Just wanted to do a quick follow-up to my earlier video on how to deploy the newest version of the Cisco Nexus 1000V (Click Here to see it). Knowing how to deploy the VSM is great, but it becomes most useful when you know how to configure port-profiles (analogous to portgroups in VMware’s Standard vSwitch and vDS).
There are two types of Port-Profiles:
1. VEthernet – governs how VMs communicate with the outside world (aka your virtual switch)
2. Ethernet – controls how vSphere Servers utilize the physical NIC cards (aka vmnics or pnics)
You need to define at least one type of each port-profile for your VMs to communicate with the outside world.
Now, before I dive into the command-line example, you may be wondering “Why can’t I just configure the 1000V Networking from the vSphere Client?” There are many answers to this question which include
“Allow the Network Admins complete insight into the virtual environment’s networking for troubleshooting network issues”
“Simplify the lives of the VM Admins: you just select the vSphere portgroup that corresponds to the 1000V port-profile when configuring your VM without having to know how to configure the underlying vSwitch”
In large environments that utilize Distributed Virtual Switches, most Network Admins do not have the time to learn vSphere in-depth to get into the vSphere Client and review its logs. Similarly for vSphere Admins, they don’t usually have time to learn Networking theory beyond the basics.
Now that we have that brief discussion out of the way, let’s look at some example code:
NOTE: I will be indicating my comments with a “//” prefix and different colored text. Please do not include them when creating your own port-profiles
First, an Ethernet Port Profile for my uplinks:
vmware port-group //indicate that this is a VMware port-group
switchport mode trunk //only indicate “trunk” if you will be handling multiple VLANs
switchport trunk allowed vlan 146-148 //specify the list of allowed VLANs
channel-group auto mode on mac-pinning //recommended setting for 1000V on UCS
no shutdown //make the port-profile active
system vlan 146-148 //allow communication on these VLANs even if VSM is down
state enabled //make the port-profile visible in the vSphere Client as a portgroup
Now, on to my VEthernet Port Profiles for my virtual networking:
I created two Port-Profiles for my 1000V management traffic. Again, it is not necessary to split up the management, control, and packet VLANs, they can all be on the same VLAN.
port-profile type vethernet Management //notice the keyword “vethernet” instead of “ethernet” VERY important
switchport mode access //only 1 VLAN on this portgroup. So, I specify “access”. you would only trunk multiple VLANs to a VM if it knows how to handle 802.1q traffic
switchport access vlan 146
system vlan 146
port-profile type vethernet ControlPacket
switchport mode access
switchport access vlan 147
system vlan 147
Then, I created a single Port Profile for my actual VM Traffic
port-profile type vethernet VM_Network
switchport mode access
switchport access vlan 148
system vlan 148
When it is time to select portgroups for my Virtual Machines (see the screenshot below), you can tell which portgroups belong to the 1000V vs the Standard Switch by the naming convention.
The Nexus 1000V VSM’s name (in this example “VSM”) is appended to every VMware Portgroup that is generated from a VSM Port-Profile. This helps clear up any confusion in case you happen to give a 1000V Port Profile the same name as a Standard vSwitch’s Portgroup.
If you have any comments\suggestions, please let me know in the comment boxes below.