0

Simple use case: one ESXi host installed on a physical server with two 1G NICs, both connected to one ToR physical L3 switch. The ESXi host has one vSwitch with both NICs as active uplinks, for failover and bandwidth purposes.

So far I've always used a trunked etherchannel on the physical switch, even in case no VM will have NIC(s) faster than 1G. Is it right?

In case etherchannel is an unnecessary overkill in such a scenario (for which I couldn't find the best practice), shall the two ports be set as simple (separated) trunks? Wouldn't it cause loops? Wouldn't it lead to a broadcast frame sent by the physical switch, been duplicated over both ports?

kuma
  • 158
  • 9
  • What do you want to accomplish with link aggregation? – ewwhite Mar 19 '19 at 20:45
  • @ewwhite if instead of having a vswitch and a physical switch I had 2 physical switches, I would've used link aggregation for preventing loops or spanning tree. Am I wrong in assuming vSwitch ≈ physical switch? – kuma Mar 19 '19 at 20:53

1 Answers1

1

vSwitch does not send ingress traffic from one uplink out of the other so you don't get loops. In fact this is a very (most?) common configuration for vSwitch.

Etherchannel does allow more than 1Gbit/s per VM, as it hashes source-target IP to different uplinks so you may get 1Gbit/s per source-target IP pair.

IMHO - unless you're heavily bandwidth constrained, stick to standalone ports.

Don Zoomik
  • 1,458
  • 9
  • 12
  • I didn't know that vSwitch does not send ingress traffic from one uplink out of the other. This is clear now. But what about a broadcast frame sent by the physical switch on a certain VLAN, which is allowed on both trunk uplinks: will it be duplicated on both? Is this desirable? – kuma Mar 21 '19 at 11:03
  • By default each vNIC is bound to single uplink (traffic coming to vNIC's MAC from another uplink is dropped) so no duplicate traffic. – Don Zoomik Mar 21 '19 at 14:29
  • Sorry this is unclear. I'm asking if physical switch actually sends a broadcast frame on both ports. In case of etherchannel, it would send on one port only right? What about here? – kuma Mar 21 '19 at 14:40
  • Both ports (vSwitch uplinks) get the broadcast frame. But as each VM's virtual NIC (vNIC) is internally bound to just one uplink (you only see VM's MAC in one switch port), each vNIC gets each broadcast frame only once. Broadcast frame from unbound uplinks to vNIC gets dropped. That is also why VMware stresses that etherchannel balancing policy must be IP-SRC-DST. If traffic gets in from wrong port due to wrong policy on switch side, it gets dropped. – Don Zoomik Mar 21 '19 at 15:31
  • Thanks. So I understand broadcast frame is sent by the physical switch on both uplinks. What about multicast frames, which would be even less desirable? – kuma Mar 22 '19 at 14:56
  • It depens on whether your switch supports IGMP.. VMware will filter it though: https://kb.vmware.com/s/article/2044735 – Don Zoomik Mar 22 '19 at 21:39