Information Technology Reference
In-Depth Information
Master It
You'd like to use NIC teaming to bond multiple physical uplinks together for
greater redundancy and improved throughput. When selecting the NIC teaming policy,
you select Route Based On IP Hash, but then the vSwitch seems to lose connectivity.
What could be wrong?
Solution
The Route Based On IP Hash load-balancing policy requires that the physical
switch be also coni gured to support this arrangement. This is accomplished through link
aggregation, referred to as
EtherChannel
in the Cisco environment. Without an appropriate
link aggregation coni guration on the physical switch, using the IP hash load-balancing
policy will result in a loss of connectivity. One of the other load-balancing policies, such as
the default policy titled Route Based On Originating Virtual Port ID, may be more appro-
priate if the coni guration of the physical switch cannot be modii ed.
Master It
How do you coni gure both a vSphere Standard Switch and a vSphere
Distributed Switch to pass VLAN tags all the way up to a guest OS?
Solution
On a vSphere Standard Switch, you coni gure Virtual Guest Tagging (VGT, the
name of this particular coni guration) by setting the VLAN ID for the VM's port group
to 4095.
On a vSphere Distributed Switch, you enable VGT by setting the VLAN coni guration for
a distributed port group to VLAN Trunking and then specifying which specii c VLAN
IDs should be passed up to the guest OS.
Examine the options for third-party virtual switches in your environment.
In addition
to the vSphere Standard Switch and the vSphere Distributed Switch, vSphere also supports a
number of third-party virtual switches. These third-party virtual switches support a range of
features.
Master It
What three third-party virtual switches are, at the time of this topic's writing,
available for vSphere environments?
Solution
At the time this topic was written, the three third-party virtual switches
available for use with vSphere were the Cisco Nexus 1000V, the IBM Distributed Virtual
Switch 5000V, and the HP FlexFabric 5900v.
Coni gure virtual switch security policies.
Virtual switches support security policies
for allowing or rejecting Promiscuous mode, allowing or rejecting MAC address changes,
and allowing or rejecting forged transmits. All of the security options can help increase
layer 2 security.
Master It
You have a networking application that needs to see trafi c on the virtual net-
work that is intended for other production systems on the same VLAN. The networking
application accomplishes this by using Promiscuous mode. How can you accommodate
the needs of this networking application without sacrii cing the security of the entire vir-
tual switch?
Solution
Because port groups (or distributed port groups) can override the security pol-
icy settings for a virtual switch, and because there can be multiple port groups/distrib-
uted port groups that correspond to a VLAN, the best solution involves creating another
port group that has all the same settings as the other production port group, including
the same VLAN ID. This new port group should allow Promiscuous mode. Assign the
VM with the networking application to this new port group, but leave the remainder of
the VMs on a port group that rejects Promiscuous mode. This allows the networking
