I was contacted by someone who needed to automate some changes to their virtual infrastructure, I can never resist a challenge so of course I agreed to help.

He worked for a Virtual Hosting platform who offer hosting at a low cost of entry.  Each customer where he works is provided with a dedicated  virtual machine, a public IP space in a logical VLAN.   As such his platform is currently 9 hosts, 190 VM’s and 60 Portgroups/VLAN’s. The platform is based on HP c700 Chassis with Cisco 3020 gig switches, with each “half” of the chassis trunked back to our core with a 2Gbps etherchannel. Each Blade’s “production” interface is connected to each “half” of the chassis at 1Gbps with originating VM id based load balancing.

He explained that all was working fine until they hit upon an issue, what prompted the change in policy was a compromised VM (not everything has perimeter firewalling as per standard purchase, this is down to the customers choice) pushing upwards of 900MBps out our primary International gateway causing heavy packet loss for the rest of the DC.

Whilst the traffic shaping options for VI3 are only outbound it will at least prevent this occurrence again.

At an estimate he said it would have taken a minimum of nine hours to do this manually using the VIC, not to mention mind numbing and prone to error.

Following a simple bit of script work it only took 2hrs for the script to run so I thought I would add it to my blog just in case anyone else gets into a similar position and would like to save themselves some work !

As a side note, all customer PortGroups in this case were on vSwitch1, although the script can be easily adjusted to make the change for all vSwitches.

Foreach ($VMHost in Get-VMHost) {
    Write "$VMHost"
    Foreach ($PG in ($VMHost | Get-VirtualSwitch -Name "vSwitch1" | Get-VirtualPortGroup)){
        $vswitchName = "vSwitch1"
        $pgName = $PG.Name

        Write "...$pgName"
        $HS = $VMHost | Get-View
        $nwSys = $HS.ConfigManager.NetworkSystem
        $mor = Get-View $nwSys

        $portgrp = New-Object VMware.Vim.HostPortGroupSpec
        $portgrp.Name = $pgName
        $portgrp.VswitchName = $vswitchName
        $portgrp.policy = New-Object VMware.Vim.HostNetworkPolicy
        $portgrp.policy.shapingPolicy = New-Object VMware.Vim.HostNetworkTrafficShapingPolicy
        $portgrp.policy.shapingPolicy.enabled = $true
        $portgrp.policy.shapingPolicy.averageBandwidth = 104857600000
        $portgrp.policy.shapingPolicy.peakBandwidth = 104857600000
        $portgrp.policy.shapingPolicy.burstSize = 107374182400

        $mor.UpdatePortGroup($pgName, $portgrp)
    }
}

The result of all this would be the same settings applied to each portgroup as below:

image

This script can easily be added to the VESI/PowerGUI Powerpack where you can manually select the portgroups and mass apply the changes with a simple action.

image