VMware vNetwork Distributed Switches: Key Improvements & Advantages

Author: Steve Baca VCP, VCI, Global Knowledge Instructor

Abstract

There have been some interesting changes to how VMware does networking in vSphere 4. The concept of networking has been rebranded and is now called vNetwork, to differentiate between pre-vSphere 4 when the only internal networking supported was VMware's Virtual Switch, to the different choices now available. VMware changed the name of Virtual Switch to vNetwork Standard Switch (vSS), and adds the vNetwork Distributed Switch (vDS) as another networking option. This white paper discusses vDS and some of the changes that have occurred in VMware's networking, specifically addressingVMware's vNetwork Distributed Switch.

Sample

Until vSphere 4, networking within the ESX environment consisted of a Virtual Switch that resided in the VMkernel and provided networking capabilities for virtual machines. Although technically there was nothing wrong with a Virtual Switch, it did have limitations that became apparent over time. One of the limitations was that the Virtual Switch needed to be managed on each host individually. When you add features such as DRS and clustering concepts to the Virtual Switch, it becomes a problem scaling in fairly large infrastructures. Another issue for the Virtual Switch is the inability of a virtual machine to maintain its networking statistics and policies during a migration utilizing vMotion. In addition, VMware's customers were not in favor of the fact that before vSphere 4, the only virtual switch that was supported was available from VMware. To solve these issues VMware introduced in vSphere 4.0 the vNetwork Distributed Switch.

vNetwork Distributed Switch

VMware's Distributed Switch architecture is different than the vSS because the vDS resides on the vCenter Server instead of each individual host. Although the distributed switch still provides network traffic management for virtual machines, including the added ability for third-party vendors to write and support their own distributed switches, such as Cisco's nexus 1000v distributed switch. Therefore, you really now have three options, VMware's vStandard Switch, VMware's Distributed Switch, and third parties writing their own distributed switches.

The Distributed Switch is designed to run on the vCenter Server in a more centralized means of communication as opposed to the Standard Switch, which runs on each individual host. Third-party vendors writing their own distributed switches plug in to the vCenter server for management purposes. This architectural setup means that the Distributed Switch is more cluster-wide, residing on the vCenter Server, while the vSS is more host centric, residing on each individual host. All of the distributed switches provide similar functionality, although VMware's Distributed Switch extends the functionality and features of VMware's Standard Switch, and Cisco's Nexus 1000v extends the functionality and features of VMware's Distributed Switch.

Architecture of the Distributed Switch

The new architecture of the vDS running on the vCenter Server modifies how communication occurs by splitting the control plane and the data plane.

The control plane, which is where configuration and management occurs, is centralized on the vCenter Server and exists as a module within the vCenter Server. The configuration information is cached in the vCenter Server Database in the binary file /etc/vmware/dvsdata.db. To view a full listing of the Distributed Switch, run the /usr/lib/vmware/bin/net-dvs command the output will include all of the distributed switches. The output will also allow you to associate a given distributed switch with a particular virtual machine using the virtual machines .vmx file. You can dump the binary file into an ascii format by running the net-dvs command with the -f option and an output filename. The vDS configuration information in the vCenter Server is synced every 5 minutes to the local cache /vmfs/volumes//.dvsData file. Furthermore, configuration information for the distributed switches is stored in the /etc/vmware/esx.conf file. The vCenter server ensures consistency between vCenter configuration and local cache configuration, and the vCenter server db is in sync with the host state. If the host state diverges, the vCenter server clobbers the host state; therefore, authority is maintained at the vCenter Server.

Distributed Virtual Port Groups

Distributed Virtual Port Groups (DVPortgroups) are groups of ports (DVPorts) that are associated with a vNetwork Distributed Switch. The Port Groups differentiate between the types of traffic passing through the virtual switch and also operate as a boundary for communication and security policy configuration. If the virtual switch did not have any DVPorts, it would be like a physical switch that did not have any physical ports, there would be no means to connect anything to the switch and no TCP/IP traffic would be connected to the virtual switch.

The control plane owns all of the DVports, which are the facility that is used to connect a networking entity, such as a virtual machine, a VMkernel interface, or a service console interface on an ESX host. To help distinguish between these different types of communication, we use ports and port groups. The DVPorts make the port binding of the network to the right host at the right time. The virtual machine's NIC will own the DVPort after the binding. DVPortgroups on the distributed switch are more like configuration templates for a group of ports that share similar configuration information, such as VLAN ID and security settings. The per-host changes are no longer needed when using a distributed switch with a Distributed Port Group, since a single change to the Distributed Virtual Port Group applies to all hosts using that particular distributed switch.