ESXi Mac Learning dvFilter

Communities:

MAC learning functionality solves performance problems for use cases like nested ESX.  This ESX extension adds functionality to ESX to support MAC-learning on vswitch ports. For most ESX use cases, MAC learning is not required as ESX knows exactly which MAC address will be used by a VM. However, for applications like running nested ESX, i.e. ESX as a guest-VM on ESX, the situation is different. As an ESX VM may emit packets for a multitude of different MAC addresses, it currently requires the vswitch port to be put in "promiscuous mode". That however will lead to too many packets delivered into the ESX VM, as it leads to all packets on the vswitch being seen by all ESX VMs. When running several ESX VMs, this can lead to very significant CPU overhead and noticeable degradation in network throughput. Combining MAC learning with "promiscuous mode" solves this problem. The MAC learning functionality is delivered as a high speed VMkernel extension that can be enabled on a per-port basis. It works on legacy standard switches as well as Virtual Distributed Switches. The MAC learning module has a few noteworthy limitations:
  • Once learned, a MAC address is never aged out. For very long running ESX VMs with high churn in used MAC addresses (e.g. via nested guest VMs) this may be a problem. If the MAC table of a particular port is full, the MAC learning functionality can no longer improve performance.
  • MAC learning is not applied to multicast traffic and multicast traffic will see no performance improvement.
For more information, read this blog. The download is on Instructions tab.
  • vSphere ESXi 5.x & ESXi 6.x

For more details, you can refer to this blog post by William Lam

Installation consists of two parts:

1. To install the VIB, you can run the following ESXCLI command if you have uploaded the VIB to an ESXi datastore:

esxcli software vib install -v /vmfs/volumes/[DATASTORE-NAME]/vmware-esx-dvfilter-maclearn-0.1-ESX-5.0.vib -f

A system reboot is not necessary and you can confirm the dvFilter was successfully installed by running the following command:

/sbin/summarize-dvfilter

You should see the dvfilter-maclearn module loaded as seen in the screenshot below:

2. For the dvFilter to work, you will need to add two Advanced Virtual Machine Settings to each of your Nested ESXi VMs. This setting is on a per vNIC basis, which means you will need to add N-entries if you have N-vNICs on your Nested ESXi VM.

ethernet0.filter4.name=dvfilter-maclearn
ethernet0.filter4.onFailure=failOpen

This configuration can be performed online without rebooting the Nested ESXi VMs if you leverage the vSphere API. Another way to add this is to shutdown your Nested ESXi VM and use either the “legacy” vSphere C# Client or vSphere Web Client or for those that know how to append and reload the .VMX file as that’s where the configuration file is persisted on disk.

If you normally provision Nested ESXi VMs with 2 vNICs, you will have two corresponding entries. To confirm the settings are loaded, we can re-run the summarize-dvfilter command and we should now see our Virtual Machine listed in the output along with each vNIC instance.

Version 2.0

  • New VIB to support ESXi 6.5

Version 1.0

  • Supports ESXi 5.x and 6.0
Add a Comment
Report a Bug