WilliamLam.com

Search Results for: nested esxi

ESXi Learnswitch – Enhancement to the ESXi MAC Learn DvFilter

by // 23 Comments

The ESXi MAC Learn dvFilter Fling was released a little over two years ago and it has become a must have when it comes to running our ESXi Hypervisor within a VM, also referred to as Nested ESXi. The reason this Fling has become such a popular hit amongst our customers and partners is that it greatly improves the performance when “Promiscuous Mode” is enabled on a Virtual or Distributed Virtual Portgroup, which is a requirement for using Nested ESXi. Although this Fling works great, there are a couple of limitations with this solution today. The first of which is called out in the original Fling release notes, that once a MAC Address has been learned, it never ages out which is not ideal for long running Nested ESXi environments that generates a large amount of new MAC Addresses. The second, is the lack of vMotion support where the learned MAC Address table is not transfered to the destination ESXi host and must be re-learned.

To help address both of these limitations, the folks over in the Network and Security Business Unit (NSBU) have been working hard to improve upon the existing solution and have developed a new native MAC Learning VMkernel module called the Learnswitch. This new Learnswitch not only helps improves Nested ESXi workloads but it can also potentially benefit other workloads such as Nested Containers or other 3rd Party network inspection software. One immediate difference from the previous MAC Learn dvFilter solution is that rather than operating on the Network IO Chain, the filtering is now performed within the outer virtual switch layer itself which will provide some additional performance gains. The other added benefit from an internal VMware standpoint is that the Learnswitch is now vmkapi compatible, which means we will have a better backwards compatible story for supporting old releases of ESXi. One downside to this new solution compared to the previous one is that because the dvFilter operated below the virtual switch layer, it could support both a Virtual Standard Switch as well as the Distributed Virtual Switch. With the new Learnswitch, a Distributed Virtual Switch will be required. If you currently do not meet the requirements of the new Learnswitch, you can continue using the dvFilter, but it is recommended that you do not mix both on a single system but you can definitely make use of both solutions across different ESXi hosts depending on the constraints of your environment.

Here are some of the new capabilities provided by the new Learnswitch module:

  • Overlay Network based that learning and filtering are done in Etherswitch forwarding check
  • MAC Address learning is based on VLAN ID or VXLAN ID on uplink and leaf port
  • Packet is filtered on uplink and leaf port if the MAC is learned on a different port
  • MAC Address table size is 32k per system
  • MAC Address aging support with default aging time of 5 minutes and configurable
  • Unknown unicast packet is flooded by default and configurable to drop
  • vMotion support that the MAC table learned on the port is transferred to destination host and RARP packet is sent
  • Standalone VMkernel module available as a VIB
  • net-learnswitch CLI to display MAC Address table, configuration and stats

[Read more...]

ESXi 6.5 Virtual Appliance is now available

by // 32 Comments

The much anticipated release of vSphere 6.5 has officially GA'ed and you can find all the release notes and downloads over here. Just like prior releases, I have created a new Nested ESXi Virtual Appliance to aide in quickly setting up a vSphere 6.5 environment for both educational as well as lab purposes. If you have not used this Virtual Appliance before, I strongly recommend you thoroughly review this blog post here for the background before proceeding further.

Disclaimer: Nested ESXi and Nested Virtualization is not officially supported by VMware, please use this at your own risk (the usual).

The new ESXi 6.5 Virtual Appliance includes the following configuration:

  • ESXi 6.5 OS [New]
  • GuestType: ESXi 6.5[New]
  • vHW 11 [New]
  • 2 vCPU
  • 6GB vMEM
  • 2 x VMXNET vNIC
  • 1 x PVSCSI Adapter [New]
  • 1 x 2GB HDD (ESXi Installation)
  • 1 x 4GB SSD (for use w/VSAN, empty by default)
  • 1 x 8GB SSD (for use w/VSAN, empty by default)
  • VHV added (more info here)
  • dvFilter Mac Learn VMX params added (more info here)
  • disk.enableUUID VMX param added
  • VSAN traffic tagged on vmk0
  • Disabled VSAN device monitoring for home labs (more info here)
  • VMFS6 will be used if user selects to create VMFS volume [New]
  • Enabled sparse swap (more info here[New]

To be able to import and use this new ESXi VA, you will need to be running at least vSphere 6.0 Update 2 in your environment as I take advantage of some of the new Nested ESXi enhancements in vSphere 6.5. If you need to run ESXi 6.5 on earlier versions of vSphere, then you can take my existing 5.5 or 6.0 VAs and manually upgrade to 6.5.

Now that you made it this far, here is download: Nested_ESXi6.5d_Appliance_Template_v1.ova

Lastly, I have also spent some time building some new automation scripts which takes advantage of my Nested ESXi VAs and deploys a fully functional vSphere lab environment without even breaking a sweat. Below is a little sneak peak at what you can expect 😀 Watch the blog for more details!

vsphere-6-5-vghetto-lab-deployment-1

How to enable vCenter Server High Availability (VCHA) in vSphere 6.5 w/single ESXi host?

by // 5 Comments

One of the big new features that was introduced in vSphere 6.5, exclusively for vCenter Server Appliance (VCSA), is the vCenter Server High Availability (VCHA) capablilty. Feidhlim O'Leary has an excllent blog post covering what VCHA provides as well as a couple of demo videos on how it works, definitely worth checking out! After upgrading one of my home lab enviornments to vSphere 6.5, I wanted to try out this feature from an educational standpoint and specifically around using new VCHA vSphere APIs.

Like most vSphere Home Labbers, I have limited hardware and if you try to enable VCHA with only a single ESXi host, you will see the following error:

This operation would violate a virtual machine affinity/anti-affinity rule.

enable-vcha-on-single-esxi-host-0
As you might expect, VCHA will automatically provision affinity rules to ensure that the active, passive and witness node are not all running on the same physical ESXi host. For a production deployment this is completely valid but for lab and testing purposes, this might be a tough requirement to satisfy. I was hoping there might be an override option and searching for the word "ha" in the vCenter Server Advanced Settings lead me to an interesting property called config.vpxd.vcha.drsAntiAffinity. This discovery was purely by luck and I had noticed it was set to true by default, so I decided to change it to false and see what would happen.

enable-vcha-on-single-esxi-host-1 
To my surprise, changing this setting worked and I was able to successfully enable VCHA in my lab with all three nodes just running on a single ESXi host 😀

enable-vcha-on-single-esxi-host-2
An alternative solution would be to deploy a 3-Node Nested ESXi cluster which would not require this modification, but my physical ESXi host was limited on memory, only 16GB and would have been a lot slower.