vSphere 5.5 Standard Switch – Settings – Part 1

This 3 part article explains vSphere Standard Switch settings in detail.

• vSphere 5.5 Standard Switch – Settings – Part 1
• vSphere 5.5 Standard Switch – Settings – Part 2
• vSphere 5.5 Standard Switch – Settings – Part 3

Properties

Number of ports – defines the number of virtual ports on vSwitch. Before ESXi version 5.5 you could change number of virtual ports (maximum of 4,096 ports). From ESXi 5.5 number of ports is set to Elastic option (ports are dynamically added if needed, and removed when not required).

More information about number of ports is available at: VMware KB: 2064511

MTU (Bytes) – the maximum transmission unit (MTU) defines the maximum size of a packet. Default value is 1500 bytes, and maximum value is 9000 bytes. Everything above 1500 bytes is referred to as Jumbo Frame.

Note: to avoid packet fragmentation make sure all devices northbound of the vSwitch are using the same MTU size as vSwitch.

Security

Note: all security settings can be defined on vSwitch or portgroup level.

Promiscuous mode

Accept – allows VM’s to see frames from other VM’s on the same vSwitch and VLAN.

Reject – VM’s can’t see frames that are not meant for them.

More info about Promiscuous mode is available at: VMware KB: 1002934

To understand MAC address changes and Forged transmits you need to understand three types of MAC addresses that every VM has:

Effective MAC address – resides within VM guest operating system and it is automatically configured (can be manually modified by administrator) by that same guest operating system. Usually Effective MAC address is the same as Initial MAC address.

Initial MAC address – is MAC address of vNIC inside VM. Initial MAC address is automatically assigned for each VM vNIC by vSphere or it can be manually assigned by administrator. Think of Initial MAC address as physical NIC’s burned-in address.

Note: Initial MAC address can’t be changed by VM guest operating system.

Runtime MAC address – is address which is seen by the vSwitch port. Runtime MAC address is going to be the same as Effective MAC address.

MAC address changes – defines whether or not VM’s can receive frames if Initial MAC and Effective MAC address don’t match.

Accept – vSwitch will allow frames through port even if Initial MAC and Effective MAC address don’t match. Meaning VM guest OS is allowed to change Effective MAC address. This option is security risk because malicious user can configure VM to impersonate some other VM with the same MAC address.

Reject – in case that effective MAC address don’t match Initial MAC address, vSwitch will disable port.

More info about MAC address changes is available at: WahlNetwork – Rejecting VMware MAC Address Changes Explained

Forged transmits – defines whether or not VM’s can sent frames if Effective MAC and Source MAC address in 802.3 Ethernet frame don’t match.

Accept – vSwitch will allow frames through port even if Effective MAC and Source MAC address in 802.3 Ethernet frame generated by VM don’t match.

Reject – vSwitch port will drop frames if Effective MAC and Source MAC address in 802.3 Ethernet frame generated by VM don’t match.

Note: forged transmits security policy doesn’t compare Effective MAC and Initial MAC address, it only compares Initial MAC and Source MAC address.

More info about Forged transmits is available at:  WahlNetwork – How The VMware Forged Transmits Security Policy Works

Traffic Shaping

Note: traffic shaping shapes only outbound network traffic. Only vSphere Distributed Switch can control outbound/inbound network traffic with Network I/O Control.

Average bandwidth (Kbps) – defines the average amount of network bandwidth (in Kbps) that is allowed to go through a port.

Peak bandwidth (Kbps) – defines the maximum amount of network bandwidth (in Kbps) that is allowed to go through a port when using burst bonus.

Burst size (KB) – defines the maximum burst bonus. When network traffic is lower than average bandwidth we are collecting burst bonus that is allowed to be transmitted at the peak bandwidth rate until burst bonus is depleted.

Did you find this info about vSphere Standard Switch useful. If you think I have explained something wrong or you have some advice for me and other readers, please leave a comment.