posted

12 Comments

In the last post Demystifying port limits… I discussed the vitual port limits on the vSphere Standard (VSS) and Distributed switch (VDS). While discussing the VDS limits, I talked about the three different port-binding options available when you configure a port group on VDS. The port binding option describes how a virtual port on the virtual switch binds with virtual machine or a vmkernel nic. In this post, I would like to highlight why you should choose Static Port binding over Ephemeral port binding.

As per the definition of Ephemeral binding, there is no port binding with this choice. When you choose this option the behavior is similar to a standard virtual switch (VSS). The number of virtual ports on the switch is automatically set to 0, and the port group allocates one port for each connected virtual machine or vmkernel nic, up to the maximum number of ports available on that port group. For Example, if a virtual machine 1 is connected to a port group and is powered on, it connects to a virtual port ID #1. Now, if you power off that virtual machine the connection to the virtual port ID #1 is lost. And if you start another virtual machine 2, it will get the virtual port ID #1. So, there is no static one-to-one relation between the virtual machine and virtual port ID #s when it comes to Ephemeral port binding.

Now the question is why do you need to have this static one-to-one relationship between a virtual machine and virtual port IDs? Think of a physical switch, where you connect a server or a pc to switch port. This environment is not dynamic as virtual infrastructure with virtual machines and virtual switch. The network and security administrators like this physical setup, because they can state fully monitor the physical switch ports for any network or security issues that could be caused by the servers or pcs. So, having a static binding between virtual machine and virtual ports helps you better troubleshoot any network issues and also identify any potential security issues.

With VDS, when you keep the default static binding configuration on a port group, you get the following benefits

-       Port state persistence helps in troubleshooting network issues

-       Helps Firewall/IDS/IPS devices that need state full ports

-       Monitoring and Accounting application traffic

-       Port state migrated with vMotion

Thus, provides the same benefits that you get in the physical network.

In the Following section, I would like to illustrate how VDS helps you continuously monitor a virtual machine that gets moved from one host to another. Let’s take an example deployment with two hosts, in one deployment we will take a VSS with ephemeral port binding, and in another a VDS with static port binding configuration.

SS_vss_ephemaral

As you can see in the above diagram there are two hosts, each with its own vSphere Standard Switch (VSS). Both VSS have two port groups configured PG-A and PG-B with similar properties. A virtual machine that is hooked to PG-A on Host 1 has virtual port ID vport 1 and another has virtual port ID vport2. Similarly, Host 2 virtual machines have virtual port ID #s that are similar to Host 1. Now, if the red virtual machine on Host 1 is moved to Host 2, it will be assigned with a new virtual port ID  by the VSS on Host 2. In this situation all the port statistics of the red VM, when it was connected on Host 1 on vport 2, is lost. The VSS on Host 2 will start collecting the data, a fresh, when the red VM is powered on port group PG-B with vport 3 as its new virtual port ID

SS_vds_static

Now let’s look at a VDS deployment.The main difference I would like point out here is that the virtual port ID assignment is handled centrally by the vCenter Server. As you can see in the diagram, the virtual port IDs assigned to each virtual machine is unique. When the red virtual machine is moved through the vMotion process from Host 1 to Host 2 the virtual port ID is maintained as dvport 2. Also, all the port statistics related to dvpot 2 is transferred from the Host 1 to Host 2. This allows VDS deployment not to miss any of the information recorded on Host 1 and continue recording the virtual port statistics on Host 2. Please let me know if you have any more questions on this topic. Thanks for reading.