#VCP #Network #Concept Enterprise licensing is required for this feature. Distributed switches are running on the management plane (vCenter). Therefore if vCenter fails, distributed switches will still work on each ESXi host, on each esxi host a hidden switch is created and pushed to if any changes are made and are distributed. Configuration cannot be changed if vCenter is not available. vSphere Distributed switch do have different versions that offer different functionialites, depending on your host version you should always choose the latest version that is supported by all of your ESXi hosts. ![[_media/vSphere - Distributed Switch2024-07-19.png|600]] ## Benefits over Standard switch Distributed switch is much more scalable, as the same distributed switch can be used on multiple hosts and does not need to be configured on each ESXi Host separately. Much less administration is needed. Less time consuming and less prone to configuration errors. Distributed switch is created centrally in vCenter whereas the Standard switch needs to be created on each host, the management plane of a vDS is hosted on vCenter. more features than VSS: - NIOC - Load balance policy based off physical NIC load - Netflow traffic monitoring - Port Blocking - Inbound traffic shaping, VSS is outbound only. - Networking vMotion ## Distributed Port Groups Port groups that can only be created on a [[vSphere - Distributed Switch.md]] ### General Parameters - Port binding - Static binding - Each VM gets its own port and uses this port consistently, don't need to be rebuild or managed - Ephemeral - Certain use cases, can be used in vCenter downtime if VMs need to connect anyway - Port allocation - Elastic - Will automatically create new Ports for VMs to meet the demand - Static - Number of ports need to be adjusted for each new VM/Port - VLANs - VLAN type - VLAN - Virtual switch tagging, if VM is connected to this PG, the traffic will flow inside the vDS, tagged and sent out to external router (if the Destination VLAN is not the same) - VLAN trunking - OS Tagging, the vDS will not interact with the VLAN tag that is being sent from the OS, it will just pass it over. ### Security - Promiscuous mode - allows traffic on the port group to be sniffed fe. for IPS/Wireguard etc. - Should be reject per default, security risk - MAC Address changes - if the VM's MAC is different to the one referenced in the vmx, it will not allow it. - For inbound traffic - Forged transmits - Same as MAC Adress changes but for outbound traffic - can be used for licensing purposes ## Configuration - Number of uplinks - this should represent the number of phyiscal NICs this vDS should be configured on, usually if we only have on vDS this will be the number of physical NICs the ESXi host has access to. - Network I/O Control - Default port group - can be used to create a default portgroup with this vDS, this is not required. - MTU - needs to be configured the same as the phyisical network - Discovery protocol - See: CDP/LLDP - listen, advertise or both ## Private VLANs Used to isolate traffic inside the same VLAN. A secondary VLAN will be created for this purpose. 3 types of Private VLANs - Isolated - VMs inside this Network cannot communicate with each other - VMs can only communicate with VMs inside Promiscuous VLAN - Community - VMs can communicate inside the community VLAN - VMs cannot communicate with other Community VLANs - VMs can communicate with Promiscuous VLAN - Promiscuous - VMs inside this VLAN can be reached by all other Private VLANs ## LACP [[../../../Concepts/LACP.md]] can be enabled on a [[vSphere - Distributed Switch.md]] Load balancing methods have to be the same on both the hardware and ESXi. ## NIC Teaming All teaming methods from [[vSphere - Standard Switch.md]] are available aswell as some more mentioned below. ### Route based on Physical NIC load Monitors physical NIC load. Balances traffic to the different physical NICs, based on the congestion of the physical NIC. ## Features added in newer versions - 7.0.3 - NVMe over TCP - 7.0.2 - LACP Fast Mode - 7.0.0 - NSX Distributed Port Group - 6.6.0 - MAC learning - 6.5.0 - Port Mirroring Enhancements - 6.0.0 - NIOC - ICGMP snooping