The virtual switch selects uplinks for virtual machines based on the source and destination IP address of each packet.

To calculate an uplink for a virtual machine, the virtual switch takes the last octet of both source and destination IP addresses in the packet, puts them through a XOR operation, and then runs the result through another calculation based on the number of uplinks in the NIC team. The result is a number between 0 and the number of uplinks in the team minus one. For example if a NIC team has four uplinks, the result is a number between 0 and 3 as each number is associated with a NIC in the team. For non-IP packets, the virtual switch takes two 32-bit binary values from the frame or packet from where the IP address would be located.

Any virtual machine can use any uplink in the NIC team depending on the source and destination IP address. In this way, each virtual machine can use the bandwidth of any uplink in the team. If a virtual machine runs in an environment with a large number of independent virtual machines, the IP hash algorithm can provide an even spread of the traffic between the NICs in the team. When a virtual machine communicates with multiple destination IP addresses, the virtual switch can generate a different hash for each destination IP. In this way, packets can use different uplinks on the virtual switch that results in higher potential throughput.

However, if your environment has a small number of IP addresses, the virtual switch might consistently pass the traffic through one uplink in the team. For example, if you have a database server that is accessed by one application server, the virtual switch always calculates the same uplink, because only one source-destination pair exists.

Physical Switch Configuration

To ensure that IP hash load balancing works correctly, you must have an Etherchannel configured on the physical switch. An Etherchannel bonds multiple network adapters into a single logical link. When ports are bound into an Etherchannel, every time the physical switch receives a packet from the same virtual machine MAC address on different ports, the switch updates its content addressable memory (CAM) table correctly.

For example, if the physical switch receives packets on ports 01 and 02 from MAC address A, the switch makes a 01-A and a 02-A entry in its CAM table. As a result, the physical switch distributes the incoming traffic to the correct ports. Without an Etherchannel, the physical switch first makes a record that a packet from MAC address A is received on port 01, then updates the same record that a packet from MAC address A is received on port 02. Hence, the physical switch forwards incoming traffic only on port 02, and might result in packets not reaching their destination and overloading the corresponding uplink.

Limitations and Configuration Requirements

  • ESXi hosts support IP hash teaming on a single physical switch or stacked switches.
  • ESXi hosts support only 802.3ad link aggregation in Static mode . You can only use a static Etherchannel with vSphere Standard Switches. LACP is not supported. If you enable IP hash load balancing without 802.3ad link aggregation and the reverse, you might experience networking disruptions.
  • You must use Link Status Only as network failure detection with IP hash load balancing.
  • You must set all uplinks from the team in the Active failover list . The Standby and Unused lists must be empty.
  • The number of ports in the Etherchannel must be same as the number of uplinks in the team.

Considerations on Using Route Based on IP Hash

Considerations Description
Advantages
  • A more even distribution of the load compared to Route Based on Originating Virtual Port and Route Based on Source MAC Hash, as the virtual switch calculates the uplink for every packet.
  • A potentially higher throughput for virtual machines that communicate with multiple IP addresses.
Disadvantages
  • Highest resource consumption compared to the other load balancing algorithms.
  • The virtual switch is not aware of the actual load of the uplinks.
  • Requires changes on the physical network.
  • Complex to troubleshoot.