VMware Distributed Switch Configuration Best Practices
In virtualized environments, a virtual switch is a software-based analog of physical switches. Virtual switches are used to connect virtual network controllers of VMs to networks on the second layer of the OSI model. VMware offers vSwitch for its range of virtualization solutions.
Standard vSwitches are configured on each ESXi host manually. However, in large virtual environments, virtual switches usually have the same vSwitch configuration, including for port groups, VLANs, connected networks, etc. If you need to add a new port group associated with VLAN to connect VMs on ESXi hosts to that VLAN, you have to configure vSwitch on each ESXi host the same way manually. This is a time-consuming process.
To address this, VMware allows you to use the distributed virtual switch, a logical switch that can be configured on vCenter Server once for several hosts. This means that you don’t have to configure standard virtual switches on each ESXi host manually. Let’s look in more detail at vSphere distributed virtual switches (also referred to as dvSwitch or vDS).
What Is a Distributed Virtual Switch in vSphere?
A virtual switch, much like a physical switch, ensures the layer 2 network connectivity. A distributed virtual switch is a logical switch that is created on vCenter Server and is applied to all ESXi hosts added to the distributed virtual switch.
A distributed virtual switch is like a template stored in vCenter. When you create a distributed virtual switch in vCenter, identical hidden standard vSwitches are created on all ESXi hosts added to VDS configuration. If you create a port group for VLAN on a distributed virtual switch, the same port group will be created on all vSwitches of ESXi hosts associated to that VDS. You only need to create a port group once, which is a significant advantage. A distributed virtual switch created in vCenter is a control plane (used for management) and hidden standard vSwitches on ESXi hosts are the IO plane (responsible for network operation).
After VM migration from one ESXi host to another is performed, the VM remains connected to the same port of the distributed virtual switch (also referred to as networking vMotion, which preserves the consistency in network connectivity of VMs).
vCenter is a management system for vSphere environment, including a distributed virtual switch. If, for some reason, vCenter Server is unavailable, you will not be able to change VMware distributed switch configuration, including reconnecting virtual machines to other port groups. However, even if vCenter is offline, a network will remain in a working state because hidden standard vSwitches (the IO plane) are responsible for network operation. Keep in mind that vCenter cannot be connected to a distributed virtual switch.
The VDS configuration is located on vCenter Server and every five minutes a local copy stored on ESXi servers as cache is updated. The cached configuration is stored in the /usr/lib/vmware/bin/ directory on ESXi hosts.
VDS Features Missing in a Standard vSwitch
Let’s look at the list of features that are available only for a distributed virtual switch and are not available for a standard vSwitch.
- Network I/O control: Inbound traffic shaping, bandwidth reservations.
- Port mirroring: Allows you to send copies of frames detected on some port of a virtual switch to a specified port of another switch for monitoring, traffic analyzing, and debugging.
- Network health check: Configuration such as VLAN settings, MTU, NIC teaming are checked every minute by default.
- Support of protocols: Private VLAN (PVLAN), Link Aggregation Control Protocol (LACP), NetFlow, Link Layer Discovery Protocol (LLDP).
- VM port blocking: This feature can be used for secure purposes and allows you to block sending or receiving data on the selected port.
- Network vMotion: Preserves the connection of a VM virtual network adapter to the same port of the VMware distributed switch.
- vNetwork switch API: Provides interfaces for implementing third-party virtual switches.
- Backup and restoring network configuration.
VMware distributed switching is available only if you use the vSphere Enterprise Plus license for ESXi hosts in vSphere. If you use a free trial license, all vSphere features including a distributed virtual switch are available for a 60-day period. The ESXi free edition doesn’t allow you to use a distributed virtual switch. Read more about vSphere licensing in our guide.
Note that a datacenter must exist in the vCenter inventory.
VMware Distributed Switch Configuration
Let’s review how to create and configure a VMware distributed switch in VMware vSphere 6.7. In our example, vCenter 6.7 is used and two ESXi hosts of the version 6.7 are managed by vCenter:
ESXi1 – 192.168.101.207 (the IP address of the management interface)
ESXi2 – 192.168.101.208
vCenter – 192.168.101.103
Step 1 – Creating a VMware distributed switch
In order to create a distributed virtual switch, open VMware HTML5 vSphere Client and go to the Hosts and Clusters section. Your ESXi hosts should be in the datacenter, which is a logical organization unit in vCenter. In the current example, ESXi hosts belong to the Datacenter1. Right click your datacenter and in the context menu, select Distributed Switch > New Distributed switch.
A New Distributed Switch wizard is opened.
- Name and location. Specify distributed switch name and location. In this example, the name is DSwitch01 and the location is Datacenter1 (since we clicked on Datacenter1 to create a VMware distributed switch). Hit Next on each step of the wizard to continue.
- Select version. For this step, you should specify a distributed virtual switch version. As all hosts used in this example are running ESXi 6.7, the latest version of a VMware distributed switch (6.6.0) must be used. If at least one host is running ESXi 6.0, you must use a distributed virtual switch of the version 6.0.0 for all hosts (the lowest version must be selected). Features that were released with a virtual switch 6.5 and later are not supported if a distributed virtual switch version 6.0.0 is selected. Older versions are backward compatible with new versions. If possible, try to update your ESXi hosts of older versions to the highest version of the ESXi host used in your environment.
- Configure settings. Specify the number of ports for uplinks, set the Network I/O Control, and tick the Create a default port group checkbox to create a default port group. Enter the port group name, for example, DPortGroup01.
- Ready to complete. Check your settings for a new VMware virtual distributed switch and, if everything is correct, hit Finish to create the switch.
- Now the distributed virtual switch is created. You can go to Networking > Your datacenter > VM Network and see your distributed virtual switch (DSwitch01 in this case). Select your VDS and select the Configure tab to edit VMware distributed switch configuration.
Step 2 – Adding ESXi hosts to a VMware distributed switch
After creating a distributed virtual switch, you have to add ESXi hosts to the VDS configuration to make VMware distributed switching work. In the Networking section, right click your VMware distributed switch and in the context menu, click Add and Manage Hosts.
The Add and Manage Hosts wizard is opened.
1. Select task. As you need to add hosts, select Add hosts (the first option).
2. Select hosts. Click the New hosts button (the button with the green plus icon) to add ESXi hosts.
In the pop-up window, tick the checkboxes and select ESXi hosts which must be attended in VMware distributed switching. Hit OK to apply your choice. Check the compatibility in the last column.
The ESXi hosts are now selected and their status is “Connected.”
3. Manage physical adapters. You can select the necessary physical network adapters (network interface controllers – NICs) and assign uplinks to them. On the screenshot below, a standard virtual switch created on each ESXi host after ESXi installation by default is also displayed (vSwitch0).
4. Manage VMkernel adapters. On this step, you can assign VMkernel adapters to the distributed switch. You can see that vmk0 is the default VMkernel adapter that is in use by a standard (default) vSwitch of each ESXi host as a management network interface. In this example, the vmk0 VMkernel adapters are left connected to the vSwitch0 on each host.
5. Migrate VM networking. If you need to migrate virtual machines or other network adapters to the distributed virtual switch, you can do it at this step. In the current example, no network adapters are migrated to the VDS.
6. Ready to Complete. Review your configuration, and if there is nothing to change, hit Finish.
Now ESXi hosts are added to VMware distributed switch configuration. You can add VMkernel network adapters to a port group of the distributed virtual switch for using different features, for example, vMotion. Let’s add a VMkernel adapter to a port group that will be used for vMotion connectivity.
Step 3 – Adding VMkernel adapters
In the Network section of vCenter, select your VMware distributed switch and the port group (DPortGroup01 in this case). Right click the port group name and in the context menu, hit Add VMkernel Adapters.
The Add VMkernel Adapters wizard is opened.
1. Select hosts. Click the Attached hosts button (the button with the green plus icon) to select ESXi hosts.
2. Configure VMkernel adapter. You can change MTU for a port group from 1500 to 9000 bytes for using Jumbo frames. By default, the MTU value is inherited from the distributed virtual switch settings. Select available services such as vMotion, Provisioning, Fault Tolerance logging, or Management. Let’s select vMotion.
3. IPv4 settings. At this step, you should set the IP addresses for VMkernel adapters of ESXi hosts. Using static IP addresses is generally recommended for servers. In the current example, the new VMkernel configuration is the following:
ESXi1 (192.168.101.207) – 192.168.105.207
ESXi2 (192.168.101.208) – 192.168.105.208
The last octet remains the same for added convenience.
The vMotion network will be 192.168.105.0/24
The gateway is 192.168.105.1 accordingly.
4. Ready to complete. Check your configuration and hit Finish if everything is OK.
Step 4 – Checking VDS configuration
After configuring VMkernel adapters, select your VMware distributed switch, go to Configure > Settings > Topology and view the graphical view of your VDS topology.
As you recall, the distributed virtual switch can be regarded as a template applied to all ESXi hosts that are added to VDS configuration. You can check the configuration of virtual switches on each ESXi host after creating and configuring a distributed virtual switch in vCenter. Let’s open VMware Host Client and check the network configuration of the first ESXi host (192.168.101.207).
On the screenshot below, you can see that a new virtual switch and a port group have already been created (in the Navigator go to the Networking section and select the Port groups tab). After that, select the name of your distributed virtual switch and see the topology. The graphical image of the topology is identical to the image of the VDS topology shown above.
If you log in the second ESXi host (192.168.101.208 in our example) by using the VMware Host Client, you will see the identical topology scheme.
You can export and import your VMware distributed switch configuration which saves you time and allows you to restore VDS configuration quickly. In order to export VDS configuration, select your distributed virtual switch, click Actions > Settings > Export Configuration. In the same menu, you can find the Restore Configuration option.
In addition to the basic settings explained above, you can modify VDS configuration and configure link aggregation, enable traffic shaping, select the discovery protocol, set the VLAN, port binding, port allocation for port groups, and so on. It is also possible to migrate from standard virtual switches used on ESXi hosts to a distributed switch. This approach allows you to manage all virtual switches in vSphere centrally.
The VMware distributed switch provides a single interface for managing virtual switches centrally on all ESXi hosts associated with that distributed virtual switch. The VMware distributed switch configuration is like a template that is applied to all ESXi hosts and similar standard virtual switches are created on those ESXi hosts automatically.
The VDS configuration that you edit in vCenter is a management plane and virtual switches created on ESXi hosts are the IO plane which is responsive to network operation. Using distributed virtual switches is convenient for large virtual environments and vSphere clusters, but don’t forget that the vSphere Enterprise Plus license is required.