I’m kinda running my labs in hybrid environment – deliberately using ESX4 “Classic” on half of my boxes, and ESX4i on the rest. It means I can validate my experiences on both platforms and spot differences in configuration/behaviour. So, for the most part I’m still doing scripted installations with the UDA, and using esxcfg- commands in the %post to handle the networking.

I also have been using Host Profiles for sometime too – because I get enterprise+ licenses because of being a VMware Certified Instructor. Really if you have ESX4i and your an Enterprise+ customer, then host profiles are the way to go in my humble opinon. The tricky question is what if your not an Enterprise+ customer. That pretty much leaves you with per-ESX Standard vSwitches with limited access (tech support mode) to the command-line on the host. That mean more or less if you have number of hosts to configure – that’s gonna leave you with either the RCLI, the vMA or the PowerShell based Power-CLI.

Anyway, I’m gradually builing up my PowersHell so I can do all the post-configuration stages I would normally do using the ye-olde esxcfg- comands. So here’s a couple of samples to show you what I am doing. Mainly what I want to is add a whole new bunch of ESXi hosts and then in a bulk mode, push out the vSwitch configuration. So let say I want to put vSwitch4 on every ESX host in vCenter – an add two portgroups for VLAN tagging, and assign two (vm)NICs for load-balancing and fault-tolerence. Here’s what I’d do:

foreach ($vmhost in (get-vmhost))
{
$vmnics = “vmnic1″,”vmnic2″
$vs =  New-VirtualSwitch -VMHost $vmHost -Name vSwitch4 -nic $vmnics
$vlan20 =  New-VirtualPortGroup -VirtualSwitch $vs -Name vlan20 -VLanId 20
$vlan21 =  New-VirtualPortGroup -VirtualSwitch $vs -Name vlan21 -VLanId 21
}

Basically, the PowersHell is saying “for ESX host listed with the get-vmhost cmd-let, create a new vSwitch called vSwitch4, using vmnic1 and vmnic2. Then add a new portgroups called vlan20 and vlan21, setting their -VLanId to be 20/21 respectively.

If I want to create internal switches, I just omit the -nic switch in the new-virtualswitch cmdlet…

Foreach ($vmhost in (get-vmhost))
{
$vs =  New-VirtualSwitch -VMHost $vmHost -Name vSwitch3
$internal =  New-VirtualPortGroup -VirtualSwitch $vs -Name internal-$vmhost
}

In this case I’m using the $vmhost as variable to uniquely label the portgroups created this. So this results in every ESX host having an internal vswitch called vSwitch3 with internal-FQDN.corp.com as its name.

If I need to create a VMotion switch on many ESX hosts I use this piece of PowerShell…

$ip = 101
Foreach ($vmhost in (get-vmhost))
{
$vs = New-VirtualSwitch -VMHost $vmHost -Name vSwitch2 -nic vmnic3
$VMotion = New-VirtualPortGroup -VirtualSwitch $vs -Name VMotion
New-VMHostNetworkAdapter -VMHost $vmhost -PortGroup VMotion -VirtualSwitch $vs -IP 10.0.0.$ip -SubnetMask 255.255.255.0 -VMotionEnabled: $true
$ip++
}

Update:

The above bit of PowerShell got improved by comments supplied by readers of this blog. Thanks very much for that. So here $ip sets the starting value for the last octet of VMotion IP address which begins with 10.0.0.101 as the first VMotion IP address. As each VMotion switch is created, the $IP value increments by a factors of 1 (producing 10.0.0.102, 10.0.0.103 and so on). The actual IP settings are imposed on the portgroup called VMotion using the new-vmhostnetworkadapter cmd-let

Of course these scripts could be modified so it only handled 1 ESX hosts at time – by removing the foreach ($vmhost in (get-vmhost)) part and removing with a name of an ESX host. So where these foreach loops come in handy is when you already have N number of ESX hosts in vCenter – but you need to make a global change to the network. For example say you wanted to add a new portgroup/VLAN to every vSwitch on 10 ESX hosts. That would take a quite a bit of admin – but with PowerShell its actually quite easy.

So to bulk add a new portgroup to many ESX hosts I would do the following:

$vlan = “vlan11″
$vlanvalue = “11″
$vmhosts = Get-VMHost | Sort-Object -Property Name

Foreach($hosts in $vmhosts){$findvswitch = Get-Virtualswitch -VMHost (Get-VMHost $hosts) | where-object { $_.Name -match “vSwitch2″ } New-VirtualPortGroup -Name $vlan -VirtualSwitch $findvswitch -VLanId $vlanvalue}

This bit of powersHell searches for every ESX host in vCenter which has a “vSwitch2″ and then proceed to add VLAN11 to them.

Anyway, in response to question in the comments area, someone asked how to change the settings of vSwitch. After some digging I found the following PowerShell on the VMTN Forums from LucD.

http://communities.vmware.com/message/1067056#1067056

The script is a bit lengthy, because it covers every setting you could possible want to configure in network dialog box. For example, in this sample below – the standard settings are left untouch – except I’m changing the vSwitch to use IP Hash as the load balancing value using the “loadbalance_ip” parameter…

param ( [string]$VMHostName, [string]$VSwitchName )

$vmhost = Get-VMHost $VMHostName

$hostview = $vmhost | Get-View

$ns = Get-View -Id $hostview.ConfigManager.NetworkSystem

$vsSpec = New-Object VMware.Vim.HostVirtualSwitchSpec

$vsSPec.Bridge = New-Object VMware.Vim.HostVirtualSwitchBondBridge

$vsSPec.Bridge.Beacon = New-Object VMware.Vim.HostVirtualSwitchBeaconConfig

$vsSPec.Bridge.Beacon.Interval = 1

$vsSPec.Bridge.NicDevice = (“vmnic2″,”vmnic1″)

$vsSpec.Mtu = 0

$vsSpec.numPorts = 64

$vsSpec.Policy = New-Object VMware.Vim.HostNetworkPolicy

$vsSpec.Policy.NicTeaming = New-Object VMware.Vim.HostNicTeamingPolicy

$vsSpec.Policy.NicTeaming.FailureCriteria = New-Object VMware.Vim.HostNicFailureCriteria

$vsSpec.Policy.NicTeaming.FailureCriteria.checkBeacon = $false

$vsSpec.Policy.NicTeaming.FailureCriteria.checkDuplex = $false

$vsSpec.Policy.NicTeaming.FailureCriteria.checkErrorPercent = $false

$vsSpec.Policy.NicTeaming.FailureCriteria.checkSpeed = “minimum”

$vsSpec.Policy.NicTeaming.FailureCriteria.fullDuplex = $false

$vsSpec.Policy.NicTeaming.FailureCriteria.Percentage = 0

$vsSpec.Policy.NicTeaming.FailureCriteria.Speed = 10

$vsSpec.Policy.NicTeaming.NicOrder = New-Object VMware.Vim.HostNicOrderPolicy

$vsSpec.Policy.NicTeaming.NicOrder.ActiveNic = (“vmnic1″,”vmnic2″)

$vsSpec.Policy.NicTeaming.NotifySwitches = $true

$vsSpec.Policy.NicTeaming.Policy = “loadbalance_ip“

$vsSpec.Policy.NicTeaming.ReversePolicy = $true

$vsSpec.Policy.NicTeaming.RollingOrder = $false

$vsSpec.Policy.OffloadPolicy = New-Object VMware.Vim.HostNetOffloadCapabilities

$vsSpec.Policy.OffloadPolicy.CsumOffload = $true

$vsSpec.Policy.OffloadPolicy.TcpSegmentation = $true

$vsSpec.Policy.OffloadPolicy.ZeroCopyXmit = $true

$vsSpec.Policy.Security = New-Object VMware.Vim.HostNetworkSecurityPolicy

$vsSpec.Policy.Security.AllowPromiscuous = $false

$vsSpec.Policy.Security.ForgedTransmits = $true

$vsSpec.Policy.Security.MacChanges = $true

$vsSpec.Policy.ShapingPolicy = New-Object VMware.Vim.HostNetworkTrafficShapingPolicy

$vsSpec.Policy.ShapingPolicy.AverageBandwidth = 0

$vsSpec.Policy.ShapingPolicy.BurstSize = 0

$vsSpec.Policy.ShapingPolicy.Enabled = $false

$vsSpec.Policy.ShapingPolicy.PeakBandwidth = 0

$ns.UpdateVirtualSwitch($VSwitchName,$vsSpec)

In this example, the vSwitch is setup to be in a Explicit Failover Order mode, with vmnic1 being the Active Adapter, and vmnic2 being the standby adapter. Additionally the number of ports was increase to 128 (sic 120) and rigious security settings

param ( [string]$VMHostName, [string]$VSwitchName )

$vmhost = Get-VMHost $VMHostName

$hostview = $vmhost | Get-View

$ns = Get-View -Id $hostview.ConfigManager.NetworkSystem

$vsSpec = New-Object VMware.Vim.HostVirtualSwitchSpec

$vsSPec.Bridge = New-Object VMware.Vim.HostVirtualSwitchBondBridge

$vsSPec.Bridge.Beacon = New-Object VMware.Vim.HostVirtualSwitchBeaconConfig

$vsSPec.Bridge.Beacon.Interval = 1

$vsSPec.Bridge.NicDevice = (“vmnic2″,”vmnic1″)

$vsSpec.Mtu = 0

$vsSpec.numPorts = 128

$vsSpec.Policy = New-Object VMware.Vim.HostNetworkPolicy

$vsSpec.Policy.NicTeaming = New-Object VMware.Vim.HostNicTeamingPolicy

$vsSpec.Policy.NicTeaming.FailureCriteria = New-Object VMware.Vim.HostNicFailureCriteria

$vsSpec.Policy.NicTeaming.FailureCriteria.checkBeacon = $false

$vsSpec.Policy.NicTeaming.FailureCriteria.checkDuplex = $false

$vsSpec.Policy.NicTeaming.FailureCriteria.checkErrorPercent = $false

$vsSpec.Policy.NicTeaming.FailureCriteria.checkSpeed = “minimum”

$vsSpec.Policy.NicTeaming.FailureCriteria.fullDuplex = $false

$vsSpec.Policy.NicTeaming.FailureCriteria.Percentage = 0

$vsSpec.Policy.NicTeaming.FailureCriteria.Speed = 10

$vsSpec.Policy.NicTeaming.NicOrder = New-Object VMware.Vim.HostNicOrderPolicy

$vsSpec.Policy.NicTeaming.NicOrder.ActiveNic = (“vmnic1″)

$vsSpec.Policy.NicTeaming.nicOrder.standbyNic = (“vmnic2″)

$vsSpec.Policy.NicTeaming.NotifySwitches = $true

$vsSpec.Policy.NicTeaming.Policy = “failover_explicit”

$vsSpec.Policy.NicTeaming.ReversePolicy = $true

$vsSpec.Policy.NicTeaming.RollingOrder = $true

$vsSpec.Policy.OffloadPolicy = New-Object VMware.Vim.HostNetOffloadCapabilities

$vsSpec.Policy.OffloadPolicy.CsumOffload = $true

$vsSpec.Policy.OffloadPolicy.TcpSegmentation = $true

$vsSpec.Policy.OffloadPolicy.ZeroCopyXmit = $true

$vsSpec.Policy.Security = New-Object VMware.Vim.HostNetworkSecurityPolicy

$vsSpec.Policy.Security.AllowPromiscuous = $false

$vsSpec.Policy.Security.ForgedTransmits = $false

$vsSpec.Policy.Security.MacChanges = $false

$vsSpec.Policy.ShapingPolicy = New-Object VMware.Vim.HostNetworkTrafficShapingPolicy

$vsSpec.Policy.ShapingPolicy.AverageBandwidth = 0

$vsSpec.Policy.ShapingPolicy.BurstSize = 0

$vsSpec.Policy.ShapingPolicy.Enabled = $false

$vsSpec.Policy.ShapingPolicy.PeakBandwidth = 0

$ns.UpdateVirtualSwitch($VSwitchName,$vsSpec)

This entry was posted on Wednesday, August 12th, 2009 at 9:30 am and is filed under ESX, PowersHell, vSphere. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.