NBDSSL Transport
When no other transport is available,
networked storage applications can use LAN transport for data access, with NBD
(network block device) protocol, optionally with SSL encryption, called NBDSSL.
NBD is a Linux-style kernel module that treats storage on a remote host as a
block device. NBDSSL is a VMware variant that uses SSL to encrypt all data
passed over the TCP connection. The NBDSSL transport method is built into the
virtual disk library, so it is always available, and is the fall-back when no
other transport method is available.
VMware libraries often fall back to NBDSSL when
other transports are not available. Backup applications can select NBD for
higher throughput.
NBDSSL transport mode for
backup

In this mode, the ESXi host reads data from
storage and sends it across a network to the backup server. With LAN transport,
large virtual disks can take a long time to transmit. This transport mode adds
traffic to the LAN, unlike SAN and HotAdd transport, but NBDSSL transport
offers the following advantages:
- The ESXi host can use any storage device, including local storage or remote-mounted NAS.
- The backup proxy can be a virtual machine, so customers can use vSphere resource pools to minimize the performance impact of backup. For example, the backup proxy can be in a lower-priority resource pool than the production ESXi hosts.
When VDDK opens a non-snapshot disk for NBDSSL
transfer (read-only or read/write) it selects the ESXi host where the disk’s
virtual machine currently resides.
However when VDDK opens a snapshot for NBDSSL
transfer, the common backup case, VDDK passes the datastore to vCenter Server,
which consults its list of ESXi hosts with access to the datastore; vCenter
picks the first host with read/write access. The list of hosts is unordered, so
the host chosen for NBDSSL transfer of the snapshot is not necessarily the ESXi
host where the snapshot’s virtual machine resides.
NBDSSL
Performance
When reading disk data using NBDSSL transport,
VDDK makes synchronous calls. That is, VDDK requests a block of data and waits
for a response. The block is read from disk and copied into a buffer on the
server side, then sent over the network. Meanwhile, no data gets copied over
the network, adding to wait time. To some extent, you can overcome this
limitation by using multiple streams to simultaneously read from a single disk
or multiple disks, taking advantage of parallelism.
As of vSphere 6.5, NBDSSL performance can be
significantly improved using data compression. Three types are available –
zlib
,
fastlz
, and
skipz
– specified as flags
when opening virtual disks with the extended
VixDiskLib_Open()
call. See
Open a Local or Remote Disk.