VMware vSphere networking can often be plagued by misconfigurations and other settings that can cause issues in your vSphere environment. Even though the vSphere Distributed Switch (VDS) helps to eliminate many of the issues that can come about with the vSphere Standard Switch, the VDS can still be the subject of misconfiguration issues that can cause network connectivity problems in your vSphere environment. In case you didn’t know, in the vSphere Client, you can gain access to a built-in “health check” tool of sorts specifically for checking your vSphere Distributed Switches. This is called the vSphere Distributed Switch Health Check. What are common network misconfigurations that can happen? What is the vSphere Distributed Switch Health Check and how is it enabled? Let’s take a look.
Common vSphere Network Configuration Errors
There are a number of issues and errors that can be the result of misconfiguration of the vSphere Distributed Switch as well as the physical switches backing your vSphere environment.
These include the following:
- Mismatched VLAN trunks between a vSphere distributed switch and physical switch.
- Mismatched MTU settings between physical network adapters, distributed switches, and physical switch ports.
- Mismatched virtual switch teaming policies for the physical switch port-channel settings.
What is the vSphere Distributed Switch Health Check?
First of all, what is the vSphere Distributed Health Check exactly? The vSphere Distributed Switch health check helps to identify and automate the troubleshooting of configuration issues with the vSphere Distributed Switch (VDS) and mismatched configurations between the VDS and the physical network.
The vSphere Distributed Switch health check takes a look at specific settings in the VDS as well as physical switches to help pinpoint common configuration errors in the settings of your VDS configuration. These include:
- VLAN: Checks whether vSphere distributed switch VLAN settings match trunk port configuration on the adjacent physical switch ports.
- MTU: Checks whether the physical access switch port MTU setting based on per VLAN matches the vSphere distributed switch MTU setting.
- Network adapter teaming: Checks whether the physical access switch ports EtherChannel setting matches the distributed switch distributed port group IP Hash teaming policy settings.
The vSphere Distributed Switch health check checks for the following configuration errors:
|Configuration Error||Health Check||Required Configuration on the Distributed Switch|
|The VDS VLAN trunk ranges must match the VLAN trunks that are configured on the physical switch. If these do not match, an error is recorded||Checks whether the VLAN settings on the distributed switch match the trunk port configuration on the connected physical switch ports.||At least two active physical NICs|
|MTU settings such as configuring “jumbo frames” must match between the vSphere Distributed Switch MTU settings and the MTU settings configured on the physical switch uplinking the ESXi host||Checks whether the physical access switch port MTU jumbo frame setting based on per VLAN matches the vSphere distributed switch MTU setting.||At least two active physical NICs|
|The teaming policy configured on the virtual switch does not match the teaming policy on the physical switch and its configured port-channel type||Checks whether the connected access ports of the physical switch that participate in an EtherChannel are paired with distributed ports whose teaming policy is IP hash.||At least two active physical NICs and two hosts|
Requirements of the vSphere Distributed Switch Health Check
What are the requirements to enable the vSphere Distributed Switch Health Check?
- VLAN and MTU check – There must be at least two physical uplinks connected to the VDS.
- Teaming policy check – There must be at least two active uplinks in the teaming and at least two hosts in
How Does It Work?
Every 1 minute the vSphere Distributed Switch Health Check sends out layer 2 Ethernet probing packets that it uses to check both the phsyical uplink and the interfaces of the VDS. The REQ and ACK packets are used to test if the packets are received or dropped. If they are dropped the VDS Health Check “knows” there is a possible configuration issue and displays a warning in the vSphere Client.
Enabling the vSphere Distributed Switch Health Check
By default, the vSphere Distributed Switch health check is not enabled and configured by default.
Navigate to Networking > VDS Switch > Configure > Health Check. Click the Edit button to configure the settings for the VDS health check.
The Edit Health Check Settings dialog box opens. Change the VLAN and MTU state to Enabled as well as the Teaming and failover state to Enabled. Click the OK button.
To verify the VDS health check has been enabled, navigate to the Monitor > Health menu for the VDS Switch. You should see both the VLAN and MTU health check and the Teaming and failover health check are enabled.
VDS Health Check Important Point to Note
VMware details that depending on the options you select, the VDS health check can generate a significant number of MAC addresses for testing the teaming policy, MTU size, and VLAN configuration. This results in extra traffic and MAC addresses in your MAC tables of your physical switches.
Once the settings are disabled, the extra MAC addresses will age out of your physical network according to your physical device configuration.
The VDS health check is a great built-in tool that allows finding and correcting configuration issues between your vSphere Distributed Switch and the physical network backing your vSphere environment.
It can be used to easily pinpoint issues with MTU size, VLAN configuration, and teaming policies. Be aware though there is overhead for enabling this feature due to extra MAC addresses and network traffic. Most likely it will be a feature you turn on to troubleshoot and then disable once an issue is found and resolved.