The network design prevents unauthorized access and provides timely access to business data. This design uses vSphere Distributed Switch and VMware NSX-T Data Center for virtual networking.

Virtual Network Design Guidelines

The high-level design goals apply regardless of your environment.

Table 1. Goals of the vSphere Networking Design

Design Goal


Meet diverse needs

The network must meet the diverse needs of many different entities in an organization. These entities include applications, services, storage, administrators, and users.

Reduce costs

Reducing costs is one of the simpler goals to achieve in the vSphere infrastructure. Server consolidation alone reduces network costs by reducing the number of required network ports and NICs, but a more efficient network design is desirable. For example, configuring two 25-GbE NICs might be more cost effective than configuring four 10-GbE NICs.

Improve performance

You can achieve performance improvement and decrease the time that is required to perform maintenance by providing sufficient bandwidth, which reduces contention and latency.

Improve availability

A well-designed network improves availability, usually by providing network redundancy.

Support security

A well-designed network supports an acceptable level of security through controlled access and isolation, where required.

Enhance infrastructure functionality

You can configure the network to support vSphere features such as vSphere vMotion, vSphere High Availability, and vSphere Fault Tolerance.

Follow networking best practices throughout your environment.

  • Separate network services from one another to achieve greater security and better performance.

  • Use Network I/O Control and traffic shaping to guarantee bandwidth to critical virtual machines. During network contention, these critical virtual machines will receive a higher percentage of the bandwidth.

  • Separate network services on a single vSphere Distributed Switch by attaching them to port groups with different VLAN IDs.

  • Keep vSphere vMotion traffic on a separate network.

    When a migration using vSphere vMotion occurs, the contents of the memory of the guest operating system is transmitted over the network. You can place vSphere vMotion on a separate network by using a dedicated vSphere vMotion VLAN.

  • When using pass-through devices with Linux kernel version 2.6.20 or an earlier guest OS, avoid MSI and MSI-X modes. These modes have significant performance impact.

  • For best performance, use VMXNET3 virtual machine NICs.

  • Ensure that physical network adapters that are connected to the same vSphere Standard Switch or vSphere Distributed Switch, are also connected to the same physical network.

Network Segmentation and VLANs

Separating different types of traffic is required to reduce contention and latency, and for access security.

High latency on any network can negatively affect performance. Some components are more sensitive to high latency than others. For example, reducing latency is important on the IP storage and the vSphere Fault Tolerance logging network because latency on these networks can negatively affect the performance of multiple virtual machines. According to the application or service, high latency on specific virtual machine networks can also negatively affect performance. Use information gathered from the current state analysis and from interviews with key stakeholder and SMEs to determine which workloads and networks are especially sensitive to high latency.

Virtual Networks

Determine the number of networks or VLANs that are required depending on the type of traffic

Single Region Networks
  • vSphere system traffic

    • Management

    • vSphere vMotion

    • vSAN

    • NFS

    • TEP

  • Traffic that supports the services and applications in the organization

    • NSX-T Edge TEPs

    • NSX-T Edge uplinks