VMware vSphere

Doing some vmware hands on labs on their website,  very often I notice in their (distributed) switch topology
they have a plethora of subets -via vm kernel ports - coming into the same switch. Entire different classes coming in.

From what I understand this is kind of against good design. Where you assign a subnet to its own switch and uplink.

However, how is that even possible? When they are all showed sharing the same uplink cards on that same switch.
Is traffic for a 10.10.10.x and 192.168.x.x being shared, coming into the same uplink?? Thats not even possible.ing

I must be missing something

I am confused...

It's very possible. Do some Googling on VLANs and trunk ports.

thanks for the reply.
So on the other end of the NIC connecting to the host is a switch trunking vlans?
Wouldnt the port groups need vlan IDs on them to tag them?

Here is a  screen capture from the vmware lab topology,
There are 3 different subnets coming in.
10.10.20
10.10.30
192.168.110

All sharing the 2 uplinks.
Are they really riding a trunk out, with no vlan identifying their port group?

So on the other end of the NIC connecting to the host is a switch trunking vlans?

Yes

Wouldnt the port groups need vlan IDs on them to tag them?

Usually, yes, but not always.

All sharing the 2 uplinks.

Are they really riding a trunk out, with no vlan identifying their port group?

They're probably tagging at the vmkernel port level. Or they're being steered out specific vmnics with a dedicated teaming policy. I don't know what they've done in that lab.

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

Thanks daphissov. You gave me a lot of food for thought.
I am fairly new to vmware but I do have a background in Cisco networking so I can understand.

You want to laugh?
The lab is from "101 Intro to virtualization"
This is where things are introduced.  Where things should be kept nice and simple and explain what they are doing.
Nice to know they have "hidden in the design" - as in mentioned nowhere in the lab- a back infrastructure assuming trunking etc. in an introduction to their product. :smileyhappy:

What's the HOL code for this so I can have a look?

HOL-1910-01-SDC-HOL

Thanks

Wondering if you got a chance to look into that lab daphnissov.  (titled 101 virtualization, looking into the 1 distributed switch on the 1 datacenter)
Were you able to see anything in there confirming the use of trunks.
Its the only thing that would make sense, but I drilled down into port groups, setting etc.
Every reference of VLAN ID is set to  -- (blank) and any policies seem not set, also vlans show disabled elsewhere.
thanks

I just had a look and it does look like a flat L2 that they're putting multiple networks on. Don't exactly know why they're doing this, but rest assured this is NOT standard practice for vSphere networking. I wouldn't lose too much sleep over this anomaly :smileyhappy:

thanks daphnissov.
I had also opened a tkt with the vmware lab support, and you are correct. This is not how it works.
They are using nested virtualization in the lab where they cant set up vlan ids assuming trunks being used.
So this is not standard as you confirmed.

I recenty passed my CCNA and there were labs on the exam, and I guess I was trained to look for what was broken. The lab exam questions were the meat of the exam.
Serial links with wrong authentication, incorrect parameters in OSPF etc. Router on a stick...
I guess they did a good job in drilling network concepts into my head.

Thanks again

I haven't done any of these in a bit, but they are generally pretty focused on the topics they are trying to teach. An ""101 Intro to virtualization" is should teach more about what make up a vm and how it relates to the esxi host. I think more advanced topics you thinking of are described in more detail in other HOL labs. If you went to college think of what they probably told you, everything you learned up till then was wrong. If you have hardware you can test with you can Signup  for Vmugs Advantage for 200 and they give you licenses for a good part of VMware products for 365 days, this includes a copy of VMware workstation as well for 365 days. That way you can setup everything on your own and see the complete experience, the HOL are get, but I prefer doing it this way. I learned probably a good 90% of what I know from having my own lab.

Anyone interested can check the properties of switch vsd-site-a
It has all kinds of networks going into it.

Dont know where vmkernel tagging is done yet or the policies on which card to select, still learning this tool.
The lab didnt cover those topics.

I do have a home lab set up, but every time I spin up the vcsa appliance it eats up all my RAM.
Plus it takes forever to boot up.
I have to spin esxi-1 up, then power up the vcsa appliance. Then vsphere web connect into it.
And then I have 1 gig of ram left for all my other PC tasks :smileyhappy:

It definitely appears to be a broken design.
Digging into it, vlans are disabled everywhere, and cant find any nic team policy steering port groups to specific vmnics.

Its as if they threw stuff together, created some vmkernel ports with no real thought as to where these things would plug into in the back end.

So it is breaking network laws it seems, unless I am still missing something.
Cant see this working a real world scenario.

If I had to guess the vm your using in the lab is connected to the same switch, which is why you can get to vcenter and the hosts. The storage looks to be FreeBSD server running iscsi which is connected directly to the same switch, in the same subnet. The same thing with the vms, they are all on the same subnet, so nothing is being routed and there is nothing needs its own broadcast domain. They probably have all the subnets assigned the access vlan they assigned to each of the switch ports. I'm no network engineer but I'm pretty sure this is call IP Multinetting which is how the lab looks to be setup.

Hey Sjesse,
Thanks for the info.
I started out my career many years ago as a network engineer, but damn if I dont forget stuff as I get old.
I dont think all those devices are on the same switch/subnet.
Having only the switch topology as the guidance of how the network fans out, there appear to be at least 3 different subnets.
I wrote them out previously in my earlier post 2 Class A networks and 1 Class C network.
The storage network is on its own subnet a 10.10.30.x  from what I recall.

So not assuming trunking (dont know the back end) and not assuming routing (why would we in a simple LAN layout)
we would need 3 standard switches 1 per network. Those of course can daisy chain to be more that one. I mean 3 different strands of networks.
I tend to think of them as 3 strands of christmas lights, each bulb being a node on that network. They dont meet if there is no routing or trunking.

So all those networks are coming in hodge podge on 4 uplinks?

The diagram I attached earlier shows all uplinks "lit up" active on all 4 networks (VMs, Mgmt, Storage, some other net).

Which card is going to which network??
I guess thats my question.

It seems all 4 cards are on all 4 networks.
Which as we all know Lans are very separate entities (again not assuming soume router or trunk outside the topology diagram).

This isn't supported in production, but you can cut the vsca down to 5gb of memory from 10gb and it still runs, and even to one core. It still takes for ever to start, but once its up its stable, at least in my experience.

ITs not free, but I think pluralsight.com is pretty good for the price, and the they have a course that teaches you the basis what you need for the vcp ceritication, which touches on just about everything you need to know to work with vSphere.. They even discuss how to setup a lab in VMware workstation.

thanks. i have enjoyed pluralsight and cbtnuggets in the past.
both good for IT training.