so welcome everybody to the May 27th yeah that’s right 2015 edition of the professional V Brown Bag tonight we’re continuing our vcp six series we’re talking networking with Brian Welch just some quick show notes you can join in on the conversation using the hashtag V brown bag or you can use the go-to meeting window to ask questions or leave comments snarky remarks are also welcomed as well remember that the other podcasts going on globally so check those out and you can download the shows via iTunes or directly from professional tonight’s guest is Brian Welch you can find him on Twitter at Brian Welch I’m your host Ahmad unis on Twitter at Madh underscore Eunice and with that I’m going to pass it’s all yours man thank you well thanks for that Ahmad sure a couple of things before we get going here my name is Brian Welch I made me a more customer work at a health care facility out in California and this is my first time doing the Brown Bag a couple other interesting notes first time doing a keynote presentation this evening and first time showing off anything nice pr6 to anybody other than myself so what can go wrong there everything goes well with that anyways you mentioned this is surrounding the vsphere 6d TV certification a couple of things I figured I’d go over before that the BC p6 is a little bit different than the BC p5 it looks like VMware is really really getting more serious about the knowledge expected out of DCP candidates and it looks like they’ve even thrown another test in there as well this year I obtained V top-five BCA and BCD and I was pretty surprised to see some of the things they want me to know they seemed like they were almost BCA level items so that being said not much new I not much new in that vSphere 6 networking and compared to the 5.5 or even 5.0 for that matter I’ve got just a marketing slide here where they talk about what’s new and networking and in IOC is the big thing I believe they’re making that feature available at any license level which is nice and then the multiple PCP IP stacks which I won’t be covering this evening but it’s a good one to know the vSphere 6 faith exam the topics are again like I say very very heavy looks like they’re really wanting you to know a lot even in the Foundation’s I think the foundation kind of rivals the DCP 5-5-5 very tough I was kind of surprised to flip through some of these things and look at the items they wanted you to know and be able to be tested on and again this is still in beta I will mention I did take the VC p6 beta and Delta exam and it was it was very interesting to say the least certainly not like missing p5 in any way shape or form and without disclosing anything under in the Ale just say that it was a lot of memorization type tasks which was unusual I’ve heard a lot of varying things on that anyway let’s jump in the slides so again my name is Brian Welch funny on Twitter at Brian Welch I don’t have a blog or anything like that to promote I do have a blog but every time I post something it seems like somebody post something way better and so I picked a posting items on Twitter and then I’m also very active in a in a V cap BCD and BCA group out on Google+ so if that’s something that you’re interested still very active a lot of participation out there very very good resources all right well we got to start somewhere and I guess we’ll start with BSS so BSS is your standard switch if you install ESXi you’re gonna wind up with a BSS and again this is something

that’s you get one BSS per host by default on the first end so you get a management ID or a management port group it’s a software based switch in the hypervisor and it’s defined in the VMware kernel and what a VSS enables the hypervisor to do is manage traffic whether that’s virtual machine traffic VM kernel traffic or portrait traffic and we’ll get we’ll get into that a little bit later I’m trying to keep the slide back really light I hope to do more demos so anyway we’ll spend a little bit more time there the basic adding networking to a V switch when you go into your your BSS which you’re gonna get a couple of options to add either again and kernel network adapter which I mean right on the description right there VM kernel traffic handles things like me motion I scuzzy NFS fibre channel fault tolerance nee-san and host management virtual machine port grouper standard switch for VM traffic that’s where you need to find your different VLANs if that’s something that you’re doing in your shop and then you’ve also got an option to add a network adapter again very very basic items not much to see there in the standard switch and we’ll jump into that a little bit more in the lab so standard switches these are something that you’re going to be forced to use unless you have Enterprise Plus licensing the the VMware distributed switches is something this is my one gripe I wish VMware would change this in their licensing being Enterprise Plus is going to get you into the distributed switch unless you purchase me Sam licensing which i think is an interesting move also in FX customers I believe are going to be upgraded to distributed switch again the B switches are maintained per host so in my past experiences and I’m in a previous life I worked as a consultant they were having massively more problems nine times out of ten it was variations in the standard switch items weren’t consistent port groups were missing traffic was just it just hooked up in a major way so the standard switches you really have to pay attention to consistency making sure that if you add a port group on one standard switch you’re running across all of your other yes x-eye hosts and adding that into their standard switches as well and in this little diagram you can kind of see what a standard switch looks like you have your physical adapters over here on this side and also your port groups vmkernel adapters are used for VM host management traffic V motion network storage fault tolerance or DCM traffic that’s kind of what we saw on the previous page there if you need to expand your virtual switch you certainly cannot afford group by choosing one of these options up here to add a port and we’ll definitely get into that in the demos multiple be switches per host it’s something that when you go to add networking you can choose an option to break out the entire abuse which I know a lot of people that are very hot on adding a separate V switch just for management for and just for IP based storage things like that it’s really up to you not really necessary I think it’s just what what people are into doing I’ve been lucky enough to have enterprise licensing because past couple of places that I’ve been at so not really something that I’ve made a practice of digging into and and seeing what’s going to be best for me also the standard switches lacks a lot of the advanced features of the distributed switch and I’ve certainly got a slide that’ll show you what adds on on top of that the big value add for me is really the consistency when you define port groups for a distributed switch you do them once and then when you add your hosts in it just inherits whatever is defined in the distributed switch which is a major major major thing for me and also I’ve got a link there this link is absolutely fantastic I mean really I could have probably just walked you through this whole document tonight because it pretty much goes step by step of what we’re trying to do here this evening but that’s not very fun has pretty much everything in there that you’d like to know about a distributed switch or a standard switch and more very lengthy and and detailed document if you’re interested in looking for something a little bit different than a

standard VM or white paper and you want to get more information about me and we’re networking I’d highly recommend make Marshalls book just the fantastic human touch the way the way that he writes is something that it reads a lot softer than white paper makes a lot of sense so PSS used an overview if you don’t have Enterprise Plus well then VSS you’re certainly the news case also defend of that exception but if you’re not doing enterprise plus licensing you’re pretty much stuck with a be a more standard switch it’s not that bad if you’ve got a limited number of ESXi hosts in your environment I mean it if you don’t mind keeping track of your port groups and configurations on every single switch on every single host and it’s really it’s really not that bad but when you’re dealing with with clusters of you you know I’d say seven or more it really gets to the point where you kind of forget about things sometimes what a standard switch can use for Delta frames segment truck into VLANs use and understand 802 11 cubed VLAN encapsulation NIC teaming and contract shape outbound only traffic again very basic very basic functionality out of the standard switch and again we kind of have a contrast on some of the advanced features that are available in the distributed switch if you have no need for any of those been a standard switch is probably going to work out for you in FX I will mention is one that requires a distributed switch vfan again I’ll hit on that requires distributed switch and if the cisco nexus 1000v is your thing for some reason that is going to require distributed switch as well oh my gosh you mentioned the one thousand fee no no you want to talk about it let’s not I’ve had some bad experiences with it especially doing some some upgrades you know always move your kernel port back to a V switch and I think so forget about that so yeah can be interesting it you know it had I’m in a place it added some some functionality that just wasn’t there in the distributed switch before but I think the distributed switch has caught up to it and I I wouldn’t wish one on my worst enemy it just really makes if you’re doing things like upgrading your vSphere environment from one version to another you have to bring that thing along with you kicking and screaming in it and it’s painful and anyway so we have a question and we have a comment and I actually wanted to kind of chime in on on the comment because so visa and does not require BDS right so Mike Mike Wilson chimed in on that so thanks Mike he also said Evo rail uses VSS and uses be sad so there you have it you know maybe I misread I thought I thought something that if you had beef in life maybe you were entitled to media I I never saw anything related to with V Senate said it required VDS it was just about the the licensing for that was separate for V San okay so I never saw anything related to networking from from that aspect it was more related to disc types and and things like that but we can definitely check the question though that we have is from Graham let’s see so you can scripts which import creations with power CLI for consistency so it’s more of a I guess a statement and than a question I guess with the you can do that with the VSS right if you wanted to to consist but the the problem with that is you have to maintain your scripts right absolutely and I think there’s there’s things that have come around like danceable that have made that kind of configuration a little bit easier but I don’t know the places that are using VSS it seems like you know no you start talking power COI and III don’t know but you’re definitely

right about something where you can bring a computer into your house yeah it’s kind of like what Graham stated it’s there’s always a trade-off right you kind of have to weigh your options and see where the pros and cons lie in your environment right and you know I’m I’m really hoping that via more looks at the distributed switch and says hey you know this is something that it would be nice for it to trickle down into the the more affordable licensing but right now what can you do yeah that would be nice so here’s our first set of objectives identified these fair standard switch and the capabilities create and delete add configure remove v-max on vSphere standard switch key figures VM kernel ports for network services add edit renewed port groups and determine a use case you know I’ll just say I’ve listened to a lot of me brown bags and Graham also he also always answered past the best questions so I’m pretty nervous that he’s around on this one don’t all right let’s get into the video so again Enterprise only if you don’t have the licensing unfortunately it’s not gonna be available to you one thing interesting about the BDS is it’s a data center constructs so you define your your distributed switch in the data center you can add multiple clusters to one distributed switch which is kind of an eye feature meaning something that you can do I I wouldn’t necessarily recommend it one way or another one thing that I will mention a lot of people kind of freaked out about that being a data center constructs you can reboot your vCenter server and it’s not going to take down your distributed switch it’s still defined in the VM kernel so as long as your hosts are up and running you’re not going to have any switching problems or services that seems to function yeahit’s and again it’s simply defined in the VM kernel and managed to be sphere so single point of administration for all of your ports across your hosts which is very nice centralizes standardizes brings on a layer of consistency and I guess I can strike this nee-san part here there we go totally accurate in a sex is still going to require it and and and certainly 1000 B so the distributed switch capabilities one thing right off the top that file is like to mention is is LBP or load based teaming LBT is really something i think that’s kind of underutilized out there as far as what I’m what I’m seeing I see a lot of IP hash load balancing and we’ll get into what those are later but load based teaming is a capability that will look at network loads on on NIC and then will balance load traffic so it’s a true load balancing fault line algorithm whereas things like ID hash are being kind of funny things in the background to determine where to send traffic out SR Iove so if you want to pass through a physical NIC to a virtual machine and enables you to do something like that enables NetFlow which gives you pretty cool visibility into your distributed switch NetFlow is an interesting one you’ve got to turn it on in two different places I’ll show you that port nearing or span ports this is something that you couldn’t do in the past and it’s a functionality that’s come on in the past couple of versions of beasts here which is really nice if you’re doing something like web filtering and it requires a span port you can do that now not as as refined as some of the things you can do at the at the switch level but it’s getting better and better in IOC this is this is one that VMware really really likes to hit on very heavy in any certification test that they do it’s always in the blueprint it’s something they always want you to know about and it’s a little intimidating at first when you look at it but hopefully I can speak to some things tonight that make it a little bit easier to understand ingress ingress traffic shaping in an out of the distributed switch don’t really have much experience with that but you’re able to do that if

you want LACP on up links and this is something that I’ve tried in the lab and I’ve had decent results in it but really I would just prefer to use LBP keep it really simple don’t need to do when you switch configuration on that other side or LACP you absolutely need to be you need to have a port group on the other side that’s 802 380 compliant winter Dacian control protocol and TVland again this is another one that is I think there’s certain use cases for it it’s one of those things that VMware absolutely wants you to know about the ability to create a PV LAN which is essentially a container or promiscuous VLAN that can have sub knee lands underneath it and I’ll go through that show you how to configure it and then give some some some examples of why you’d want to do something like that so one thing that that I think is kind of not mentioned a lot for the VDS is the health check I don’t know if you’ve used that but I’ve used it in the past and I think I think it could come in handy certainly and in fact I always turn on health check in the VDS and last so when I was preparing for all of this in my lab last night health check was was blowing up my distributed switch I had changed an MTU and health check was just angry angry with me so in order to clear all the errors that my host was throw and I hadn’t turned off health check – to get past all the red but it’s certainly a nice way to view the health of the distributed switch and we’ll touch on that as well but you’re certainly right on that yeah so as soon as I said that we’ve had some people chime in so Graham says health check is is great for not shooting yourself in the foot I totally agree it’s a great way to see if there’s any discrepancies between your VDS and your your physical switch let’s see prepare the health checks to show Mac flapping on Cisco switches that’s Larry private VLAN requires a physical switch that supports it as well that’s a good point Michael Ealy yeah so LACP the network guys understand low teaming not so much that’s another comment outside from Graham and Larry chimed in again it hashes all the Mac Mac’s across up links as one MAC address so oh yeah and God I’m sorry no go right ahead oh no uh graham chimed in with another feature that most don’t either think about her use but you can also backup and restore your your VDS right right and that’s that’s highly recommended when i when i was having the issues last night i that was the first thing that i was kicking myself about but this is kind of a burner lab I set up quick short and sweet just to show the capabilities of this and I I wasn’t too worried about it but in an enterprise environment certainly you want to back up that config and have that okay objectives for the distributed switch I can run through those but we see them right there I’ve copied these off to a little text document so when we go through in the lab I’ll just kind of mark them off that we’ve we’ve been through these but a lot of this a lot of this information kind of very similar in the standard switch with the exception of some of these very specific items right here migrate virtual adapters to and from a standard switch migrate virtual machines and to a distributed switch I mean what will take a host and move it into the distributed switch and I’ve got a continuous thing going on a host that’s sitting on a standard switch and will move it in and see what that looks like and then also take a look at some of the LACP things of course I don’t have a switch on the other side I can hear that that poor Channel but we’ll just assume that some network guy on the other side did that for us and we’ll get one right through the demo and here’s some of the features in the 2.3 which get a little bit more specific gssb BS policies security policies and settings group blocking policies load balancing and failover getting into a

lot of stuff like LBP IP hash so on and so forth bu n pu n settings trap shaping 15 segmentation offload support for a virtual machine I’m not quite sure why they put this in there I’m sure some people can chime in about it I know if your mix supports it the hypervisor just turns it right on if your operating system supports it from there there’s some things you can do to turn it on or off I think in Windows Land they want you to do some registry settings and Linux they want you to edit a couple of files to turn it off but it’s I’m not sure why they why they want to put that in there because really it’s if it works it’s going to be on jumbo frames support this is one that’s really really difficult jumbo frames need to be turned on in the end or else you’re going to see massive problems so I mean from from a server network card all the way up to the servers that it connects to into your distributed switch and your port groups you’ve got to have jumbo frames enabled into Android you’re going to see some very very unusual networking issues and determine appropriate VLAN configuration for vSphere amplification got a couple resources here I mean all standard VMware documents that be a more documentation on networking is outstanding it is it is very thorough a lot of great information in there and pretty easy to read I don’t think that the white papers are is boring in playing that they used to me maybe I’m just getting dirtier but it reads pretty well a lot of good information in there and like I say there’s not much change from vSphere 5.5 to 6 as far as networking is concerned it’s just really the propagation of nioc down into other licensing levels and with that let’s jump into some demos should I be worried that your demo time screen has a purple screen well that was from for one we’re demoing the sick stuff so you should be good right purple screen is that your way of like maybe tricking Murphy yeah yeah I don’t think tricking Murphy works but fingers crossed so here’s here’s my lab I mean it’s very very small and running this thing on a Mac Mini one virtual machine just for the purpose of the demo if you guys need a really small virtual machine TTY Linux is outstanding there’s an OVA is floating around out there on the internet it’s something like 25 Meg’s essentially all it does is it up into a shell it obtains an IP address and you’re able to ping it I’m running a very light system here it’s an older Mac Mini with 16 gigs of RAM so I’m really squeezing as much as I can into there a lot I’ve got just for you I’ve got a Windows vCenter host in my lab oh I know BTSA I’m sorry we can’t talk anymore it’s just for the purpose of the lab I run other services like DHCP DNS Active Directory I’m really frugal I live out in Fresno California it gets up to a hundred degrees in the summer if I run a big box in my house our air conditioner works overtime so no that’s kind of why ice with shuttle boxes and a and a Mac Mini but that’s a that’s a different story yeah sure I’ve got a great lab at work like I figured for the purpose of this I didn’t want to try to jinx it going through some VPNs and all that other stuff so we’ll just start right from the top you’ll notice that I’m not going to use this a sharp client for anything and the reason being a lot of the new networking stuff just will not show up LACP is one right off the bat if you try to go in and find the LACP stuff in the in the fat client it’s gonna take you forever to find it because it’s just not visible and the other day somebody was asking me about the traffic shaping settings on on a distributed switch and

I was looking in the in the fat client couldn’t find it and I was just banging my head on the desk and anyway that’s how it goes all of the new all of the feature sets are going to be in the web client and the web client six really is better I mean I’ve got a dog of a lab here and it snaps around pretty quick so let’s start with the standard switch you that’s my distributing guy so anything you want to do is going to be under the networking tab I think the web client has done a really really nice job of kind of cleaning and tidying this up I actually like the look of the web client for the networking a little bit better than the c-sharp client but I know everybody’s mom I live kind of various I work with some some pretty advanced VMware administrators at my work and they they won’t even open the web client so it’s kind of a preference thing but eventually that preferences and I think that time is fast it’s certainly shifted towards the preference of the web client just because of functionality so in here we can just cycle through some of the options here the internal adapters this is just a stock standard switch this management network adapter is something that comes in by default when you’re installing ESXi I mean when you run through the insult you have either obtain or set an IP address it’s going to create this this VM kernel port for you physical adapters this will show what you have connected to your ESXi host running nested so these are all virtual PCP P sex I had mentioned before that there’s the ability in vSphere six to use separate tcp/ip stacks this is where you define those again it’s something that is not on the it’s not on the outline for the VC p6 foundation so we’re not going to cover it but I figured I’d mentioned that this is where it’s located this section is completely new and then also I six support is something that’s new I’ve read that me more does not recommend flipping on IP version 6 that they tend to reserve IP version 6 for Greenfield deployments and I can’t speak to its functionality but I have it enabled for the purposes of this just because I I figured I’d turn everything on in the lab so back to this this is kind of the mainstream where you come in here and modify your virtual switch if we want to add hosts networking this is kind of a first slide that I had me and colonel adapter I like to think the in Colonel is just the service a hypervisor offers support group for virtual machines I like to just think of those as the VLANs that you want to that you want to configure also if you have some other networking services where let’s say you need to do a span port or also have a promiscuous port group person hitting traffic something like that I like to add in a separate port group here and then adding physical network adapter again all very basic simple things I’m sure this is something that everybody has done before and I’m really kind of just kind of doing some review at this point let’s go ahead and add a core group next select an existing standard switch it’s got my default standard switch in there or I can create a new one so if I really wanted to get granular and have multiple V switches for multiple different types of vmkernel services or for some reason VLANs you can do that here choose a network label you’ve got a couple

different options for VLAN ID five five five by the PI defined in a previous just just for a test if you choose all any VLANs are going to be able to be depending on your network trunks coming in if you choose all all of those will be defined and you can choose to tag the VLAN at the Virtual Machine level but if you choose a very specific Neil and like 101 here it’s just going to allow you to talk on VLAN 101 assuming that you’ve got that trumped in on your connectivity to physical switching on the other side and that’s it so again making the assumption that this physical adapter or whatever it’s connected to on the other side I’m passing VLAN 101 through I’ll be able to create a virtual machine and add it on to the port group for VLAN 101 and everybody’s happy so our people happy using VDS for all switches must this is coming from Grand by the way must admit I still use the standard VSS switch with a pair of one gig up links for management so Brian you want to chime in or I mean really I don’t I don’t know if there’s if there’s a right answer for that again Mike like I say I’ve been at places where I’ve been lucky enough to have Enterprise Plus licensing and I haven’t had to have that out a really elaborate standard switch deployment but I’ve certainly seen in other shops that I’ve been to where people certainly break out a separate VSS with it a very specific NIC tied to it for management and I mean that is it’s definitely a great way to separate that traffic I mean you are physically separating that off from the not only from the adapter connected to the switch but all the way up into your your standard switch at yes ex I host so there’s certainly nothing wrong with that really it’s just it’s just it’s just preference I mean what’s going to work for you and I certainly see a lot of it but it’s something that that I don’t I don’t really do but I can’t say that one way is is more right than the other so I think it’s part of it is just old-school mentality right when we were doing VMware way back in the day I mean that was kind of the thing right you kind of broke up everything on your VSS but today I really don’t see a reason why unless you’re using you know the the thousand be why you would really want and of course licensing plays a role in that as well right so very and otherwise is what’s really busted that all up for me because you know with the advent or let’s just take all this you cisco ucs as an example i mean for me to get a one network adapter I have to go through and provision it in the UCS level and really it’s still writing through that that same that thing Vic that’s in the in the blade anyway so really it’s kind of the logical separation and then your logical separating it again and I don’t know with 10-gig it’s really consolidated a lot of those connection types and you know you’re not really dealing with I don’t know 8 1 gig ports on the back or ESXi host but yeah I think you’re right there’s still a lot of you know that’s the way it was done in the past and it’s still being done now and I don’t think there’s a wrong and a right and it’s certainly not within the scope of this exam I don’t think they’re going to ask you what is the what is the best thing to do with your standard switch for management traffic so it’s something that I’ve seen it’s something that I understand ok migrate the bean kernel network adapter to the selected switch so this is going to kind of be grayed out I’ve never seen anybody mm-hmm in the case I think like Graham was saying if I hadn’t 2 standard switches here I could migrate a VM kernel adapter up from one switch into the other and it works very similar to what we’re going to do migrating a migrating a standard switch into a distributed switch later

on so I’m not going to demo this one I just know that that is what this button is for and the web client is very very good about doing pre checks you can see analyze impact if you’re doing something really stupid it’s going to let you know it’s going to tell you that this is going to fail and you’re not going to do things like drop out your management network under GPU so you can’t get to the hosts anymore which which is very nice I’ve done that more time then I’d like to admit I’ve got to go into the DC UI and reset the management that were working in that’s never fun when your data center is not close to you virtual switch settings right off the bat into you if you’re doing jumbo frames that’s where you’re gonna want to change that right there when I was having issues last night I changed the the end to you on my distributed switch freaks some posts out house where I was gonna have to rebuild my lab report today security so these are these are interesting ones promiscuous MAC address changes and boards transmits by default all of these are set to I’ve gone through and changed them I default all of these eggs are set to reject by changing needs to accept what’s going to happen with boards transmits is virtual machines are going to be able to send frames with a MAC address that is different from the one specified in the VM X I’m I’d have to turn to the people out there for a use case for boards transmits I’ve heard some people talk about using it for for clustering if you’ve got a virtual IP that you need to share a MAC address pass between virtual machines I think that that’s something that you allow on the V switch or the port crew then you’re able to get away with things like that and also MAC address changes I think that goes along the same staying where out I’m interested to see what other use cases people have out there and then promiscuous mode that allows the adapters connected to that BD port group or to the B switch to see all frames passed on the switch if there is multiple VLANs defined if you’re choosing that option for 0 to 40 94 you’ll be able to see traffic on any new end if there is a very specific VLAN to find you will only be able to see all the traffic on that specific VLAN so things like wire sniffers I think it’s very common for people to turn on promiscuous mode and then nip traffic on what’s going on on the VLAN or the Empire switch so both Mike and Graham are chiming in they both at the same time came up with a network load balancing and yep and then Graham Shand Anna said promiscuous mode for a Wireshark yeah certainly it’s another thing that’s interesting that all all point out is you know there’s there’s only two new features that VMware is really touting for the distributed switch and I think there’s a very specific purpose for that and it’s it’s in FX and all of the really advanced functionality is coming in there I think they’re kind of leaving a lot of that special sauce out of the distributed switch and trying to get people to move over to that I’ve yet to see NSX in deployment in in healthcare especially but I’m really looking forward to it and I’m excited to see what it can do there’s a lot of exciting things load balancing in the hypervisor level that works very very fun a lot of the micro segmentation stuff is I can see some benefit but it’s not as exciting to me as some of the services later to bridging that you can do so on and so forth so I think they’re keeping the the DVS feature set pretty low on purpose and and these things have been around forever the firmness to is MAC address changes and so Mike chimed in as far as the the new features on the V DX are more towards a network i/o control right v3 absolutely yeah so again that’s that’s a feature that VMware really loves and and I’ll jump into that here shortly it’s something that I can tell you and a lot of their

blueprints for a lot of their other tests in IOC is always something that they talk about I mean they want you to know it inside and out especially for some of the kneecap things so it’s it’s something I think they really want you to know about that feature I haven’t had a new space for it yet with a lot of the 10 gig links that we have and you see such minimal saturation on those that I just haven’t had a use to turn it on yet but I’m excited for the day that that I will be able to turn it on and see it doing something perhaps that’s that’s something more with the people that are dealing with the one getting copper links that are seeing those kind of conventions one of the motion fires off and a link is saturated just take a look here just a sanity check the the SS create the lead a standard switch had configuring the v-necks on standard switch the internal ports and then of course the v-neck part I mean just to go through this really quick I’ve got this virtual machine connected to my distributed switch but if you want to change your your port groups on what you’re connected to on the standard switch you do it as a virtual machine level want to jump into this tributed switch and the first thing I figured that go over is is the network i/o control I mean it’s really I can’t stress enough how how tested this this feature set is and I think the version T was a little bit more complicated than this this is a little bit cleaner and and easier to follow and understand two different major things to think about with Network IO control our shares and reservations the shares have a value you can see there everything is 250 there’s one 100 there if your shares normal 50 is the standard value for that 100 is high and then also there’s a 25 which is low one thing that’s important to remember about the shares it’s under contention only network IO control is not going to be running all of the time hard limiting or prioritizing your network traffic if there is no contention it is it’s really important to remember that if there’s contention that’s where shares kick in the difference are reservations and limits a limit is hard if you set a limit of 1 Meg for management you’re never going to get what more than 1 Meg it is a hard hard limit regardless of contention and then reservation is kind of the other way around if you’re reserving I don’t know one game for ft traffic you’re always going to have that available contention or not so those are just things to keep in mind the resource allocation is defined at the distributed switch right here and it’s just based on your traffic type so it’s it’s pretty simple pretty easy to configure once you understand the difference between shares what the share values are reservations and limits these are just the stock default settings I haven’t gone in here and modified any network i/o control so this is what you can expect to see on any deployment if you have it enabled in your view switch and we’ll take it from the top so this is of course where you enable it and I’ll see most of the main configuration settings are done at the root of the DB switch so if we jump into edit here name number of uplinks number of ports Network IO control enabled or disabled and a description all pretty simple stuff under advanced we’ve got her into you multicast filtering mode basic or a GMP M LD snooping discovery protocol this is this is pretty cool I think it’s kind of an underutilized feature as well if you have the ability to work in and V Center and then also go around and touch the switches that it connects to it is very

very useful I’m sure everybody knows what CDP is has used it at some point in time or not show CDP neighbor will will show device is connected to a switch so the this piece which will actually broadcast CD packets back to the switch saying hey I’m a switch there’s some pretty cool information that he’s seen LLB P is just the industry standard of that a lot of HP switching leverages LBP and pretty much any switching other than Cisco uses LD key so that’s pretty turn that on right there I think it should be worth noting that this is an enterprise plus you might might be wrong on that but for some reason I thought it was enterprise that’s only so it’s funny a couple things to note so the the VSS only has CDP for the discovery protocol type and that’s coming from Mike oh yeah yeah and Larry chimed in and said all new Cisco ACI will be using lldp and not CDP interesting so I that’s they’re doing that in the 9k it’s a modular feature that you have to flip on Larry says yes alright well that that’s good to know let’s go like well let’s keep this family friendly boy or vendor friendly as we would say sure I love Cisco again I think we wore this out administrator contact of course it’s going to tweet me on those problems yeah because that’s what I need is my switch sending me a tweet right yeah exactly so here’s my up links saying that was about VMware is they always do a great job about putting a pretty picture there and telling you exactly what it is they’ve done this since being in a time and I never get sick of it it’s just me but I really appreciate it so this is kind of the point policies you can see here security we’ve got our promiscuous MAC address changes force transmits ingress ingress traffic shaping I’ve got that disabled but if I had enabled these are the options here and I can always go and edit this blocking ports this this is one thing that was a major feature of the 1,000 beef they would say hey you can SSH into the switch and you can shut down a port just like you would any other networking port and it’s something that has come in I think at version 5 they allows you to actually block a court if you have this allowed you can go through in your distributed switch take a board and shut it down I’ll be honest I’m not quite sure what vendor configuration is NetFlow this is you’ve got an opportunity to turn it on here you also have to turn it on in the distributed switch as well and that goes for all of the port groups as well as the uplink so if you want to see a net flow information coming through the receiver you’ve got to make sure that not only is it set up in this section but also in your port group as well there we go slowly if I didn’t have I’ve got this set to disabled I’d never be able to seem that flow information in my receiver for my management poor group here’s where we modify the settings very similar to standard switch again a lot of this stuff carries over your port groups are going to look almost identical between the distributed switch and a standard switch but then you’ve got your extra special stuff traffic

shaping ingress and egress it’s worth noting that you can apply it individually to each port in the port group now as of be sphere 6 which is something used to be entire port group setting now you can just apply it to individual ports which is nice VLAN type let’s let’s jump into this really quick the concept the private VLAN and it was mentioned by somebody that your switch test is supported on the other side as well basically what a private VLAN allows you to do is create a promiscuous VLAN and what that means is it’s a VLAN that can contain other VLANs and I’ve got a configuration here I’d like to show really quick I was worried that I was going to get all of this done in 15 or 20 minutes and now it looks like we’ve got about 4 minutes let’s take your time we’re no hurry that’s great so private VLAN ID I’ve gone through and created a couple already I’ve got a promiscuous community and an isolated so promiscuous it’s like a container of un and then underneath that container VLAN you can run separate VLANs that can only run in the private um so I’ve got a community and then isolated what this means is are this promiscuous the VMS are reachable and can reach any machine in the same private VLAN so I could create 15 virtual machines assign them to this promiscuous of um they can all talk to each other no problem no restricted isolated if you create a VM and you put it in that isolated private view and what’s going to happen you it’s only going to be able to talk to the permissive UN and nothing else another example of is if you have two isolated virtual machines they’re not going to be able to talk back and forth to each other they’re only going to be able to talk to that promiscuous in peak so it’s almost like a I don’t know I wish I had a drawing tablet ear you’ve got your main promiscuous guy here and you’ve got an isolated VM down here you can see those circles right and that isolated VLAN can only speak up to the promiscuous and couldn’t speak up to another isolated virtual machine on that same 502 VLAN I’ve heard of people doing some use cases for this where they’re in a classroom or something like that but you know what before I get into that I’ll talk about community a community VM can talk to each other and the viens and the premise USB LAN so we’ve got our parent VLANs it’s 500 promiscuous you’ve got multiple virtual machines here those virtual machines can talk to each other they can talk to promiscuous no problem isolated it can only talk to the permis USB LAN the use cases that I’ve heard it came from education and we would set up private VLANs and community VLANs student virtual machine desktops they’d be able to talk to each other or if there are problems where teachers did not want the virtual machines to talk to each other we make them isolated so they’d be able to talk to promiscuous which could be a device like I I don’t know a virtual router something like that to just kind of isolate or cease communication from VLANs between each other I’m sure it’s probably some awesome use cases for it but again one of those features that I don’t hardly use and but being more wants you to know all about it so have any cool examples I was gonna chime in but the community said the same thing I was going to say is definitely a great place so Dan and grandma both jumped on and said the same thing dmz so that’s typically where I’ve seen it I’ve worked for two banks and I’ve also seen it for segmenting maybe some different zones to isolate communication is another use case and that’s that’s awesome it’s good to know I can certainly see how it would be leveraged I just again I’m just a lowly customer out in Fresno California so it’s good to hear of other examples of how people are taking an advantage of

that let’s see here so time check I’ve got six thirty I think I’ve got a couple more things to go through I can certainly I can certainly keep going here yes create oh you know what let’s do the migrate because that’s a that’s a big one another thing I kind of like about the distributed switch things you have turned on I’ve got Network IO control gives you a cool little icon there health check enable you can see that’s right there alright so here’s my guy I want to get him into my distributed switch so add manage hosts going to choose the option to add a host my guy he is only running a standard switch select adapter tasks this is really cool because it gives you the option to really define what you’re going to do with your standard switch ports are you going to map those over to distributed switch port groups you get all your options right here the first option is it’s going to take your physical adapters connected an ESX host and move those into the move those into the distributed switch and we’ll kind of go through and see what that standard switch looks like after we do this here manage vmkernel adapters if either going to add or migrate the network adapters to distributed switch or assign them the port groups really really kind of cool way too it’s just finds everything up you got your standard switch when you move it in it gives you an opportunity to map everything coming in so everything goes to the right place migrate virtual machine networking so I’ve got a VM running on a port group that’s on my standard switch and I want to bring that virtual machine over into this tributed port group if you check that your virtual machine is going to come into your distributed switch and there will be a minor if any interruption I think usually it might drop a ping or two but for the most part it’s pretty seamless operation so that part where I showed you earlier change your virtual machine settings but port if you want to connect it to it automatically does that training migrations so manage physical adapters this is essentially just defining what’s going to happen to the physical adapters on the way into this tributed switch I’ve got four adapters in here only one is been used by V switch 0 and I gotta do something with this here demo l there we go just gonna say you spoke too soon huh exactly so auto-assign it’s just willing to choose the best level in order to put it in which is the only one I happen to have right now and I’m just gonna go through this gives you a summary of exactly what what’s going to happen it’s going to take this v-neck which happens to have my management for my visa which for the host I’m bringing in and it’s going to migrate that into the distributed switch this is the mapping of the kernel adapters vmkernel 0 management networks i don’t need to migrate because I’ve already got a I’ve already got that functionality on the distributed switch

if I wanted to assign it to a port group I could certainly choose any one of these here analyze impact this part is great hasn’t been around in previous versions I really like seeing what’s going to happen here I kind of reduces any chance of disruption hopefully to your environment VM networking boy looks like my VM was on the other host but at this point in time this would allow me to pick the port group that it’s on the source destination and make sure that you don’t have any me line discrepancies as you move from one core group to another ready to complete and I pass it so let’s take a look at this guy here away CPM link port take a like that really quick this is something that’s done on the uplink not the distributed switch if your your physical connections from your host to your switch assuming that you’ve got it configured on the other side you come in to this guy I’m trying to speed through a little team right hold on one second it actually a No all right guys where’s it at anybody out there have any recommendations about where that LACP is I’m having a momentary lapse there we go migrating network traffic two lags I don’t have any lags defined I’d have to add one in here flag one number of ports all depends on what’s going to be on the other side the mode active or passive again that really depends on your switching and then your load balancing mode this is something that you’re going to want to ensure that you sync up with your network guy to make sure this matches on both sides when you create a lag that’s just one part of it then you move up links into the lag and that’s how you get your up links set to the LACP load balancing I’ll kind of jump through a couple of things here as far as failover done on the port group level if you look at teaming and failover that’s where you can decide your default is is with the distributed switch is going to be originating virtual port if you’ve got Enterprise Plus licensing route based on physical net load is certainly one that that I really really like IP hashes out there and it’s widely deployed I mainly for ether channel Cisco type connectivity route based on source MAC ash just another algorithm to figure out which a blink that’s in traffic down you can see here right now I’ve currently only got one active uplink in this port group for any of those two to make any kind of a difference with the exception of explicit failover you’ve got to move these adapters up and down again really up to you different people choose different things for different reasons I really like route based on originating virtual port if you’re using explicit failover order this is something that there’s going to be absolutely no load balancing at all you’ve got active standby and unused up lengths explicit failover if link one fails it’s going to go to two and it’s not going to automatically fail back if you have this to know if you have it too yes when uplink one becomes available traffic will ship back in there but again no true load balancing again there’s nut

oil traffic filtering and marking so I have to ask and this is kind of off topic but the dog in the background know it it’s cool I just didn’t know if you realized that that the dog was was barking and yeah and she’s excited about something outside right now I’ve been trying to tell my wife to keep her quiet I didn’t know if you had her like outside the door and it’s you know trying to get in had she’s on the other side of the window I think the neighbors are no worries I just just wanted to give you a little bit of help for that yeah well I appreciate it so I know that we’re running were running pretty long but I feel like I’ve gotten through the majority of it I know I got kind of scatterbrained and and unfocused they’re told to the end but are there any questions that you think anybody else wants to see in particular that I could walk through or so I don’t see any questions here or anybody have any questions or comments they want to chime in on so do you wanna maybe before you call it quits do you want to kind of give any feedback or advice on on the exam sure I yeah I could speak to that well right now it’s its beta and it’s $50 so it’s a great way to kick the tires if you’re a current DCP you qualify to take it I think if you’re not a current vcp you won’t even see the option to to sign up for it but it hasn’t gone GI yet I’ve heard bearing things from varying people I heard previous presenters say there was a lot of challenging if you had this situation what would you do my mileage greatly varied I had a lot of memorization tasks like I mean without without jumping in the NBA it’s hard to give some examples but they would shouldn’t they would ask a question about doing something and then you had four options and the answers were all very very similar just maybe with different punctuation and it was it was very detailed and and bizarre but there there was a lot of there was nothing about about be balls that I saw in the exam as far as networking is concerned a lot of that stuff is identical so anytime a networking question came up on the exam that those were typically a slam-dunk I’m not sure if I should have said that about the meatballs or not but I know that that’s something that a lot of people focus on it was 95 questions I think I finished it with about 40 minutes to spare and I’m not quite sure how I felt about it when I left if you take a data exam you don’t get your result and it just pretty much spits out a paper that says thanks for playing we appreciate your $50.00 when the test goes GA we’ll let you know so I’m gonna be sure to put something on Twitter one way or another how it went but I figured it was it was if anything a great way to kick the tires and see would be a more stinking on the next exam so I think when it does go g8 hopefully they sort out some of the the weird questions and and they’ve got a pretty solid exam but I will say this the blueprint requirement is tough I mean some of the items that they have in there I thought man I’m gonna have to I’m gonna have to get into some white papers and look up exactly what this means I think they’re trying to bring more value to the BC and it certainly looks like by by having you know these kind of items they’re gonna do that so Mike chimed in and said the Delta was supposed to be 70 questions oh I’m sorry

yeah just a straight exam is 90 or 95 the Delta was it was shorter and I believe the Delta tried to focus on things that were new but I’m not sure that I’m not I’m not sure that it did exactly I think they’ve got a pool of test questions and they’re looking to kind of Whittle that down to two more pertinent or perhaps just throw out questions where everybody bombed and and stick to some some bell curve type hey the majority of people got this right who knows what goes on in their testing land and I know that they’ve completely shaken it up over there it’s gonna be hard to say what its gonna look like going forward and I guess if you have a V cap if you if you wait and I guess take the VC IX think you automatically get the the V cp6 along with the upgraded uh you do yeah exactly and VC IX is something I’m really looking forward to it’s I mean just looking at the Foundation’s data and then the vc p bc v it’s tough so i’m guessing with the vc IX they’re gonna make it really tough kind of off topic but when I took my be captain BCA when I left the testing center I felt tired I mean it was such a long I don’t think this is violating India at all but it was it was 25 questions and each question was more of a scenario where you had to accomplish something so it might have been one step where it might have been 15 steps so I mean the first question that I did I remember looking at the clock thinkin oh man I just spent 25 minutes on that and so when you’re when you’ve got that time crunch and and you’re trying to do that stuff and then you know time is constantly a factor the whole time I think the VCI X this time around is going to be much more difficult and it’s a that is a certain way of fun and dammit people are thinking about taking it it is it is understanding it’s all it’s all past based you log into a live environment and you you’ve got to know what exactly to do there’s no faking it on that one yeah if he caps are either you know it or you don’t know it type exams so I’m definitely looking forward for the VCI X I just haven’t decided which one I will take since if you have both be caps you can take one and automatically be upgraded to VC IX or you have to take both to be considered VCI X certified so we’ll see sure yeah I think I’m going that route laughing it was a very hard exam as well and totally different I need bismuth objectives and constraints requirements all that fun stuff yup I just took it a week ago and it passed so I’m right there with that congratulations Thanks appreciate it so yeah well hey everyone thanks for thanks for sticking with me I was wildly nervous that this whole time and think first they can with me and look at me ramble on and and hopefully there were some takeaways from this evening no this was this was good good info and and you did awesome you you rocked it like a pro and the demos especially the demo gods were in your favor tonight so awesome job alright well hey I really appreciate it it was it was fun yep and with that I’m going to stop the recording