VMware: virtual Standard Switch management with PowerCLI

Virtual Standard Switch (vSS) management is simple, it can be done using vSphere Flex Client or classic vSphere C# Client. vSS management using PowerCLI is even simplier: deployment, removal and customization of vSS, VMKernels, VM PortGroups can be achieved within seconds.
A big advantage of using PowerCLI is that we can perform automatically vSS implementation/customization across multiple hosts without having to browse host by host using vSphere Client.

This is an introductory post in which I will explain the basics of vSS management, what PowerCLI cmdlet to use for each vSS related activity. I will soon come up with another article providing a PowerCLI script to automate vSS provisioning in a real case scenario.

As usual let's have a look at official PowerCLI Documentation first.

Let's begin: how to create a virtual standard switch? New-VirtualSwitch cmdlet is used, in the example below is the IP address of the ESXi host on which I will add vSwitch1.

 New-VirtualSwitch -VMHost (Get-VMHost -Name vSwitch1 -Nic vmnic1,vmnic2  

A new vSS vSwitch1 with no associated PortGroups will be created.

To create a VMKernel the New-VMHostNetworkAdapter cmdlet is used. Since a VMKernel can be associated to a specific traffic (Management, FaultTolerance, VSAN, vMotion) we need to specify what we will use this VMKernel for. In this example I will create a vMotion VMKernel for vSwitch1 and I will assign IP Address to it and set MTU to 9000 bytes (JumboFrames). Please note that by default every VMKernel traffic binding is set to false so setting, for example, -ManagementTrafficEnabled:$false is  worthless.

 New-VMHostNetworkAdapter -VMHost (Get-VMHost -Name -PortGroup vMotion -VirtualSwitch vSwitch1 -IP -SubnetMask -FaultToleranceLoggingEnabled:$false -ManagementTrafficEnabled:$false -VsanTrafficEnabled:$false -VMotionEnabled:$true -Mtu 9000  

A VMKernel for vMotion has just been created.

Next step is how to change VMKernel properties such as load balancing policy or active/standby/unused vmnics. This is done with Set-NicTeamingPolicy cmdlet.

In this example I set vMotion VMKernel load balancing policy to Route based on source MAC hash (not for a specific reason but just for article purpouses), mark vmnic1 as active and vmnic2 as standby.

 Get-VirtualPortGroup -VMHost (Get-VMHost -Name -Name vMotion | Get-NicTeamingPolicy | Set-NicTeamingPolicy -LoadBalancingPolicy LoadBalanceSrcMac -MakeNicActive vmnic1 -MakeNicStandby vmnic2  

As expected changes will be reported in vSphere Web Client.

Let's now create a VM PortGroup using New-VirtualPortGroup cmdlet. To this PortGroup will be assigned VLAN ID 100.

 New-VirtualPortGroup -Name "VM Network 2" -VirtualSwitch vSwitch1 -VLanId 100  

As final step how to add a new vmnic to a vSwitch. AddVirtualSwitchPhysicalNetworkAdapter cmdlet is used.

 Get-VirtualSwitch -VMHost (Get-VMHost -Name -Name vSwitch1 | AddVirtualSwitchPhysicalNetworkAdapter -VMHostPhysicalNic (Get-VMHostNetworkAdapter -Physical -Name vmnic3) -Confirm:$false  

Let's now reverse the process. Remove-VirtualSwitchPhysicalNetworkAdapter cmdlet is used to remove a vmnic from a vSwitch.

 Get-VMHost -Name | Get-VMHostNetworkAdapter -Physical -Name vmnic3 | Remove-VirtualSwitchPhysicalNetworkAdapter -Confirm:$false  

Remove-VirtualPortGroup cmdlet is used to remove a VM PortGroup.

 Remove-VirtualPortGroup -VirtualPortGroup (Get-VirtualPortGroup -Name "VM Network 2") -Confirm:$false  

To remove a VMKernel without incurring in "Remove-VirtualPortGroup The resource '<VMKernel_Name>' is in use." error you have to remove the vmknic currently being used by VMKernel.

 Remove-VMHostNetworkAdapter -Nic (Get-VMHostNetworkAdapter -VMHost (Get-VMHost -Name | where {$_.PortGroupName -eq "vMotion"}) -Confirm:$false  

VMKernel will be now recognized as a simple PortGroup that can be removed with Remove-VirtualPortGroup cmdlet:

 Remove-VirtualPortGroup -VirtualPortGroup (Get-VirtualPortGroup -Name vMotion) -Confirm:$false  

Finally to delete the entire vSwitch use Remove-VirtualSwitch cmdlet.

 Remove-VirtualSwitch -VirtualSwitch (Get-VirtualSwitch -VMHost | where {$_.Name -eq "vSwitch1"}) -Confirm:$false  

That's all!!

