vSphere Networking : Traffic Marking

vSphere network quality control features like the Network I/O Control (NIOC) feature are focused on the virtual networking layer within a VMware vSphere environment. But what about the physical network layer and how the two can cooperate?

In converged infrastructures or enterprise networking environments, Quality of Service (QoS) is commonly configured in the physical network layers. QoS is the ability to provide different priorities to network flows or to guarantee a certain level of performance to a network flow by using tags. In vSphere 6.7, you have the ability to create flow-based traffic marking policies to mark network flows for QoS.

Quality of Service

vSphere 6.7 supports Class of Service (CoS) and Differentiated Services Code Point (DSCP). Both are QoS mechanisms used to differentiate traffic types to allow for policing network traffic flows.

As related to network technology, CoS is a 3-bit field that is present in an Ethernet frame header when 802.1Q VLAN tagging is present. The field specifies a priority value between 0 and 7, more commonly known as CS0 through CS7, that can be used by quality of service (QoS) disciplines to differentiate and shape/police network traffic. Source: https://en.wikipedia.org/wiki/Class_of_service

One of the main differentiators is that CoS operates at the data link layer in an Ethernet-based network (layer-2). DSCP operates at the IP network layer (layer-3).

Differentiated services or DiffServ is a computer networking architecture that specifies a simple and scalable mechanism for classifying and managing network traffic and providing quality of service (QoS) on modern IP networks. DiffServ uses a 6-bit differentiated services code point (DSCP) in the 8-bit differentiated services field (DS field) in the IP header for packet classification purposes. Source: https://en.wikipedia.org/wiki/Differentiated_services

When a traffic marking policy is configured for CoS or DSCP, its value is advertised towards the physical layer to create an end-to-end QoS path.

Traffic marking policies are configurable on Distributed port groups or on the DvUplinks. To match certain traffic flows, a traffic qualifier needs to be set. This can be realized using very specific traffic flows with specific IP address and TCP/UDP ports or by using a selected traffic type. The qualifier options are extensive.

For example, you are required to tag iSCSI traffic from the ESXi hosts towards the physical network layer using CoS tag 4. To comply with the tagging requirements,  you could configure the Distributed uplink group with an egress Cos tag rule that matches system type traffic iSCSI.

After configuring this traffic rule, you need to enable it by using the ‘Enable and re-order’ button. Now your outgoing iSCSI traffic is marked with CoS value 4. This is just a simple example of what is possible with traffic rules in vSphere 6.7. When you are required to implement QoS tags, be sure to think about where to apply the traffic rule, keeping the configuration as simple and manageable as possible.

The Distributed vSwitch applies rules on traffic at different places in the data stream. It is able to apply traffic filter rules between uplink interfaces and the pNIC or between the vNIC and the port on the Distributed vSwitch. Important to note is that vSphere does not shape traffic according to the QoS tagging, this is done appropriately in the physical layer.

More information…

…can be found in the vSphere 6.7 Clustering Deep Dive book that is available on Amazon!

Leave a Comment


No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.