Course Content
VMware Interview Questions and Answers
0/11
VMware ESX Installation and Upgrade Interview Questions and Answers
vCenter Setup and Upgrade Interview Questions and Answers
vSphere Authentication Interview Questions and Answers
Host and Cluster Management Interview Questions and Answers
vCenter Interview Questions and Answers
Virtual Machine Interview Questions and Answers
vSphere Networking Interview Questions and Answers
vSphere Storage Interview Questions and Answers
vSphere Security Interview Questions and Answers
vSphere High Availability Interview Questions and Answers
vSphere Monitoring and Resource Management Interview Questions and Answers
VMware Administrator Interview Questions and Answers

What is the primary difference between a vSphere Standard Switch (VSS) and a vSphere Distributed Switch (VDS)?

A vSphere Standard Switch is configured locally on a single ESX host. It routes traffic internally between virtual machines and external networks. A vSphere Distributed Switch functions as a single virtual switch across all associated hosts in a data center. It provides centralized management and monitoring of the networking configuration of multiple hosts from the vCenter system,.

What is the purpose of a VMkernel network adapter?

A VMkernel networking interface (vmknic) provides network connectivity for the ESX host itself and handles system traffic. It is required for services such as vSphere vMotion, IP storage (iSCSI and NFS), vSphere Fault Tolerance, vSphere Replication, and vSAN. Every VMkernel adapter must be assigned an IP address,.

How do you configure Jumbo Frames in vSphere, and why would you use them?

Jumbo frames allow the transmission of data packets larger than the standard 1500 bytes (up to 9000 bytes). This is often used for storage traffic (iSCSI/NFS) or vMotion to increase throughput and reduce CPU load. To enable them, you must change the MTU (Maximum Transmission Unit) setting to a value greater than 1500 (usually 9000) on the vSphere Distributed Switch, vSphere Standard Switch, VMkernel adapters, and physical network adapters,.

What are “Port Groups” in vSphere networking?

Port groups aggregate multiple ports under a common configuration. They specify options such as bandwidth limitations, VLAN tagging, and security policies.

  • Standard Port Groups connect to a vSphere Standard Switch.
  • Distributed Port Groups connect to a vSphere Distributed Switch and propagate configuration across all member hosts,,.

Describe the “Route Based on Physical NIC Load” load balancing method.

This is a load balancing algorithm available only on vSphere Distributed Switches. It routes traffic based on the current load of the physical network adapters. The switch checks the load of the uplinks every 30 seconds; if the load exceeds 75% of usage, the ID of the virtual machine with the highest I/O is moved to a different uplink,.

What is a Private VLAN (PVLAN) and what are its modes?

Private VLANs allow you to split a primary VLAN into secondary VLANs to further isolate network traffic. The supported modes are:

  • Promiscuous: Nodes can communicate with all interfaces in the PVLAN (including Isolated and Community).
  • Isolated: Nodes can communicate only with Promiscuous ports, not with other Isolated ports.
  • Community: Nodes can communicate with other ports in the same Community and with Promiscuous ports,.

How does vSphere Network I/O Control (NIOC) help manage bandwidth?

vSphere Network I/O Control allows an administrator to reserve bandwidth for system traffic (like vMotion, vSAN, and iSCSI) and virtual machine traffic. It uses shares, limits, and reservations to allocate bandwidth on physical adapters, ensuring critical traffic types get necessary resources during contention,,.

Can you configure IPv6 on vSphere components?

Yes. vSphere supports IPv6 for all nodes and components. You can connect ESX hosts and vCenter to IPv6 networks, and the vSphere networking features (like vSphere vMotion, NFC, and iSCSI) support IPv6. However, you cannot mix IPv4 and IPv6 addresses for the source and destination during operations like migration,.

What is “Network Offloads Compatibility” in vSphere 8.0/9.0, and what hardware does it require?

Network Offloads Compatibility allows the offloading of network operations from the x86 host CPU to a Data Processing Unit (DPU) device (such as a SmartNIC). This feature requires a vSphere Distributed Switch created on a data center with the network offloads capability enabled. It is used to accelerate network performance and is a core component of the vSphere Distributed Services Engine,,.

Explain the functionality of the pktcap-uw utility compared to legacy packet capture tools.

The pktcap-uw utility is an advanced command-line tool on ESX hosts used to capture and trace network packets. Unlike the legacy tcpdump-uw, pktcap-uw can capture traffic at various points in the stack (e.g., at the physical NIC, virtual switch port, or VMkernel adapter) and track the path of a packet through the kernel to identify where it is being dropped or modified,,.

How does “MAC Learning” on a vSphere Distributed Switch improve support for nested virtualization?

Enabling MAC Learning allows the vSphere Distributed Switch to learn multiple MAC addresses behind a single vNIC. This is critical for nested ESX environments where the outer ESX host sees multiple MAC addresses (from the inner VMs) coming from a single virtual adapter. It eliminates the security risk of enabling “Promiscuous Mode” and “Forged Transmits” just to support nested virtualization,.

What is PVRDMA, and how does it differ from standard RDMA?

PVRDMA (Paravirtual RDMA) allows virtual machines to run RDMA applications (Remote Direct Memory Access) without direct assignment of a physical RDMA card. It allows VMs to communicate with low latency and high throughput while retaining vSphere features like vMotion and snapshots, which are typically lost when using DirectPath I/O for physical RDMA,.

Describe the limitations of LACP (Link Aggregation Control Protocol) support on a vSphere Distributed Switch.

While LACP allows for aggregated bandwidth and redundancy, it has specific limitations:

  • It is not supported on host proxy switches (standard switches).
  • It does not support iSCSI software multipathing.
  • Ideally, it requires the physical switch to support dynamic link aggregation.
  • You cannot use LACP with software iSCSI port binding if multiple paths to the target are required on the same subnet,.

How does the “Provisioning TCP/IP Stack” differ from the “Default TCP/IP Stack”?

The Default TCP/IP stack handles management traffic, vMotion (if not separated), and HA. The Provisioning TCP/IP Stack is a dedicated stack used to isolate traffic for cold migration, cloning, and snapshots. By assigning a VMkernel adapter to this stack, you can route this high-bandwidth traffic through a separate gateway, isolating it from management traffic,,.

When configuring Traffic Filtering and Marking, what is the difference between CoS and DSCP tagging?

  • CoS (Class of Service): Defined at Layer 2 (Ethernet frame). It uses priority values from 0 to 7. It is used for traffic prioritizing within the local segment.
  • DSCP (Differentiated Services Code Point): Defined at Layer 3 (IP packet). It allows for traffic classification that persists across routers (Layer 3 devices). You can configure policies on a Distributed Port Group to tag packets with either CoS or DSCP values to ensure Quality of Service (QoS) end-to-end,.

What is the “vSphere Distributed Switch Health Check” and what specific configurations does it monitor?

The Health Check feature monitors the coordination between the physical switch configuration and the VDS configuration. It checks for mismatches in:

  • VLAN: Checks if VLANs trunked on the physical switch match the distributed port group settings.
  • MTU: Verifies if Jumbo Frames settings match.
  • Teaming and Failover: Checks if the physical switch etherchannel settings match the VDS teaming policies,.

How do you enable “Hot-add” and “Hot-remove” for VMDirectPath I/O devices?

To enable hot-add/remove for DirectPath I/O (passthrough) devices, you must enable the feature in the virtual machine’s settings options (specifically pciPassthru.use64bitMMIO="TRUE" might be involved depending on the device) or via the vSphere Client. This allows you to add or remove PCI passthrough devices without powering off the VM, provided the guest OS and hardware support it,.

What is “Multicast Snooping” on a vSphere Distributed Switch and which modes are supported?

Multicast Snooping allows the VDS to listen to IGMP/MLD queries to intelligently forward multicast traffic only to the ports that requested it, rather than broadcasting to all ports. Supported modes include:

  • Basic: VDS forwards multicast traffic based on IGMP/MLD membership.
  • Querier: VDS acts as a multicast querier if one doesn’t exist on the network,.

Explain the “Forged Transmits” security policy and when you might accept it.

Forged Transmits controls whether a virtual machine can send traffic with a source MAC address different from the one assigned to its vNIC. By default, it is set to “Reject.” You might set it to “Accept” if you are running a nested hypervisor (ESX inside a VM) or a load balancer/firewall VM that needs to spoof MAC addresses for routing purposes,.

What is “TCP Segmentation Offload (TSO)” and how do you verify if it is enabled on an ESX host?

TSO allows the TCP/IP stack to send large frames of data to the network interface card (NIC), which then breaks them into smaller TCP segments. This reduces CPU overhead. You can verify it using the ESXCLI command: esxcli network nic tso get -n vmnicX. It can be enabled/disabled at the physical NIC or VMkernel level,.

You need to back up the networking configuration of a VDS. What exactly is exported when you choose “Export vSphere Distributed Switch configuration”?

You can export the VDS configuration to a file, which includes settings for the switch itself and its distributed port groups. You can choose to export only the distributed switch settings or include the distributed port group configurations as well. This file preserves valid network configurations, enabling transfer to other environments,.

Explain the interaction between SR-IOV (Single Root I/O Virtualization) and vSphere vMotion.

Historically, SR-IOV devices (which bypass the hypervisor for direct hardware access) were incompatible with vMotion. However, vSphere now supports assigning an SR-IOV device to a VM while still allowing vMotion, provided the OS drivers support it and the infrastructure is configured correctly. If the destination host supports the same SR-IOV virtual function, the VM can be migrated,.

What is the “Management Network Rollback” feature, and how can you disable it?

Management Network Rollback automatically reverts networking changes if the ESX host loses connectivity to vCenter or the management network after a configuration change. This prevents admins from locking themselves out. It can be disabled via the DCUI or by changing the ManagementIface.Rollback advanced setting in the vCenter configuration,.

How does “Large Receive Offload (LRO)” function in vSphere networking?

LRO aggregates multiple incoming TCP packets into a larger single packet before passing them up the network stack to the CPU. This reduces the CPU processing overhead for incoming traffic. It is supported on VMXNET3 adapters and can be configured on the ESX host or the guest OS,.

Describe the process of “Port Mirroring” and the difference between “Distributed Port Mirroring” and “Remote Mirroring”.

Port Mirroring replicates traffic from a source to a destination for analysis.

  • Distributed Port Mirroring: Mirrors traffic from a set of distributed ports to other ports on the same switch.
  • Remote Mirroring (RSPAN/ERSPAN): Mirrors traffic across the network to a destination IP or VLAN on a different physical switch, allowing centralized traffic analysis,.
Previous
Next
0% Complete