigrationbetweenhostsindifferent
broadcastdomainsbecausethemigratedvirtualmachinemightrequiresystemsand
resourcesthatitwouldnolongerhaveaccesstobyvirtueofbeingmovedtoaseparate
network.Even
if
your
network
configuration
is
set
up
as
ahigh
availability
environmentorincludesintelligentswitchescapableofresolvingthevirtualmachines
needsacrossdifferentnetworks,youmayexperiencelagtimesastheARPtable
updatesandresumesnetworktrafficforthevirtualmachines.
To create or add a virtual network for a virtual machine
1 LogontotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
3 Ontherightsideofthescreen,clickAddNetworking.
Virtualswitchesarepresentedinanoverviewplusdetailslayout.
4 Click
Add
Networking
from
the
Configuration
tab.TheAddNetworkWizardappears.
5 Acceptthedefaultconnectiontype,VirtualMachines.
VirtualMachinesletsyouaddalabelednetworktohandlevirtualmachine
networktraffic.
NOTE TheAddNetworkWizardisreusedfornewportsandportgroups.
Chapter 2 Networking
-
8/9/2019 Vi3 301 201 Server Config
31/312
VMware, Inc. 31
6 ClickNext.
TheNetworkAccessscreenappears.
Virtualmachinesreachphysicalnetworksthroughuplinkadapters.AvSwitchis
abletotransferdataonlytoexternalnetworkswhenoneormorenetworkadapters
areattachedtoit.WhentwoormoreadaptersareattachedtoasinglevSwitch,they
aretransparentlyteamed.
7 SelectCreateavirtualswitch.
YoucancreateanewvSwitchwithorwithoutEthernetadapters.
IfyoucreateavSwitchwithoutphysicalnetworkadapters,thenalltrafficonthat
vSwitchwillbeconfinedtothatvSwitch.Nootherhostsonthephysicalnetwork
orvirtualmachinesonothervSwitcheswillbeabletosendorreceivetrafficover
thisvSwitch.Youmightdothisifyouwantagroupofvirtualmachinestobeable
tocommunicatewitheachother,butnotwithotherhostsorwithvirtualmachines
outsidethegroup.
Changesappear
in
the
Preview
pane.
8 ClickNext.
TheConnectionSettingsscreenappears.
Server Configuration Guide
-
8/9/2019 Vi3 301 201 Server Config
32/312
32 VMware, Inc.
9 UnderPortGroupProperties,enteranetworklabelthatidentifiestheportgroup
thatyouarecreating.
Usenetworklabelstoidentifymigrationcompatibleconnectionscommontotwoormorehosts.
10 IfyouareusingaVLAN,intheVLANIDfield,enteranumberbetween1and
4094.
Ifyouareunsurewhattoenter,leavethisblankoraskyournetworkadministrator.
Ifyouenter0orleavethefieldblank,theportgroupcanseeonlyuntagged
(nonVLAN)traffic.Ifyouenter4095,theportgroupcanseetrafficonanyVLANwhileleavingtheVLANtagsintact.
Chapter 2 Networking
-
8/9/2019 Vi3 301 201 Server Config
33/312
VMware, Inc. 33
11 ClickNext.
TheReadytoCompletescreenappears.
12 AfteryouhavedeterminedthatthevSwitchisconfiguredcorrectly,clickFinish.
VMkernel ConfigurationMovingavirtualmachinefromonehosttoanotheriscalledmigration.Migratinga
poweredonvirtualmachineiscalledVMotion.MigrationwithVMotion,designedto
beusedbetweenhighlycompatiblesystems,letsyoumigratevirtualmachineswithno
downtime.YourVMkernelnetworkingstackmustbesetupproperlytoaccommodate
VMotion.
IPStoragereferstoanyformofstoragethatusesTCP/IPnetworkcommunicationasitsfoundation,whichincludesiSCSIandNASforESX Server.Becausebothofthese
storagetypesarenetworkbased,bothtypescanusethesameportgroup.
ThenetworkservicesprovidedbytheVMkernel(iSCSI,NFS,andVMotion)usea
TCP/IPstackintheVMkernel.ThisTCP/IPstackiscompletelyseparatefromthe
TCP/IPstackusedintheserviceconsole.EachoftheseTCP/IPstacksaccessesvarious
networksbyattachingtooneormoreportgroupsononeormorevSwitches.
NOTE Toenablefailover(NICteaming),bindtwoormoreadapterstothesameswitch.If
oneuplinkadapterisnotoperational,networktrafficisroutedtoanotheradapter
attachedtotheswitch.NICteamingrequiresbothEthernetdevicestobeonthe
sameEthernetbroadcastdomain.
Server Configuration Guide
-
8/9/2019 Vi3 301 201 Server Config
34/312
34 VMware, Inc.
TCP/IP Stack at the Virtual Machine Monitor Level
TheVMwareVMkernelTCP/IPnetworkingstackhasbeenextendedtohandleiSCSI,
NFS,andVMotioninthefollowingways:
iSCSIasavirtualmachinedatastore.
iSCSIforthedirectmountingof.ISOfiles,whicharepresentedasCDROMsto
virtualmachines.
NFSasavirtualmachinedatastore.
NFSforthedirectmountingof.ISOfiles,whicharepresentedasCDROMsto
virtualmachines.
MigrationwithVMotion.
Implications and Guidelines
Referto
the
following
guidelines
when
configuring
VMkernel
networking:
TheIPaddressthatyouassigntotheserviceconsoleduringinstallationmustbe
differentfromtheIPaddressthatyouassigntoVMkernelsTCP/IPstackfromthe
Configuration>NetworkingtaboftheVirtualInfrastructureClient.
BeforeconfiguringsoftwareiSCSIfortheESX Serverhost,openafirewallportby
enablingtheiSCSIsoftwareclientservice.Formoreinformation,seeOpening
FirewallPortsforSupportedServicesandManagementAgentsonpage 192.
UnlikeotherVMkernelservices,iSCSIhasaserviceconsolecomponent,so
networksthatareusedtoreachiSCSItargetsmustbeaccessibletobothservice
consoleandVMkernelTCP/IPstacks.
To set up the VMkernel
1 LogontotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
3 ClicktheAddNetworkinglink.
TheAddNetworkWizardappears.
4 SelectVMkernelandclickNext.
NOTE ESXsupportsonlyNFSversion3overTCP/IP.
Chapter 2 Networking
-
8/9/2019 Vi3 301 201 Server Config
35/312
VMware, Inc. 35
SelectingVMotionandIPStorageletsyouconnecttheVMkernel,whichruns
servicesforVMotionandIPstorage(NFSoriSCSI),tothephysicalnetwork.
TheNetworkAccesspageappears.
5 SelectthevSwitchyouwouldliketouse,orselecttheCreateavirtualswitchradio
buttontocreateanewvSwitch.
6 SelectthecheckboxesforthenetworkadaptersyourvSwitchwilluse.
YourchoicesappearinthePreviewpane.
SelectadaptersforeachvSwitchsothatvirtualmachinesorotherservicesthat
connectthroughtheadaptercanreachthecorrectEthernetsegment.Ifnoadapters
appearunderCreateanew
virtual
switch,allthenetworkadaptersinthesystem
arebeingusedbyexistingvSwitches.YoucaneithercreateanewvSwitchwithout
anetworkadapterorselectanetworkadapterusedbyanexistingvSwitch.
ForinformationonmovingnetworkadaptersbetweenvSwitches,seeToadd
uplinkadaptersonpage 50.
7 ClickNext.
TheConnectionSettingspageappears.
Server Configuration Guide
-
8/9/2019 Vi3 301 201 Server Config
36/312
36 VMware, Inc.
8 UnderPortGroupProperties,selectorenteranetworklabelandaVLANID.
NetworkLabelAnamethatidentifiestheportgroupthatyouarecreating.
Thisisthelabelthatyouspecifywhenconfiguringavirtualadaptertobe
attachedtothisportgroup,whenconfiguringVMkernelservices,suchasVMotionandIPstorage.
VLANIDIdentifiestheVLANthattheportgroupsnetworktrafficwill
use.
9 SelecttheUsethisportgroupforVMotioncheckboxtoenablethisportgroupto
advertiseitselftoanotherESX ServerasthenetworkconnectionwhereVMotion
trafficshould
be
sent.
YoucanenablethispropertyforonlyoneVMotionandIPstorageportgroupfor
eachESX Serverhost.Ifthispropertyisnotenabledforanyportgroup,migration
withVMotiontothishostisnotpossible.
10 UnderIPSettings,clickEdittosettheVMkernelDefaultGatewayforVMkernel
services,suchasVMotion,NAS,andiSCSI.
NOTE Makesurethatyousetadefaultgatewayfortheportthatyoucreated.
VirtualCenter2behavesdifferentlyherefromVirtualCenter1.x.Youmustusea
validIPaddresstoconfiguretheVMkernelIPstack,notadummyaddress.
Chapter 2 Networking
Th DNS d R ti C fi ti di l b U d h DNS
-
8/9/2019 Vi3 301 201 Server Config
37/312
VMware, Inc. 37
TheDNSandRoutingConfigurationdialogboxappears.UndertheDNS
Configurationtab,thenameofthehostisenteredintothenamefieldbydefault.
TheDNSserveraddressesthatwerespecifiedduringinstallationarealso
preselectedas
is
the
domain.
UndertheRoutingtab,theserviceconsoleandtheVMkerneleachneedtheirown
gatewayinformation.Agatewayisforneededifconnectivitytomachinesnoton
thesameIPsubnetastheserviceconsoleorVMkernel.
StaticIPsettingsisthedefault.
11 ClickOKtosaveyourchangesandclosetheDNSConfigurationandRouting
dialogbox.
12 ClickNext.
13 UsetheBackbuttontomakeanychanges.
14 ReviewyourchangesontheReadytoCompletepageandclickFinish.
Service Console Configuration
BoththeserviceconsoleandtheVMkernelusevirtualEthernetadapterstoconnectto
avSwitchandtoreachnetworksservicedbythevSwitch.
Basic Service Console Configuration Tasks
Therearetwocommonserviceconsoleconfigurationchanges:changingNICsand
changingthesettingsforanexistingNICthatisinuse.
Whenonlyoneserviceconsoleconnectionispresent,changingtheserviceconsole
configurationisnotallowed.Ifyouwantanewconnection,youmustchangethe
networksettingstouseanadditionalNIC.Afterverifyingthatthenewconnectionis
functioningproperly,removetheoldconnection.Youareswitchingovertothenew
NIC.
To configure service console networking
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
3 ClicktheAddNetworkinglink.
TheAddNetworkWizardappears.
Server Configuration Guide
4 Select Ser ice Console o the Connection Types sc ee a d clickNext
-
8/9/2019 Vi3 301 201 Server Config
38/312
38 VMware, Inc.
4 SelectServiceConsoleontheConnectionTypesscreen,andclickNext.
TheServiceConsoleNetworkAccesspageappears.
5 SelectthevSwitchyouwanttousefornetworkaccess,orselectCreateanew
vSwitchandclickNext.
IfnoadaptersappearunderCreateanewvirtualswitch,allthenetworkadapters
inthesystemarebeingusedbyexistingvSwitches.Forinformationonmoving
networkadaptersbetweenvSwitches,seeToadduplinkadaptersonpage 50.
Chapter 2 Networking
6 Under Port Group Properties select or enter theNetwork Label andVLAN ID
-
8/9/2019 Vi3 301 201 Server Config
39/312
VMware, Inc. 39
6 UnderPortGroupProperties,selectorentertheNetworkLabelandVLANID.
NewerportsandportgroupsappearatthetopofthevSwitchdiagram.
7 EntertheIPAddressandSubnetMask,orselecttheDHCPoptionObtainIP
settingautomaticallyfortheIPaddressandsubnetmask.
8 ClicktheEditbuttontosettheServiceConsoleDefaultGateway.
SeeTosetthedefaultgatewayonpage 41.
9 ClickNext.
TheReadytoCompletepageappears.
10 ChecktheinformationandclickFinish.
To configure service console ports
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
Server Configuration Guide
3 On the right side of the screen find the vSwitch that you want to edit and click
-
8/9/2019 Vi3 301 201 Server Config
40/312
40 VMware, Inc.
3 Ontherightsideofthescreen,findthevSwitchthatyouwanttoeditandclick
PropertiesforthatvSwitch.
ThevSwitchPropertiesdialogboxappears.
4 InthevSwitchPropertiesdialogbox,clickthePortstab.
5 SelectServiceConsole,andclickEdit.
Awarningdialogboxappearstoexplainthatmodifyingyourserviceconsole
connectionmaydisconnectallmanagementagents.
Chapter 2 Networking
6 Tocontinuewiththeserviceconsoleconfiguration,clickContinuemodifyingthis
-
8/9/2019 Vi3 301 201 Server Config
41/312
VMware, Inc. 41
g , y g
connection.
TheServiceConsolePropertiesdialogboxappears.
7 Editportproperties,IPsettings,andeffectivepoliciesasnecessary.
8 ClickOK.
OnlyonedefaultgatewaycanbeconfiguredperTCP/IPstack.
To set the default gateway
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickDNSandRouting.
TheDNSandRoutingpanelappears.
Server Configuration Guide
3 ClickthePropertieslink.
-
8/9/2019 Vi3 301 201 Server Config
42/312
42 VMware, Inc.
p
TheDNSConfigurationdialogboxappears.
Underthe
DNS
Configurationtab,
the
name
of
the
host
is
entered
into
the
name
fieldbydefault.TheDNSserveraddressesandthedomainpreviouslyselected
duringinstallationarealsopreselected.
UndertheRoutingtab,theserviceconsoleandtheVMkernelareoftennot
connectedtothesamenetwork,andeachneedsitsowngatewayinformation.A
gatewayisneededforconnectivitytomachinesnotonthesameIPsubnetasthe
serviceconsoleorVMkernel.
Fortheserviceconsole,thegatewaydeviceisneededonlywhentwoormore
networkadaptersareusingthesamesubnet.Thegatewaydevicedetermines
whichnetworkadapterwillbeusedforthedefaultroute.
4 Clickthe
Routing
tab.
5 SettheVMkerneldefaultgateway.
6 ClickOKtosaveyourchangesandclosetheDNSConfigurationdialogbox.
NOTE AllNASandiSCSIserversneedtobeeitherreachablebythedefaultgatewayoron
thesamebroadcastdomainastheassociatedvSwitches.
CAUTION Thereisariskofmisconfiguration,whichcancausetheUItolose
connectivitytothehost,inwhichcasethehostwillhavetobe
reconfiguredfromcommandlineattheserviceconsole.
Chapter 2 Networking
To display service console information
-
8/9/2019 Vi3 301 201 Server Config
43/312
VMware, Inc. 43
1 Clickthebluespeechicontodisplayserviceconsoleinformation.
2 ClicktheXtoclosetheinformationpopupwindow.
Using DHCP for the Service Console
Inmostcases,youshouldusestaticIPaddressesfortheserviceconsole.Youcanalso
setuptheserviceconsoletousedynamicaddressing,DHCP,ifyourDNSserveris
capableofmappingtheserviceconsoleshostnametothedynamicallygeneratedIP
address.
IfyourDNSservercannotmapthehostsnametoitsDHCPgeneratedIPaddress,you
mustdeterminetheserviceconsolesnumericIPaddressandusethatnumericaddress
whenaccessingthehost.
ThenumericIPaddressmightchangeasDHCPleasesrunoutorwhenthesystemis
rebooted.Forthisreason,wedonotrecommendusingDHCPfortheserviceconsole
unlessyourDNSservercanhandlethehostnametranslation.
bluespeech
icon
Server Configuration Guide
-
8/9/2019 Vi3 301 201 Server Config
44/312
44 VMware, Inc.
3
-
8/9/2019 Vi3 301 201 Server Config
45/312
VMware, Inc. 45
ThischapterguidesyouthroughadvancednetworkingtopicsinanESX Server
environmentandhowtosetupandchangeadvancednetworkingconfiguration
options.
Thischaptercoversthefollowingtopics:
AdvancedNetworkingTasksonpage 46
VirtualSwitchConfigurationonpage 46
PortGroupConfigurationonpage 60
DNSandRoutingonpage 62
SettingUpMACAddressesonpage 64
NetworkingTipsandBestPracticesonpage 67
Advanced Networking 3
-
8/9/2019 Vi3 301 201 Server Config
46/312
Chapter 3 Advanced Networking
3 Ontherightsideofthewindow,findthevSwitchthatyouwanttoedit.
-
8/9/2019 Vi3 301 201 Server Config
47/312
VMware, Inc. 47
Server Configuration Guide
4 ClickPropertiesforthatvSwitch.
-
8/9/2019 Vi3 301 201 Server Config
48/312
48 VMware, Inc.
ThevSwitchPropertiesdialogboxappears.
5 ClickthePortstab.
6 SelectthevSwitchitemintheConfigurationlist,andclickEdit.
ThevSwitchPropertiesdialogboxappears.
7 ClicktheGeneraltabtosetthenumberofports.
8 Chooseorenterthenumberofportsyouwanttouse.
ModificationswillnottakeeffectuntilyourebootESXServer.
9 ClickOK.
Chapter 3 Advanced Networking
To configure the uplink network adapter by changing its speed
1 L i t th VM VI Cli t d l t th f th i t l
-
8/9/2019 Vi3 301 201 Server Config
49/312
VMware, Inc. 49
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
3 SelectavSwitchandclickProperties.
4 InthevSwitchPropertiesdialogbox,clicktheNetworkAdapterstab.
5 Tochangetheconfiguredspeed,duplexvalueofanetworkadapter,selectthe
networkadapterandclickEdit.
TheStatusdialogboxappears.ThedefaultisAutonegotiate,whichisusuallythe
correctchoice.
Server Configuration Guide
6 Toselecttheconnectionspeedmanually,selectthespeed/duplexfromthe
dropdownmenu.
-
8/9/2019 Vi3 301 201 Server Config
50/312
50 VMware, Inc.
p
ChoosetheconnectionspeedmanuallyiftheNICandaphysicalswitchmightfail
tonegotiatetheproperconnectionspeed.Symptomsofmismatchedspeedandduplexincludelowbandwidthornolinkconnectivityatall.
Theadapterandthephysicalswitchportitisconnectedtomustbesettothesame
value,thatis,auto/autoorND/NDwhereNDissomespeedandduplex,butnot
auto/ND.
7 ClickOK.
To add uplink adapters
1 LogintotheVMwareVI Client,andselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
3 SelectavSwitchandclickProperties.
4 InthePropertiesdialogboxforthevSwitch,clicktheNetworkAdapterstab.
5 ClickAddtolaunchtheAddAdapterWizard.
Chapter 3 Advanced Networking
YoucanassociatemultipleadapterstoasinglevSwitchtoprovideNICteaming.
Suchateamcansharetrafficandprovidefailover.
-
8/9/2019 Vi3 301 201 Server Config
51/312
VMware, Inc. 51
6 Selectoneormoreadaptersfromthelist,andclickNext.
CAUTION MisconfigurationcanresultinthelossoftheVIClientabilitytoconnect
tothehost.
Server Configuration Guide
7 ToordertheNICs,selectaNICandclickthebuttonstomoveitupordowninto
thecategory(ActiveorStandby)thatyouwant.
-
8/9/2019 Vi3 301 201 Server Config
52/312
52 VMware, Inc.
ActiveAdaptersAdapterscurrentlyusedbythevSwitch.
StandbyAdaptersAdaptersthatbecomeactiveintheeventthatoneor
moreoftheactiveadaptersshouldfail.
8 ClickNext.
TheAdapterSummarypageappears.
9 Reviewtheinformationonthispage,usetheBackbuttontochangeanyentries,
andclick
Finish
to
leave
the
Add
Adapter
Wizard.
Thelistofnetworkadaptersreappears,showingthoseadaptersnowclaimedby
thevSwitch.
10 ClickClosetoexitthevSwitchPropertiesdialogbox.
TheNetworkingsectionintheConfigurationtabshowsthenetworkadaptersin
theirdesignatedorderandcategories.
Chapter 3 Advanced Networking
Virtual Switch Policies
YoucanapplyasetofvSwitchwidepoliciesbyselectingthevSwitchatthetopofthe
-
8/9/2019 Vi3 301 201 Server Config
53/312
VMware, Inc. 53
pp y p y g p
PortstabandclickingEdit.
Tooverrideanyofthesesettingsforaportgroup,selectthatportgroupandclickEdit.
AnychangestothevSwitchwideconfigurationareappliedtoanyoftheportgroups
onthatvSwitchexceptforthoseconfigurationoptionsthathavebeenoverriddenbythe
portgroup.
ThevSwitchpoliciesconsistof:
Layer2Securitypolicy
TrafficShapingpolicy
LoadBalancingandFailoverpolicy
Layer 2 Security Policy
Layer2isthedatalinklayer.ThethreeelementsoftheLayer2Securitypolicyare
promiscuousmode,MACaddresschanges,andforgedtransmits.
Innonpromiscuousmode,aguestadapterlistenstotrafficonlyonitsownMAC
address.Inpromiscuousmode,itcanlistentoallthepackets.Bydefault,guestadapters
aresettononpromiscuousmode.
Forfurtherinformationonsecurity,seeSecuringVirtualSwitchPortsonpage 201.
To edit the Layer 2 Security policy
1 Loginto
the
VMware
VI Client
and
select
the
server
from
the
inventory
panel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
3 ClickPropertiesforthevSwitchwhoseLayer2Securitypolicyyouwanttoedit.
4 InthePropertiesdialogboxforthevSwitch,clickthePortstab.
5 SelectthevSwitchitemandclickEdit.
Server Configuration Guide
6 InthePropertiesdialogboxforthevSwitch,clicktheSecuritytab.
-
8/9/2019 Vi3 301 201 Server Config
54/312
54 VMware, Inc.
Bydefault,PromiscuousModeissettoReject,andMACAddressChangesand
ForcedTransmitsaresettoAccept.
ThepolicyhereappliestoallvirtualadaptersonthevSwitchexceptwheretheport
groupforthevirtualadapterspecifiesapolicyexception.
7 InthePolicyExceptionspane,selectwhethertorejectoraccepttheLayer2Security
policyexceptions:
PromiscuousMode
RejectPlacingaguestadapterinpromiscuousmodehasnoeffecton
whichframesarereceivedbytheadapter.
AcceptPlacingaguestadapterinpromiscuousmodecausesitto
detectall
frames
passed
on
the
vSwitch
that
are
allowed
under
the
VLAN
policyfortheportgroupthattheadapterisconnectedto.
MACAddressChanges
RejectIfyousettheMACAddressChangestoRejectandtheguest
operatingsystemchangestheMACaddressoftheadaptertoanything
otherthanwhatisinthe.vmx configurationfile,allinboundframeswill
bedropped.
IftheGuestOSchangestheMACaddressbacktomatchtheMAC
addressinthe.vmx configurationfile,inboundframeswillbepassed
again.
AcceptChangingtheMACaddressfromtheGuestOShasthe
intendedeffect:framestothenewMACaddressarereceived.
Chapter 3 Advanced Networking
ForgedTransmits
RejectAnyoutboundframewithasourceMACaddressthatis
-
8/9/2019 Vi3 301 201 Server Config
55/312
VMware, Inc. 55
differentfromtheonecurrentlysetontheadapterwillbedropped.
AcceptNofilteringisperformedandalloutboundframesarepassed.
8 ClickOK.
Traffic Shaping Policy
ESX Servershapestrafficbyestablishingparametersforthreeoutboundtraffic
characteristics:averagebandwidth,burstsize,andpeakbandwidth.Youcansetvalues
forthese
characteristics
through
the
VI Client,
establishing
atraffic
shaping
policy
for
eachuplinkadapter.
AverageBandwidthestablishesthenumberofbitspersecondtoallowacrossthe
vSwitchaveragedovertimetheallowedaverageload.
BurstSizeestablishesthemaximumnumberofbytestoallowinaburst.Ifaburst
exceedstheburstsizeparameter,excesspacketsarequeuedforlatertransmission.
Ifthequeueisfull,thepacketsaredropped.Whenyouspecifyvaluesforthesetwo
characteristics,youindicatewhatyouexpectthevSwitchtohandleduringnormal
operation.
PeakBandwidthisthemaximumbandwidththevSwitchcanabsorbwithout
droppingpackets.Iftrafficexceedsthepeakbandwidthyouestablish,excess
packetsarequeuedforlatertransmissionaftertrafficontheconnectionhas
returnedtotheaverageandthereareenoughsparecyclestohandlethequeued
packets.
If
the
queue
is
full,
the
packets
are
dropped.
Even
if
you
have
spare
bandwidthbecausetheconnectionhasbeenidle,thepeakbandwidthparameter
limitstransmissiontonomorethanpeakuntiltrafficreturnstotheallowed
averageload.
To edit the Traffic Shaping policy
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
3 SelectavSwitchandclickProperties.
4 InthevSwitchPropertiesdialogbox,clickthePortstab.
5 SelectthevSwitchandclickEdit.
ThePropertiesdialogboxfortheselectedvSwitchappears.
Server Configuration Guide
6 ClicktheTrafficShapingtab.
ThePolicyExceptionspaneappears.Whentrafficshapingisdisabled,thetunable
f d d Y l l d ll ff h f h
-
8/9/2019 Vi3 301 201 Server Config
56/312
56 VMware, Inc.
featuresaredimmed.Youcanselectivelyoverridealltrafficshapingfeaturesatthe
portgroup
level
if
traffic
shaping
is
enabled.
Thesearethepoliciestowhichtheperportgroupexceptionsareapplied.
Thepolicyhereisappliedtoeachvirtualadapterattachedtotheportgroup,notto
thevSwitchasawhole.
StatusIfyouenablethepolicyexceptionintheStatusfield,youaresetting
limitsontheamountofnetworkingbandwidthallocationeachvirtualadapter
associatedwiththisparticularportgroup.Ifyoudisablethepolicy,services
willhaveafree,clearconnectiontothephysicalnetworkbydefault.
Theremaining
fields
define
network
traffic
parameters:
AverageBandwidthAvaluemeasuredoveraparticularperiodoftime.
PeakBandwidthAvaluethatisthemaximumbandwidthallowedandthat
canneverbesmallerthanaveragebandwidth.Thisparameterlimitsthe
maximumbandwidthduringaburst.
BurstSizeAvaluespecifyinghowlargeaburstcanbeinkilobytes(K).This
parametercontrolstheamountofdatathatcanbesentinoneburstwhileexceedingtheaveragerate.
Load Balancing and Failover Policy
LoadBalancingandFailoverpoliciesallowyoutodeterminehownetworktrafficis
distributedbetweenadaptersandhowtoreroutetrafficintheeventofanadapter
failurebyconfiguringthefollowingparameters:
Chapter 3 Advanced Networking
LoadBalancingpolicy
TheLoadBalancingpolicydetermineshowoutgoingtrafficisdistributedamong
th t k d t i d t S it h
-
8/9/2019 Vi3 301 201 Server Config
57/312
VMware, Inc. 57
thenetworkadaptersassignedtoavSwitch.
FailoverDetection:LinkStatus/BeaconProbing
NetworkAdapterOrder(Active/Standby)
To edit the failover and load balancing policy
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
3 SelectavSwitchandclickEdit.
4 InthevSwitchPropertiesdialogbox,clickthePortstab.
5 ToedittheFailoverand
Load
BalancingvaluesforthevSwitch,selectthevSwitch
itemandclickProperties.
ThePropertiesdialogboxforthevSwitchappears.
NOTE IncomingtrafficiscontrolledbytheLoadBalancingpolicyonthephysicalswitch.
Server Configuration Guide
6 ClicktheNICTeamingtab.
ThePolicyExceptionsareaappears.Youcanoverridethefailoverorderattheport
group level By default new adapters are active for all policies New adapters carry
-
8/9/2019 Vi3 301 201 Server Config
58/312
58 VMware, Inc.
grouplevel.Bydefault,newadaptersareactiveforallpolicies.Newadapterscarry
trafficfor
the
vSwitch
and
its
port
group
unless
you
specify
otherwise.
7 InthePolicyExceptionspane:
LoadBalancingSpecifyhowtochooseanuplink.
RoutebasedontheoriginatingportIDChooseanuplinkbasedonthe
virtualportwherethetrafficenteredthevirtualswitch.
RoutebasedoniphashChooseanuplinkbasedonahashofthe
sourceanddestinationIPaddressesofeachpacket.FornonIPpackets,
whateverisatthoseoffsetsisusedtocomputethehash.
Chapter 3 Advanced Networking
RoutebasedonsourceMAChashChooseanuplinkbasedonahash
ofthesourceEthernet.
Use explicit failover order Always use the highest order uplink from
-
8/9/2019 Vi3 301 201 Server Config
59/312
VMware, Inc. 59
Useexplicitfailoverorder Alwaysusethehighestorderuplinkfrom
thelist
of
Active
adapters
which
passes
failover
detection
criteria.
NetworkFailoverDetectionSpecifythemethodtouseforfailover
detection.
LinkStatusonlyReliessolelyonthelinkstatusprovidedbythe
networkadapter.Thisdetectsfailures,suchascablepullsandphysical
switchpowerfailures,butnotconfigurationerrors,suchasaphysical
switchportbeingblockedbyspanningtreeormisconfiguredtothe
wrongVLANorcablepullsontheothersideofaphysicalswitch.
BeaconProbingSendsoutandlistensforbeaconprobesonallNICsin
theteamandusesthisinformation,inadditiontolinkstatus,to
determinelinkfailure.Thisdetectsmanyofthefailuresmentionedabove
thatarenotdetectedbylinkstatusalone.
NotifySwitchesSelectYesorNotonotifyswitchesinthecaseoffailover.
IfyouselectYes,wheneveravirtualNICisconnectedtothevSwitchor
wheneverthatvirtualNICstrafficwouldberoutedoveradifferentphysical
NICintheteamduetoafailoverevent,anotificationissentoutoverthe
networktoupdatethelookuptablesonphysicalswitches.Inalmostallcases,
thisisdesirableforthelowestlatencyoffailoveroccurrencesandmigrations
withVMotion.
RollingFailoverSelectYesorNotodisableorenablerolling.
Thisoptiondetermineshowaphysicaladapterisreturnedtoactivedutyafter
recoveringfromafailure.IfrollingissettoNo,theadapterisreturnedto
activedutyimmediatelyuponrecovery,displacingthestandbyadapterthat
tookoveritsslot,ifany.IfrollingissettoYes,afailedadapterisleftinactive
evenafterrecoveryuntilanothercurrentlyactiveadapterfails,requiringits
replacement.
FailoverOrderSpecifyhowtodistributetheworkloadforadapters.Ifyou
wanttousesomeadaptersbutreserveothersforemergenciesincasetheones
inusefail,youcansetthisconditionusingthedropdownmenutoplacethem
intothetwogroups:
NOTE DonotusethisoptionwhenthevirtualmachinesusingtheportgroupareusingMicrosoftNetworkLoadBalancinginunicastmode.Nosuchissue
existswithNLBrunninginmulticastmode.
Server Configuration Guide
ActiveAdaptersContinuetouseitwhenthenetworkadapter
connectivityisupandactive.
Standby Adapters Use this adapter if one of the active adapters
-
8/9/2019 Vi3 301 201 Server Config
60/312
60 VMware, Inc.
StandbyAdapters Usethisadapterifoneoftheactiveadapter s
connectivityis
down.
UnusedAdaptersNottobeused.
Port Group Configuration
Youcanchangethefollowingportgroupconfigurations:
Portgroupproperties
Labellednetworkpolicies
To edit port group properties
1 LogintotheVMwareVI Client,andselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 Clickthe
Configuration
tab,
and
click
Networking.
3 Ontherightsideofthewindow,clickPropertiesforanetwork.
ThevSwitchPropertiesdialogboxappears.
4 ClickthePortstab.
5 SelecttheportgroupandclickEdit.
6 Inthe
Properties
dialog
box
for
the
port
group,
click
the
General
tab
to
change:
NetworkLabelIdentifiestheportgroupthatyouarecreating.Specifythis
labelwhenconfiguringavirtualadaptertobeattachedtothisportgroup,
eitherwhenconfiguringvirtualmachinesorVMkernelservices,suchas
VMotionandIPstorage.
VLANIDIdentifiestheVLANthattheportgroupsnetworktrafficwill
use.
7 ClickOKtoexitthevSwitchPropertiesdialogbox.
To override labeled network policies
1 Tooverrideanyofthesesettingsforaparticularlabelednetwork,selectthe
network.
2 ClickEdit.
Chapter 3 Advanced Networking
3 ClicktheSecuritytab.
4 Selectthecheckboxforthelabelednetworkpolicythatyouwanttooverride.
F i f ti th tti L 2 S it P li 53
-
8/9/2019 Vi3 301 201 Server Config
61/312
VMware, Inc. 61
Forinformationonthesesettings,seeLayer2SecurityPolicyonpage 53.
5 ClicktheTrafficShapingtab.
6 SelectthecheckboxtooverridetheenabledordisabledStatus.Forinformationon
theStatussettings,seeTrafficShapingPolicyonpage 55.
7 ClicktheNICTeamingtab.
Server Configuration Guide
8 Selecttheassociatedcheckboxtooverridetheloadbalancingorfailoverorder
policies.
Forinformationonthesesettings,seeLoadBalancingandFailoverPolicyon
-
8/9/2019 Vi3 301 201 Server Config
62/312
62 VMware, Inc.
page 56.
9 ClickOKtoexitthelabeledVMNetworkPropertiesdialogbox.
DNS and RoutingConfigureDNSandroutingthroughtheVI Client.
To change the DNS and Routing configuration
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickDNSandRouting.
Chapter 3 Advanced Networking
3 Ontherightofthewindow,clickProperties.
4 IntheDNSConfigurationtab,entervaluesfortheNameandDomainfields.
5 Choose to either obtain the DNS server address automatically or use a DNS server
-
8/9/2019 Vi3 301 201 Server Config
63/312
VMware, Inc. 63
5 ChoosetoeitherobtaintheDNSserveraddressautomaticallyoruseaDNSserver
address.
6 Specifythedomainsinwhichtolookforhosts.
NOTE DHCPissupportedonlyiftheDHCPserverisaccessibletotheserviceconsole.In
otherwords,theserviceconsolemusthaveavirtualinterface(vswif)configured
andattachedtothenetworkwheretheDHCPserverresides.
Server Configuration Guide
7 IntheRoutingtab,changedefaultgatewayinformationasneeded.
Youneedtoselectagatewaydeviceonlyifyouhaveconfiguredtheserviceconsole
toconnecttomorethanonesubnet.
-
8/9/2019 Vi3 301 201 Server Config
64/312
64 VMware, Inc.
8 ClickOKtoclosetheDNSConfigurationdialogbox.
Setting Up MAC AddressesMACaddressesaregeneratedforvirtualnetworkadaptersusedbytheserviceconsole,
theVMkernalandvirtualmachines.Inmostcases,theseMACaddressesare
appropriate.However,youmightneedtosetaMACaddressforavirtualnetwork
adapterasinthefollowingcases:
Virtualnetworkadaptersondifferentphysicalserverssharethesamesubnetand
areassignedthesameMACaddress,causingaconflict.
YouwanttoensurethatavirtualnetworkadapteralwayshasthesameMAC
address.
ThefollowingsectionsdescribehowMACaddressesaregeneratedandhowyoucan
settheMACaddressforavirtualnetworkadapter.
Chapter 3 Advanced Networking
MAC Addresses Generation
EachvirtualnetworkadapterinavirtualmachineisassigneditsownuniqueMAC
address.AMACaddressisasixbytenumber.Eachnetworkadaptermanufactureris
-
8/9/2019 Vi3 301 201 Server Config
65/312
VMware, Inc. 65
assignedaunique
three
byte
prefix
called
an
OUI
(Organizationally
Unique
Identifier)
thatitcanusetogenerateuniqueMACaddresses.
VMwarehasthreeOUIs:
OneforgeneratedMACaddresses.
OneformanuallysetMACaddresses.
Onewhichwaspreviouslyusedforlegacyvirtualmachines,butisnolongerused
withESXServer3.0.
ThefirstthreebytesoftheMACaddressthatisgeneratedforeachvirtualnetwork
adapterhavethisvalue.ThisMACaddressgenerationalgorithmproducestheother
threebytes.ThealgorithmguaranteesuniqueMACaddresseswithinamachineand
attemptstoprovideuniqueMACaddressesacrossmachines.
Thenetworkadaptersforeachvirtualmachineonthesamesubnetshouldhaveunique
MACaddresses.Otherwise,theycanbehaveunpredictably.Thealgorithmputsalimitonthenumberofrunningandsuspendedvirtualmachinesatanyonetimeonany
givenserver.Italsodoesnothandleallcaseswhenvirtualmachinesondistinct
physicalmachinesshareasubnet.
TheVMwareUUID(UniversallyUniqueIdentifier)generatesMACaddressesthatare
checkedforanyconflicts.ThegeneratedMACaddressesarecreatedusingthreeparts:
theVMwareOUI,theSMBIOSUUIDforthephysicalESX Servermachine,andahash
basedonthenameoftheentitythattheMACaddressisbeinggeneratedfor.
AftertheMACaddresshasbeengenerated,itdoesnotchangeunlessthevirtual
machineismovedtoadifferentlocation,forexample,toadifferentpathonthesame
server.TheMACaddressintheconfigurationfileofthevirtualmachineissaved.All
MACaddressesthathavebeenassignedtonetworkadaptersofrunningand
suspendedvirtualmachinesonagivenphysicalmachinearetracked.
TheMAC
address
of
apowered
off
virtual
machine
is
not
checked
against
those
of
runningorsuspendedvirtualmachines.Itispossiblebutunlikelythatwhenavirtual
machineispoweredonagain,itcanacquireadifferentMACaddress.Thisacquisition
isduetoaconflictwithavirtualmachinethatwaspoweredonwhenthisvirtual
machinewaspoweredoff.
Server Configuration Guide
Setting MAC Addresses
Tocircumventthelimitof256virtualnetworkadaptersperphysicalmachineand
possibleMACaddressconflictsbetweenvirtualmachines,systemadministratorscan
-
8/9/2019 Vi3 301 201 Server Config
66/312
66 VMware, Inc.
manuallyassign
MAC
addresses.
VMware
uses
this
OUI
for
manually
generated
addresses:00:50:56.
TheMACaddressrangeis
00:50:56:00:00:00-00:50:56:3F:FF:FF
Youcansettheaddressesbyaddingthefollowinglinetoavirtualmachines
configurationfile:
ethernet .address = 00:50:56:XX:YY:ZZ
wherereferstothenumberoftheEthernetadapter,XX isavalidhexadecimal
numberbetween00and3F,andYYandZZarevalidhexadecimalnumbersbetween00
andFF.ThevalueforXXmustnotbegreaterthan3FtoavoidconflictwithMAC
addressesthataregeneratedbytheVMwareWorkstationandVMwareGSXServer
products.ThemaximumvalueforamanuallygeneratedMACaddressis
ethernet.address = 00:50:56:3F:FF:FF
Youmustalsosettheoptioninavirtualmachinesconfigurationfile:
ethernet.addressType="static"
BecauseVMwareESX ServervirtualmachinesdonotsupportarbitraryMAC
addresses,theaboveformatmustbeused.Aslongasyouchooseauniquevaluefor
XX:YY:ZZ amongyourhardcodedaddresses,conflictsbetweentheautomatically
assignedMACaddressesandthemanuallyassignedonesshouldneveroccur.
Using MAC Addresses
TheeasiestwaytofamiliarizeyourselfwithMACaddressesistosetupaMACaddress.
To set up a MAC address
1 SettheMACaddressstatically.
2 Removethevirtualmachineconfigurationfileoptions:
ethernet.address, ethernet.addressType
and
ethernet.generatedAddressOffset
3 VerifythatthevirtualmachinereceivesageneratedMACaddress.
Chapter 3 Advanced Networking
VMwareguarantees,however,thattheMACaddresswillneverconflictwithany
physicalhostbyusingtheVMwareOUIs(00:0C:29and00:50:56),whichareuniqueto
virtualmachines.
-
8/9/2019 Vi3 301 201 Server Config
67/312
VMware, Inc. 67
Networking Tips and Best Practices
Thissectionprovidesinformationabout:
Networkingbestpractices
Networkhints
Networking Best PracticesConsiderthesebestpracticesforconfiguringyournetwork:
Separatenetworkservicesfromoneanothertoachievegreatersecurityorbetter
performance.
Ifyouwantaparticularsetofvirtualmachinestofunctionatthehighest
performancelevels,putthemonaseparatephysicalNIC.Thisseparationallows
foraportionofthetotalnetworkingworkloadtobemoreevenlysharedacrossmultipleCPUs.Theisolatedvirtualmachinesarethenmoreabletoservetraffic
fromaWebclient,forinstance.
TherecommendationsbelowcanbesatisfiedeitherbyusingVLANstosegmenta
singlephysicalnetworkorbyusingseparatephysicalnetworks(thelatteris
preferable).
Keepingtheserviceconsoleonitsownnetworkisanimportantpartof
securingtheESXsystem.Considertheserviceconsolenetworkconnectivity
inthesamelightasanyremoteaccessdeviceinaserverbecausecompromise
oftheserviceconsolegivesanattackerfullcontrolofallvirtualmachines
runningonthesystem.
KeepingtheVMotionconnectiononaseparatenetworkdevotedtothis
purposeisimportantbecausewhenmigrationwithVMotionoccurs,the
contentsof
the
guest
operating
systems
memory
are
transmitted
over
the
network.
Mounting NFS Volumes
InESX Server3.0,themodelofhowESXaccessesNFSstorageofISOimagesthatare
usedasvirtualCDROMsforvirtualmachinesisdifferentfromthemodelusedin
ESX Server2.x.
Server Configuration Guide
ESX Server3.0hassupportforVMkernelbasedNFSmounts.Thenewmodelisto
mountyourNFSvolumewiththeISOimagesthroughtheVMkernelNFSfunctionality.
AllNFSvolumesmountedinthiswayappearasdatastoresintheVI Client.Thevirtual
machineconfigurationeditorallowsyoutobrowsetheserviceconsolefilesystemfor
-
8/9/2019 Vi3 301 201 Server Config
68/312
68 VMware, Inc.
ISOimagestobeusedasvirtualCDROMdevices.
Networking Tips
Considerthefollowingnetworkhints:
Theeasiestwaytophysicallyseparatenetworkservicesandtodedicatea
particularsetofNICstoaspecificnetworkserviceistocreateavSwitchforeach
service.Ifthisisnotpossible,theycanbeseparatedfromeachotheronasinglevSwitchbyattachingthemtoportgroupswithdifferentVLANIDs.Ineithercase,
confirmwithyournetworkadministratorthatthenetworksorVLANsyouchoose
areisolatedintherestofyourenvironment,thatis,noroutersconnectthem.
YoucanaddandremoveNICsfromthevSwitchwithoutaffectingthevirtual
machinesorthenetworkservicethatisrunningbehindthatvSwitch.Ifyou
removedalltherunninghardware,thevirtualmachineswouldstillbeableto
communicateamongstthemselves,asiftheyweregoingouttothenetworkandback.Moreover,ifyouleftoneNICintact,allofthevirtualmachineswouldstillbe
abletoconnectwiththephysicalnetwork.
Useportgroupswithdifferentsetsofactiveadaptersintheirteamingpolicyto
separatevirtualmachinesintogroups.Thesecanuseseparateadaptersaslongas
alladaptersareupbutstillfallbacktosharingintheeventofanetworkor
hardwarefailure.
Deployfirewallsinvirtualmachinesthatroutebetweenvirtualnetworkswith
uplinkstophysicalnetworksandpurevirtualnetworkswithnouplinkstoprotect
yourmostsensitivevirtualmachines.
4
-
8/9/2019 Vi3 301 201 Server Config
69/312
VMware, Inc. 69
Thischapterdescribescommonnetworkingconfigurationandtroubleshooting
scenarios.
Thischaptercoversthefollowingtopics:
NetworkingConfigurationforSoftwareiSCSIStorageonpage 70
ConfiguringNetworkingonBladeServersonpage 76
Troubleshootingonpage 80
Networking Scenarios and
Troubleshooting 4
Server Configuration Guide
Networking Configuration for Software iSCSI Storage
ThestorageyouconfigureforanESX Serverhostmightincludeoneormorestorage
areanetworks(SANs)thatuseiSCSI,whichisameansofaccessingSCSIdevicesand
h id t
d
i
TCP/IP
t l
t k
t
thth
-
8/9/2019 Vi3 301 201 Server Config
70/312
70 VMware, Inc.
exchanging data records using TCP/IP protocol over a network port rather thanthroughadirectconnectiontoaSCSIdevice.IniSCSItransactions,blocksofrawSCSI
dataareencapsulatediniSCSIrecordsandtransmittedtotherequestingdeviceoruser.
BeforeyoucanconfigureiSCSIstorage,youmustcreateaVMkernelporttohandle
iSCSInetworkingandaserviceconsoleconnectiontotheiSCSInetwork.
To create a VMkernel port for software iSCSI
1 LogintotheVMwareVI Client,andselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
3 ClicktheAddNetworkinglink.
TheAddNetworkWizardappears.
4 SelectVMkernelandclickNext.
ThisletsyouconnecttheVMkernel,whichrunsservicesforiSCSIstorage,tothe
physicalnetwork.
TheNetworkAccesspageappears.
5 SelectthevSwitchyouwanttouseortheCreateavirtualswitchradiobutton.
Chapter 4 Networking Scenarios and Troubleshooting
6 SelectthecheckboxesforthenetworkadaptersyourvSwitchwilluse.
-
8/9/2019 Vi3 301 201 Server Config
71/312
VMware, Inc. 71
YourchoicesappearinthePreviewpane.
SelectadaptersforeachvSwitchsothatvirtualmachinesorotherservicesthat
connectthroughtheadaptercanreachthecorrectEthernetsegment.Ifnoadapters
appearunderCreateanewvirtualswitch,thismeansthatallthenetwork
adaptersinthesystemarebeingusedbyexistingvSwitches.
ForinformationonmovingnetworkadaptersbetweenvSwitches,seeToadd
uplinkadaptersonpage 50.
7 ClickNext.
TheConnectionSettingspageappears.
Server Configuration Guide
8 UnderPortGroupProperties,selectorenteranetworklabelandaVLANID.
NetworkLabelAnamethatidentifiestheportgroupthatyouarecreating.
Thisisthelabelthatyouspecifywhenconfiguringavirtualadaptertobe
attached
to
this
port
group
when
configuring
iSCSI
storage
-
8/9/2019 Vi3 301 201 Server Config
72/312
72 VMware, Inc.
attached to this port group, when configuring iSCSI storage. VLANIDIdentifiestheVLANthattheportgroupsnetworktrafficwill
use.
9 UnderIPSettings,clickEdittosettheVMkernel
Default
GatewayforiSCSI.
TheDNSandRoutingConfigurationdialogboxappears.UndertheDNS
Configurationtab,thenameofthehostisenteredintothenamefieldbydefault.
Chapter 4 Networking Scenarios and Troubleshooting
TheDNSserveraddressesthatwerespecifiedduringinstallationarealso
preselectedasisthedomain.
-
8/9/2019 Vi3 301 201 Server Config
73/312
VMware, Inc. 73
Server Configuration Guide
UndertheRoutingtab,theserviceconsoleandtheVMkerneleachneedtheirown
gatewayinformation.Agatewayisneededforconnectivitytomachinesnotonthe
sameIPsubnetastheserviceconsoleorVMkernel.
-
8/9/2019 Vi3 301 201 Server Config
74/312
74 VMware, Inc.
10 ClickOKtosaveyourchanges,andclosetheDNSand
Routing
Configuration
dialogbox.
11 ClickNext.
12 UsetheBackbuttontomakeanychanges.
13 ReviewyourchangesontheReadytoCompletepageandclickFinish.
Afteryou
create
aVMkernel
port
for
iSCSI,
you
must
create
aservice
console
connectiononthesamevSwitchastheVMkernelport.
To configure a service console connection for software iSCSI storage
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
NOTE Makesurethatyousetadefaultgatewayfortheportthatyoucreated.Youmust
useavalidstaticIPaddresstoconfiguretheVMkernelstack.
Chapter 4 Networking Scenarios and Troubleshooting
3 Ontherightsideofthescreen,clickPropertiesforvSwitchassociatedwiththe
VMkernelportyoujustcreated.
4 OnthePortstab,clickAdd.
TheAdd Network Wizardappears.
-
8/9/2019 Vi3 301 201 Server Config
75/312
VMware, Inc. 75
pp
5 Asaconnectiontype,selectServiceConsoleandclickNext.
TheConnectionSettingsscreenappears.
6 UnderPortGroupProperties,enteranetworklabelthatidentifiestheportgroup
thatyouarecreating.
Newerports
and
port
groups
appear
at
the
top
of
the
vSwitch
diagram.
Server Configuration Guide
7 EntertheIPAddressandSubnetMask,orselecttheDHCPoptionObtainIP
settingautomaticallyfortheIPaddressandsubnetmask.
8 ClicktheEditbuttontosettheServiceConsoleDefaultGateway.
SeeTosetthedefaultgatewayonpage 41.
-
8/9/2019 Vi3 301 201 Server Config
76/312
76 VMware, Inc.
9 ClickNext.
TheReadytoCompletescreenappears.
10 AfteryouhavedeterminedthatthevSwitchisconfiguredcorrectly,clickFinish.
AfteryoucreateaVMkernelportandserviceconsoleconnection,youareabletoenable
andconfiguresoftwareiSCSIstorage.ForinformationonconfiguringiSCSIadapters
andstorage,seeiSCSIStorageonpage 110.
Configuring Networking on Blade ServersBecausebladeserversmayhavealimitednumberofnetworkadapters,itwilllikelybe
necessarytouseVLANstoseparatetrafficfortheserviceconsole,VMotion,IPstorage,
andvariousgroupsofVMs. VMwarebestpracticesrecommendthattheservice
consoleandVMotionhavetheirownnetworksforsecurityreasons. Ifyoudedicate
physicaladapterstoseparatevSwitchesforthispurpose,youwilllikelyhavetogive
upredundant(teamed)connectionsorgiveupisolatingthevariousnetworkingclients,
orboth. VLANsallowyoutoachievenetworkostentationwithouthavingtousemultiplephysicaladapters.
ForthenetworkbladeofabladeservertosupportanESX Serverportgroupwith
VLANtaggedtraffic,youmustconfigurethebladetosupport802.1Qandconfigurethe
portasataggedport.
-
8/9/2019 Vi3 301 201 Server Config
77/312
Server Configuration Guide
7 UnderPortGroupProperties,enteranetworklabelthatidentifiestheportgroup
thatyouarecreating.
Usenetworklabelstoidentifymigrationcompatibleconnectionscommontotwo
ormorehosts.
8 In theVLAN ID field enter a number between 1 and 4094
-
8/9/2019 Vi3 301 201 Server Config
78/312
78 VMware, Inc.
8 IntheVLANIDfield,enteranumberbetween1and4094.
Ifyouareunsurewhattoenter,leavethisblankoraskyournetworkadministrator.
9 ClickNext.
TheReadytoCompletepageappears.
10 AfteryouhavedeterminedthatthevSwitchisconfiguredcorrectly,clickFinish.
To configure a VMkernel port with VLAN on a blade server
1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.
Thehardwareconfigurationpageforthisserverappears.
2 ClicktheConfigurationtab,andclickNetworking.
3 Onthe
right
side
of
the
screen,
click
Properties
for
vSwitch
associated
with
the
serviceconsole.
4 OnthePortstab,clickAdd.
TheAddNetworkWizardappears.
Chapter 4 Networking Scenarios and Troubleshooting
5 SelectVMkernelandclickNext.
ThisletsyouconnecttheVMkernel,whichrunsservicesforVMotionandIP
storage(NFSoriSCSI),tothephysicalnetwork.
TheConnectionSettingspageappears.
-
8/9/2019 Vi3 301 201 Server Config
79/312
VMware, Inc. 79
6 UnderPortGroupProperties,selectorenteranetworklabelandaVLANID.
NetworkLabelAnamethatidentifiestheportgroupthatyouarecreating.
Thisisthelabelthatyouspecifywhenconfiguringavirtualadaptertobe
attachedtothisportgroup,whenconfiguringVMkernelservices,suchas
VMotionandIPstorage.
VLANID
IdentifiestheVLANthattheportgroupsnetworktrafficwill
use.
7 SelecttheUsethisportgroupforVMotioncheckboxtoenablethisportgroupto
advertiseitselftoanotherESX ServerasthenetworkconnectionwhereVMotion
trafficshouldbesent.
YoucanenablethispropertyforonlyoneVMotionandIPstorageportgroupfor
eachESX Server
host.
If
this
property
is
not
enabled
for
any
port
group,
migration
withVMotiontothishostisnotpossible.
Server Configuration Guide
8 UnderIPSettings,clickEdittosettheVMkernelDefaultGatewayforVMkernel
services,suchasVMotion,NAS,andiSCSI
NOTE Makesurethatyousetadefaultgatewayfortheportthatyoucreated.
VirtualCenter2behavesdifferentlyherefromVirtualCenter1.x.YoumustuseavalidIPaddresstoconfiguretheVMkernelIPstack,notadummyaddress.
-
8/9/2019 Vi3 301 201 Server Config
80/312
80 VMware, Inc.
TheDNSandRoutingConfigurationdialogboxappears.UndertheDNS
Configurationtab,thenameofthehostisenteredintothenamefieldbydefault.
TheDNSserveraddressesthatwerespecifiedduringinstallationarealso
preselectedasisthedomain.
UndertheRoutingtab,theserviceconsoleandtheVMkerneleachneedtheirowngatewayinformation.Agatewayisneededifconnectivitytomachinesnotonthe
sameIPsubnetastheserviceconsoleorVMkernel.
StaticIPsettingsisthedefault.
9 ClickOKtosaveyourchanges,andclosetheDNSConfigurationandRouting
dialogbox.
10 ClickNext.
11 UsetheBackbuttontomakeanychanges.
12 ReviewyourchangesontheReadytoCompletepageandclickFinish.
Troubleshooting
Thefollowing
section
guides
you
through
troubleshooting
common
networking
issues.
Thissectioncoversthefollowingtopics:
TroubleshootingServiceConsoleNetworkingonpage 80
TroubleshootingNetworkAdapterConfigurationonpage 82
TroubleshootingPhysicalSwitchConfigurationonpage 82
Troubleshooting
Port
Group
Configuration
on
page 82
Troubleshooting Service Console Networking
Ifcertainpartsoftheserviceconsolesnetworkingaremisconfigured,youwillloseyour
abilitytoaccessyourESXServerhostwiththeVIClient.Intheeventthatthishappens,
g , y
Chapter 4 Networking Scenarios and Troubleshooting
youcanreconfigurenetworkingbyconnectingdirectlytoserviceconsoleandusingthe
followingserviceconsolecommands:
esxcfg-vswif -l
Providesalist
of
the
service
consoles
current
network
interfaces.
Check that vswif0 is present and that the current IP address and Netmask are
-
8/9/2019 Vi3 301 201 Server Config
81/312
VMware, Inc. 81
Checkthatvswif0ispresentandthatthecurrentIPaddressandNetmaskare
correct.
esxcfg-vswitch -l
Providesalistofcurrentvirtualswitchconfigurations.
Checkthattheuplinkadapterconfiguredfortheserviceconsoleisconnectedtothe
appropriatephysicalnetwork.
exscfg-nics -l
Providesalistofcurrentnetworkadapters.
Checkthattheuplinkadapterconfiguredfortheserviceconsoleisupandthatthe
speedandduplexarebothcorrect.
esxcfg-nics -s
Changesthespeedofanetworkadapter.
esxcfgnics d
Changestheduplexofanetworkadapter.
esxcfg-vswif -i vswifX
ChangestheserviceconsolesIPaddress.
esxcfg-vswif -n vswifX
Changestheserviceconsolesnetmask.
esxcfg-vswitch -U
Removestheuplinkfortheserviceconsole
esxcfg-vswitch -L
Changestheuplinkfortheserviceconsole.
Ifyouencounterlongwaitswhenusingesxcfg-*commands,itispossiblethatDNSis
misconfigured.Theesxcfg-*commandsrequirethatDNSbeconfiguredsothat
localhostnameresolutionworksproperly.Thisrequiresthatthe/etc/hostsfilecontainanentryfortheconfiguredIPaddressandthe127.0.0.1localhostaddress.
-
8/9/2019 Vi3 301 201 Server Config
82/312
Chapter 4 Networking Scenarios and Troubleshooting
Thebestprincipleistoavoidrenamingnetworksaftertheyareinuse.Afteryourename
aportgroup,youmustreconfigureeachassociatedvirtualmachineusingtheservice
consoletoreflectthenewportgroupname.
-
8/9/2019 Vi3 301 201 Server Config
83/312
VMware, Inc. 83
Server Configuration Guide
-
8/9/2019 Vi3 301 201 Server Config
84/312
84 VMware, Inc.
-
8/9/2019 Vi3 301 201 Server Config
85/312
VMware, Inc. 85
Storage
Server Configuration Guide
-
8/9/2019 Vi3 301 201 Server Config
86/312
86 VMware, Inc.
5
5
-
8/9/2019 Vi3 301 201 Server Config
87/312
VMware, Inc. 87
ThischaptercontainsoverviewinformationabouttheavailablestorageoptionsforESX
Server.
ForinformationaboutconfiguringSANs,seetheSANConfigurationGuide.This
chapter
covers
the
following
topics:
StorageConceptsonpage 88
StorageOverviewonpage 89
ViewingStorageInformationintheVirtualInfrastructureClientonpage 93
VMwareFileSystemonpage 97
Configuring
and
Managing
Storage
on
page 101
Introduction to Storage 5
Server Configuration Guide
Storage Concepts
Afewconceptsareessentialforathoroughunderstandingofstorage.
DatastoreFormattedlogicalcontaineranalogoustoafilesystemonalogical
volume.ThedatastoreholdsvirtualmachinefilesandcanexistondifferenttypesofphysicalstorageincludingSCSI,iSCSI,FibreChannelSAN,orNFS.Datastores
can be of the two types: VMFSbased or NFSbased.
-
8/9/2019 Vi3 301 201 Server Config
88/312
88 VMware, Inc.
canbeofthetwotypes:VMFS basedorNFS based.
DiskpartitionReservedpartofharddiskthatissetasideforspecificpurposes.
InthecontextofESXServerstorage,diskpartitionsonvariousphysicalstorage
devicescanbereservedandformattedasdatastores.
Extent
In
the
ESX
Server
context,
an
extent
is
a