Limiting the DVUplink VLAN Range on a vSphere Distributed Switch (VDS)

Chris Wahl · Posted on

While browsing the VMTN vNetwork forum, I read a solid question on the configuration of VLAN Trunking for the DVUplinks port group. In essence:

  • Why does the setting default to VLAN Trunking with a range of 0-4094 … shouldn’t it instead reflect the VLAN IDs of the port groups living on the VDS?
  • Can the trunking range be altered?

It’s important to keep in mind that the DVUplinks port group is there to couple physical network adapters with logical configuration values across a vSphere Distributed Switch (VDS). Each host that is added to the VDS can assign whatever network adapter (vmnic) it wants to a DVUplink slot. This allows for flexibility when non-uniform hosts are added to a cluster, which is pretty common for folks as they refresh their hosts.

I suppose that VMware considered setting the trunking value to 0-4094 to play it safe; it ensures that any VLAN ID can be passed through the network adapters and ultimately filtered by the hypervisor itself as the vSwitch figures out which port group(s) should receive the traffic. And in the vast majority of cases, this setting is just fine because the physical switch ports are often limited to a specific VLAN allow list or VTP domain to reduce the amount of tagged traffic floating through the network topology.

This problem can be solved with more VLANs
This problem can be solved with more VLANs

However, I think it’s worth understanding that you can change the value of the trunking range even if I don’t really see value-add in making the change. If you do decide to adjust the trunking range, the network adapters would then drop VLAN IDs that don’t match the trunking range, assuming that your network adapters are capable of doing this. Because the vSwitch is potentially receiving less traffic, performance is theoretically improved because less cycles are spent inspecting (and likely dropping) traffic that doesn’t match the VLAN ID of a port or port group. With today’s modern server, CPU, and network adapter architectures, setting a VLAN range on the network adapters should have a trivial outcome on performance – it’s likely that the physical network configuration should be addressed, instead.

There are two ways of controlling the trunking of VLAN traffic. I’ll walk through them using the vSphere Web Client.

Configuring the VLAN Trunk Value for an Entire DVUplink Port Group

Select the DVUplinks port group on your VDS and edit the settings. Select the VLAN settings and edit the VLAN trunk range to the desired VLAN IDs.

edit-dvuplink-pg

You’ll likely notice a slight blip in ping latency to objects connected to the vSwitch. Below I was pinging the management interface of a host using the VDS.

ping-change-dvuplink

Configuring the VLAN Trunk Value for a Specific DVUplink Port

Alternatively, you can set the trunk value on a single DVUplink port. You’ll first have to allow overrides to the ports by selecting the Advanced settings and allowing VLAN overrides.

edit-dvuplink-override

Next, while you have the DVUplinks port group selected, perform the following:

  1. Select the Manage tab
  2. Click the Ports sub-tab
  3. Select a DVUplink port from the list
  4. Click the pencil to Edit the settings
  5. Select the VLAN settings
  6. Check the Override box
  7. Edit the VLAN trunk range
edit-dvuplink-port