Please enable Javascript for better experience...
VMware NSX Notes - Overview of vSphere Networking
By Pranay Jha | May 27, 2019 | In Articles | Update: May 27, 2019 | Total Views [ 1285 ]
(1 Like)

vSphere Network Components

vSphere Standard switch

Distributed switch

Function of VMkernel ports

Services that are provided by VMkernel Ports


Types of Virtual Switch: -

  1. Standard
  2. Distributed



-        Provides virtual switch configuration for single host

-        Management Plane and Data Plane both runs on ESXi Host

-        Boundary of Standard switch is limited to ESXi Host.

-        Supports Trunk Port and Access ports.

-        If you want to use trunk, then you must allow from 0-4095. You do not have option to trunk specific VLANs.

-        Disadvantage: Scalability is the problem in standard switch. If we need to increase the number of hosts, we must create new switch configuration for each ESXi hosts.

-        Supports Layer 2 switch, VLAN segmentation, IPv6, 802.1Q tagging, NIC teaming, Outbound traffic shaping.

-        You can configure policies at switch level and port group level.

-        Provides virtual switch configuration for all hosts in a vCenter Server.

-        Segregation of Management and Data Plane.

-        Management Plane on vCenter and Data Plan on ESXi Host.

-        Boundary of vDS is Logical Datacenter

-        Supports Trunk Ports and Access ports

-        Supports up to 2000 ESXi host to the same distributed switch.

-        Trunk is supported on vDS (i;e 101, 103, 200)

-        Supports NIOC, Layer 2 Switch, VLAN Segmentation, IPv6, load based teaming, per-port policy, NetFlow, Port Mirroring, Private VLANs, VM network port block, Inbound traffic shaping, Outbound traffic shaping, NIC teaming, 802.1Q tagging.

-        You can configure policies at each per port level.



Notes: -

Access Port

When port belongs to one L2 network than it’s Access port.

Trunk Port

Group of VLANs, more than one L2 network. If port belongs to more than one L2 network, than its trunk port.

Native VLAN

When you are using native VLAN

-        Cisco: 1

-        VMware: 0

VLAN Tagging

0-4095 (0 is native, and you can use VLAN upto 1-4094)


What all types of VLAN tagging we use in vSphere

VGT – Virtual Guest Tagging

Tagging is done through the Guest OS.

VST – Virtual Switch Tagging

Tagging is done by kernel. Guest OS is not doing the VLAN tagging. Virtual switch is doing tagging, that’s why it is known as Virtual Switch tagging.

When frame received by the hypervisor

EST – External Switch Tagging

VLAN is only configured to external switch. Complete virtual switch is on one VLAN. But when the traffic will go out. In this scenario, any of device is on VLAN 10(example) then only it will be communicated. If it’s on VLAN 11, then it will not be communicated. Because the entire virtual switch is on VLAN 10.

Physical switch does the tagging.


When do we configure VLAN tagging?

Tagging done on L2 frames.



12 Bits


Virtual Network with Virtual Switch


-        Provides connectivity between Virtual and Physical environment.

-        One VMNIC can be associated with one vSwitch.

-        For Guest – it’s vnic

-        For Host – It’s vmnic

-        Vmnic is also work as uplink.

-        We can have multiple VLANs on one vSwitch.

-        But we cannot have multiple VLAN on one Port group.

-        NIC teaming of multiple vmnic

  • For more bandwidth
  • For segregation
  • For better availability

-        Same L2 swtich for multiple broadcast domains.

-        Reduce number of physical L2 switches.

Network IO Control (NIOC)

Allocate bandwidth during the bandwidth contention. Below ports does exist where we can configure NIOC.

-        Management

-        NFS

-        iSCSI

-        vSAN

-        vSphere vMotion

-        Fault Tolerance

-        vSphere Replication

-        vSphere Data Protection

-        VTEP

Scalability Problems with Distributed Switch

End to End L2 Physical Network


Load Based Teaming

-        Feature of dvSwitch.

-        When teaming will be based on the load exist on physical NIC card. Your ESXi host check the workload on NIC in every 30 secs. If load is more than 75% on NIC1, then it will move some traffic from NIC1 to NIC2.

Load Balancing Policy:

When you have connected more than one Physical NIC to the switch then Load Balancing will come into picture.

We have multiple options in Load Balancing.

Route based on Virtual Port ID:

-        Load avoidance policy not a load balancing policy.

-        Each virtual port has IDs.

-        We connected 2 NICs with this switch.

-        ID of the port will be associated with the uplink.

-        Port ID will be associated with orginal port.

-        In case we shutdown VM, port are useless.

-        VM will power on in same port ID.

Route based on Source MAC hash:

-        Generate MAC hash value

-        Hypervisor will calculate hash value on vnic MAC.

-        Has value will be associated with uplink.

-        VM can maximum consume the bandwidth of single physical NIC and associates with the vSwitch.

-        If VM has two NIC then it can use of two NICs.

Rouse based on Source IP Hash:

-        Configure EtherChannel (for Cisco Switch) or LACP (for Non-Cisco Switch) at physical switch

-        Works on Source IP and Desitation IP.

-        Additional workload on hypervisor to get source IP and destination.

-        Need LACP at(EtherChannel) because destination is different always but source is same.  So need LACP.

-        Consider all physical port as logical port.

Explicit Failover:

-        When you manually configure the failover order, then we use Explicit failover.

Thanks for visiting here. Share this article if you found it useful.
Like Facebook Page
Connect to twitter
Subscribe my Channel
Connect over Linkedin
Share this on Social Media

About the Author

Pranay Jha
Pranay Jha
Founder, Contributer

Public profile: user/profile/99900000

Follow me

facebook linkedin twitter G+ VMTN youtube

Thank you for visiting my profile. I am Pranay Jha, bring along a total of 11+ years of extensive experience with me in Information Technology sector for organizations from small business to large enterprises, wherein my current assignment I am associated with IBM as a Technical Solution Architect for Virtualization platform. I am vExpert x 3 (16/17/18), VCIX-DCV, VCAP5/6-DCD, VCAP5-DCA, VCP7-CMA, VCP5/6-DCV, VCA-DCV, VCA-Cloud, VSP, VCE-CIA, MCITP, MCSE, MCSA(Messaging). I am also an Independent blogger and founder of and I can be reached via email at or Direct Message via Contact Us form.

Please SignUp/Login to comment...

Or comment as anonymous...
* Name
* Email ID
Facebook Likes