|
■
|
Setting up one or more virtual switches. Virtual switches provide the connectivity between virtual machines on the same host or on different hosts. Virtual switches also support VMkernel network access for VMotion, iSCSI, and NFS. You set up virtual switches independently on each host. See Adding a Standard Virtual Switch.
|
Starting with vSphere 4.0, you can use a vNetwork Standard Switch (vSS) or a vNetwork Distributed Switch (vDS). This chapter provides information about both types of switches.
|
■
|
|
■
|
Specifying the adapter for the virtual machine. This adapter is specified as a virtual device, configured as part of virtual machine setup, and discussed in Configuring a Virtual Machine.
|
|
■
|
|
■
|
Configuring a physical adapter (pnic), the actual connection from the host to the network. You can configure the pnic through the HostNetworkSystem.pnic property, which is a PhysicalNic data object. You can specify the set of pnics associated with a virtual switch through the VirtualSwitch.pnic property, which takes an array of physical network adapters.
|
|
■
|
HostNetworkSystem – Managed object that represents the host’s networking configuration. This object’s properties point to the networking data objects you can use for network management, including HostDnsConfig and HostIpRouteConfig.
|
HostNetworkSystem properties allow you to acess HostNetCapabilities and HostNetworkInfo data objects, and access and modify the HostNetworkConfig data object.
HostNetworkSystem includes methods for retrieving and changing the network configuration. See the API Reference for a complete list of methods and the permissions required to run them.
|
■
|
HostNetworkConfig – Allows you to specify the network configuration for the host. You can apply the configuration by running the HostNetworkSystem.UpdateNetworkConfig method.
|
|
■
|
Network – Represents a network accessible by either hosts or virtual machines. This can be a physical network or a logical network, such as a VLAN.
|
When you add a host to a vCenter Server system, or when you add a virtual machine to an ESX/ESXi host, a Network is added automatically.
|
■
|
HostSystem.QueryHostConnectionInfo and Datacenter.QueryConnectionInfo both return a HostConnectInfo data object, which describes the current network configuration.
|
HostSNMPSystem – Supports SNMP setup. See Setting Up SNMP.
A vNetwork Standard Switch (vSS) can route traffic internally between virtual machines and can link virtual machines to external networks. vSS Environment shows the elements of a vSS environment.
At the center of networking with vSS is the virtual switch itself. The vSS can send network traffic between virtual machines on the same host (private network) or network traffic to an external network (public network). The public network uses the Ethernet adapter associated with the physical host (uplink adapter).
The default number of logical ports for a vSwitch is 120 but it can have more ports. See the Configuration Maximums document available from the vSphere main documentation page. Each port can connect to a network adapter of a virtual machine, or an uplink adapter on the physical machine.
When two or more virtual machines are connected to the same vSS, network traffic between them is routed locally. If an uplink adapter is attached to the vSS, each virtual machine can access the external network that the adapter is connected to.
Port groups aggregate multiple ports under a common configuration. The Configuration Maximums document, available on the vSphere Documentation page, discusses the maximum number of ports.
Each port group is identified by a network label, which is unique to the current host. Network labels make virtual machine configuration portable across hosts. All port groups in a datacenter that are physically connected to the same network (in the sense that each can receive broadcasts from the others) are given the same label. Conversely, if two port groups cannot receive broadcasts from each other, they have distinct labels.
You can use a VLAN ID to restrict port group traffic to a logical Ethernet segment within the physical network. For a port group to reach port groups located on other VLANs, the VLAN ID must be set to 4095. If you use VLAN IDs, you must change the port group labels and VLAN IDs together so that the labels properly represent connectivity.
When you create a virtual machine, you include a VirtualMachineConfigSpec, which, in turn, includes a VirtualDeviceConfigSpec. The device property of VirtualDeviceConfigSpec is a VirtualDevice data object. One of the available virtual devices is VirtualEthernetCard. You can use one of the subtypes of VirtualEthernetCard to specify the virtual card to use and to specify the MAC address and whether wake-on-LAN is enabled for this virtual card. See Adding Devices to Virtual Machines. A limited number of adapters is supported. KB article 1001805 (http://kb.vmware.com/kb/1001805) discusses available network adapters and which adapter is appropriate in which situation.
The network services that the VMkernel provides (iSCSI, NFS, and VMotion) use a TCP/IP stack in the VMkernel. This stack accesses various networks by attaching to one or more port groups on one or more virtual switches.
If you have two or more physical NICs for iSCSI, you can create multiple paths for the software iSCSI by using port binding. For more information on port binding, see the iSCSI SAN Configuration Guide.
A freshly installed ESX/ESXi system does not include VMkernel network interfaces. When you wish to migrate a virtual machine with VMotion, your VMkernel networking stack must be set up properly. When you want to use storage types that use TCP/IP network communications, such as iSCSI, you must provide a separate VMkernel network interface for that storage device. You must create any VMkernel ports you might need (see Adding a VMkernel Network Interface).
The term pnic refers to the physical network adapters as seen by the primary operating system. When using the vSphere Web Services SDK, you can manipulate the adapter directly. When using the vSphere Client UI, you manipulate instead the uplink adapter. On an ESXi host, each pnic has one associated uplink adapter.
You can use the HostNetworkSystem managed object to access and manipulate the elements of an ESX/ESXi system’s network.
|
■
|
The properties of the HostNetworkConfig object, which you access through HostNetworkSystem.networkConfig, allow you to retrieve configuration information. This information is comprehensive and includes the physical adapters, virtual switches, virtual network interfaces, and so on.
|
You can also use HostNetworkConfig to make changes to the configuration.
|
■
|
The properties of the HostNetworkInfo object, which you access through HostNetworkSystem.networkInfo, allow you to retrieve runtime information.
|
You call the HostNetworkSystem.AddVirtualSwitch method to add one or more virtual switches. Pass in the name of the virtual switch and a HostVirtualSwitchSpec data object as parameters.
Inside HostVirtualSwitchSpec you can specify the MTU, number of ports, network policy, and bridge specification. The bridge specifies how the virtual switch connects to the physical adapter. The currently supported bond bridge provides network adapter (NIC) teaming capabilities through the use of a list of physical devices and, optionally, a beacon probe to test connectivity with physical adapters.
After you have created the virtual switch, you can connect it to a pnic for connection to the outside, and to a VMkernel port or a port group.
You can use a property collector to retrieve the HostNetworkSystem managed object and several of its properties, such as networkInfo.
|
2
|
Define a HostVirtualSwitchSpec that specifies the attributes of the virtual switch. You can specify the number of ports (56 to 4088 on ESXi systems) and the HostNetworkPolicy. See Defining the Host Network Policies.
|
|
3
|
Call HostNetworkSystem.AddVirtualSwitch to add a virtual switch. Specify a unique name and a HostVirtualSwitchSpec that defines the switch attributes.
|
The following fragment from AddVirtualSwitch.java illustrates this.
Example: Adding a Virtual Switch
Port groups allow you to differentiate between different kinds of traffic passing through a virtual switch. You can also use port groups as a boundary for communication or for security policy configuration. For ESXi systems, the default port groups are Management Network and VM Network. For ESX systems, the default port groups are Service console and VM Network.
When you create a port group, you can specify a VLAN ID for it. VLANs are an important part of ESX/ESXi networking because they allow you to group traffic. For example, you could create separate network segments for VMotion, for management and for development. Using VLANS, you only need to have a separate uplink adapter for each network segment and a single virtual switch connecting to that adapter. That setup can greatly reduce the number of switches you need.
|
1
|
Define a HostPortgroupSpec. For each port group, you can specify the network policy, the VLAN ID, and the virtual switch to which the port group belongs.
|
|
2
|
VMkernel network interfaces provide the network access for the VMkernel TCP/IP stack. You must create new VMkernel ports for your ESX/ESXi system if you plan on using VMotion, VMware FT, or iSCSI and NAS storage. A VMkernel port consists of a port on the virtual switch and a VMkernel interface.
|
1
|
Create a HostVirtualNicSpec data object. Inside the object, you can specify the IP configuration in a HostIpConfig data object. For vSS, specify the portgroup property. For vDS, specify the distributedVirtualPort property.
|
|
2
|
|
3
|
You can then use the VMkernel network interface for software iSCSI or NAS, or call the HostVmotionSystem.SelectVnic method to use this VMkernel NIC for VMotion.
|
Example: Adding a VMkernel Network Interface, a code fragment from the AddVirtualNic example, illustrates this. The sample retrieves the IP address from the command line using the cb.get_option call.
Example: Adding a VMkernel Network Interface
When you configure host networks, you can define specific policies for the network. The HostNetworkPolicy data object type describes network policies for both virtual switches and port groups. If the settings are not specified for the port group explicitly, the port group inherits policy settings from the virtual switch with which it is associated.
The policies are defined by the following data objects available as properties of HostNetworkPolicy.
|
■
|
HostNicTeamingPolicy – Defines the connection to the physical network. This includes failure criteria, active and standby NICs, and failover and load balancing information. See NIC Teaming.
|
|
■
|
HostNetworkSecurityPolicy – Defines the security policies for the network. See the ESXi Configuration Guide.
|
|
■
|
HostNetworkTrafficShapingPolicy – Establishes parameters for three traffic characteristics: average bandwidth, peak bandwidth, and maximum burst size.
|
You can also specify the VLAN policy by assigning an integer to the HostPortgroupSpec.vlanid property. The VMkernel takes care of tagging and untagging the packets as they pass through the virtual switch. See the HostPortgroupSpec and HostNetworkPolicy data objects in the API Reference.
Virtual machines connect to the public network through a virtual switch, which, in turn, connects to the physical network interface (pnic). When the physical adapter or the adapter’s network connection fails, connectivity for the associated virtual switch and all port groups and virtual machines is lost.
To resolve this issue, you can set up your environment so each virtual switch connects to two uplink adapters. Each uplink adapter connects to two different physical switches. The teams can then either share the load of traffic between physical and virtual networks among some or all of its members, or provide passive failover in the event of a hardware failure or a network outage.
If you specify NIC teaming for a virtual switch, the HostVirtualSwitchSpec.bridge property must be set to HostVirtualSwitchBondBridge.
vSphere supports both Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) environments. With IPv6, you can use vSphere features such as NFS in an IPv6 environment.
An IPv6-specific configuration in vSphere involves providing IPv6 addresses, either by entering static addresses or by using DHCP for all relevant vSphere networking interfaces. IPv6 addresses can also be configured using stateless autoconfiguration sent by router advertisement.
You can set up IPv6 networking for a host by changing the HostIpConfig.ipV6Config property, which is a HostIpConfigIpV6AddressConfiguration data object. HostIpConfigIpV6AddressConfiguration allows you to specify whether auto-configuration is enabled, whether DHCP for ipV6 addresses is enabled, and an array of IPv6 addresses (HostIpConfigIpV6Address data objects).
HostIpConfigIpV6Address allows you to specify all aspects of the IPv6 address including the state of the address, the address (unless DHCP is enabled), life time, operation, origin, and prefix length. See the API Reference. The following code fragment illustrates setting the VMkernel NIC to get an automatic IPv6 address from router advertisements and through DHCP. The user provides the IP address on the command line when calling the program from which the fragment is taken. The sample retrieves the address using the cb.get_option utility applications call.
Example: IPv6 Setup
You can set up network services for your ESX/ESXi system by using HostConfigManager properties and methods.
The HostConfigManager.dateTimeSystem property contains a HostDateTimeSystem data object. This object allows you to perform NTP and date and time related configuration.
|
■
|
|
■
|
Modify the HostDateTimeSystem.dateTimeInfo property, which contains a HostDateTimeInfo object, to set up NTP. The NTP information is stored in the HostDateTimeInfo.ntpConfig property, which is a HostNtpConfig object. The HostNtpConfig objects’s server property contains a list of time servers, specified by IP address or fully qualified domain name.
|
|
Important You can start and stop the NTP daemon and retrieve information about it by using the HostServiceSystem object.
|
You can use the HostNetworkSystem.UpdateIPRouteConfig method to specify the IP route configuration for an ESX/ESXi system. The method takes a HostIPRouteConfig data object as an argument. In this object, you can specify the default gateway address and the IPv6 gateway address. The data object also allows you to specify the service console gateway device on ESX.
Simple Network Management Protocol (SNMP) allows management programs to monitor and control networked devices. vCenter Server and ESX/ESXi systems include different SNMP agents:
|
■
|
The SNMP agent included with vCenter Server can send traps when the vCenter Server system is started or when an alarm is triggered on vCenter Server. The vCenter Server SNMP agent functions only as a trap emitter and does not support other SNMP operations such as GET.
|
|
■
|
ESX/ESXi 4.0 and later includes an SNMP agent embedded in the ESX/ESXi host daemon (hostd) that can send traps and receive polling requests such as GET requests.
|
Versions of ESX released before ESX/ESXi 4.0 included a Net-SNMP-based agent. You can continue to use this Net-SNMP-based agent in ESX 4.x with MIBs supplied by your hardware vendor and other third-party management applications. However, to use the VMware MIB files, you must use the embedded SNMP agent. To use the NET-SNMP based agent and embedded SNMP agent at the same time, make one of the agents listen on a nondefault port. By default, both agents use the same port.
The SDK supports SNMP agent configuration through the HostSnmpSystem managed object. This object includes two methods, ReconfigureSnmpAgent and SendTestNotification.
|
■
|
HostSnmpSystem.ReconfigureSnmpAgent allows you to specify agent properties through a HostSnmpConfigSpec. That data object allows you to specify the SNMP port, read only communities, and the trap targets in an HostSnmpDestination object. The HostSnmpDestination object allows you to specify the community, and a host and port listening for notification.
|
|
■
|
HostSnmpSystem.SendTestNotification allows you to test your configuration.
|
A HostSnmpSystemAgentLimits data object in the HostSnmpSystem.limits property specifies limits of the agent.