SlideShare uma empresa Scribd logo

Virtual networking concepts

W
wangjiayong
Educação
1 de 12
Baixar para ler offline
INFORMATION GUIDE VMware Virtual Networking Concepts
VMware INFORMATION GUIDE Table of Contents Introduction ............................................................................................................ 3 eSX Server Networking Components ..................................................................... 3 How Virtual ethernet adapters work ..................................................................... 4 How Virtual Switches work ..................................................................................... 4 a Virtual Switch is Similar to a Physical Switch ................................................. 4 a Virtual Switch is Different from a Physical Switch .......................................... 5 Spanning Tree Protocol Not Needed .................................................................. 5 Virtual Switch Isolation ...................................................................................... 5 Virtual Ports ........................................................................................................ 5 Uplink Ports ........................................................................................................ 6 Port Groups ......................................................................................................... 6 Uplinks ................................................................................................................ 6 Virtual Switch Correctness ................................................................................. 7 VLaNs in VMware Infrastructure ............................................................................ 7 NIC Teaming ............................................................................................................ 8 Load Balancing ................................................................................................... 8 Failover Configurations ...................................................................................... 9 Layer 2 Security Features ....................................................................................... 10 Managing the Virtual Network ............................................................................... 10 appendix: Virtual Device Maximums ..................................................................... 11
VMware INFORMATION GUIDE VMware Virtual Networking Concepts Introduction In addition, virtual networks enable functionality not possible with physical networks today. VMware Infrastructure provides a rich set of networking capabilities that integrate well with sophisticated enterprise This guide is for VMware Infrastructure users who want a networks. These networking capabilities are provided by clearer understanding of the basic design of the networking VMware ESX Server and managed by VMware VirtualCenter. capabilities in VMware Infrastructure and how that design affects deployment in the datacenter. With virtual networking, you can network virtual machines in the same way that you do physical machines and can build complex networks within a single ESX Server host or across VMware Infrastructure Networking multiple ESX Server hosts, for production deployments or devel- Components opment and testing purposes. The VMware Infrastructure networking stack uses a modular Virtual switches allow virtual machines on the same ESX Server design for maximum flexibility. host to communicate with each other using the same protocols The key virtual networking components provided by Virtual that would be used over physical switches, without the need Infrastructure are virtual Ethernet adapters, used by individual for additional networking hardware. ESX Server virtual switches virtual machines, and virtual switches, which connect virtual also support VLANs that are compatible with standard VLAN machines to each other and connect both virtual machines and implementations from other vendors. the ESX Server service console to external networks, as shown A virtual machine can be configured with one or more virtual in Figure 1. Ethernet adapters, each of which each has its own IP address The sections that follow provide more detail about each of and MAC address. As a result, virtual machines have the same these components. properties as physical machines from a networking standpoint. VM0 VM1 VM2 VM3 App App App App Service OS OS OS OS console Virtual Ethernet adapters ESX Server 3 virtual switches Physical Ethernet adapters Production Production Management LAN LAN LAN Figure 1 — Virtual switches in ESX Server 3 connect virtual machines and the service console to each other and to external networks.
VMware INFORMATION GUIDE How Virtual ethernet adapters work How Virtual Switches work In discussions of VMware Infrastructure , you may see refer- Virtual switches are the key networking components in VMware ences to as many as five different virtual network adapters. Infrastructure . You can create up to 8 virtual switches on Three of those are virtual Ethernet adapters used by virtual each ESX Server host. machines. In most cases, a virtual machine uses only one of the A virtual switch is “built to order” at run time from a collection of three types of virtual adapters. The three types of adapters avail- small functional units. Some of the key functional units are: able for virtual machines are: • The core Layer forwarding engine. • vmxnet — a paravirtualized device that works only if VMware This is a key part of the system (for both performance and Tools is installed in the guest operating system. A paravirtual- correctness), and in Virtual Infrastructure it is simplified so ized device is one designed with specific awareness that it it only processes Layer Ethernet headers. It is completely is running in a virtualized environment. The vmxnet adapter independent of other implementation details, such as differ- is designed for high performance. In most cases, when you ences in physical Ethernet adapters and emulation differences select the flexible network adapter, this is the adapter used in virtual Ethernet adapters. after VMware Tools is installed in the guest operating system. • VLAN tagging, stripping, and filtering units. • vlance — a virtual device that provides strict emulation of the AMD Lance PCNet Ethernet adapter. It is compatible with • Layer security, checksum, and segmentation offload units. most -bit guest operating systems. This adapter is used This modular approach has become a basic principle to be when you select the flexible network adapter but VMware followed in future development, as well. Tools is not installed in the guest operating system. When the virtual switch is built at run time, ESX Server loads • e1000 — a virtual device that provides strict emulation of only those components it needs. It installs and runs only what the Intel E1000 Ethernet adapter. This is the virtual Ethernet is actually needed to support the specific physical and virtual adapter used in 6-bit virtual machines. It is also available in Ethernet adapter types used in the configuration. This means -bit virtual machines. the system pays the lowest possible cost in complexity and The other virtual network adapters are: demands on system performance. • vswif — a paravirtualized device similar to vmxnet that is The design of ESX Server supports temporarily loading certain used only by the ESX Server service console. components in the field — a capability that could be used, for example, for running appropriately designed diagnostic utilities. • vmknic — a virtual device in the VMkernel, the software layer that manages most of the physical resources on the An additional benefit of the modular design is that VMware ESX Server host. The vmknic is used by the TCP/IP stack that and third-party developers can easily incorporate modules to services VMotion, NFS and software iSCSI clients that run at enhance the system in the future. the VMkernel level, and remote console traffic. In many ways, the ESX Server virtual switches are similar to All five of the virtual network devices share the following char- physical switches. In some notable ways, they are different. acteristics: Understanding these similarities and differences will help you plan the configuration of your virtual network and its connec- • They have their own MAC addresses and unicast/multicast/ tions to your physical network. broadcast filters. • They are strictly Layer Ethernet adapter devices. A Virtual Switch Is Similar to a Physical Switch A virtual switch, as implemented in ESX Server , works in much Note: The speed and duplex settings found in physical the same way as a modern Ethernet switch. networking are not relevant in the virtual network, because It maintains a MAC:port forwarding table and performs the fol- all the data transfer takes place in the host system’s RAM, lowing functions: nearly instantaneously and without the possibility of colli- sions or other signaling-related errors. • Looks up each frame’s destination MAC when it arrives. • Forwards a frame to one or more ports for transmission. • Avoids unnecessary deliveries (in other words, it is not a hub).
VMware INFORMATION GUIDE An ESX Server virtual switch supports VLAN segmentation at • Because there is no need to cascade virtual switches, Virtual the port level. This means each port can be configured in either Infrastructure provides no capability to connect virtual of the following ways: switches. • With access to a single VLAN, making it what's called an • Because there is no way to connect virtual switches, there is access port in the world of physical switches, or in ESX Server no need to prevent bad virtual switch connections. terminology, using virtual switch tagging. • Because virtual switches cannot share physical Ethernet • With access to multiple VLANs, leaving tags intact, making it adapters, there is no way to fool the Ethernet adapter into what's called a trunk port in the world of physical switches, or doing loopback or some similar configuration that would in ESX Server terminology, using virtual guest tagging. cause a leak between virtual switches. For more information on these options, see the section VLANs In addition, each virtual switch has its own forwarding table, in VMware Infrastructure on page 7. and there is no mechanism to allow an entry in one table to An ESX Server virtual switch supports copying packets to a point to a port on another virtual switch. In other words, every mirror port. By using what is called promiscuous mode, ESX destination the switch looks up can match only ports on the Server makes a virtual switch port act as a SPAN port or mirror same virtual switch as the port where the frame originated, port. This capability makes it possible to debug using a sniffer or even if other virtual switches’ lookup tables contain entries for to run monitoring applications such as IDS. that address. In addition, an administrator can manage many configuration It is unlikely that a would-be attacker could circumvent virtual options for the switch as a whole and for individual ports using switch isolation because it would be possible only if there were the Virtual Infrastructure Client. a substantial unknown security flaw in the vmkernel. Because ESX Server parses so little of the frame data — primarily just the A Virtual Switch Is Different from a Physical Switch Ethernet header — this would be difficult, and once an attacker had such access, richer targets than breaking virtual switch iso- ESX Server provides a direct channel from virtual Ethernet lation are readily available. adapters for such configuration information as authorita- tive MAC filter updates. So there is no need to learn unicast There are natural limits to this isolation. If you connect the addresses or perform IGMP snooping to learn multicast group uplinks of two virtual switches together, or if you bridge two membership. virtual switches with software running in a virtual machine, you open the door to the same kinds of problems you might see in Ports on the virtual switch may automatically enter mirror physical switches. mode when the virtual Ethernet adapter's promiscuous bit is set — if virtual switch and port group policies allow. Virtual Ports Spanning Tree Protocol Not Needed The ports on a virtual switch provide logical connection points VMware Infrastructure enforces a single-tier networking among virtual devices and between virtual and physical topology. In other words, there is no way to interconnect devices. You can think of them as virtual RJ- connectors. Each multiple virtual switches, thus the network cannot be config- virtual switch can have up to 1,016 virtual ports, with a limit of ured to introduce loops. As a result, Spanning Tree Protocol ,096 ports on all virtual switches on a host. (STP) is not needed and is not present. The virtual ports in ESX Server provide a rich control channel for communication with the virtual Ethernet adapters attached to Note: It is actually possible, with some effort, to introduce them. ESX Server virtual ports: a loop with virtual switches. However, to do so, you must • Know authoritatively what the configured receive filters are run Layer bridging software in a guest with two virtual for virtual Ethernet adapters attached to them. This means no Ethernet adapters connected to the same subnet. This MAC learning is required to populate forwarding tables. would be difficult to do accidentally, and there is no reason to do so in typical configurations. • Unlike physical switches, know authoritatively the “hard” configuration of the virtual Ethernet adapters attached to Virtual Switch Isolation them. This capability makes it possible to set such policies as Network traffic cannot flow directly from one virtual switch to “guest can’t change MAC address,” because the virtual switch another virtual switch within the same host. Virtual switches port can essentially know for sure what is “burned into ROM” provide all the ports you need in one switch, leading to the fol- (actually, stored in the configuration file, outside control of lowing benefits: the guest operating system).
VMware INFORMATION GUIDE Uplink Ports Port groups are important particularly for VMotion. To under- Uplink ports are ports associated with physical adapters, provid- stand why, consider what happens as virtual machines migrate ing a connection between a virtual network and a physical to new hosts using VMotion. network. Physical adapters connect to uplink ports when they Port groups make it possible to specify that a given virtual are initialized by a device driver or when the teaming policies machine should have a particular type of connectivity on every for virtual switches are reconfigured. host on which it might run. Some virtual switches should not connect to a physical network Port groups are user-named objects that contain enough config- and thus have no uplink port, as shown in Figure . This is the uration information to provide persistent and consistent network case, for example, for a virtual switch that provides connections access for virtual Ethernet adapters: between a firewall virtual machine and the virtual machines • Virtual switch name protected by the firewall. • VLAN IDs and policies for tagging and filtering Virtual Ethernet adapters connect to virtual ports when you power on the virtual machine on which the adapters are con- • Teaming policy figured, when you take an explicit action to connect the device, • Layer security options or when you migrate a virtual machine using VMotion. • Traffic shaping parameters A virtual Ethernet adapter updates the virtual switch port with In short, port group definitions capture all the settings for a MAC filtering information when it is initialized and whenever it switch port. Then, when you want to connect a virtual machine changes. to a particular kind of port, you simply specify the name of a A virtual port may ignore any requests from the virtual Ethernet port group with an appropriate definition. adapter that would violate the Layer security policy in effect Port groups may specify different host-level parameters on dif- for the port. For example, if MAC spoofing is blocked, the port ferent hosts — teaming configurations, for example. But the key drops any packets that violate this rule. element is that the result is a consistent view of the network for Port Groups a virtual machine connected to that port group, whichever host As important as they are in VMware Infrastructure virtual net- is running it. working, port groups do not correspond exactly to features Note: Port groups do not necessarily correspond one-to-one to commonly found in physical networks. The closest counterpart VLAN groups. It is possible, and even reasonable, to assign the is the SmartPort feature offered in some Cisco switches. You can same VLAN ID to multiple port groups. This would be useful think of port groups as templates for creating virtual ports with if, for example, you wanted to give different groups of virtual particular sets of specifications. You can create a maximum of machines different physical Ethernet adapters in a NIC team for 1 port groups on a single host. active use and for standby use, while all the adapters are on the same VLAN. VM1 VM2 Uplinks App App Physical Ethernet adapters serve as bridges between virtual and physical networks. In VMware Infrastructure, they are called OS OS uplinks, and the virtual ports connected to them are called uplink ports. A single host may have a maximum of uplinks, vnic0 vnic1 which may be on one switch or distributed among a number of switches. In order for a virtual switch to provide access to more than Virtual one VLAN, the physical switch ports to which its uplinks are switches connected must be in trunking mode. It is important to prune the VLANs, keeping only those that are required for the virtual switch. Failure to do so can cause unnecessary overhead on the ESX Server host because it must process broadcast traffic for all VLANs trunked to it. Figure 2 — Virtual switches in ESX Server 3 can be configured with uplink ports You should prune VLANs at the physical switch level, but or with no uplink port. pruning at the physical switch cannot be quite as aggressive as pruning at the uplink because the virtual switch knows which 6
VMware INFORMATION GUIDE virtual machines are actually powered on. As a result, the virtual The virtual switch does not copy the entire frame, because switch may be able to prune VLANs that are needed but are not that would be inefficient, but ESX Server must make sure that in use at the time you are pruning. the guest operating system does not have access to any sen- You can specify different teaming behavior for different groups sitive data once the frame is passed on to the virtual switch. of virtual machines that share the same team of physical ESX Server ensures that frames are contained within the appro- adapters. For example, you can vary the active/standby status of priate VLAN on a virtual switch. It does so in the following ways: each adapter in the team across port groups to get both good • VLAN data is carried outside the frame as it passes through link aggregation and failover behavior. For more information on the virtual switch. Filtering is a simple integer comparison. teaming, see NIC Teaming on page 8. This is really just a special case of the general principle that Teaming state — which physical Ethernet adapters are actually the system should not trust user accessible data. transporting data — is maintained for each port group. • Virtual switches have no dynamic trunking support. Teaming state transitions are mostly transparent to virtual Dynamic trunking and native VLAN are features in which an Ethernet adapters. Virtual machines cannot tell when a failover attacker may find vulnerabilities that could open isolation has occurred or which physical adapter is carrying any given leaks. This is not to say that these features are inherently frame. When the transition removes or restores actual access insecure, but even if they are implemented securely, their to a physical network — that is, when the last link goes down complexity may lead to misconfiguration and open an attack or the first link comes up — the network visibility change is vector. apparent to guests. Uplinks are not required for a virtual switch to forward traffic VLaNs in VMware Infrastructure locally. Virtual Ethernet adapters on the same virtual switch can communicate with each other even if no uplinks are present. VLANs provide for logical groupings of stations or switch ports, If uplinks are present, they are not used for local communica- allowing communications as if all stations or ports were on tions within a virtual switch. the same physical LAN segment. Confining broadcast traffic to a subset of the switch ports or end users saves significant When VLANs are configured, ports must be on the same VLAN amounts of network bandwidth and processor time. in order to communicate with each other. The virtual switch does not allow traffic to pass from one VLAN to another. In order to support VLANs for VMware Infrastructure users, Communication between VLANs is treated the same as com- one of the elements on the virtual or physical network has to munication between virtual switches — it is not allowed. If you tag the Ethernet frames with 80.1Q tag, as shown in Figure do want communication between two VLANs or two virtual . There are three different configuration modes to tag (and switches, you must configure an external bridge or router to untag) the packets for virtual machine frames. forward the frames. • Virtual switch tagging (VST mode) — This is the most common configuration. In this mode, you provision one port Virtual Switch Correctness group on a virtual switch for each VLAN, then attach the Two correctness issues are particularly important. virtual machine’s virtual adapter to the port group instead of It is important to ensure that virtual machines or other nodes the virtual switch directly. The virtual switch port group tags on the network cannot affect the behavior of the virtual switch. all outbound frames and removes tags for all inbound frames. ESX Server guards against such influences in the following ways: It also ensures that frames on one VLAN do not leak into a dif- • Virtual switches do not learn from the network in order to ferent VLAN. populate their forwarding tables. This eliminates a likely vector Use of this mode requires that the physical switch provide a for denial of service or leakage attacks, either as a direct denial trunk. of service attempt or, more likely, as a side effect of some Original other attack, such as a worm or virus, as it scans for vulnerable Dest Src Len/Etype Data FCS Frame hosts to infect. • Virtual switches make private copies of any frame data used Dest Src Etype Tag Len/Etype Data FCS Tagged Frame to make forwarding or filtering decisions. This is a critical feature of the virtual switch and is unique to virtual switches. Pri VLAN - ID Figure 3 — Header of a packet tagged by an 802.1Q VLAN trunking driver. 7
VMware INFORMATION GUIDE • Virtual machine guest tagging (VGT mode) — You may install A given virtual machine cannot use more than one physical an 80.1Q VLAN trunking driver inside the virtual machine, Ethernet adapter at any given time unless it has multiple and tags will be preserved between the virtual machine virtual adapters. networking stack and external switch when frames are passed This setting places slightly less load on the ESX Server host from or to virtual switches. The format for the header of a than the MAC hash setting. packet tagged in this way is shown in Figure . Note: If you select either srcPortID or srcMAC hash, you should Use of this mode requires that the physical switch provide a not configure the physical switch ports as any type of team or trunk. bonded group. • External switch tagging (EST mode) — You may use external • Route based on source MAC hash — Choose an uplink switches for VLAN tagging. This is similar to a physical based on a hash of the source Ethernet MAC address. network, and VLAN configuration is normally transparent to When you use this setting, traffic from a given virtual Ethernet each individual physical server. adapter is consistently sent to the same physical adapter There is no need to provide a trunk in these environments. unless there is a failover to another adapter in the NIC team. For details on using VLANs with VMware Infrastructure, see the Replies are received on the same physical adapter as the white paper titled VMware ESX Server 80.1Q VLAN Solutions, physical switch learns the port association. available from the VMTN Web site (http://www.vmware.com/ This setting provides an even distribution of traffic if the vmtn/). number of virtual Ethernet adapters is greater than the number of physical adapters. NIC Teaming A given virtual machine cannot use more than one physical You can connect a single virtual switch to multiple physical Ethernet adapter at any given time unless it uses multiple Ethernet adapters using the VMware Infrastructure feature source MAC addresses for traffic it sends. called NIC teaming. A team can share the load of traffic between physical and virtual networks among some or all • Route based on IP hash — Choose an uplink based on of its members and provide passive failover in the event of a a hash of the source and destination IP addresses of each hardware failure or a network outage. You can set NIC teaming packet. (For non-IP packets, whatever is at those offsets is used policies at the port group level. to compute the hash.) Note: All physical switch ports in the same team must be in the Evenness of traffic distribution depends on the number of same Layer broadcast domain. TCP/IP sessions to unique destinations. There is no benefit for bulk transfer between a single pair of hosts. Load Balancing You can use link aggregation — grouping multiple physical Load balancing allows you to spread network traffic from virtual adapters to create a fast network pipe for a single virtual machines on a virtual switch across two or more physical adapter in a virtual machine. Ethernet adapters, giving higher throughput than a single physical adapter could provide. When you set NIC teaming When you configure the system to use link aggregation, policies, you have the following options for load balancing: packet reflections are prevented because aggregated ports do not retransmit broadcast or multicast traffic. • Route based on the originating virtual switch port ID — Choose an uplink based on the virtual port where the The physical switch sees the client MAC address on multiple traffic entered the virtual switch. This is the default configura- ports. There is no way to predict which physical Ethernet tion and the one most commonly deployed. adapter will receive inbound traffic. When you use this setting, traffic from a given virtual Ethernet All adapters in the NIC team must be attached to the same adapter is consistently sent to the same physical adapter physical switch or an appropriate set of stacked physical unless there is a failover to another adapter in the NIC team. switches. (Contact your switch vendor to find out whether 80.ad teaming is supported across multiple stacked chassis.) Replies are received on the same physical adapter as the That switch or set of stacked switches must be 80.ad-com- physical switch learns the port association. pliant and configured to use that link-aggregation standard in This setting provides an even distribution of traffic if the static mode (that is, with no LACP). All adapters must be active. number of virtual Ethernet adapters is greater than the You should make the setting on the virtual switch and ensure number of physical adapters. that it is inherited by all port groups within that virtual switch. 8
VMware INFORMATION GUIDE Failover Configurations second group as standby adapters for use in failover situations; When you configure network failover detection you specify and designate other adapters as unused, excluding them from which of the following methods to use for failover detection: NIC teaming. • Link Status only — Relies solely on the link status provided ESX Server by the network adapter. This detects failures, such as cable pulls and physical switch power failures, but it cannot detect Switch 1 configuration errors, such as a physical switch port being nic1 blocked by spanning tree or misconfigured to the wrong Switch 2 Switch 4 VLAN or cable pulls on the other side of a physical switch. VM Network vnic nic2 • Beacon Probing — Sends out and listens for beacon probes Virtual — Ethernet broadcast frames sent by physical adapters switch Switch 3 to detect upstream network connection failures — on all nic3 physical Ethernet adapters in the team, as shown in Figure . It uses this information, in addition to link status, to determine Virtual machine network tra c handled by nic1 link failure. This detects many of the failures mentioned above that are not detected by link status alone, however beacon ESX Server probing should not be used as a substitute for a robust Switch 1 redundant Layer network design. Beacon probing is most nic1 useful to detect failures in the closest switch to the ESX Server hosts, where the failure does not cause a link-down event for Switch 2 Switch 4 VM Network the host. vnic nic2 Virtual By default, NIC teaming applies a fail-back policy. That is, if a switch Switch 3 physical Ethernet adapter that had failed comes back online, nic3 the adapter is returned to active duty immediately, displacing the standby adapter that took over its slot. This policy is in effect when the Rolling Failover setting is No. Connection between switch 1 and switch 4 fails Each Ethernet adapter sends a beacon packet If the primary physical adapter is experiencing intermittent ESX Server failures, this setting can lead to frequent changes in the adapter in use. The physical switch thus sees frequent changes in Switch 1 MAC address, and the physical switch port may not accept nic1 traffic immediately when a particular adapter comes online. To Switch 2 Switch 4 minimize delays, disable the following on the physical switch: VM Network vnic nic2 • Spanning tree protocol (STP) — disable STP on physical Virtual switch Switch 3 network interfaces connected to the ESX Server host. For nic3 Cisco-based networks, enable port fast mode for access inter- faces or portfast trunk mode for trunk interfaces (saves about 0 seconds during initialization of the physical switch port). Beacons returned on nic2 and nic3, not returned on nic1 • Etherchannel negotiation, such as PAgP or LACP — must be ESX Server disabled because they are not supported. Switch 1 • Trunking negotiation (saves about four seconds). nic1 An alternative approach is to set Rolling Failover to Yes. With this setting, a failed adapter is left inactive even after recovery until Switch 2 Switch 4 VM Network another currently active adapter fails, requiring its replacement. vnic nic2 Virtual Using the Failover Order policy setting, you specify how to switch Switch 3 distribute the work load for the physical Ethernet adapters on nic3 the host. You can place some adapters in active use; designate a Data to network rerouted through nic3 Figure 4 — Using beacons to detect upstream network connection failures. 9
VMware INFORMATION GUIDE Using the Notify Switches policy setting, you determine how • MAC address change lockdown prevents virtual machines ESX Server communicates with the physical switch in the from changing their own unicast addresses. This also prevents event of a failover. If you select Yes, whenever a virtual Ethernet them from seeing unicast traffic to other nodes on the adapter is connected to the virtual switch or whenever that network, blocking a potential security vulnerability that is virtual Ethernet adapter’s traffic would be routed over a dif- similar to but narrower than promiscuous mode. ferent physical Ethernet adapter in the team due to a failover • Forged transmit blocking, when you enable it, prevents virtual event, a notification is sent out over the network to update the machines from sending traffic that appears to come from lookup tables on physical switches. In almost all cases, this is nodes on the network other than themselves desirable for the lowest latency when a failover occurs. Note: If you are using Microsoft Network Load Balancing in Managing the Virtual Network unicast mode, do not set Notify Switches to Yes. No such issue VMware VirtualCenter provides tools for building and maintain- exists with NLB running in multicast mode, the mode VMware ing your virtual network infrastructure, as shown in Figure . strongly recommends. You can use VirtualCenter to add, delete, and modify virtual Layer 2 Security Features switches and to configure port groups with VLANs and teaming. The virtual switch has the ability to enforce security policies to You can use the VirtualCenter roles feature to assign the prevent virtual machines from impersonating other nodes on permissions a network administrator needs to manage the the network. There are three components to this feature. virtual network. For a more detailed discussion, see the paper “Managing VMware VirtualCenter Roles and Permissions,” avail- • Promiscuous mode is disabled by default for all virtual able at http://www.vmware.com/vmtn/resources/826. machines. This prevents them from seeing unicast traffic to other nodes on the network. Figure 5 — Using VMware VirtualCenter to manage a virtual network. 10
VMware INFORMATION GUIDE appendix: Virtual Device Maximums The following table summarizes the maximum numbers of various virtual and physical networking devices that can be configured using VMware Infrastructure (accurate for ESX Server .0 and ESX Server .0.1). Device Maximum Number Virtual Ethernet adapters per virtual machine Virtual switch ports per host 096 Virtual switch ports per switch 1016 Virtual switches per host 8 Uplinks per virtual switch Uplinks per host Virtual switch port groups per host 1 Physical e1000 Ethernet adapters (maximum tested) per host Physical Broadcom Ethernet adapters 0 (maximum tested) per host Physical e100 Ethernet adapters per 6 (maximum tested) host 11
Revision: 20070718 Item: IN-018-INF-01-01 VMware, Inc. 3401 Hillview Ave. Palo Alto CA 94304 USA Tel 650-475-5000 Fax 650-475-5001 www.vmware.com © 2007 VMware, Inc. All rights reserved. Protected by one or more of U.S. Patent Nos. 6,397,242, 6,496,847, 6,704,925, 6,711,672, 6,725,289, 6,735,601, 6,785,886, 6,789,156, 6,795,966, 6,880,022, 6,961,941, 6,961,806, 6,944,699, 7,069,413; 7,082,598, 7,089,377, 7,111,086, 7,111,145, 7,117,481, 7,149, 843, 7,155,558, and 7,222,221; patents pending. VMware, the VMware “boxes” logo and design, Virtual SMP and VMotion are registered trademarks or trademarks of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

Recomendados

Vmware
VmwareVmware
VmwareMajid Khan
 
The Architecture Of V Mware Es Xi
The Architecture Of V Mware Es XiThe Architecture Of V Mware Es Xi
The Architecture Of V Mware Es XiRishi Sharma
 
Virtualization Questions
Virtualization QuestionsVirtualization Questions
Virtualization QuestionsTrupti Jethva
 
30 important-virtualization-vmware-interview-questions-with-answers
30 important-virtualization-vmware-interview-questions-with-answers30 important-virtualization-vmware-interview-questions-with-answers
30 important-virtualization-vmware-interview-questions-with-answersLatif Siddiqui
 
Virtualization
VirtualizationVirtualization
VirtualizationSrisailam Reddy Kanapuram
 
Keynote Speech: Xen ARM Virtualization
Keynote Speech: Xen ARM VirtualizationKeynote Speech: Xen ARM Virtualization
Keynote Speech: Xen ARM VirtualizationThe Linux Foundation
 
Virtualization using VMWare Workstation
Virtualization using VMWare WorkstationVirtualization using VMWare Workstation
Virtualization using VMWare WorkstationHitesh Gupta
 
Transitioning to vmWare ESXi
Transitioning to vmWare ESXiTransitioning to vmWare ESXi
Transitioning to vmWare ESXiJose Antonio Chavez Verdin
 

Recomendados

Vmware
VmwareVmware
VmwareMajid Khan
 
The Architecture Of V Mware Es Xi
The Architecture Of V Mware Es XiThe Architecture Of V Mware Es Xi
The Architecture Of V Mware Es XiRishi Sharma
 
Virtualization Questions
Virtualization QuestionsVirtualization Questions
Virtualization QuestionsTrupti Jethva
 
30 important-virtualization-vmware-interview-questions-with-answers
30 important-virtualization-vmware-interview-questions-with-answers30 important-virtualization-vmware-interview-questions-with-answers
30 important-virtualization-vmware-interview-questions-with-answersLatif Siddiqui
 
Virtualization
VirtualizationVirtualization
VirtualizationSrisailam Reddy Kanapuram
 
Keynote Speech: Xen ARM Virtualization
Keynote Speech: Xen ARM VirtualizationKeynote Speech: Xen ARM Virtualization
Keynote Speech: Xen ARM VirtualizationThe Linux Foundation
 
Virtualization using VMWare Workstation
Virtualization using VMWare WorkstationVirtualization using VMWare Workstation
Virtualization using VMWare WorkstationHitesh Gupta
 
Transitioning to vmWare ESXi
Transitioning to vmWare ESXiTransitioning to vmWare ESXi
Transitioning to vmWare ESXiJose Antonio Chavez Verdin
 
Linux On V Mware ESXi
Linux On V Mware ESXiLinux On V Mware ESXi
Linux On V Mware ESXiMasafumi Ohta
 
Esx Server 3i Presentation[1]
Esx Server 3i Presentation[1]Esx Server 3i Presentation[1]
Esx Server 3i Presentation[1]Rishi Sharma
 
Ws 2012 feature comparison hyper v
Ws 2012 feature comparison hyper vWs 2012 feature comparison hyper v
Ws 2012 feature comparison hyper vRamakrishnan M
 
Introduction to VMware Infrastructure
Introduction to VMware Infrastructure Introduction to VMware Infrastructure
Introduction to VMware Infrastructure aktivfinger
 
Infraestructure WMWARE
Infraestructure WMWAREInfraestructure WMWARE
Infraestructure WMWAREaktivfinger
 
Getting Started with ESXServer3iEmbedded
Getting Started with ESXServer3iEmbedded Getting Started with ESXServer3iEmbedded
Getting Started with ESXServer3iEmbedded aktivfinger
 
Paravirtualization
ParavirtualizationParavirtualization
ParavirtualizationShahbaz Sidhu
 
Intro to virtualization
Intro to virtualizationIntro to virtualization
Intro to virtualizationKalpna Saharan
 
VMware vSphere5.1 Training
VMware vSphere5.1 TrainingVMware vSphere5.1 Training
VMware vSphere5.1 Training零壹科技股份有限公司
 
Linux Foundation Collaboration Summit 13 :10 years of Xen and Beyond
Linux Foundation Collaboration Summit 13 :10 years of Xen and BeyondLinux Foundation Collaboration Summit 13 :10 years of Xen and Beyond
Linux Foundation Collaboration Summit 13 :10 years of Xen and BeyondThe Linux Foundation
 
Scale11x : Virtualization with Xen and XCP
Scale11x : Virtualization with Xen and XCPScale11x : Virtualization with Xen and XCP
Scale11x : Virtualization with Xen and XCPLars Kurth
 
Ready for cloud computing with hyper v
Ready for cloud computing with hyper vReady for cloud computing with hyper v
Ready for cloud computing with hyper vAndik Susilo
 
20120207 Que hay de nuevo en windows azure?
20120207 Que hay de nuevo en windows azure?20120207 Que hay de nuevo en windows azure?
20120207 Que hay de nuevo en windows azure?Ricardo González
 
666 670
666 670666 670
666 670Editor IJARCET
 
V Mware Workstation 6 Ivnua
V Mware Workstation 6 IvnuaV Mware Workstation 6 Ivnua
V Mware Workstation 6 Ivnua-
 
LinuxCon NA 2012: Virtualization in the cloud featuring xen
LinuxCon NA 2012: Virtualization in the cloud featuring xenLinuxCon NA 2012: Virtualization in the cloud featuring xen
LinuxCon NA 2012: Virtualization in the cloud featuring xenThe Linux Foundation
 
VMware vSphere
VMware vSphereVMware vSphere
VMware vSphere零壹科技股份有限公司
 
POWER VM with IBM i and live partition mobility
POWER VM with IBM i and live partition mobilityPOWER VM with IBM i and live partition mobility
POWER VM with IBM i and live partition mobilityCOMMON Europe
 
IBM PowerVM Virtualization Introduction and Configuration
IBM PowerVM Virtualization Introduction and ConfigurationIBM PowerVM Virtualization Introduction and Configuration
IBM PowerVM Virtualization Introduction and ConfigurationIBM India Smarter Computing
 
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake Edlund
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake EdlundSession 58 :: Cloud computing, virtualisation and the future Speaker: Ake Edlund
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake EdlundISSGC Summer School
 
Server And Hardware Virtualization_Aakash1.1
Server And Hardware Virtualization_Aakash1.1Server And Hardware Virtualization_Aakash1.1
Server And Hardware Virtualization_Aakash1.1Aakash Agarwal
 
Ccmigration 09186a00807a15d0
Ccmigration 09186a00807a15d0Ccmigration 09186a00807a15d0
Ccmigration 09186a00807a15d0j_papanna
 

Mais conteúdo relacionado

Mais procurados

Linux On V Mware ESXi
Linux On V Mware ESXiLinux On V Mware ESXi
Linux On V Mware ESXiMasafumi Ohta
 
Esx Server 3i Presentation[1]
Esx Server 3i Presentation[1]Esx Server 3i Presentation[1]
Esx Server 3i Presentation[1]Rishi Sharma
 
Ws 2012 feature comparison hyper v
Ws 2012 feature comparison hyper vWs 2012 feature comparison hyper v
Ws 2012 feature comparison hyper vRamakrishnan M
 
Introduction to VMware Infrastructure
Introduction to VMware Infrastructure Introduction to VMware Infrastructure
Introduction to VMware Infrastructure aktivfinger
 
Infraestructure WMWARE
Infraestructure WMWAREInfraestructure WMWARE
Infraestructure WMWAREaktivfinger
 
Getting Started with ESXServer3iEmbedded
Getting Started with ESXServer3iEmbedded Getting Started with ESXServer3iEmbedded
Getting Started with ESXServer3iEmbedded aktivfinger
 
Intro to virtualization
Intro to virtualizationIntro to virtualization
Intro to virtualizationKalpna Saharan
 
Linux Foundation Collaboration Summit 13 :10 years of Xen and Beyond
Linux Foundation Collaboration Summit 13 :10 years of Xen and BeyondLinux Foundation Collaboration Summit 13 :10 years of Xen and Beyond
Linux Foundation Collaboration Summit 13 :10 years of Xen and BeyondThe Linux Foundation
 
Scale11x : Virtualization with Xen and XCP
Scale11x : Virtualization with Xen and XCPScale11x : Virtualization with Xen and XCP
Scale11x : Virtualization with Xen and XCPLars Kurth
 
Ready for cloud computing with hyper v
Ready for cloud computing with hyper vReady for cloud computing with hyper v
Ready for cloud computing with hyper vAndik Susilo
 
20120207 Que hay de nuevo en windows azure?
20120207 Que hay de nuevo en windows azure?20120207 Que hay de nuevo en windows azure?
20120207 Que hay de nuevo en windows azure?Ricardo González
 
V Mware Workstation 6 Ivnua
V Mware Workstation 6 IvnuaV Mware Workstation 6 Ivnua
V Mware Workstation 6 Ivnua-
 
LinuxCon NA 2012: Virtualization in the cloud featuring xen
LinuxCon NA 2012: Virtualization in the cloud featuring xenLinuxCon NA 2012: Virtualization in the cloud featuring xen
LinuxCon NA 2012: Virtualization in the cloud featuring xenThe Linux Foundation
 
POWER VM with IBM i and live partition mobility
POWER VM with IBM i and live partition mobilityPOWER VM with IBM i and live partition mobility
POWER VM with IBM i and live partition mobilityCOMMON Europe
 
IBM PowerVM Virtualization Introduction and Configuration
IBM PowerVM Virtualization Introduction and ConfigurationIBM PowerVM Virtualization Introduction and Configuration
IBM PowerVM Virtualization Introduction and ConfigurationIBM India Smarter Computing
 
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake Edlund
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake EdlundSession 58 :: Cloud computing, virtualisation and the future Speaker: Ake Edlund
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake EdlundISSGC Summer School
 

Mais procurados (20)

Linux On V Mware ESXi
Linux On V Mware ESXiLinux On V Mware ESXi
Linux On V Mware ESXi
 
Esx Server 3i Presentation[1]
Esx Server 3i Presentation[1]Esx Server 3i Presentation[1]
Esx Server 3i Presentation[1]
 
Ws 2012 feature comparison hyper v
Ws 2012 feature comparison hyper vWs 2012 feature comparison hyper v
Ws 2012 feature comparison hyper v
 
Introduction to VMware Infrastructure
Introduction to VMware Infrastructure Introduction to VMware Infrastructure
Introduction to VMware Infrastructure
 
Infraestructure WMWARE
Infraestructure WMWAREInfraestructure WMWARE
Infraestructure WMWARE
 
Getting Started with ESXServer3iEmbedded
Getting Started with ESXServer3iEmbedded Getting Started with ESXServer3iEmbedded
Getting Started with ESXServer3iEmbedded
 
Paravirtualization
ParavirtualizationParavirtualization
Paravirtualization
 
Intro to virtualization
Intro to virtualizationIntro to virtualization
Intro to virtualization
 
VMware vSphere5.1 Training
VMware vSphere5.1 TrainingVMware vSphere5.1 Training
VMware vSphere5.1 Training
 
Linux Foundation Collaboration Summit 13 :10 years of Xen and Beyond
Linux Foundation Collaboration Summit 13 :10 years of Xen and BeyondLinux Foundation Collaboration Summit 13 :10 years of Xen and Beyond
Linux Foundation Collaboration Summit 13 :10 years of Xen and Beyond
 
Scale11x : Virtualization with Xen and XCP
Scale11x : Virtualization with Xen and XCPScale11x : Virtualization with Xen and XCP
Scale11x : Virtualization with Xen and XCP
 
Ready for cloud computing with hyper v
Ready for cloud computing with hyper vReady for cloud computing with hyper v
Ready for cloud computing with hyper v
 
20120207 Que hay de nuevo en windows azure?
20120207 Que hay de nuevo en windows azure?20120207 Que hay de nuevo en windows azure?
20120207 Que hay de nuevo en windows azure?
 
666 670
666 670666 670
666 670
 
V Mware Workstation 6 Ivnua
V Mware Workstation 6 IvnuaV Mware Workstation 6 Ivnua
V Mware Workstation 6 Ivnua
 
LinuxCon NA 2012: Virtualization in the cloud featuring xen
LinuxCon NA 2012: Virtualization in the cloud featuring xenLinuxCon NA 2012: Virtualization in the cloud featuring xen
LinuxCon NA 2012: Virtualization in the cloud featuring xen
 
VMware vSphere
VMware vSphereVMware vSphere
VMware vSphere
 
POWER VM with IBM i and live partition mobility
POWER VM with IBM i and live partition mobilityPOWER VM with IBM i and live partition mobility
POWER VM with IBM i and live partition mobility
 
IBM PowerVM Virtualization Introduction and Configuration
IBM PowerVM Virtualization Introduction and ConfigurationIBM PowerVM Virtualization Introduction and Configuration
IBM PowerVM Virtualization Introduction and Configuration
 
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake Edlund
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake EdlundSession 58 :: Cloud computing, virtualisation and the future Speaker: Ake Edlund
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake Edlund
 

Semelhante a Virtual networking concepts

Server And Hardware Virtualization_Aakash1.1
Server And Hardware Virtualization_Aakash1.1Server And Hardware Virtualization_Aakash1.1
Server And Hardware Virtualization_Aakash1.1Aakash Agarwal
 
Ccmigration 09186a00807a15d0
Ccmigration 09186a00807a15d0Ccmigration 09186a00807a15d0
Ccmigration 09186a00807a15d0j_papanna
 
Mid term report
Mid term reportMid term report
Mid term reportlokesh039
 
VMware Esx Short Presentation
VMware Esx Short PresentationVMware Esx Short Presentation
VMware Esx Short PresentationBarcamp Cork
 
Tk2273 -teknologi_virtualisasi Cloud Computing
Tk2273 -teknologi_virtualisasi Cloud ComputingTk2273 -teknologi_virtualisasi Cloud Computing
Tk2273 -teknologi_virtualisasi Cloud ComputingSyarif Maula
 
What is Virtualization
What is VirtualizationWhat is Virtualization
What is VirtualizationIsrael Marcus
 
VMready Virtual Machine-aware Networking for HP
VMready Virtual Machine-aware Networking for HPVMready Virtual Machine-aware Networking for HP
VMready Virtual Machine-aware Networking for HPIBM System Networking
 
Esx configuration guide
Esx configuration guideEsx configuration guide
Esx configuration guideNaga Raju N
 
Virtualization VMWare technology
Virtualization VMWare technologyVirtualization VMWare technology
Virtualization VMWare technologysanjoysanyal
 
Vsphere 4-partner-training180
Vsphere 4-partner-training180Vsphere 4-partner-training180
Vsphere 4-partner-training180Suresh Kumar
 
vmwarevspheretechnicalpresentation-100822072122-phpapp01.pdf
vmwarevspheretechnicalpresentation-100822072122-phpapp01.pdfvmwarevspheretechnicalpresentation-100822072122-phpapp01.pdf
vmwarevspheretechnicalpresentation-100822072122-phpapp01.pdfsamarth97
 
VMware vSphere technical presentation
VMware vSphere technical presentationVMware vSphere technical presentation
VMware vSphere technical presentationaleyeldean
 
Virtualization technology and an application of building vm ware
Virtualization technology and an application of building vm wareVirtualization technology and an application of building vm ware
Virtualization technology and an application of building vm wareYeditepe University
 
Virtualisation with v mware
Virtualisation with v mwareVirtualisation with v mware
Virtualisation with v mwaresagaroceanic11
 
VMware Interview questions and answers
VMware Interview questions and answersVMware Interview questions and answers
VMware Interview questions and answersvivaankumar
 
Vmwareinterviewqa 100927111554-phpapp01
Vmwareinterviewqa 100927111554-phpapp01Vmwareinterviewqa 100927111554-phpapp01
Vmwareinterviewqa 100927111554-phpapp01Manoj Kumar S
 

Semelhante a Virtual networking concepts (20)

Server And Hardware Virtualization_Aakash1.1
Server And Hardware Virtualization_Aakash1.1Server And Hardware Virtualization_Aakash1.1
Server And Hardware Virtualization_Aakash1.1
 
Ccmigration 09186a00807a15d0
Ccmigration 09186a00807a15d0Ccmigration 09186a00807a15d0
Ccmigration 09186a00807a15d0
 
Mid term report
Mid term reportMid term report
Mid term report
 
VMware Esx Short Presentation
VMware Esx Short PresentationVMware Esx Short Presentation
VMware Esx Short Presentation
 
Tk2273 -teknologi_virtualisasi Cloud Computing
Tk2273 -teknologi_virtualisasi Cloud ComputingTk2273 -teknologi_virtualisasi Cloud Computing
Tk2273 -teknologi_virtualisasi Cloud Computing
 
What is a virtual tap?
What is a virtual tap?What is a virtual tap?
What is a virtual tap?
 
Virtualization
VirtualizationVirtualization
Virtualization
 
What is Virtualization
What is VirtualizationWhat is Virtualization
What is Virtualization
 
VMready Virtual Machine-aware Networking for HP
VMready Virtual Machine-aware Networking for HPVMready Virtual Machine-aware Networking for HP
VMready Virtual Machine-aware Networking for HP
 
Esx configuration guide
Esx configuration guideEsx configuration guide
Esx configuration guide
 
Virtualization VMWare technology
Virtualization VMWare technologyVirtualization VMWare technology
Virtualization VMWare technology
 
Vsphere 4-partner-training180
Vsphere 4-partner-training180Vsphere 4-partner-training180
Vsphere 4-partner-training180
 
vmwarevspheretechnicalpresentation-100822072122-phpapp01.pdf
vmwarevspheretechnicalpresentation-100822072122-phpapp01.pdfvmwarevspheretechnicalpresentation-100822072122-phpapp01.pdf
vmwarevspheretechnicalpresentation-100822072122-phpapp01.pdf
 
VMware vSphere technical presentation
VMware vSphere technical presentationVMware vSphere technical presentation
VMware vSphere technical presentation
 
Cloud Technology: Virtualization
Cloud Technology: VirtualizationCloud Technology: Virtualization
Cloud Technology: Virtualization
 
Virtualization technology and an application of building vm ware
Virtualization technology and an application of building vm wareVirtualization technology and an application of building vm ware
Virtualization technology and an application of building vm ware
 
Virtualisation with v mware
Virtualisation with v mwareVirtualisation with v mware
Virtualisation with v mware
 
NFV
NFVNFV
NFV
 
VMware Interview questions and answers
VMware Interview questions and answersVMware Interview questions and answers
VMware Interview questions and answers
 
Vmwareinterviewqa 100927111554-phpapp01
Vmwareinterviewqa 100927111554-phpapp01Vmwareinterviewqa 100927111554-phpapp01
Vmwareinterviewqa 100927111554-phpapp01
 

Último

Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxnelietumpap1
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxMaryGraceBautista27
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 

Último (20)

Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptx
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptx
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 

Virtual networking concepts

  • 1. INFORMATION GUIDE VMware Virtual Networking Concepts
  • 2. VMware INFORMATION GUIDE Table of Contents Introduction ............................................................................................................ 3 eSX Server Networking Components ..................................................................... 3 How Virtual ethernet adapters work ..................................................................... 4 How Virtual Switches work ..................................................................................... 4 a Virtual Switch is Similar to a Physical Switch ................................................. 4 a Virtual Switch is Different from a Physical Switch .......................................... 5 Spanning Tree Protocol Not Needed .................................................................. 5 Virtual Switch Isolation ...................................................................................... 5 Virtual Ports ........................................................................................................ 5 Uplink Ports ........................................................................................................ 6 Port Groups ......................................................................................................... 6 Uplinks ................................................................................................................ 6 Virtual Switch Correctness ................................................................................. 7 VLaNs in VMware Infrastructure ............................................................................ 7 NIC Teaming ............................................................................................................ 8 Load Balancing ................................................................................................... 8 Failover Configurations ...................................................................................... 9 Layer 2 Security Features ....................................................................................... 10 Managing the Virtual Network ............................................................................... 10 appendix: Virtual Device Maximums ..................................................................... 11
  • 3. VMware INFORMATION GUIDE VMware Virtual Networking Concepts Introduction In addition, virtual networks enable functionality not possible with physical networks today. VMware Infrastructure provides a rich set of networking capabilities that integrate well with sophisticated enterprise This guide is for VMware Infrastructure users who want a networks. These networking capabilities are provided by clearer understanding of the basic design of the networking VMware ESX Server and managed by VMware VirtualCenter. capabilities in VMware Infrastructure and how that design affects deployment in the datacenter. With virtual networking, you can network virtual machines in the same way that you do physical machines and can build complex networks within a single ESX Server host or across VMware Infrastructure Networking multiple ESX Server hosts, for production deployments or devel- Components opment and testing purposes. The VMware Infrastructure networking stack uses a modular Virtual switches allow virtual machines on the same ESX Server design for maximum flexibility. host to communicate with each other using the same protocols The key virtual networking components provided by Virtual that would be used over physical switches, without the need Infrastructure are virtual Ethernet adapters, used by individual for additional networking hardware. ESX Server virtual switches virtual machines, and virtual switches, which connect virtual also support VLANs that are compatible with standard VLAN machines to each other and connect both virtual machines and implementations from other vendors. the ESX Server service console to external networks, as shown A virtual machine can be configured with one or more virtual in Figure 1. Ethernet adapters, each of which each has its own IP address The sections that follow provide more detail about each of and MAC address. As a result, virtual machines have the same these components. properties as physical machines from a networking standpoint. VM0 VM1 VM2 VM3 App App App App Service OS OS OS OS console Virtual Ethernet adapters ESX Server 3 virtual switches Physical Ethernet adapters Production Production Management LAN LAN LAN Figure 1 — Virtual switches in ESX Server 3 connect virtual machines and the service console to each other and to external networks.
  • 4. VMware INFORMATION GUIDE How Virtual ethernet adapters work How Virtual Switches work In discussions of VMware Infrastructure , you may see refer- Virtual switches are the key networking components in VMware ences to as many as five different virtual network adapters. Infrastructure . You can create up to 8 virtual switches on Three of those are virtual Ethernet adapters used by virtual each ESX Server host. machines. In most cases, a virtual machine uses only one of the A virtual switch is “built to order” at run time from a collection of three types of virtual adapters. The three types of adapters avail- small functional units. Some of the key functional units are: able for virtual machines are: • The core Layer forwarding engine. • vmxnet — a paravirtualized device that works only if VMware This is a key part of the system (for both performance and Tools is installed in the guest operating system. A paravirtual- correctness), and in Virtual Infrastructure it is simplified so ized device is one designed with specific awareness that it it only processes Layer Ethernet headers. It is completely is running in a virtualized environment. The vmxnet adapter independent of other implementation details, such as differ- is designed for high performance. In most cases, when you ences in physical Ethernet adapters and emulation differences select the flexible network adapter, this is the adapter used in virtual Ethernet adapters. after VMware Tools is installed in the guest operating system. • VLAN tagging, stripping, and filtering units. • vlance — a virtual device that provides strict emulation of the AMD Lance PCNet Ethernet adapter. It is compatible with • Layer security, checksum, and segmentation offload units. most -bit guest operating systems. This adapter is used This modular approach has become a basic principle to be when you select the flexible network adapter but VMware followed in future development, as well. Tools is not installed in the guest operating system. When the virtual switch is built at run time, ESX Server loads • e1000 — a virtual device that provides strict emulation of only those components it needs. It installs and runs only what the Intel E1000 Ethernet adapter. This is the virtual Ethernet is actually needed to support the specific physical and virtual adapter used in 6-bit virtual machines. It is also available in Ethernet adapter types used in the configuration. This means -bit virtual machines. the system pays the lowest possible cost in complexity and The other virtual network adapters are: demands on system performance. • vswif — a paravirtualized device similar to vmxnet that is The design of ESX Server supports temporarily loading certain used only by the ESX Server service console. components in the field — a capability that could be used, for example, for running appropriately designed diagnostic utilities. • vmknic — a virtual device in the VMkernel, the software layer that manages most of the physical resources on the An additional benefit of the modular design is that VMware ESX Server host. The vmknic is used by the TCP/IP stack that and third-party developers can easily incorporate modules to services VMotion, NFS and software iSCSI clients that run at enhance the system in the future. the VMkernel level, and remote console traffic. In many ways, the ESX Server virtual switches are similar to All five of the virtual network devices share the following char- physical switches. In some notable ways, they are different. acteristics: Understanding these similarities and differences will help you plan the configuration of your virtual network and its connec- • They have their own MAC addresses and unicast/multicast/ tions to your physical network. broadcast filters. • They are strictly Layer Ethernet adapter devices. A Virtual Switch Is Similar to a Physical Switch A virtual switch, as implemented in ESX Server , works in much Note: The speed and duplex settings found in physical the same way as a modern Ethernet switch. networking are not relevant in the virtual network, because It maintains a MAC:port forwarding table and performs the fol- all the data transfer takes place in the host system’s RAM, lowing functions: nearly instantaneously and without the possibility of colli- sions or other signaling-related errors. • Looks up each frame’s destination MAC when it arrives. • Forwards a frame to one or more ports for transmission. • Avoids unnecessary deliveries (in other words, it is not a hub).
  • 5. VMware INFORMATION GUIDE An ESX Server virtual switch supports VLAN segmentation at • Because there is no need to cascade virtual switches, Virtual the port level. This means each port can be configured in either Infrastructure provides no capability to connect virtual of the following ways: switches. • With access to a single VLAN, making it what's called an • Because there is no way to connect virtual switches, there is access port in the world of physical switches, or in ESX Server no need to prevent bad virtual switch connections. terminology, using virtual switch tagging. • Because virtual switches cannot share physical Ethernet • With access to multiple VLANs, leaving tags intact, making it adapters, there is no way to fool the Ethernet adapter into what's called a trunk port in the world of physical switches, or doing loopback or some similar configuration that would in ESX Server terminology, using virtual guest tagging. cause a leak between virtual switches. For more information on these options, see the section VLANs In addition, each virtual switch has its own forwarding table, in VMware Infrastructure on page 7. and there is no mechanism to allow an entry in one table to An ESX Server virtual switch supports copying packets to a point to a port on another virtual switch. In other words, every mirror port. By using what is called promiscuous mode, ESX destination the switch looks up can match only ports on the Server makes a virtual switch port act as a SPAN port or mirror same virtual switch as the port where the frame originated, port. This capability makes it possible to debug using a sniffer or even if other virtual switches’ lookup tables contain entries for to run monitoring applications such as IDS. that address. In addition, an administrator can manage many configuration It is unlikely that a would-be attacker could circumvent virtual options for the switch as a whole and for individual ports using switch isolation because it would be possible only if there were the Virtual Infrastructure Client. a substantial unknown security flaw in the vmkernel. Because ESX Server parses so little of the frame data — primarily just the A Virtual Switch Is Different from a Physical Switch Ethernet header — this would be difficult, and once an attacker had such access, richer targets than breaking virtual switch iso- ESX Server provides a direct channel from virtual Ethernet lation are readily available. adapters for such configuration information as authorita- tive MAC filter updates. So there is no need to learn unicast There are natural limits to this isolation. If you connect the addresses or perform IGMP snooping to learn multicast group uplinks of two virtual switches together, or if you bridge two membership. virtual switches with software running in a virtual machine, you open the door to the same kinds of problems you might see in Ports on the virtual switch may automatically enter mirror physical switches. mode when the virtual Ethernet adapter's promiscuous bit is set — if virtual switch and port group policies allow. Virtual Ports Spanning Tree Protocol Not Needed The ports on a virtual switch provide logical connection points VMware Infrastructure enforces a single-tier networking among virtual devices and between virtual and physical topology. In other words, there is no way to interconnect devices. You can think of them as virtual RJ- connectors. Each multiple virtual switches, thus the network cannot be config- virtual switch can have up to 1,016 virtual ports, with a limit of ured to introduce loops. As a result, Spanning Tree Protocol ,096 ports on all virtual switches on a host. (STP) is not needed and is not present. The virtual ports in ESX Server provide a rich control channel for communication with the virtual Ethernet adapters attached to Note: It is actually possible, with some effort, to introduce them. ESX Server virtual ports: a loop with virtual switches. However, to do so, you must • Know authoritatively what the configured receive filters are run Layer bridging software in a guest with two virtual for virtual Ethernet adapters attached to them. This means no Ethernet adapters connected to the same subnet. This MAC learning is required to populate forwarding tables. would be difficult to do accidentally, and there is no reason to do so in typical configurations. • Unlike physical switches, know authoritatively the “hard” configuration of the virtual Ethernet adapters attached to Virtual Switch Isolation them. This capability makes it possible to set such policies as Network traffic cannot flow directly from one virtual switch to “guest can’t change MAC address,” because the virtual switch another virtual switch within the same host. Virtual switches port can essentially know for sure what is “burned into ROM” provide all the ports you need in one switch, leading to the fol- (actually, stored in the configuration file, outside control of lowing benefits: the guest operating system).
  • 6. VMware INFORMATION GUIDE Uplink Ports Port groups are important particularly for VMotion. To under- Uplink ports are ports associated with physical adapters, provid- stand why, consider what happens as virtual machines migrate ing a connection between a virtual network and a physical to new hosts using VMotion. network. Physical adapters connect to uplink ports when they Port groups make it possible to specify that a given virtual are initialized by a device driver or when the teaming policies machine should have a particular type of connectivity on every for virtual switches are reconfigured. host on which it might run. Some virtual switches should not connect to a physical network Port groups are user-named objects that contain enough config- and thus have no uplink port, as shown in Figure . This is the uration information to provide persistent and consistent network case, for example, for a virtual switch that provides connections access for virtual Ethernet adapters: between a firewall virtual machine and the virtual machines • Virtual switch name protected by the firewall. • VLAN IDs and policies for tagging and filtering Virtual Ethernet adapters connect to virtual ports when you power on the virtual machine on which the adapters are con- • Teaming policy figured, when you take an explicit action to connect the device, • Layer security options or when you migrate a virtual machine using VMotion. • Traffic shaping parameters A virtual Ethernet adapter updates the virtual switch port with In short, port group definitions capture all the settings for a MAC filtering information when it is initialized and whenever it switch port. Then, when you want to connect a virtual machine changes. to a particular kind of port, you simply specify the name of a A virtual port may ignore any requests from the virtual Ethernet port group with an appropriate definition. adapter that would violate the Layer security policy in effect Port groups may specify different host-level parameters on dif- for the port. For example, if MAC spoofing is blocked, the port ferent hosts — teaming configurations, for example. But the key drops any packets that violate this rule. element is that the result is a consistent view of the network for Port Groups a virtual machine connected to that port group, whichever host As important as they are in VMware Infrastructure virtual net- is running it. working, port groups do not correspond exactly to features Note: Port groups do not necessarily correspond one-to-one to commonly found in physical networks. The closest counterpart VLAN groups. It is possible, and even reasonable, to assign the is the SmartPort feature offered in some Cisco switches. You can same VLAN ID to multiple port groups. This would be useful think of port groups as templates for creating virtual ports with if, for example, you wanted to give different groups of virtual particular sets of specifications. You can create a maximum of machines different physical Ethernet adapters in a NIC team for 1 port groups on a single host. active use and for standby use, while all the adapters are on the same VLAN. VM1 VM2 Uplinks App App Physical Ethernet adapters serve as bridges between virtual and physical networks. In VMware Infrastructure, they are called OS OS uplinks, and the virtual ports connected to them are called uplink ports. A single host may have a maximum of uplinks, vnic0 vnic1 which may be on one switch or distributed among a number of switches. In order for a virtual switch to provide access to more than Virtual one VLAN, the physical switch ports to which its uplinks are switches connected must be in trunking mode. It is important to prune the VLANs, keeping only those that are required for the virtual switch. Failure to do so can cause unnecessary overhead on the ESX Server host because it must process broadcast traffic for all VLANs trunked to it. Figure 2 — Virtual switches in ESX Server 3 can be configured with uplink ports You should prune VLANs at the physical switch level, but or with no uplink port. pruning at the physical switch cannot be quite as aggressive as pruning at the uplink because the virtual switch knows which 6
  • 7. VMware INFORMATION GUIDE virtual machines are actually powered on. As a result, the virtual The virtual switch does not copy the entire frame, because switch may be able to prune VLANs that are needed but are not that would be inefficient, but ESX Server must make sure that in use at the time you are pruning. the guest operating system does not have access to any sen- You can specify different teaming behavior for different groups sitive data once the frame is passed on to the virtual switch. of virtual machines that share the same team of physical ESX Server ensures that frames are contained within the appro- adapters. For example, you can vary the active/standby status of priate VLAN on a virtual switch. It does so in the following ways: each adapter in the team across port groups to get both good • VLAN data is carried outside the frame as it passes through link aggregation and failover behavior. For more information on the virtual switch. Filtering is a simple integer comparison. teaming, see NIC Teaming on page 8. This is really just a special case of the general principle that Teaming state — which physical Ethernet adapters are actually the system should not trust user accessible data. transporting data — is maintained for each port group. • Virtual switches have no dynamic trunking support. Teaming state transitions are mostly transparent to virtual Dynamic trunking and native VLAN are features in which an Ethernet adapters. Virtual machines cannot tell when a failover attacker may find vulnerabilities that could open isolation has occurred or which physical adapter is carrying any given leaks. This is not to say that these features are inherently frame. When the transition removes or restores actual access insecure, but even if they are implemented securely, their to a physical network — that is, when the last link goes down complexity may lead to misconfiguration and open an attack or the first link comes up — the network visibility change is vector. apparent to guests. Uplinks are not required for a virtual switch to forward traffic VLaNs in VMware Infrastructure locally. Virtual Ethernet adapters on the same virtual switch can communicate with each other even if no uplinks are present. VLANs provide for logical groupings of stations or switch ports, If uplinks are present, they are not used for local communica- allowing communications as if all stations or ports were on tions within a virtual switch. the same physical LAN segment. Confining broadcast traffic to a subset of the switch ports or end users saves significant When VLANs are configured, ports must be on the same VLAN amounts of network bandwidth and processor time. in order to communicate with each other. The virtual switch does not allow traffic to pass from one VLAN to another. In order to support VLANs for VMware Infrastructure users, Communication between VLANs is treated the same as com- one of the elements on the virtual or physical network has to munication between virtual switches — it is not allowed. If you tag the Ethernet frames with 80.1Q tag, as shown in Figure do want communication between two VLANs or two virtual . There are three different configuration modes to tag (and switches, you must configure an external bridge or router to untag) the packets for virtual machine frames. forward the frames. • Virtual switch tagging (VST mode) — This is the most common configuration. In this mode, you provision one port Virtual Switch Correctness group on a virtual switch for each VLAN, then attach the Two correctness issues are particularly important. virtual machine’s virtual adapter to the port group instead of It is important to ensure that virtual machines or other nodes the virtual switch directly. The virtual switch port group tags on the network cannot affect the behavior of the virtual switch. all outbound frames and removes tags for all inbound frames. ESX Server guards against such influences in the following ways: It also ensures that frames on one VLAN do not leak into a dif- • Virtual switches do not learn from the network in order to ferent VLAN. populate their forwarding tables. This eliminates a likely vector Use of this mode requires that the physical switch provide a for denial of service or leakage attacks, either as a direct denial trunk. of service attempt or, more likely, as a side effect of some Original other attack, such as a worm or virus, as it scans for vulnerable Dest Src Len/Etype Data FCS Frame hosts to infect. • Virtual switches make private copies of any frame data used Dest Src Etype Tag Len/Etype Data FCS Tagged Frame to make forwarding or filtering decisions. This is a critical feature of the virtual switch and is unique to virtual switches. Pri VLAN - ID Figure 3 — Header of a packet tagged by an 802.1Q VLAN trunking driver. 7
  • 8. VMware INFORMATION GUIDE • Virtual machine guest tagging (VGT mode) — You may install A given virtual machine cannot use more than one physical an 80.1Q VLAN trunking driver inside the virtual machine, Ethernet adapter at any given time unless it has multiple and tags will be preserved between the virtual machine virtual adapters. networking stack and external switch when frames are passed This setting places slightly less load on the ESX Server host from or to virtual switches. The format for the header of a than the MAC hash setting. packet tagged in this way is shown in Figure . Note: If you select either srcPortID or srcMAC hash, you should Use of this mode requires that the physical switch provide a not configure the physical switch ports as any type of team or trunk. bonded group. • External switch tagging (EST mode) — You may use external • Route based on source MAC hash — Choose an uplink switches for VLAN tagging. This is similar to a physical based on a hash of the source Ethernet MAC address. network, and VLAN configuration is normally transparent to When you use this setting, traffic from a given virtual Ethernet each individual physical server. adapter is consistently sent to the same physical adapter There is no need to provide a trunk in these environments. unless there is a failover to another adapter in the NIC team. For details on using VLANs with VMware Infrastructure, see the Replies are received on the same physical adapter as the white paper titled VMware ESX Server 80.1Q VLAN Solutions, physical switch learns the port association. available from the VMTN Web site (http://www.vmware.com/ This setting provides an even distribution of traffic if the vmtn/). number of virtual Ethernet adapters is greater than the number of physical adapters. NIC Teaming A given virtual machine cannot use more than one physical You can connect a single virtual switch to multiple physical Ethernet adapter at any given time unless it uses multiple Ethernet adapters using the VMware Infrastructure feature source MAC addresses for traffic it sends. called NIC teaming. A team can share the load of traffic between physical and virtual networks among some or all • Route based on IP hash — Choose an uplink based on of its members and provide passive failover in the event of a a hash of the source and destination IP addresses of each hardware failure or a network outage. You can set NIC teaming packet. (For non-IP packets, whatever is at those offsets is used policies at the port group level. to compute the hash.) Note: All physical switch ports in the same team must be in the Evenness of traffic distribution depends on the number of same Layer broadcast domain. TCP/IP sessions to unique destinations. There is no benefit for bulk transfer between a single pair of hosts. Load Balancing You can use link aggregation — grouping multiple physical Load balancing allows you to spread network traffic from virtual adapters to create a fast network pipe for a single virtual machines on a virtual switch across two or more physical adapter in a virtual machine. Ethernet adapters, giving higher throughput than a single physical adapter could provide. When you set NIC teaming When you configure the system to use link aggregation, policies, you have the following options for load balancing: packet reflections are prevented because aggregated ports do not retransmit broadcast or multicast traffic. • Route based on the originating virtual switch port ID — Choose an uplink based on the virtual port where the The physical switch sees the client MAC address on multiple traffic entered the virtual switch. This is the default configura- ports. There is no way to predict which physical Ethernet tion and the one most commonly deployed. adapter will receive inbound traffic. When you use this setting, traffic from a given virtual Ethernet All adapters in the NIC team must be attached to the same adapter is consistently sent to the same physical adapter physical switch or an appropriate set of stacked physical unless there is a failover to another adapter in the NIC team. switches. (Contact your switch vendor to find out whether 80.ad teaming is supported across multiple stacked chassis.) Replies are received on the same physical adapter as the That switch or set of stacked switches must be 80.ad-com- physical switch learns the port association. pliant and configured to use that link-aggregation standard in This setting provides an even distribution of traffic if the static mode (that is, with no LACP). All adapters must be active. number of virtual Ethernet adapters is greater than the You should make the setting on the virtual switch and ensure number of physical adapters. that it is inherited by all port groups within that virtual switch. 8
  • 9. VMware INFORMATION GUIDE Failover Configurations second group as standby adapters for use in failover situations; When you configure network failover detection you specify and designate other adapters as unused, excluding them from which of the following methods to use for failover detection: NIC teaming. • Link Status only — Relies solely on the link status provided ESX Server by the network adapter. This detects failures, such as cable pulls and physical switch power failures, but it cannot detect Switch 1 configuration errors, such as a physical switch port being nic1 blocked by spanning tree or misconfigured to the wrong Switch 2 Switch 4 VLAN or cable pulls on the other side of a physical switch. VM Network vnic nic2 • Beacon Probing — Sends out and listens for beacon probes Virtual — Ethernet broadcast frames sent by physical adapters switch Switch 3 to detect upstream network connection failures — on all nic3 physical Ethernet adapters in the team, as shown in Figure . It uses this information, in addition to link status, to determine Virtual machine network tra c handled by nic1 link failure. This detects many of the failures mentioned above that are not detected by link status alone, however beacon ESX Server probing should not be used as a substitute for a robust Switch 1 redundant Layer network design. Beacon probing is most nic1 useful to detect failures in the closest switch to the ESX Server hosts, where the failure does not cause a link-down event for Switch 2 Switch 4 VM Network the host. vnic nic2 Virtual By default, NIC teaming applies a fail-back policy. That is, if a switch Switch 3 physical Ethernet adapter that had failed comes back online, nic3 the adapter is returned to active duty immediately, displacing the standby adapter that took over its slot. This policy is in effect when the Rolling Failover setting is No. Connection between switch 1 and switch 4 fails Each Ethernet adapter sends a beacon packet If the primary physical adapter is experiencing intermittent ESX Server failures, this setting can lead to frequent changes in the adapter in use. The physical switch thus sees frequent changes in Switch 1 MAC address, and the physical switch port may not accept nic1 traffic immediately when a particular adapter comes online. To Switch 2 Switch 4 minimize delays, disable the following on the physical switch: VM Network vnic nic2 • Spanning tree protocol (STP) — disable STP on physical Virtual switch Switch 3 network interfaces connected to the ESX Server host. For nic3 Cisco-based networks, enable port fast mode for access inter- faces or portfast trunk mode for trunk interfaces (saves about 0 seconds during initialization of the physical switch port). Beacons returned on nic2 and nic3, not returned on nic1 • Etherchannel negotiation, such as PAgP or LACP — must be ESX Server disabled because they are not supported. Switch 1 • Trunking negotiation (saves about four seconds). nic1 An alternative approach is to set Rolling Failover to Yes. With this setting, a failed adapter is left inactive even after recovery until Switch 2 Switch 4 VM Network another currently active adapter fails, requiring its replacement. vnic nic2 Virtual Using the Failover Order policy setting, you specify how to switch Switch 3 distribute the work load for the physical Ethernet adapters on nic3 the host. You can place some adapters in active use; designate a Data to network rerouted through nic3 Figure 4 — Using beacons to detect upstream network connection failures. 9
  • 10. VMware INFORMATION GUIDE Using the Notify Switches policy setting, you determine how • MAC address change lockdown prevents virtual machines ESX Server communicates with the physical switch in the from changing their own unicast addresses. This also prevents event of a failover. If you select Yes, whenever a virtual Ethernet them from seeing unicast traffic to other nodes on the adapter is connected to the virtual switch or whenever that network, blocking a potential security vulnerability that is virtual Ethernet adapter’s traffic would be routed over a dif- similar to but narrower than promiscuous mode. ferent physical Ethernet adapter in the team due to a failover • Forged transmit blocking, when you enable it, prevents virtual event, a notification is sent out over the network to update the machines from sending traffic that appears to come from lookup tables on physical switches. In almost all cases, this is nodes on the network other than themselves desirable for the lowest latency when a failover occurs. Note: If you are using Microsoft Network Load Balancing in Managing the Virtual Network unicast mode, do not set Notify Switches to Yes. No such issue VMware VirtualCenter provides tools for building and maintain- exists with NLB running in multicast mode, the mode VMware ing your virtual network infrastructure, as shown in Figure . strongly recommends. You can use VirtualCenter to add, delete, and modify virtual Layer 2 Security Features switches and to configure port groups with VLANs and teaming. The virtual switch has the ability to enforce security policies to You can use the VirtualCenter roles feature to assign the prevent virtual machines from impersonating other nodes on permissions a network administrator needs to manage the the network. There are three components to this feature. virtual network. For a more detailed discussion, see the paper “Managing VMware VirtualCenter Roles and Permissions,” avail- • Promiscuous mode is disabled by default for all virtual able at http://www.vmware.com/vmtn/resources/826. machines. This prevents them from seeing unicast traffic to other nodes on the network. Figure 5 — Using VMware VirtualCenter to manage a virtual network. 10
  • 11. VMware INFORMATION GUIDE appendix: Virtual Device Maximums The following table summarizes the maximum numbers of various virtual and physical networking devices that can be configured using VMware Infrastructure (accurate for ESX Server .0 and ESX Server .0.1). Device Maximum Number Virtual Ethernet adapters per virtual machine Virtual switch ports per host 096 Virtual switch ports per switch 1016 Virtual switches per host 8 Uplinks per virtual switch Uplinks per host Virtual switch port groups per host 1 Physical e1000 Ethernet adapters (maximum tested) per host Physical Broadcom Ethernet adapters 0 (maximum tested) per host Physical e100 Ethernet adapters per 6 (maximum tested) host 11
  • 12. Revision: 20070718 Item: IN-018-INF-01-01 VMware, Inc. 3401 Hillview Ave. Palo Alto CA 94304 USA Tel 650-475-5000 Fax 650-475-5001 www.vmware.com © 2007 VMware, Inc. All rights reserved. Protected by one or more of U.S. Patent Nos. 6,397,242, 6,496,847, 6,704,925, 6,711,672, 6,725,289, 6,735,601, 6,785,886, 6,789,156, 6,795,966, 6,880,022, 6,961,941, 6,961,806, 6,944,699, 7,069,413; 7,082,598, 7,089,377, 7,111,086, 7,111,145, 7,117,481, 7,149, 843, 7,155,558, and 7,222,221; patents pending. VMware, the VMware “boxes” logo and design, Virtual SMP and VMotion are registered trademarks or trademarks of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.