摘要:
为缺省安装的Service console添加冗余网卡
SC
[root@Esx01 ~]# esxcfg-vswitch -l
PowerCLI
[vSphere PowerCLI] C:\> Get-VirtualSwitch -vmhost esx1.vm.lcl|fl
SC
[root@Esx01 ~]# esxcfg-nics -l
PowerCLI
SC
[root@Esx01 ~]# esxcfg-vswitch -L vmnic1 vSwitch0
[root@Esx01 ~]# esxcfg-vswitch -l
PowerCLI
[vSphere PowerCLI] C:\> $vswitch = Get-VirtualSwitch -VMHost esx1.vm.lcl -Name VSwitch0
[vSphere PowerCLI] C:\> Set-VirtualSwitch -VirtualSwitch $vswitch -Nic vmnic0,vmnic1
VMkernel端口用来访问VMkernel的TCP/IP堆栈,用于VMotion,iSCSI,NAS/NFS访问以及FT
新建一虚拟交换机,其上建立两个VMkernel,一个用户来连接IP存储,另一个用来进行VMotion
先查看已经配置好的虚拟交换机,如果网卡充裕,可考虑将ISCSI和Vmotion隔离的方案,也就是分别建两个虚拟交换机.
ISCSI和Vmotion的IP地址可使用独立的子网,不必与虚拟机网络相同,相同的话也没关系.
依次执行如下命令,在一个虚拟交换机上创建两个使用目的不同的VMkernel端口,生产环境中如使用FT,也可考虑为FT单独创建一VMkernel.
SC
esxcfg-vswitch -l
esxcfg-vswitch -a vSwitch1
esxcfg-vswitch -L vmnic2 vSwitch1
esxcfg-vswitch -L vmnic3 vSwitch1
esxcfg-vswitch -A "ISCSI" vSwitch1
esxcfg-vmknic -a -i 192.168.1.33 -n 255.255.255.0 "ISCSI"
esxcfg-route 192.168.1.1
esxcfg-vswitch -A "vmotion" vSwitch1
esxcfg-vmknic -a -i 192.168.1.34 -n 255.255.255.0 "vmotion"
esxcfg-vswitch -A "vmotion" vSwitch1
esxcfg-vmknic -l
vmware-vim-cmd hostsvc/vmotion/vnic_set vmk1
vmware-vim-cmd hostsvc/vmotion/netconfig_get
当看到vmk1时,显示已经配置Vmotion
PowerCLI
$vswitch = New-VirtualSwitch -VMHost esx1.vm.lcl -Name vSwitch1
Set-VirtualSwitch -VirtualSwitch $vswitch -Nic vmnic2,vmnic3 -Confirm:$false
$vs = Get-VirtualSwitch -VMHost (Get-VMHost esx1.vm.lcl) -Name "vSwitch1"
New-VMHostNetworkAdapter -VMHost (Get-VMHost esx1.vm.lcl) -PortGroup ISCSI -VirtualSwitch $vs -IP 192.168.1.33 -SubnetMask 255.255.255.0
New-VMHostNetworkAdapter -VMHost (Get-VMHost esx1.vm.lcl) -PortGroup vmotion -VirtualSwitch $vs -IP 192.168.1.34 -SubnetMask 255.255.255.0 -VMotionEnabled:$true
指定缺省网关
$net = Get-VmHostNetwork -Host esx1.vm.lcl
Set-VMHostNetwork -Network $net -VMKernelGateway '192.168.1.1'
为两个VMkernel指定不同的网关
Set-VMHostNetwork -Network $net -VMKernelGateway '192.168.1.1' -VMKernelGatewayDevice 'vmk0'
Set-VMHostNetwork -Network $net -VMKernelGateway '192.168.1.1' -VMKernelGatewayDevice 'vmk1'
指定缺省网关的另一方法
$netMgr = Get-View (Get-VMHost <ESX-hostname> | Get-View).ConfigManager.NetworkSystem
$iproute = New-Object VMware.Vim.HostIpRouteConfig
$iproute.defaultGateway = "<IP-address>"
$netMgr.UpdateIpRouteConfig($iproute)
依次执行如下命令
esxcfg-vswitch -a vSwitch2
esxcfg-vswitch -L vmnic4 vSwitch2
esxcfg-vswitch -L vmnic5 vSwitch2
esxcfg-vswitch -A "productionlan" vSwitch2
NIC Teaming
vSwitch port-based load balancing (default)
虚拟机上的虚拟网络端口(类似于物理交换机上的端口)与某个特定的上联网卡相绑定,在端口与上联网卡之间维护平衡,只有该上联网卡故障时,才会发生故障转移.
缺点是有可能导致某个上联物理网卡负载较高,当虚拟网络适配器(客户端操作系统使用的适配器)的数量远多于上联的物理网卡数量时,才会达到平衡状态
Source MAC-based load balancing
该方案使用基于源MAC地址选择上行链路,优缺点与基于端口的负载平衡相似,当客户端配置有多块虚拟网络适配器时,也就是拥有了多个MAC地址时,有可能实现平衡
IP hash-based load balancing
基于源和目标的ip地址来选择上行链路,当某个虚拟机与不同的目标通讯时,有可能使用到不同的上联物理网卡
如果使用基于IP的负载平衡,要求所有的上联物理网卡连接到同一个物理交换机,硬件支持的话除外.
有的交换机支持网卡跨交换机的链接聚合,除此之外,要求所有的上联物理网卡连接到同一物理交换机,交换机上配置链接聚合.
ESX/ESXi支持静态模式的standard 802.3ad teaming,不支持Link Aggregation Control Protocol (LACP,链路聚合控制协议)和Port Aggregation Protocol (PAgP,端口聚集协议)
Link Aggregation Control Protocol (LACP) provides a method to control the bundling of several physical ports together to form a single logical channel. LACP allows a network device to negotiate an automatic bundling of links by sending LACP packets to the peer (directly connected device that also implements LACP).
Port Aggregation Protocol (PAgP) is a Cisco Systems proprietary networking protocol, which is used for the automated, logical aggregation of Ethernet switch ports, known as an etherchannel. This means it can only be used between Cisco switches and/or switches from licensed vendors. A similar purpose protocol known as LACP, released by the IEEE known as 802.3ad, is an industry standard and is not tied to any specific vendor.
A limitation of Port Aggregation Protocol is that all the physical ports in the aggregation group must reside on the same switch.
网卡绑定的故障检测
仅链路状态
物理网卡提供链路状态来标识上联网卡是否故障,常见的故障场景是网线松动或者物理交换机掉电
缺点:如果上联网卡连接到错误的交换机,该方法无法识别,也就无法故障转移.
信标检测
发送广播到NIC team中所有的物理网卡,当检测到下列情况(信标无法返回到物理网卡)则触发故障转移
Spanning Tree Protocol 阻塞端口(该协议决定哪些端口处于转发状态,哪些端口处于阻断状态,用来防止网络环路)
端口配置了错误的VLAN
级联的交换机故障
故障恢复
针对使用IP存储的VMkernel端口,应禁用故障恢复
通知交换机
启用该设置,如下事件发生时,交换机将收到来自虚拟交换机的通知
虚拟机启动
发生了VMotion
MAC地址变化
NIC team故障转移或者故障恢复
当某个端口组中的虚拟机使用微软的NLB时,需要禁用通知交换机
为了降低网络延迟,Vmware建议:
Disable Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) on the physical switches.
Disable Dynamic Trunking Protocol (DTP) or trunk negotiation.
Disable Spanning Tree Protocol (STP).
VMware recommends configuring Cisco devices to use PortFast mode for access ports or PortFast trunk mode for trunk ports.