You can create a maximum of 127 virtual switches on a single ESXi host. By default, each ESXi host has a single virtual switch called
vSwitch0. By default, a virtual switch has 56 logical ports. See the
Configuration Maximums document on the vSphere documentation main page for details. Ports connect to the virtual machines and the ESXi physical network adapters.
When two or more virtual machines are connected to the same virtual switch, network traffic between them is routed locally. If an uplink adapter is attached to the virtual switch, each virtual machine can access the external network that the adapter is connected to.
The command prints information about the virtual switch, which might include its name, number of ports, MTU, port groups, and other information. The output includes information about CDP settings for the virtual switch. The precise information depends on the target system. The default port groups are
Management Network and
VM Network.
You can retrieve information about virtual switches by using the vcifg-vswitch command. Specify one of the options listed in
Connection Options in place of
<conn_options>.
The command prints information about the virtual switch, which might include its name, number of ports, MTU, port groups, and other information. The default port groups are
Management Network and
VM Network.
If CDP is enabled on a virtual switch, ESXi administrators can find out which Cisco switch port is connected to which virtual switch uplink. CDP is a link-level protocol that supports discovery of CDP-aware network hardware at either end of a direct connection. CDP is bit forwarded through switches. CDP is a simple advertisement protocol which beacons information about the switch or host and some port information.
You can add and delete virtual switches using the esxcli network vswitch standard namespace. Specify one of the options listed in
Connection Options in place of
<conn_options>.
You cannot delete a virtual switch if any ports on the switch are still in use by VMkernel networks or virtual machines. Run
esxcli network vswitch standard list to determine whether a virtual switch is in use.
You can add and delete virtual switches using the --add|-a and
--delete|-d options. Specify one of the options listed in
Connection Options in place of
<conn_options>.
Network services connect to vSwitches through port groups. A port group allows you to group traffic and specify configuration options such as bandwidth limitations and VLAN tagging policies for each port in the port group. A virtual switch must have one port group assigned to it. You can assign additional port groups.
You can use esxcli network vswitch standard portgroup to check, add, and remove port groups. Specify one of the options listed in
Connection Options in place of
<conn_options>.
Network services connect to virtual switches through port groups. A port group allows you to group traffic and specify configuration options such as bandwidth limitations and VLAN tagging policies for each port in the port group. A virtual switch must have one port group assigned to it. You can assign additional port groups. Specify one of the options listed in
Connection Options in place of
<conn_options>.
You can use vicfg-vswitch to check, add, and remove port groups.
If your setup includes one or more port groups, you can associate each port group with one or more uplink adapters (and remove the association). This functionality allows you to filter traffic from a port group to a specific uplink, even if the virtual switch is connected with multiple uplinks. Specify one of the options listed in
Connection Options in place of
<conn_options>.
If your setup includes one or more port groups, you can associate each port group with one or more uplink adapters (and remove the association). This functionality allows you to filter traffic from a port group to a specific uplink, even if the virtual switch is connected with multiple uplinks. Specify one of the options listed in
Connection Options in place of
<conn_options>.
Run vicfg-vswitch -l to retrieve information about VLAN IDs currently associated with the virtual switches in the network.
Run esxcli network vswitch standard portgroup list to list all port groups and associated VLAN IDs.
You can manage uplink adapters, which represent the physical NICs that connect the ESXi host to the network by using the
esxcli network nics or the
vicfg-nics command. You can also use
esxcli network vswitch and
esxcfg-vswitch to link and unlink the uplink.
You can use vicfg-nics to list information and to specify speed and duplex setting for the uplink.
You can use esxcli network nic to list all uplinks, to list information, to set attributes, and to bring a specified uplink down or up.
The following example workflow lists all uplink adapters, lists properties for one uplink adapter, changes the uplink’s speed and duplex settings, and brings the uplink down and back up. Specify one of the options listed in
Connection Options in place of
<conn_options>.
|
1
|
The portgroup nic array is [vmnic1, vmnic0, vmnic3, vmnic5, vmnic6, vmnic7] and active-uplinks is set to three uplinks ( vmnic1, vmnic0, vmnic3). The other uplinks are standby uplinks.
|
If you want to keep vmnic0 and
vmnic1 in the array, you can make those NICs standby uplinks in the command that changes the active uplinks.
The following example workflow lists an uplink adapter’s properties, changes the duplex and speed, and sets the uplink to autonegotiate its speed and duplex settings. Specify one of the options listed in
Connection Options in place of
<conn_options>.
|
3
|
Set vmnic2 to autonegotiate its speed and duplex settings.
|
When you create a virtual switch using esxcli network vswitch standard add, all traffic on that virtual switch is initially confined to that virtual switch. All virtual machines connected to the virtual switch can talk to each other, but the virtual machines cannot connect to the network or to virtual machines on other hosts. A virtual machine also cannot connect to virtual machines connected to a different virtual switch on the same host.
Having a virtual switch that is not connected to the network might make sense if you want a group of virtual machines to be able to communicate with each other, but not with other hosts or with virtual machines on other hosts. In most cases, you set up the virtual switch to transfer data to external networks by attaching one or more uplink adapters to the virtual switch.
You can use the following commands to list, add, and remove uplink adapters. When you link using ESXCLI, the physical NIC is added as a standby adapter by default. You can then modify the teaming policy to make the physical NIC active by running the command
esxcli network vswitch standard policy failover set.
When you create a virtual switch using vicfg-vswitch --add, all traffic on that virtual switch is initially confined to that virtual switch. All virtual machines connected to the virtual switch can talk to each other, but the virtual machines cannot connect to the network or to virtual machines on other hosts. A virtual machine also cannot connect to virtual machines connected to a different virtual switch on the same host.
Having a virtual switch that is not connected to the network might make sense if you want a group of virtual machines to be able to communicate with each other, but not with other hosts or with virtual machines on other hosts. In most cases, you set up the virtual switch to transfer data to external networks by attaching one or more uplink adapters to the virtual switch.
VMkernel network interfaces are used primarily for management traffic, which can include vMotion, IP Storage, and other management traffic on the ESXi system. You can also bind a newly created VMkernel network interface for use by software and dependent hardware iSCSI by using the
esxcli iscsi commands.
The VMkernel network interface is separate from the virtual machine network. The guest operating system and application programs communicate with a VMkernel network interface through a commonly available device driver or a VMware device driver optimized for the virtual environment. In either case, communication in the guest operating system occurs as it would with a physical device. Virtual machines can also communicate with a VMkernel network interface if both use the same virtual switch.
Each VMkernel network interface has its own MAC address and one or more IP addresses, and responds to the standard Ethernet protocol as would a physical NIC. The VMkernel network interface is created with TCP Segmentation Offload (TSO) enabled.
|
1
|
Run esxcli network ip interface add to add a new VMkernel network interface.
|
|
2
|
Run esxcli network ip interface ipv6 address add to configure the interface as an IPv6 interface. You must specify the IP address using - - ip and the name. For the following examples, assume that VMSF-VMK-363 is a port group to which you want to add a VMkernel network interface.
|
|
■
|
--enable-dhcpv6: Enables DHCPv6 on this interface and attempts to acquire an IPv6 address from the network.
|
|
■
|
--enable-router-adv: Use the IPv6 address advertised by the router. The address is added when the router sends the next router advert.
|
|
1
|
Run vicfg-vmknic --add to add a VMkernel network interface.
|
You must specify the IP address by using - -
ip, the netmask, and the name. For the following examples, assume that VMSF-VMK-363 is a port group to which you want to add a VMkernel network interface.
You can later use --disable-vmotion to disable vMotion for this VMkernel network interface.
|
1
|
Run vicfg-vmknic --add to add a VMkernel network interface.
|
You must specify the IP address by using - -
ip, the netmask, and the port group name. For the following examples, assume that VMSF-VMK-363 is a port group to which you want to add a VMkernel network interface.
|
■
|
DHCPV6 – Use DHCP IPv6 address. The VMkernel supports DHCP only for ESX/ESXi 4.0 and later.
|
|
■
|
AUTOCONF – Use the IPv6 address advertised by the router. If you create a VMkernel network interface with AUTOCONF, an address is assigned immediately. If you add AUTOCONF to an existing vmknic, the address is added when the router sends the next router advert.
|
You can later use --disable-vmotion to disable vMotion again.