vsphere Design and Deploy Fast Track v6 Additional Slides
The V-Model VMware vsphere: Design and Deploy Prerelease 2
The V-Model VMware vsphere: Design and Deploy Prerelease 3
The Waterfall Model VMware vsphere: Design and Deploy Prerelease 4
Functional vs Non-Functional Requirements Functional Requirements = How the System works Non-Functional Requirements = How the System behaves Examples of Functional Requirements - The ESXi Hosts must have access to a common storage array - The DR Site must use synchronous Array based replication - Virtual Machines must be able to vmotion across Hosts Examples of Non-Functional Requirements - The Virtual Switches must have a minimum of two uplinks - The Storage fabric must support 10,000 IOPs. - The ESXi Host clusters should be enabled for HA VMware vsphere: Design and Deploy Prerelease 5
Conceptual Design rem net prod net dev net DMZ net prod srvc production services test/dev services DMZ services cluster vsphere cluster vsphere cluster vsphere cluster storage hosts remote datacenter replicated not repl storage storage internal hosts datacenter not replicated storage DMZ hosts VMware vsphere: Design and Deploy Prerelease 6
Logical Design VMware vsphere: Design and Deploy Prerelease 7
Physical Design VMware vsphere: Design and Deploy Prerelease 8
Transparent Page Sharing Content-based page sharing reclaims memory with minimal overhead by writing common memory once and reusing it. VMware vsphere: Design and Deploy Prerelease 9
Using Salting with Transparent Page Sharing Salting enables management of individual virtual machines participating in transparent page sharing, depending on host and virtual machine settings. Host Setting VM Setting vc.uuid Salt Value Inter-VM TPS Intra-VM TPS 0 Ignored Ignored 0 Yes, among all VMs on host 1 Present Ignored sched.mem. pshare.salt Only among VMs with same salt 1 Not Present Ignored 0 Yes, among all VMs 2 Present Ignored sched.mem. pshare.salt 2 Not Present (default) Present (default) 2 Not Present Not Present Only among VMs with same salt Yes Yes Yes Yes vc.uuid No Inter-VM TPS Yes random number No Inter-VM TPS Yes VMware vsphere: Design and Deploy Prerelease 10
Sliding Scale Mem.MinFreePct Mem.MinFreePct is the amount of memory that the VMkernel should keep free: The VMkernel uses a sliding scale to determine the Mem.MinFreePct threshold based on the amount of memory installed in the host. Memory Installed Free State Threshold Range 0 through 4 GB (first 4 GB) 6% 4 through 12 GB (next 8 GB) 4% 12 through 28 GB (next 16 GB) 2% Remaining memory 1% VMware vsphere: Design and Deploy Prerelease 11
Criteria for Reclaiming Host Memory Host physical memory is reclaimed based on five host free-memory states, reflected by five thresholds. Memory State Threshold Actions Performed High 300% of minfree Break Large Pages (wait for next TPS run) Clear 100% of MinFree Break Large Pages and active call TPS to collapse pages Soft 64% of minfree TPS + Balloon Hard 32% of minfree TPS + Compress + Swap Low 16% of minfree Compress + Swap + Block VMware vsphere: Design and Deploy Prerelease 12
Memory Reclamation Review The hypervisor uses memory-reclamation techniques to reclaim host physical memory: Transparent page sharing is disabled by default: Transparent page sharing is a low-overhead task. Ballooning, which can cause guest operating system paging, is more efficient than host-level swapping: Both ballooning and swapping can result in memory pages being written to disk. Because the guest operating system is aware of its memory usage, the guest operating system can page more efficiently than the host. Memory compression: Compresses pages in memory rather than writing them to disk. Host-level swapping: This technique quickly reclaims memory. It has higher performance overhead than the other techniques. Memory reclamation enables memory overcommitment. VMware vsphere: Design and Deploy Prerelease 13
Private VLANs A private VLAN divides an existing VLAN, called the primary VLAN, into one or more separate VLANs, called secondary VLANs. A secondary VLAN has the following characteristics: Exists only in the primary VLAN Shares the same IP network address Is identified on the physical and distributed switches by a unique VLAN ID A private VLAN is an extension to the VLAN standard. A private VLAN has the following benefits: Enables you to isolate traffic between virtual machines that are in the same VLAN Provides additional security between virtual machines on the same subnet without consuming more VLAN IDs VMware vsphere: Design and Deploy Prerelease 14
Types of Secondary Private VLANs A private VLAN is identified by its primary VLAN ID. A primary VLAN ID can have multiple secondary VLAN IDs associated with it. The type of secondary private VLAN determines packet forwarding rules. Three types of secondary private VLANs: Promiscuous Isolated Community Example of Primary and Secondary VLAN IDs Primary Secondary Type 5 5 Promiscuous 5 155 Isolated 5 17 Community VMware vsphere: Design and Deploy Prerelease 15
Promiscuous Private VLANs A node attached to a port in a promiscuous secondary private VLAN can send and receive packets to any node in any other secondary private VLAN associated with the same primary. Routers are typically attached to promiscuous ports. Primary Secondary Type 5 5 Promiscuous 5 155 Isolated 5 17 Community 5 155 17 VM 5 VM 6 VM 1 VM 2 VM 3 VM 4 VMware vsphere: Design and Deploy Prerelease 16
Isolated Private VLANs A node attached to a port in an isolated secondary private VLAN can send packets to and receive packets from only the promiscuous private VLAN. Only one isolated secondary private VLAN is permitted per primary. Primary Secondary Type 5 5 Promiscuous 5 155 Isolated 5 17 Community 155 17 VM 1 VM 2 VM 3 5 VM 6 VM 5 VM 4 VMware vsphere: Design and Deploy Prerelease 17
Community Private VLANs A node attached to a port in a community secondary private VLAN can send packets to and receive packets from other ports in the same secondary private VLAN, including ports in the promiscuous private VLAN. Each virtual machine can send to and receive from different secondary private VLANs, for example, community and promiscuous. Primary Secondary Type 5 5 Promiscuous 5 155 Isolated 5 17 Community 155 17 5 VM 5 VM 6 VM 1 VM 2 VM 3 VM 4 VMware vsphere: Design and Deploy Prerelease 18
Physical Switch Implementation of Private VLANs Private VLANs are implemented the same way for physical or distributed switches: Standard 802.1Q tagging. No double encapsulation. Physical switch software decides which ports to forward the frame to, based on the tag and the private VLAN tables. Primary Secondary Type 5 5 Promiscuous 5 155 Isolated 5 17 Community Distributed Switch For private VLANs, the VLAN ID is the secondary ID. VLAN 5 Private VLAN 5 (Promiscuous) Private VLAN 155 (Isolated) Private VLAN 17 (Community) VMware vsphere: Design and Deploy Prerelease 19
Private VLANs and Physical Switches The physical switch must be private VLAN-aware and configured appropriately to enable the secondary private VLANs to reach their destination. A physical switch can be confused by the fact that each MAC address is visible in more than one VLAN tag. A physical switch must have a trunk port to the ESXi host and not be in a secondary private VLAN. Most private VLAN problems are caused by physical switches that are configured incorrectly: Compare the private VLAN map in the physical switch to the private VLAN configuration in the distributed switch. VMware vsphere: Design and Deploy Prerelease 20
Example: Private VLAN-Aware Physical Switch In this example, a virtual machine in a promiscuous private VLAN tries to exchange ARP information with a virtual machine in an isolated private VLAN. Switch ports that see the same MAC address through different VLAN tags Private VLAN logic detects that the destination is isolated, so it acts as if the tag were 155. ARP Request Tag: 5 ARP Request Tag: None Promiscuous ARP Reply Tag: None ARP Reply Tag: 155 5 155 Distributed Switch ARP Request Tag: 5 ARP Reply Tag: 155 Isolated ARP Reply Tag: None ARP Request Tag: None Primary Secondary Type 5 5 Promisc 5 155 Isolated 5 17 Comm VMware vsphere: Design and Deploy Prerelease 21
Configuring Private VLANs You can configure the necessary private VLANs on the distributed switch in order to assign distributed ports to participate in a private VLAN. VMware vsphere: Design and Deploy Prerelease 22
Assigning a Private VLAN to a Distributed Port Group You can set the VLAN policy on a distributed port group to apply VLAN tagging globally on all distributed ports. In this example, you assign a private VLAN ID to the distributed port group named pg-production. VMware vsphere: Design and Deploy Prerelease 23
Load-Balancing Method: Originating Virtual Port ID The diagram shows routing based on the originating port ID, called virtual port ID load balancing. Virtual Switch Physical Switch Virtual NICs Physical NICs VMware vsphere: Design and Deploy Prerelease 24
Load-Balancing Method: Source MAC Hash The diagram shows routing based on source MAC hash. Internet Virtual Switch Physical Switch Virtual NICs Physical NICs VMware vsphere: Design and Deploy Prerelease 25
Load-Balancing Method: Source and Destination IP Hash The diagram shows routing based on IP hash. Internet Virtual Switch Physical Switch Virtual NICs Physical NICs VMware vsphere: Design and Deploy Prerelease 26