Enter the network label and VLAN ID. Select the Vmotion, fault tolerance and traffic management options as
well. Click Next.
www.certifyme.com
Enter the IP address and subnet mask, or select Obtain IP setting automatically if you have a DHCP
configured. For the sake of showing this step, we are manually enter IP address and subnet mask.
www.certifyme.com
Click Edit to set the service console default gateway and click Next.
www.certifyme.com
Preview the newly created vswitch and click Finish
www.certifyme.com
You can see the newly created switch in the networking panel
www.certifyme.com
Delete a vSwitch:
To delete a vSwitch, simple, click remove above the switch display in the networking panel.
www.certifyme.com
On confirmation dialog box ‘Remove Virtual Switch vSwitch1′, click Yes. The vSwitch will be removed
from the networking panel.
References:
• http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=
1010555
• http://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esx40_vc40.html
• logs.vmware.com/vmtn/2009/04/the-great-vswitch-debate.html
• http://computing.dwighthubbard.info/index.php/2008/01/11/adding-a-virtual-switch-vswitch-tovmware-
esx-with-a-specific-number-of-ports/
Lab Scenario
As part of VMware implementation program that you started with installing ESX and ESXi hosts on compatible
machines, you are now going according to the plan. The next task is to create a vswitch for ESX 4.0 Service
console. One vSwitch is already configured; however you want to create one more vSwitch for effective
network and failure management.
Lab Objectives
Using your personal lab, perform the following two tasks:
www.certifyme.com
• Create a vSwitch
• Delete a vSwitch
Lab Solution
Create a vSwitch:
Switch on ESXi 4.0 server and Log in to the vSphere Client to connect to ESXi 4.0 host.
Select the host from the inventory panel.
www.certifyme.com
Click the Configuration tab, and click Networking.
www.certifyme.com
In the Virtual Switch view, click Add Networking.
93
www.certifyme.com
Select VMKernel, and click Next.
Select Create a new vSwitch, and click Next. If no adapters appear in the Create a new virtual switch group,
all network adapters in the system are being used by existing vSwitches.
How a Virtual Switch Is Similar to a Physical Switch
A virtual switch, as implemented in ESX Server 4, works in much the same way as a modern Ethernet switch. It
maintains a MAC:port forwarding table and performs the following functions:
• Looks up each frame’s destination MAC when it arrives.
• Forwards a frame to one or more ports for transmission.
• Avoids unnecessary deliveries (in other words, it is not a hub).
An ESX Server 4 virtual switch supports VLAN segmentation at the port level. This means each port can be
configured in either of the following ways:
With access to a single VLAN, making it what’s called an access port in the world of physical switches, or in
ESX Server terminology, using virtual switch tagging.
With access to multiple VLANs, leaving tags intact, making it what’s called a trunk port in the world of physical
switches, or in ESX Server terminology, using virtual guest tagging.
An ESX Server 4 virtual switch supports copying packets to a mirror port. By using what is called promiscuous
mode, ESX Server makes a virtual switch port act as a SPAN port or mirror port. This capability makes it
possible to debug using a sniffer or to run monitoring applications such as IDS.
In addition, an administrator can manage many configuration options for the switch as a whole and for
individual ports using the Virtual Infrastructure Client.
How a Virtual Switch Is Different from a Physical Switch
ESX Server provides a direct channel from virtual Ethernet adapters for such configuration information as
authoritative MAC filter updates. So there is no need to learn unicast addresses or perform IGMP snooping to
learn multicast group membership.
Ports on the virtual switch may automatically enter mirror mode when the virtual Ethernet adapter’s
promiscuous bit is set — if virtual switch and port group policies allow.
Spanning Tree Protocol Not Needed
www.certifyme.com
VMware Infrastructure 4 enforces a single-tier networking topology. In other words, there is no way to
interconnect multiple virtual switches, thus the network cannot be configured to introduce loops. As a result,
Spanning Tree Protocol (STP) is not needed and is not present.
Virtual Switch Isolation
Network traffic cannot flow directly from one virtual switch to another virtual switch within the same host.
Virtual switches provide all the ports you need in one switch, leading to the following benefits:
• Because there is no need to cascade virtual switches, Virtual Infrastructure 4 provides no capability to
connect virtual switches.
• Because there is no way to connect virtual switches, there is no need to prevent bad virtual switch
connections.
• Because virtual switches cannot share physical Ethernet adapters, there is no way to fool the Ethernet
adapter into doing loopback or some similar configuration that would cause a leak between virtual
switches.
In addition, each virtual switch has its own forwarding table, and there is no mechanism to allow an entry in one
table to point to a port on another virtual switch. In other words, every destination the switch looks up can
match only ports on the same virtual switch as the port where the frame originated, even if other virtual
switches’ lookup tables contain entries for that address.
It is unlikely that a would-be attacker could circumvent virtual switch isolation because it would be possible
only if there were a substantial unknown security flaw in the vmkernel. Because ESX Server parses so little of
the frame data — primarily just the Ethernet header — this would be difficult, and once an attacker had such
access, richer targets than breaking virtual switch isolation are readily available.
There are natural limits to this isolation. If you connect the uplinks of two virtual switches together, or if you
bridge two virtual switches with software running in a virtual machine, you open the door to the same kinds of
problems you might see in physical switches.
Changing the Number of Ports for a vSwitch
A vSwitch serves as a container for port configurations that use a common set of network adapters, including
sets that contain no network adapters at all. Each virtual switch provides a finite number of ports through which
virtual machines and network services can reach one or more networks..
Exam Objective: Create/Delete Virtual Switches
Contents
www.certifyme.com
• Introduction
• Technology Background
• Lab Scenario
• Lab Objectives
• Lab Solution
Introduction
A virtual switch, or vSwitch, works much like a physical Ethernet switch. It detects which virtual machines are
logically connected to each of its virtual ports and uses that information to forward traffic to the correct virtual
machines. A vSwitch can be connected to physical switches by using physical Ethernet adapters, also referred to
as uplink adapters, to join virtual networks with physical networks. This type of connection is similar to
connecting physical switches together to create a larger network. Even though a vSwitch works much like a
physical switch, it does not have some of the advanced functionality of a physical switch.
You can create abstracted network devices called vNetwork Standard Switches (vSwitches). A vSwitch can
route traffic internally between virtual machines and link to external networks. You can use vSwitches to
combine the bandwidth of multiple network adapters and balance communications traffic among them. You can
also configure a vSwitch to handle physical NIC failover. A vSwitch models a physical Ethernet switch. The
default number of logical ports for a vSwitch is 56, but it can have up to 1016 ports in ESX. You can connect
one network adapter of a virtual machine to each port. Each uplink adapter associated with a vSwitch uses one
port. Each logical port on the vSwitch is a member of a single port group. Each vSwitch can also have one or
more port groups assigned to it. You can create a maximum of 127 vSwitches on a single host.
When two or more virtual machines are connected to the same vSwitch, network traffic between them is routed
locally. If an uplink adapter is attached to the vSwitch, each virtual machine can access the external network
that the adapter is connected to.
Technology Background
How Virtual Switches Work
Virtual switches are the key networking components in VMware Vsphere4. You can create up to 248 virtual
switches on each ESX Server 4.0 host. A virtual switch is “built to order” at run time from a collection of small
functional units. Some of the key functional units are:
• The core Layer 2forwarding engine. This is a key part of the system (for both performance and
correctness), and in Virtual Sphere 4it is simplified so it only processes Layer 2Ethernet headers. It is
completely independent of other implementation details, such as differences in physical Ethernet
adapters and emulation differences in virtual Ethernet adapters.
• VLAN tagging, stripping, and filtering units.
• Layer 2security, checksum, and segmentation offload units.
This modular approach has become a basic principle to be followed in future development, as well. When the
virtual switch is built at run time, ESX Server 4 loads only those components it needs. It installs and runs only
what is actually needed to support the specific physical and virtual Ethernet adapter types used in the
www.certifyme.com
configuration. This means the system pays the lowest possible cost in complexity and demands on system
performance.
The design of ESX Server 4 supports temporarily loading certain components in the field — a capability that
could be used, for example, for running appropriately designed diagnostic utilities.
An additional benefit of the modular design is that VMware and third-party developers can easily incorporate
modules to enhance the system in the future.
In many ways, the ESX Server virtual switches are similar to physical switches. In some notable ways, they are
different. Understanding these similarities and differences will help you plan the configuration of your virtual
network and its connections to your physical network.
