VMware VCA 1V0-701 – VMware Certified Associate 6 (Retired) Part 2

18. Virtual Switch Features

In this video we’ll learn about some of the features that can be provided with Vsfair Standard and Vs Fare Distributed Virtual Switches. And some of these features are unique to the Distributed Switch only. So with Vsfair, there’s two different types of virtual switches. The standard Virtual Switch comes with all licensing editions and it has a basic feature set, whereas the Visa Distributed Switch has an enhanced feature set and is only available with the Enterprise Plus Licensing Edition.

So I’ll differentiate between the two as we go through all of these features and learn about them. And the first feature that we’re going to talk about here is discovery protocols, either CDP or LLDP. CDP stands for cisco Discovery Protocol. And LLDP stands for link layer discovery Protocol.

And these are useful features that have been around for a long time on physical networking hardware. What these discovery protocols are used for is to learn information about other network devices that are connected. Like for example in our little diagram here, assume that this ESXi host has a Vsphere Standard switch.

So we’ve got the Vsfirst Standard switch configured on the ESXi host and that Vsfirst Standard Switch has some physical connections to a Cisco switch, a physical switch. We can configure Cisco Discovery protocol to allow it to discover some of the characteristics of the physical switch itself. We’re going to allow it to learn information about the physical switch. Things like the IP address of the switch, things like which physical adapter is connected to which physical switch port.

So VM Nick zero is connected to physical switchboard zero one, VM Nick one is connected to switchboard zero two. And that can help us to make sure that we don’t accidentally unplug the wrong cable. So that’s CDP Cisco Discovery Protocol, and that is a Cisco specific discovery protocol that is available on a Vs Fare Standard switch.

LLDP is basically the exact same thing, except for it’s not a Cisco specific technology. LLDP stands for Link Layer Discovery Protocol and it’s only supported on the Vsphere Distributed Switch, but it does basically the exact same thing. It just allows you to discover information about the other devices on the network. When we’re using a Vsphere Distributed Switch, we can create traffic marking and traffic filtering policies.

So for example, we could create a filtering policy for some incoming traffic from a certain IP address range or certain TCP port. And when that traffic hits the Vs Fare Distributed Switch, the Vs Fare Distributed Switch will take the specified action, maybe dropping the packet.

Or we could even have it take certain actions like assigning a class of service or DSCP tags to provide quality of service on outgoing traffic. So as this traffic is leaving the virtual switch and heading to the physical network, we can set up a policy in the Visa for a Distributed Switch to create these class of service or quality of service tags. And then as that traffic hits the physical network.

It will actually respect the quality of service values that we’ve appended. So that’s traffic filtering and tagging, it’s basically an access list in the Virtual Switch that can drop or accept certain types of traffic or can apply quality of service values. And again, in this course we cover this at a very basic level. I just want you to be familiar with the features that are available. We don’t really get into how to configure a lot of these features or a lot of the very detailed specifics about how these features operate. We just want you to be aware of the features that are available and what they do. So another good feature is network health check. Again this is something that’s supported only on the Vs for Distributed Switch.

And basically, here’s what Network health check does. You can run a Network Health Check in the Vs Fare web client and what it will do is it will compare the configuration of your Vs Fare Distributed Switch like really critical configuration items like what’s the MTU or what’s the Nick teaming method or the VLAN configuration. And it’ll compare those configurations to how the physical switch is configured and tell you if there are inconsistencies that you can easily identify and fix. So that’s the purpose of Network Health Check is to validate the configuration of the Vsphere Distributed Switch against the configuration of a physical switch.

NetFlow is another feature that’s only supported on a Vsphere Distributed Switch. What it basically does is it tracks all of the traffic that’s going on in your environment and it sends reports to a centralized server. It’s kind of like a kid that tells on all his friends and the NetFlow Collector is like the mom that he’s telling on them with. So for example, let’s say that we have a virtual machine that sends some traffic to an email server. Well what will happen with NetFlow is the Virtual Switch will actually track that traffic and it will send a little report to this NetFlow Collector saying, hey, you know, ten one oneone, just talked to this email server over port 80 and here’s how much traffic it sent. And this allows the NetFlow Collector, whether it’s like what’s up gold or solar winds or any of those options, it allows the NetFlow collector to build up a detailed historical record of all the traffic that’s occurring on this network. So that if you need to do forensic analysis or figure out traffic patterns over time or maybe have an issue that occurred like 01:00, people said everything was slow. Well now you can go into that NetFlow Collector and look at what was happening at 01:00 and you’ll have a nice historical record of all of the traffic occurring. That’s the purpose of NetFlow. Again, this is something that’s been around forever in the physical network. And the Vsphere Distributed Switch can be configured for NetFlow and can send these reports to a NetFlow collector. And the last feature we’re going to talk about here is port mirroring. So port mirroring can be used to send a copy of all the traffic on one port to another port. So for example, let’s say that this traffic is flowing in and it’s destined for one of these virtual machines. Well, we can set up a port mirroring session to say any traffic for this particular port should also be mirrored to this other port. So maybe what I want to do is put a sniffer or put wire shark or something running on the second port so that I can monitor all the traffic that’s actually hitting the first port. That’s what port mirroring is used for.

And there’s all sorts of different port mirroring session types that you can set up. Again, we do more in the other Vs fair courses. We kind of get a little deeper on those things. For the purposes of the VMware certified associate, what you need to know is port mirroring is a way to take all of the traffic that’s occurring on one port and send an identical copy of that traffic to some destination, usually another port, on a distributed switch. Okay, so let’s take a moment to review. In this lesson, we learned about Cisco discovery protocol and link layer discovery protocol and how they can be used to discover information about other network devices.

We learned about NetFlow and how it can be used to send historical traffic records to a centralized collector so that we can analyze historical traffic patterns and do things like forensic analysis or determine the root cause of intermittent performance issues. We learned how traffic filtering and marking can be used on the Vsphere distributed switch to do things like drop certain types of traffic or apply quality of service tags to certain types of traffic. And we learned how port mirroring can be used to take traffic that’s occurring on one port and send a mirrored copy of it to another port.

19. Network I/O Control

In this video, I’ll introduce you to Network IO control. And we’re going to learn about network I o control at a very basic level for the VMware certified associate course. You just need to basically understand what this feature is and so we’re not going to get into how to configure it or all the different configuration options that are available. I just want to cover this at a very high level. So Network I O Control can be used to enforce shares, limits and reservations for different types of network traffic and it’s only supported on the Vsphere Distributed Switch. And the goal of Network I O Control is to ensure that certain types of traffic are granted sufficient bandwidth if there’s contention. So for example, in this diagram that we’re looking at here, we have different types of traffic flowing over our physical network. We have Virtual Machine traffic, which is granted 100 shares, and then we have the Motion traffic and some storage traffic.

I scuzzy. What we can do is we can grant these share values to ensure that during times of contention, virtual Machine traffic is going to get twice as much bandwidth as either of those other types of traffic. So if there are certain types of traffic that are critical, we can prioritize those over other types of traffic. We can also create limits and reservations as well.

So if I want to guarantee a certain type of traffic some bandwidth, or if I want to limit, maybe I want to limit VM traffic from my development machines to a certain amount of bandwidth, I can do that as well. So that’s what network I o control is for. And for the VMware Certified Associate Exam, that’s really all you need to know, that the Network IO control feature is used to prioritize certain types of network traffic over other types of network traffic. It’s available on the VCR Distributed Switch and it enforces these controls on the physical network. So as traffic is leaving the Virtual Switch bound for the physical network, that’s when these Network I O control traffic settings are actually enforced.

20. NSX

In this video, I’ll introduce VMware’s NSX product. Now, we could spend a whole week just learning about NSX. As a matter of fact, I regularly teach classes that take a whole week just learning about NSX. But what I want to focus on in this particular video is what you need to know for the VMware certified Associate Exam. And we really don’t don’t need to know a whole lot about NSX for that exam, but we do need to know essentially what it’s used for. So with a traditional physical network, we have some challenges that NSX can help us overcome. And some of those challenges include how long does it take to get a new physical switch deployed, or a new VLAN, or new subnet? And what if we could abstract virtual networking from the physical hardware? What if we needed a new layer two segment? We could just roll it out right in the virtual network without having to make any changes on the physical network. That’s the goal of NSX is to basically allow us to make network changes, and the physical network gear becomes simple transport capacity.

We can make whatever changes we want on the virtual side, on the NSX side. So NSX is actual network virtualization. It’s not a virtual network. It’s taking those network components that have traditionally been physical components like routers and firewalls and providing virtual equivalents to those systems so that we can control everything with software. And it doesn’t really matter what kind of physical hardware we’re using, just like we do with our virtual machines. Think about virtual machines. Does it really matter if your VM is running on an HP host or a Dell host or an IBM host or whatever? The physical gear is essentially just compute horsepower, it’s processors, it’s memory, and that’s it.

That’s where we’re trying to get with networking. That’s the goal of NSX, is to get to a similar place with networking where we don’t really care what the underlying physical network is made up of. We can make all of our changes, customize everything, set everything up that requires intelligence in software. So that’s the goal of NSX is to allow us to do things like create logical switches, create logical routers, right, move that layer three routing functionality into a virtual device, move firewalling into the virtual space as well, and give us this firewall called a distributed firewall that we can apply at an individual Virtual machine level. You may have heard of a term called micro segmentation. That’s what we try to do with NSX. So the NSX comes with a distributed firewall that allows us to configure firewall rules that can be applied at an individual Virtual Machine level. So it has some huge advancements from a security perspective.

There’s also all of these edge services like load balancing and VPNs and layer two bridges and all sorts of other options that we can provide with edge services of NSX. And it has very tight integration with third party vendors as well for things like deep packet inspection and intrusion prevention systems and things like that. So here’s kind of a quick look at the NSX overall functionality. So we have all of these network services that have been traditionally provided by physical hardware, like switches. Here’s a logical switch, an NSX logical switch. Here’s another logical switch. So we can easily spin up and roll out logical switches with layer two segments that exist only within NSX. And that’s one of the biggest differences that NSX gives us. So you may be thinking right now, well, we’ve already got traditional virtual switches. We’ve got distributed switches, we’ve got standard switches. Why do I care about a new type of virtual switch called the logical switch? Well, just think about it this way.

If I decide to create a new distributed switch or a new standard virtual switch, I have to create all the matching VLANs in my physical hardware. I have to set up my router to route those VLANs. If I create a new logical switch, everything is contained within my virtualized network, and I do not need to make any changes to the physical hardware. I don’t even use VLAN on those logical switches. So that’s what I’m talking about when I say decoupling the network from the physical hardware, it allows you to make whatever changes you want in the NSX environment without having any reliance on the reconfiguration of the physical network hardware.

And we can even put in routers distributed, logical routers distributed firewalls. We can put in an edge firewall, load balancer VPN solutions, and we can layer all of this on top of the existing physical network hardware that we already have. So NSX is going to be huge. It’s already pretty huge. And as time goes on, it’s only going to get bigger because it adds so much capabilities and functionalities to a virtualized environment so that you can just do all of the stuff in the network that you could not not really even do a lot of it before. But also, the decoupling of the network configuration from the physical network hardware is a huge selling point for.