Static (non-ephemeral) or ephemeral port binding on a vSphere Distributed Switch

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

When choosing a port binding type for a vSphere Distributed Switch, consider the attached virtual machines and vmkernel service ports to the vDS based on the connected item's usage.
Port binding type and all other vDS and port group configuration settings can be set only through vCenter Server.

Environment

VMware vSphere ESXi 8.0.x
VMware vSphere ESXi 7.0.x
VMware vSphere ESXi 6.x

Resolution

Types of port binding on a Distributed Switch

These two types of port binding determine how ports in a port group are assigned to virtual machines:

Static Binding
Ephemeral Binding

Static binding

When a virtual machine or vmkernel is connected to a port group configured with static binding, a port is immediately assigned and reserved for that item, guaranteeing connectivity at all times.
The port is disconnected only when the virtual machine or vmkernel is removed from the port group. A virtual machine or vmkernel can be configured to a static-binding port group only through vCenter Server.

Note: Static binding is the default setting, recommended for general use.

If vCenter to host communication is lost, VMs currently running on port groups with static binding will continue communication as normal because they have already been assigned their port assignments from vCenter.
If vCenter to host communication is lost, VMs will not be able to be reconfigured to static (also known as non-ephemeral) port groups on the vDS because vCenter is unavailable to give the VM a port binding. In this instance, the user will see the following error:

Addition or reconfiguration of network adapters attached to non-ephemeral distributed virtual port groups is not supported.

The VMs will not be able to be reconfigured or powered on until vCenter to host communication is back. The work around for these VMs is to add them to a standard switch if vCenter to host communication is not possible or to an existing ephemeral port port group on a host.

Ephemeral binding

In a port group configured with ephemeral binding, a port is created and assigned to a virtual machine by the host when the virtual machine is powered on and its NIC is in a connected state.
When the virtual machine powers off or the NIC of the virtual machine is disconnected, the ephemeral port is deleted.

A virtual machine or vmkernel adapter assigned to a distributed port group with ephemeral port binding on ESX/ESXi and vCenter, gives the flexibility to manage virtual machine connections through the host when vCenter is down.
NOTE: While only ephemeral binding allows network connections to be assigned when vCenter is down, network traffic is unaffected by vCenter failure regardless of port binding type.

Note: Ephemeral port groups are generally only used for recovery purposes when there is a need to provision ports directly on a host, bypassing vCenter Server. For example:

the management service vmkernel port (usually vmk0)
vCenter VM's port group. Workload and management vCenters.
- NOTE: For recovery purposes, if ephemeral port groups are not used for a vCenter's port group, deploying a new VCSA VM to restore a vCenter from VAMI backup or from a VADP backup is made more complex requiring a host's networking to be reconfigured to use a standard vSwitch. The time to recovery when a host has to be reconfigure for a standard vswitch can greatly increase the downtime for a vCenter and may impact other VMs running on a host. (See KB318719 link below for how to recover a vCenter on a static port binding port group.)
SDDC Manager VM - For SDDC environments
- The recommended VMs and vmkernel adapters to connect to ephemeral port binding port groups above is covered in the VMware Validated Design for Distributed Port Group and VMkernel adapter design documentation in the following VCF Documentation link: VCF Distributed Port Group and VMkernel Adapter Design for the Management Domain

Port Binding Type Considerations:

There are various items to consider with ephemeral port groups as detailed below along with why static binding is the default port binding type on distributed switch port groups (only change to ephemeral binding for vCenter, management, etc.)

Performance

Every operation, including add-host and virtual machine power operation, is slower on ephemeral port binding ports because ports are created/destroyed in the operation code path.
Virtual machine operations are far more frequent than add-host or switch-operations, so ephemeral ports are more demanding in general.

Non-persistent "ephemeral" ports

Non-persistent (that is, "ephemeral") ports port-level permissions and controls are lost across power cycles, so no historical context is saved.

Virtual Machine Error: "Addition or reconfiguration of network adapters attached to non-ephemeral distributed virtual port groups is not supported"

This error will generate if trying to connect a virtual machine to a distributed port group that uses static port binding while the vCenter is not connected to the network.
As stated above, a virtual machine can connect to a static-binding port group only through vCenter Server.

If vCenter itself is also on a vDS static bound port group, please follow this KB to get it connected again: vCenter network connectivity lost - Recover vCenter network when connected to a Distributed Switch (318719)

Additional Information

If the VCSA is not on a standard switch, an ephemeral port group will be required for a VCSA upgrade for 7.0 and above.