In VMware vSphere, there are an infinite number of ways to accomplish almost anything. Many architects and administrators tend to do things “their” way, from location they install ESXi to, to the way they access a virtual machine in vCenter. When it comes to making VMware vSphere networking design choices, the same holds true.
VMware vSphere networking design is another one of these things which can be done numerous ways. There really is not a right or wrong way to design a vSphere network, as long as you are meeting your requirements. Instead of talking about specific vSphere networking designs, I want to get you in the right mindset for the design process.
Ready to put your VMware infrastructure design hat on? Let’s start by discussing VMware vSphere networking design, not including NSX. We will save that concept for later.
vSphere Licensing Considerations for VMware vSphere Networking Design
One of the biggest factors in deciding how to design implement vSphere networking is your vSphere licensing level. If you are using vSphere Standard, standard vSwitches are your only option. However, if you are using vSphere Enterprise plus, you may choose to use standard or distributed virtual switches, which provide additional features and functionality. Virtual switches are a key component of any VMware vSphere networking design.
When using VMware products such as VSAN or NSX, the Standard license levels include the Distributed Virtual Switch, as this switch is critical to the proper implementation and operation of these products. This is a critical factor to vSphere networking design, and may be a constraint for you to deal with down the line.
VMware vSphere Networking Design Qualities
When we talk about VMware infrastructure design, we often speak of the design qualities. These are the things we need to think about when designing or architecting an environment, and really tie back to the business problems we will solve with our infrastructure. VMware vSphere networking design choices are no exception, we continue to evaluate these design qualities which are:
- Availability
- Manageability
- Performance
- Recoverability
- Security
I like to remember them as AMPRS, though you may prefer another acronym, like PARMS.
Now we are going to go through the design qualities one by one and talk about what they are, and how they can impact your VMware vSphere networking design.
VMware vSphere Networking Availability
This can be one of the most important qualities of your environment, because your network is not available, the rest of your ESXi host doesn’t really matter. There are many ways to ensure your ESXi host’s networking availability. First and foremost, the most important thing in my mind is to have multiple network connections to separate physical switches. This way, you are protected in the case of an upstream switch failure.
In addition, it is also important to ensure the virtual switches are configured in a way that represents this. If you have four connections from your ESXi host to two physical switches, and one virtual switch has two connections to the same physical switch, your host will encounter issues in the event that physical switch fails.
You can see an example of this in my guide to Cisco UCS Architecture:
The network design is the single aspect of VMware vSphere that depends heavily on the physical infrastructure design underneath. While we can provide resiliency at the VMware vSphere layer, it means nothing if the physical layer underneath is not architected correctly.
VMware vSphere Networking Manageability
Distributed Virutal Switches certainly make your vSphere networking easy to manage, since they are configured centrally. It is extremely important to ensure vSphere hosts in the same cluster have compatible network configurations. Host profiles also make this easy to achieve, regardless of the switch you use in your environment,. These are both vSphere Enterprise Plus features, however.
Before the days of Distributed Virutal Switches and Host Profiles, I used scripts to configure my networking. For those with vSphere standard, this is also a way to help ensure the networking configuration is uniform across the cluster.
As mentioned in the availability section, it is extremely important to make sure your virtual switches are configured correctly. Automating their configuration, with something like PowerCLI if you are not licensed for Host Profiles can help ensure uniform configuration.
VMware vSphere Networking Performance
There are a few things to consider when thinking about your vSphere host’s network performance. First, it is important to make sure you have enough bandwidth. Items such as your workloads and whether or not you are using IP storage will greatly impact this. Also, you must decide if degraded network performance is acceptable in a failure scenario or not.
You friend vMotion? vMotion performance is highly dependent on your network configuration. One benefit of Distributed Virtual Switches is Network I/O Control. This allows you to tell your vSphere environment which traffic is the most important during contention, and how resources should be split during that period.
VMware vSphere Networking Recoverability
In the case of vSphere networking, this ties back to how you inailly created your networking configuration. Distributed Virutal Switch configurations can be backed up and imported, and scripts to configure vSphere Standard switches can be re-run.
You must ensure these important files are avilable in a recovery scenario. Beyond just your virtual network configuration, you should be considering how you would restore your complete vSphere environment in the event of a disaster.
VMware vSphere Networking Security
Security is of course one of the hottest topics today, and there are many things to consider when designing your vSphere networking environment. Luckily, many of the things you need to think about carry over from the physical networking side. It is still important to restrict network access just like you would in the physical world.
One of the big things to think about is the MAC addresses of your virtual machines, and your requirements around them. Will the initial and effective MAC addresses always match, or is there a legitimate case where they may be different? This is a design choice where you will have to weigh risks and requirements.
VMware vSphere Networking Design – NIC Teaming and Load Balancing
When it comes to VMware vSphere Networking Design, one of the most important considerations is NIC teaming and Load Balancing for your ESXi hosts. Luckily, I have written an easy to read and understand series on these important choices.
- Introduction to NIC Teaming in VMware vSphere 6.5 Networking – This article reviews why we use NIC teaming, and goes in more detail about what the the methods are.
- The Simple Guide to NIC Teaming in VMware vSphere – This article talks about the simplest NIC teaming methods to implement: Route Based on Originating Virtual Port, Route Based on Physical NIC Load (Load Based Teaming), and Explicit Failover Order
- The Advanced Guide to NIC Teaming in VMware vSphere – This article takes a look at the more advanced load balancing options, Route based on IP hash and route based on source MAC hash.
These articles will help you get a handle on the different ways to implement NIC teaming and load balancing when it comes to your VMware vSphere Network.
VMware Network Design Summary
When it comes to VMware network design, of course the most important thing to keep in mind are the requirements you have to meet.
I hope this article helped you get in the right mindset to take on your VMware vSphere networking design project. Of course, this is not everything you will encounter while you are designing your VMware vSphere networking environment.
It is meant to give you an overview of what is usually considered during the VMware vSphere infrastructure design process overall, in addition to VMware vSphere networking design. Remember to keep in mind the problems you are specifically trying to solve during the design process, and consider the resources you have to work with.
Melissa is an Independent Technology Analyst & Content Creator, focused on IT infrastructure and information security. She is a VMware Certified Design Expert (VCDX-236) and has spent her career focused on the full IT infrastructure stack.