July 2008

You are currently browsing the monthly archive for July 2008.

Understanding NIC Utilization in VMware ESX

Wednesday, July 16, 2008 in Networking, Virtualization by slowe | 58 comments

In early December of 2006, I wrote a very popular article on VMware ESX, NIC teaming, and VLAN trunking. In that article, I laid out the configuration for using both NIC teaming and VLAN trunking. In particular, the NIC teaming configuration in that article described the use of Cisco Gigabit EtherChannel for link aggregation, in which both the physical switch and the vSwitch are configured to distribute traffic across all the links between them.

Since that time, the question has come up many times: which method is better, with EtherChannel or without? Many engineers prefer not to use EtherChannel (or its standardized equivalent, static LACP/802.3ad) because of the added complexity involved. It’s easier to just team the NICs at the vSwitch level and leave the physical switches alone. That is true, but what about performance? And what impact does this have on NIC utilization?

There are two ways of handling NIC teaming in VMware ESX:

  1. Without any physical switch configuration
  2. With physical switch configuration (EtherChannel, static LACP/802.3ad, or its equivalent)

In the NIC teaming/VLAN trunking article I referenced above, I noted that there is a corresponding vSwitch configuration that matches each of these types of NIC teaming:

  1. For NIC teaming without physical switch configuration, the vSwitch must be set to either “Route based on originating virtual port ID”, “Route based on source MAC hash”, or “Use explicit failover order”
  2. For NIC teaming with physical switch configuration—EtherChannel, static LACP/802.3ad, or its equivalent—the vSwitch must be set to “Route based on ip hash”

In order to better understand how these settings and different configurations affect NIC utilization, I set out to do some tests in the lab. Most of my tests were centered around IP-based storage from the host (i.e., using NFS or iSCSI for VMDKs), and only tested two basic configurations: using “Route based on originating virtual port ID” and no link aggregation and using “Route based on ip hash” with link aggregation. Although the tests were slanted toward IP-based storage traffic, the underlying principles should be the same for other types of traffic as well. Here’s what I found.

NIC Teaming Without Link Aggregation

First, it’s important to understand the basic behavior in this configuration. Because the vSwitch is set to “Route based on originating virtual port ID”, network traffic will be placed onto a specific uplink and won’t use any other uplinks until that uplink fails. (This is described in more detail in this PDF from VMware.) Every VM and every VMkernel port gets its own virtual port ID. These virtual port IDs are visible using esxtop (launch esxtop, then press “n” to switch to network statistics). That’s simple enough, but what does this mean in practical terms?

  • Each VM will only use a single network uplink, regardless of how many different connections that particular VM may be handling. All traffic to and from that VM will be place on that single uplink, regardless of how many uplinks are configured on the vSwitch.
  • Each VMkernel NIC will only use a single network uplink. This is true both for VMotion as well as IP-based storage traffic, and is true regardless of how many uplinks are configured on the vSwitch.
  • Even when the traffic patterns are such that using multiple uplinks would be helpful—for example, when a VM is copying data to or from two different network locations at the same time, or when a VMkernel NIC is accessing two different iSCSI targets—only a single uplink will be utilized.

This last bullet is particularly important. Consider the implications in a VMware Infrastructure 3 (VI3) environment using the software iSCSI initiator with multiple iSCSI targets. Even though multiple iSCSI targets may be configured, all the iSCSI targets will share one uplink from that vSwitch using this configuration. Obviously, that is not ideal.

Note that this doesn’t really impact VMotion traffic, since VMotion is a point-to-point type of connection. VMotion would only be impacted if placed on a vSwitch with other types of traffic and their virtual port IDs were assigned to the same uplink.

NIC Teaming With Link Aggregation

In this configuration, EtherChannel/static LACP/802.3ad is configured on the physical switch and the ESX vSwitch is configured for “Route based on ip hash.” With this configuration, the behavior changes quite dramatically.

  • Traffic to or from a VM could be placed onto any uplink on the vSwitch, depending upon the source and destination IP addresses. Each pair of source and destination IP addresses could be placed on different uplinks, but any given pair of IP addresses can use only a single uplink. In other words, multiple connections to or from the VM will benefit, but each individual connection can only utilize a single link.
  • Each VMkernel NIC will utilize multiple uplinks only if multiple destination IP addresses are involved. Conceivably, you could also use multiple VMkernel NICs with multiple source IP addresses, but I haven’t tested that configuration.
  • Traffic that is primarily point-to-point won’t see any major benefit from this configuration. A single VM being accessed by another single client won’t see a traffic boost other than that possibly gained by the placement of other traffic onto other uplinks.

This configuration can help improve uplink utilization on a vSwitch because traffic is dynamically placed onto the uplinks based on the source and destination IP addresses. This helps improve overall NIC utilization when there are multiple VMs or when a VMkernel NIC is accessing multiple IP-based storage targets. Note again, though, that individual connections will only ever be able to utilize a single uplink.

Practical Application

I come back again to the question I asked earlier: what does this mean in practical terms?

  • If you want to scale IP-based storage traffic, you’ll have to use link aggregation and multiple targets. Using link aggregation with a single target (destination IP address) won’t use more than a single uplink; similarly, no link aggregation with multiple targets will still result in only a single uplink being used. Only with link aggregation and multiple targets will multiple uplinks get used.
  • Link aggregation will help with better overall uplink utilization for vSwitches hosting VMs. Because there are multiple source/destination address pairs in play, the vSwitch will spread them around the uplinks dynamically.
  • To achieve the best possible uplink utilization as well as provide redundancy, you’ll need physical switches that support cross-stack link aggregation. I believe the Cisco Catalyst 3750 switches do, as do the Catalyst 3120 switches for the HP c-Class blade chassis. I don’t know about other vendors, since I deal primarily with Cisco.

Clearly, this has some implications for efficient and scalable VI3 designs. I’d love to hear everyone’s feedback on this matter. In my humble opinion, extended conversations about this topic can only serve to better educate the community as a whole.

UPDATE: Reader Tim Washburn pointed out that the “Route based on Source MAC hash” actually can’t be used in conjunction with link aggregation; it’s behavior is identical to “Route based on originating virtual port ID”. Thanks for the correction, Tim!

Tags: , , , ,

In the Works

Tuesday, July 15, 2008 in General, Linux, Storage, UNIX, Virtualization by slowe | 3 comments

I just wanted to provide a quick update on some articles I have in the works to be (hopefully) published soon.

  • I’m working on an article discussing when to use various NIC teaming configurations with VMware ESX. There are some significant repercussions here for a variety of network configurations, but especially so for configurations involving IP-based storage (iSCSI or NFS).
  • I’m finally wrapping up an article on the Xsigo I/O Director. I’ve been working a Xsigo VP780 in the lab for quite some time, and this article will provide a brief overview along with some tips and tricks.
  • I received word from HP that I should be getting a ProCurve switch in my lab soon, so that means I can provide a ProCurve-oriented version of this NIC teaming and VLAN trunking article.
  • I have some notes on using NetApp Open Systems SnapVault (OSSV) in conjunction with VMware ESX that I plan to post here as well.

New versions of the Linux and Solaris AD integration articles are on the way as well, starting with an update of the Solaris instructions to accommodate Solaris 10 Update 5 and Windows Server 2008.

If there’s anything else you’re interested in seeing, let me know in the comments. Thanks for reading!

UPDATE: The NIC utilization article is available here.

Tags: , , , , , , , ,

TextMate

Monday, July 14, 2008 in Macintosh by slowe | 6 comments

Until just recently, I was using the free text editor Smultron for my text editing needs. To be absolutely honest, my text editing needs aren’t really that great; basically, I use a text editor to:

  • take quick notes during a meeting, seminar, or class;
  • edit the WordPress code (more precisely, the CSS style sheets most of the time) for this blog when I’m feeling adventurous; and
  • write articles to be submitted to my editors in plain text format.

Smultron is free and is a very capable text editor, but lately I’d been thinking of moving to a different text editor. Everyone raves about TextMate, so I downloaded it and I’m giving it a whirl. So far, so good; everything seems fine and performance is great. But here’s the real question: am I using a sledgehammer when what I really need is something much smaller?

I mean, TextMate seems like the “power user’s text editor,” and when it comes to text editing, I’m not a power user. Sure, I do a lot with my Mac; at any given time, I’m running Mail, Adium, Camino, NetNewsWire, OmniFocus, Ecto, various Office 2008 applications, Pukka, Skim, Preview, Graphic Converter, Colloquy, and VMware Fusion. So I would consider myself a “Mac power user,” but not a “text editing power user.” Make sense? Is TextMate too much power for what I do? I’d love to hear from readers as to their text editing needs and what tools they use to meet those needs.

Tags:

Storage Short Take #1

Monday, July 14, 2008 in Storage by slowe | 1 comment

My Virtualization Short Take series seems to be reasonably popular, so I thought I’d expand into another area that interests me: storage. Here is Storage Short Take #1! If this proves helpful or useful to readers, I’ll continue the series on an irregular basis.

  • If you’re new to SnapMirror, especially synchronous SnapMirror, this synchronous SnapMirror configuration guide may prove very helpful to you.
  • Good friend Nick Triantos discusses NetApp’s Storage Recovery Adapter (SRA) for VMware Site Recovery Manager (SRM). While the discussion is specific to NetApp, it’s a good example of how the storage vendors are responsible for implementing vendor-specific functionality in the SRA. The other storage vendors supporting SRM are responsible for the same things for their storage arrays and storage array functionality.
  • Isn’t this the truth—everyone and their brother has “storage virtualization” functionality built into their products these days. Frankly, I’m tired of hearing about it.
  • If you’re running VMs on NFS on NetApp storage, you’ll want to note this knowledge base article (NOW login required). It notes that a SCSI disk timeout increase may need to be set in order to accommodate cluster failover times.
  • I recently came across this white paper from Emulex and Cisco regarding the use of N_Port ID Virtualization (NPIV) in a VMware environment. Personally, I found it to be a bit light on the technical details and a bit heavy on the marketing side, but otherwise useful.
  • This tool from NetApp (NOW login required) can help with approximating storage I/O. It’s not perfect, but it might help provide some rough estimates. I’m sure other vendors have similar tools; readers are encouraged to share links to those tools in the comments.

Well, that’s it for now. I’d love to hear feedback (good or bad) from readers as to whether this is even remotely useful or interesting.

Tags: , , , ,

Tracking My Own Published Articles

Sunday, July 13, 2008 in General by slowe | No comments

For those that are interested, I’ve started bookmarking all my own published articles. They’re viewable on Delicious.com with the tag “Articles”, and you can also subscribe to the RSS feed for that tag as well. I was having a hard time keeping track of all the URLs where my articles had been published, so I thought I’d just go ahead and bookmark them so I had them for future reference.

I hadn’t really considered that doing this would also help me judge the popularity and/or usefulness of the article, as measured by the number of other people who also have it bookmarked. Of course, it also doesn’t hurt that this makes it easier for other people to find them as well. (Hey, you can’t blame me too much for wanting to promote my own work!)

Tags: ,

VMware HA Configuration Notes

Friday, July 11, 2008 in Networking, Virtualization by slowe | 18 comments

I recently wrapped up some testing in my lab around VMware HA; specifically, around VMware HA isolation response. My tests involved various network configurations and attempted to clearly document the behavior of VMware HA isolation response under different circumstances. I thought I’d share some of my findings here in the hopes that others would find this information useful as well. (Keep in mind that some of the stuff listed below is just common sense, but I’m including it here anyway just for completeness.)

  • Ensure that the vSwitch hosting the Service Console has at least two uplinks. Keep in mind that instead of leaving that second uplink primarily unused, you can place other traffic on the same vSwitch and use the “Override vSwitch failover order” option to direct traffic preferentially onto certain uplinks. (I’ll most likely post a separate blog entry about that so that I can explain that in more detail.)
  • Ensure that DNS is working correctly on all ESX hosts in the HA-enabled cluster. You should verify host name resolution for both short names as well as fully-qualified domain names (FQDNs). Although I’ve seen numerous recommendations to hard-code entries into /etc/hosts, this approach is difficult to manage and does not scale well. Just fix DNS instead.
  • Ensure that the Service Console’s default gateway responds to ping. If it does not, you’ll need to use the das.usedefaultgateway and das.isolationaddress parameters to change where VMware HA should check to see if it is isolated. Chad Sakac recently discussed these items as well, so check that entry for additional information.
  • In a Cisco networking environment, ensure that Portfast is enabled on all physical switch ports. This will help reduce the possibility of an isolation response occurring due to transient network issues. Otherwise, the delay to put the port into a forwarding state is longer than the isolation response timeout, and a brief loss of connectivity could easily result in triggering VMware HA isolation response.
  • If you are going to use a second Service Console port, be sure to specify a different IP subnet for the matching vswif interface. Otherwise, the Service Console’s routing table gets involved and tries to route everything through vswif0. That kind of defeats the purpose behind the secondary Service Console. My tests showed that isolation response was triggered every single time connectivity to vswif0 was lost when the secondary Service Console shared the same IP subnet as the primary Service Console interface.
  • It should go without saying, but be sure that the secondary Service Console port is placed on a different vSwitch than the primary Service Console port. (Common sense, I know, but it’s worth pointing out anyway.)
  • My tests have not shown that it’s not necessary to use a secondary isolation address when using multiple Service Console ports. The same post by Chad I linked to earlier seems to imply (unless I’m reading it incorrectly) that you should have multiple isolation addresses. I’m certainly open to any additional clarification any readers may be able to provide.

If you have any additional information or recommendations to share, please include them in the comments.

Tags: , , , ,

Windows Server 2008 Power Savings Whitepaper

Wednesday, July 9, 2008 in Microsoft by slowe | 1 comment

I got notice of this whitepaper back during Tech-Ed but it’s been sitting in my “blog posts to write when I get time” pile until now. Microsoft has posted a whitepaper (download it here) as well as a blog entry (viewable here) regarding Windows Server 2008′s new power saving functionality.

While some of the functionality is genuinely new and useful—like the monitoring of CPU utilization and throttling of CPU speed accordingly—some of the stuff in the blog entry, at least, isn’t. Including Hyper-V virtualization as a “power saving feature” of Windows Server 2008 is a bit disingenuous, since any server virtualization solution will provide power savings simply from the simple fact of consolidating multiple workloads onto a single server.

If you’re interested in learning more about how Windows Server 2008 attempts to reduce power usage, have a look at these resources.

Tags: , ,

Sanbolic Looking to Capitalize on Hyper-V Opportunity

Tuesday, July 8, 2008 in Microsoft, Storage, Virtualization by slowe | 6 comments

Sanbolic, whose Melio FS product I discussed a short while ago, announced today the availability of their Kayo file system. The official press release is here in PDF format. Quoting from the press release:

Sanbolic today announced that Windows Server 2008 Hyper-V virtual machines can now be stored on a single shared storage area network (SAN) storage volume using Sanbolic Kayo File System. The virtual machines can then be moved independently between physical host servers using Quick Migration because all host servers have shared access to the virtual machines files. Kayo FS will be price at $299 per host server and sold in a 5 license bundle.

Kayo FS is described as “VMFS for Hyper-V,” providing file level shared access to a shared SAN volume. This is distinguished from Sanbolic’s advanced file system, Melio FS, which provides byte-range locking and can provide concurrent access to application data on a SAN. The use of either Kayo FS or Melio FS resolves a key problem with Hyper-V deployments that want to take advantage of Quick Migration functionality, and that is that each VM would require its own LUN.

The introduction of Kayo FS also removes the key objection to the use of Melio FS for Hyper-V deployments: price. Kayo FS will be priced much lower than Melio FS; this means organizations adopting Hyper-V will be much more likely to swallow the cost of Kayo FS vs. Melio FS.

Tags: , , , ,

Greene is Out; What’s Next?

Tuesday, July 8, 2008 in Virtualization by slowe | 14 comments

What is up with this? In case you’ve been hiding under a rock—or, like me, have been on the road all day with no Internet access—VMware issued a press release today announcing the removal of Diane Greene as President and CEO of VMware, to be replaced by a former Microsoft executive, Paul Maritz. Where in the world did this come from?

I think that everyone knew that VMware’s meteoric revenues simply would not and could not continue as they had. Too many competitors, including Microsoft, were nipping at their heels. I’ve been saying for months that VMware needed to be diligent and continue to innovate, to keep the focus off the virtualization engine itself and keep the focus on the tangible business benefits of using virtualization. This means that VMware needs to continue to deliver game-changing technologies like live migration (VMotion), DRS, VMware HA, and Storage VMotion. As soon as customers see that other vendors are delivering “good enough” virtualization engines, VMware will begin to lose its luster. Is that what happened here, and Greene became the “fall guy”?

This site in the UK indicated that VMware had issued a fiscal 2008 shortfall, but I’ve been unable to locate that information, aside from this WSJ article that briefly mentions VMware lowering their revenue forecast. The same article also links to this Fortune article that indicates that Greene’s contract ended this month (I didn’t see that information in the linked article). Perhaps, as that article suggests it’s simply a failure to renew a contract. Whatever the reason, it’s a new era at VMware starting today.

We may never know the real reasons or motivations behind the move. The real question, in my mind, is what’s next? The relationship between EMC and VMware has always been an “arms length” relationship. Does the appointment of Paul Maritz, a former Microsoft executive and previously the director of EMC’s cloud computing business unit, signal a change in that relationship? Despite the rumors of EMC spinning out VMware, or the rumors of Intel buying VMware, there are others that think this signals the start of a new relationship:

But he agreed that a spin-off of the remaining VMware shares now looks less likely, since EMC has “essentially inserted one of its own as CEO.”

In addition, rumors from the field of EMC sales reps more closely aligning themselves with their VMware counterparts, and in some cases even inviting themselves onto VMware sales calls in an effort to pitch storage wares seem to indicate a new level of interaction (and perhaps integration?) between VMware and EMC. This move, led by Joe Tucci, also seems to indicate that the “arms length” relationship between VMware and EMC is now over. Is VMware’s autonomy now over? To borrow a line typically reserved for Microsoft, resistance is futile.

UPDATE: As expected, coverage of this is everywhere. Of the various articles covering this, I enjoyed this one the most. And I really have to agree—why in the world would you rattle the entire company by firing its CEO, possibly placing yourself in the position of losing its Chief Scientist (Mendel Rosenblum, who is Diane’s husband), right at the worst possible time? Microsoft is finally ready to compete with VMware. Why now? From where I’m sitting as an ordinary guy who knows absolutely nothing about running multibillion dollar companies, I have to say I think this was a boneheaded move.

Tags: ,

Evernote

Monday, July 7, 2008 in Macintosh by slowe | 3 comments

For the past few months, I’ve been messing around with Evernote, an information tracking/note-taking service. Evernote is interesting for a couple of reasons:

  • The service’s “claim to fame” is some proprietary image recognition technology that allows you to search for words found inside images. So you could store pictures in Evernote and then search for text found inside those pictures, for example. You have to synchronize your notes to their server (more below), where it is then processed for searching.
  • Evernote uses a hybrid web-based/local client arrangement, and makes clients available for a reasonably wide variety of platforms. I’m using the Mac OS X version, but there are also versions for Windows, Windows Mobile, and (soon) an iPhone version.
  • Evernote synchronizes your notes across all platforms, so you could create a note on your Mac laptop and then search it from your Windows Mobile smartphone. Each client synchronizes with the Evernote server(s) so that your notes are available from any client. You can also log in and view your notes from a Web browser as well.

Evernote just recently opened up their beta to the general public (it’s been a private beta until now). If this sounds like something that might be useful to you, go sign up and put it to work.

Personally, I’m still struggling with the best way to use Evernote. Thus far, my usage has been very light. I’ve particularly wrestled with getting information into Evernote. If any readers are also Evernote users, I’d love to hear how you’ve been using Evernote and which tool—the Evernote Clipper, the Web Clipper, printing as PDF into Evernote—seems to work best for you.

Tags: ,

« Older entries § Newer entries »