vSphere Network I/O Control Design for a vSphere with Tanzu Workload Domain

Use vSphere Network I/O Control to allocate network bandwidth to management applications and to resolve situations where several types of traffic compete for common resources.

When Network I/O Control is enabled, the distributed switch allocates bandwidth for the traffic that is related to the main vSphere features.

Fault tolerance traffic
iSCSI traffic
vSphere vMotion traffic
Management traffic
VMware vSphere Replication traffic
NFS traffic
vSAN traffic
Backup traffic
Virtual machine traffic

Network I/O Control Heuristics

The following heuristics can help with design decisions for Network I/O Control.

Shares and Limits: When you use bandwidth allocation, consider using shares instead of limits. Limits impose hard limits on the amount of bandwidth used by a traffic flow even when network bandwidth is available.
Limits on Network Resource Pools: Consider imposing limits on a given network resource pool. For example, if you put a limit on vSphere vMotion traffic, you can benefit in situations where multiple vSphere vMotion data transfers, initiated on different ESXi hosts at the same time, result in oversubscription at the physical network level. By limiting the available bandwidth for vSphere vMotion at the ESXi host level, you can prevent performance degradation for other traffic.
Teaming Policy: When you use Network I/O Control, use Route based on physical NIC load teaming as a distributed switch teaming policy to maximize the networking capacity utilization. With load-based teaming, traffic might move among uplinks, and reordering of packets at the receiver can result occasionally.
Traffic Shaping: Use distributed port groups to apply configuration policies to different traffic types. Traffic shaping can help in situations where multiple vSphere vMotion migrations initiated on different ESXi hosts converge on the same destination ESXi host. The actual limit and reservation also depend on the traffic shaping policy for the distributed port group where the adapter is connected to.

How Network I/O Control Works

Network I/O Control enforces the share value specified for the different traffic types when a network contention occurs. Network I/O Control applies the share values set to each traffic type. As a result, less important traffic, as defined by the share percentage, is throttled, granting access to more network resources to more important traffic types.

Network I/O Control also supports reservation of bandwidth for system traffic based on the capacity of the physical adapters on an ESXi host and enables fine-grained resource control at the virtual machine network adapter level. Resource control is similar to the model for CPU and memory reservations in vSphere DRS.

Table 1. Design Decisions on vSphere Network I/O Control
Decision ID	Design Decision	Design Justification	Design Implication
SDDC-KUBWLD-VI-NET-008	Enable Network I/O Control on the vSphere Distributed Switch for the workload domain.	Increases resiliency and performance of the network.	If configured incorrectly, Network I/O Control might impact network performance for critical traffic types.
SDDC-KUBWLD-VI-NET-009	Set the share value for management traffic to Normal.	By keeping the default setting of Normal, management traffic is prioritized higher than vSphere vMotion and vSphere Replication but lower than vSAN traffic. Management traffic is important because it ensures that the hosts can still be managed during times of network contention.	None.
SDDC-KUBWLD-VI-NET-010	Set the share value for vSphere vMotion traffic to Low.	During times of network contention, vSphere vMotion traffic is not as important as virtual machine or storage traffic.	During times of network contention, vMotion takes longer than usual to complete.
SDDC-KUBWLD-VI-NET-011	Set the share value for virtual machines to High.	Virtual machines are the most important asset in the SDDC. Leaving the default setting of High ensures that they always have access to the network resources they need.	None
SDDC-KUBWLD-VI-NET-012	Set the share value for vSphere Fault Tolerance to Low.	This design does not use vSphere Fault Tolerance. Fault tolerance traffic can be set the lowest priority.	None
SDDC-KUBWLD-VI-NET-013	Set the share value for vSAN to High.	During times of network contention, vSAN traffic needs a guaranteed bandwidth to support virtual machine performance.	None
SDDC-KUBWLD-VI-NET-014	Set the share value for NFS traffic to Low (25).	Because NFS is used for secondary storage, such as backups and vRealize Log Insight archives, its priority is lower than the priority of the vSAN traffic.	During times of network contention, backups are slower than usual.
SDDC-KUBWLD-VI-NET-015	Set the share value for backup traffic to Low.	During times of network contention, the primary functions of the SDDC must continue to have access to network resources with priority over backup traffic.	During times of network contention, backups are slower than usual.
SDDC-KUBWLD-VI-NET-016	Set the share value for iSCSI traffic to Low	This design does not use iSCSI. iSCSI traffic can be set the lowest priority.	None
SDDC-KUBWLD-VI-NET-017	Set the share value for vSphere Replication traffic to Low (25).	During times of network contention, vSphere Replication traffic is not as important as virtual machine or storage traffic.	During times of network contention, vSphere Replication takes longer and might violate the defined SLA.