There are two types of QoS Marking/Tagging common in networking are 802.1p (COS) applied on Ethernet(Layer 2) packets and Differentiated Service Code Point (DSCP) Marking applied on IP packets. The physical network devices use these tags to identify important traffic types and provide Quality of Service based on the value of the tag. As business critical and latency sensitive applications are virtualized and run in parallel with other applications on ESXi hosts, it is important to enable traffic management and tagging features on the VDS.
The traffic management feature on the vDS helps reserve bandwidth for important traffic types, and the tagging feature allows the external physical network to understand the level of importance of each traffic type. It is a best practice to tag the traffic near the source to help achieve end-to-end Quality of Service (QoS). During network congestion scenarios, the tagged traffic doesn’t get dropped which translates to a higher Quality of Service (QoS) for the tagged traffic.
Once the packets are classified based on the qualifiers described in the traffic filtering section, users can choose to perform Ethernet (layer2) or IP (layer 3) header level marking. The markings can be configured at the port group level.
Lets Configure this , so that i can ensure that my business critical VMs are getting higher priority at physical layer…
Login to the Web Client and click on dvSwitch and choose Port Group on which you want to apply TAG:
- Click on Manage tab
- Select the Settings option
- Select Policies
- Click on Edit
- Click on Traffic filtering and marking
- In the Status drop down box choose Enabled
- Click the Green + to add a New Network Traffic Rule
- In the Action: drop down box select Tag (default)
- Check the box to the right of DSCP value
- In the drop down box for the DSCP value select Maximum 63
- In the Traffic direction drop down box select Ingress
- Click the Green +
New Network Traffic Rule – Qualifier
Now that you have decided to tag the traffic the next question is which traffic you would like to tag.There are three options available while defining the qualifier:
- System Traffic Qualifier
- New MAC qualifier
- New IP Qualifier
This means you have options to select packets based on system traffic types, MAC header or IP header fields. here we will create qualifier based on system traffic.
Select New System Traffic Qualifier from the drop down menu
- Select Virtual Machine
- Click OK
Check that your rule matches Name: Network Traffic Rule 1
- Action: Tag
- DSCP Value: Checked
- DSCP Value: 63 Traffic
- Direction: Ingress
- System traffic: Virtual Machine
- Click OK
Same way you can also allow/block the traffic:
Again go to dvPort – Settings – Policies – Edit – Traffic Filtering and Marking and edit the existing rule that we have created above and change Action to Drop.
- Click the Green + to add a new qualifier.
- Select New IP Qualifier… from the drop down list.
- Select ICMP from the Protocol drop down menu.
- Select Source address IP address is of your VM , in my case it is 192.168.100.90
- Click OK
- and finally Click OK , this will drop the ping for that particular VM.
So same way you can write many rules with various permutation and combinations to help your organisation to achive QoS and traffic filtering on dVS. I hope this helps you in your environments. Happy Learning 🙂