The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The Hypervisor NIC teaming feature allows multiple physical adapters to be associated with a vSwitch to provide load sharing and failover connectivity to the external network.
When additional physical adapters are assigned to a vSwitch, they may be assigned as either active or standby. Depending on the way in which the appliance is connected to the physical network, traffic from virtual machines may be load balanced across active connections and, in the event of a link failure, a standby adapter will be made active to take over.
To maximize resiliency to failure, teamed interfaces are typically connected to different switching equipment. This might involve connecting to separate line cards in a chassis, switches in a stack, or to completely independent devices.
Where independent physical switches are used, teamed interfaces should be set to active, allowing the Ethernet Spanning Tree protocol to block connections that create a loop. In the event of a link or switch failure, the Spanning Tree protocol will reconverge to use a serviceable connection to the appliance. Where VLAN trunking is used, the Spanning Tree protocol can typically be configured per VLAN to prefer different connections for DMZ and internal network traffic under normal operation.
If connections are made to a common logical switch (i.e. chassis or cluster) that supports IEEE 802.3ad link aggregation, it is possible to load balance traffic across all active members of the link group under normal operation. Link aggregation can accommodate link failures more quickly than Spanning Tree and is transparent to VLANs, so may be used with either dedicated network, or VLAN trunk connections.
The following table illustrates how Business Edition appliances may accommodate network separation and NIC teaming.
When aggregating appliance interfaces, the switch ports to which they are connected must be configured to use 802.3ad link aggregation. The following example illustrates how this may be configured using VLAN trunking to a Cisco Catalyst switch:
vlan 1 name default ! vlan 30 name DMZ ! interface GigabitEthernet1/1 description BE Server Network Interface 1 (Internal/DMZ trunk group) switchport trunk allowed vlan 1,30 switchport mode trunk spanning-tree portfast trunk channel-group 1 mode passive ! interface GigabitEthernet1/5 description BE Server Network Interface 2 (Internal/DMZ trunk group) switchport trunk allowed vlan 1,30 switchport mode trunk spanning-tree portfast trunk channel-group 1 mode passive !
When connecting appliance interfaces to separate switches, use standard trunk port configuration (no channel-group). Do not use Spanning-Tree Portfast.
vlan 1 name default ! vlan 30 name DMZ ! interface GigabitEthernet1/1 description BE Server Network Interface 1 (Internal/DMZ trunk) switchport trunk allowed vlan 1,30 switchport mode trunk !
The Spanning Tree VLAN cost command may be used balance traffic between links, if required.