In the first part I described how to configure Nested ESXi, and additional entry described how to configure the network, so that in vCenter 5.5 was possible to communicate with it. So I assume that we have our wonderful, active, virtual laboratory. This is a really great solution and I highly recommend to playing with it. However, after prolonged use in vSphere in which they operate, we can observe with surprise that the network traffic directed to the Nested ESXi is very large. It is associated with the enabled “promiscuous mode”, in this mode, the network card address all network traffic. In my company, in physical lab I have only one nested environment with four hosts. From time to time I do on them various tests. Yet, as I look at the network load charts, that generates vCenter Operations Manager, my Nested ESXi are at the forefront! In this figure it is clearly visible (PESX1-4 is a Nested ESXi):
Even though I’m really a strong supporter of Nested ESXi, such a situation is slowly made the sense of using them to decrease (high traffic translates directly to higher power consumption of the ESXi virtual processor). Fortunately, the day came when the problem has been solved, thanks to Christian Dickman and William Lam, who developed an extension called “ESXiMac Learning dvFilter“. This filter builds a table of MAC addresses that operate on the Nested ESXi side, and blocks traffic to the addresses that do not exist in the array. This means that the network load on such hosts drops dramatically! Installation procedure itself has been thoroughly described by William, however, and I will quote it.
The extension (VIB) install in ESXi console with one command (on the physical host, is not required to restart):
The proper work of the filter, we need to turn it on for each network adapter that is connected to our nested ESXi. We do this from the vSphere Web Client, in the Edit Settings-> VM Options-> Advanced Settings-> Configuration Parameters (adding entries as shown below):
The downside is that the virtual host must be turned off, it means that we will have to spend a lot of time to reconfigure the environment. When you add entries to the machine and start it on the physical ESXi host, using the command /sbin/summarize-dvfilter we can check that the filter dvfilter-maclearn is connected correctly:
The filter works almost instantaneously, the results of his actions after a while are visible in vCenter Operations Manager:
As you can see, the difference in the utilization of the network before installing the filter and after, is dramatic. At the end a few simple graphs showing the results of tests of network bandwidth. Without the filter maclearn (first chart is a test from outside to inside Nested ESXi, the second is the internal Nested ESXi transfer, data in megabits):
With filter Maclear:
The network performance inside and outside Nested ESXi increased!