Configuring load balancing and failover policies

Teaming and failover settings on a dvPort are similar to the same settings on a vSS, but with an important addition.

You can view or change those settings in the Teaming and failover menu in the dvPort settings:

The different Load balancing settings are as follows:

• Route based on originating virtual port: VMs are distributed according to their associated virtual port ID on the virtual switch. After the virtual switch selects an uplink for a VM, it always forwards traffic through the same uplink. Note that, in this way, one VM can only use the bandwidth of one physical uplink.
• Route based on source MAC hash: VMs are distributed according to a hash algorithm based on the VM MAC address. Also, in this case, one VM can only use the bandwidth of one physical uplink.
• Route based on IP hash: VMs are distributed according to a hash algorithm based on the source and destination IP address of each packet. In this case, one VM can use more physical uplinks, but physical switches must be configured according to this configuration (ports corresponding to the virtual switch uplinks must be in Etherchannel mode).
• Route based on physical NIC load: The vDS checks the actual load of the uplinks and tries to reduce it on overloaded uplinks. The vDS tests the uplinks every 30 seconds, and if their load exceeds 75 percent of usage, the port ID of the virtual machine with the highest I/O is moved to a different uplink. Note that this option is available only with vDS.
• Use explicit failover order: In this case, there isn't any load balancing feature, but better resiliency.

Other failover (and failback) policies are as follows:

• Network failure detection: How to detect an uplink failure and start a failover to another active (or standby) uplink. The available methods are as follows:
  • Link status only: Use only on the link status that the physical NIC provides.
  • Beacon probing: Sends out and listens for specific Ethernet frames sent each second using broadcast or beacon probes. Requires at least three uplinks and cannot be used with IP Hash (or LCAP). For more information, see VMware KB 1005577 (https://kb.vmware.com/s/article/1005577)—What is beacon probing?
• Notify switches: During the failover or failback of one uplink, the virtual switch sends notifications over the network to update the lookup tables on physical switches.
• Failback: If a failed uplink returns online, the virtual switch sends the uplink back.

To minimize failover and failback operations, you can change the following settings on the physical switch:

• Disable the Spanning Tree Protocol (STP) on physical NICs that are connected to ESXi hosts.
• For Cisco-based networks, enable PortFast mode for access interfaces or PortFast trunk mode for trunk interfaces. This might save about 30 seconds during the initialization of the physical switch port.
• If available, use the PortFast Bridge Protocol Data Unit (BPDU) guard feature to prevent specific network topology attacks (https://kb.vmware.com/s/article/2017193).
• Disable the trunking negotiation.

For more information, see the vSphere 6.5 Networking guide (https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.networking.doc/GUID-4D97C749-1FFD-403D-B2AE-0CD0F1C70E2B.html).