VMWare Virtual Switch Traffic Shaping Configuration and Use Case

Traffic shaping is one of the feature of Both vSS and vDS switch in VMware vSphere. According to me this feature of virtual Switch is used in very rear cases.unless you have very specific use case for it.

Today i will show you how to configure it in Virtual Distributed switch to Control egress and ingress traffic.

Use case 1:

We have a multiple squid proxy servers running in transparent mode and configure to use different service providers bandwidth on each server. we have configured in transparent mode because we have thousands of users with different categories and it is easy to configure squid in transparent mode to distribute internet rather than provide proxy setting in each client which is very difficult for us because not all users are on domain. unfortunately in transparent proxy there is no easy solution to control SSL traffic. if a user connects to a SSL website. which in very common in these days. it will established the direct connection with Webserver ,in other words squid proxy have no visibility of this connection and we are not able to control it and restrict it using squid.

In above use case we are not able to control squid internet bandwidth even we had implemented the delay pool feature of squid. in that case, we can control the bandwidth by using traffic shaping feature of virtual switch. so our other services on that bandwidth will not suffer.

Use case 2:

There is another use case for traffic shaping. if you have one internet line and you want to divide it on two different proxy servers in VMware than you can easily do it with traffic shaping feature of VMWare virtual Switch.

Use case 3:

Control traffic for vMotion network

Configuration of Traffic Shaping in VMware vDS

Lets see how we configured it on virtual Switch.

What are traffic types

INGRESS: it is traffic that is going out from Virtual Machine (VM–>portgroup –> Switch) .we can control it in both VMware vSS and vDS Switches. in term of bandwidth it will be our Upload data.

EGRESS: it is traffic that is coming into the Virtual Machine (Switch –> PortGroup –> VM) ,we can control this in only VMware vDS. in term of bandwidth it will be download data.


Difference in vSS and vDS traffic shaping

vSS (virtual Standard Switch) Traffic Shaping

In Virtual Standard switch we can only able to control ingress traffic shaping. in other words we can control traffic going out to Virtual Machine (VM to Port Group). in term of bandwidth it will control only Upload data.

vDS (virtual Distributed Switch) Traffic Shaping

vDS in only comes with vSphere enterprise Plus Licenses.but in vDS we can control both ingress and egress traffics as well. In other words we can control both traffics that is coming in and out from the virtual machine (Portgroup to VM and VM to PortGroup).


My scenario is, i want to to limit my squid proxy VM to restrict at bandwidth 3.5 Mb/s.


1-Create a Portgroup

From Webclient Home -> Networking -> Select your vDS -> Right click and choose “Distributed portgroup-> new Distributed portgroup”. provide a name to port group and follow the wizard instructions to create it.


2-Configure Traffic Shaping in Portgroup

Once it created, Click on portgroup -> Manage-> properties -> Click “Edit”

In Portgroup “Edit Setting” -> Click “Traffic Shaping” ->In “Status” Choose Enable for both “Ingress” and “Egress” and set following settings.

Average Bandwidth (kilobits/s) : 3500 –>(3.5 Mbps)

Peak Bandwidth (kilobits/s): 3500 –> (3.5 Mbps)

Brust Size (KB):  450 –> (3.6 Mbps)

Brust Size Formula:

Megabits per second = (Kilobytes per second ÷ 125) (450/125=3.6 Mbps). you can also use any online calculator as well.
By default the traffic stream will get what is specified by “Average Bandwidth”. However, it is possible to exceed this when needed by specifying a higher “Peak Bandwidth” value. Your traffic will be allowed to burst until the value of “Burst Size” has been exceeded. In other words, in the above example when only Peak Bandwidth is increased from 3.5 Mbps this would lead to the following: By default the traffic is limited 3.5 Mbps.

3-Assign portgroup to Squid Proxy VMs.

Now go to Squid Proxy VM ->Manage ->Settings -> VM Hardware -> Click “Edit”


In VM Edit Settings -> Virtual Hardware -> Network Adapter -> Make sure “Network” is configured with newly Configured Limited Bandwidth Portgroup.


NOTE:  Traffic shaping policy is applied in each port of the Portgroup. Every VM in the port group has assigned one port when we configured its network setting to use that portgroup. in other words each network adapter in VM is connected to one port in the portgroup.

You can see the port id of a VM by Clicking on Portgroup -> Manage-> Ports as shown below.


4-Verify the traffic shaping working.

i have implement MTRG to check the bandwidth utilization of that IP of Proxy Server VM and as you can see below, it is now limited to 3.5 Mbps. which tells us our traffic shaping configuration is working like charm.




Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s