vi3 ic rev b - 03 networking

8/11/2019 VI3 IC REV B - 03 Networking

1/41

3-1VMware Infrastructure 3: Install and Configure Rev B

Copyright 2006 VMware, Inc. All rights reserved.

Networking

Module 3


2/41

3-2VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.

You are here

ESX Server Installation

Networking

Storage

VM Creation and

ManagementData Protection

Resource Pools


Virtual Machines

VM Access Control

VM Creation & Management

Virtual Infrastructure

VirtualCenter Installation

Operations

Networking

VMware Overview

Troubleshooting Tips

Data & Availability Protection

VM Resource Monitoring

Storage


VM Resource Management


3/41


Importance and module objectives

Importance The networking features of ESX Server allow virtual machines to

communicate with other virtual machines within the same box andwith the outside world, allow the service console to communicate,and allow the VMkernel to take advantage of IP-based storage andVMotion.

Objectives For the Learner

Understand the purpose and configuration of virtual switches

Create virtual switches

Configure virtual switch settings and policies

Plan a virtual switch layout based on a realistic scenario


4/41


Module lessons

Lesson 1: Create Virtual Switches

Lesson 2: Modify Virtual Switch Configurations


5/41

3-5VMware Infrastructure 3: Install and Configure

Rev B


Lesson 1:

CreateVirtual Switches


6/41


Lesson topics

Structure of ESX Server networking

Virtual switches

Virtual switch connection types

Physical connections


7/41


A networking scenario

Virtual

Machines

Physical

Switches

1000 Mbps1000 Mbps 1000 Mbps 1000 Mbps

NAT clien t NAT router

Physical

NICs

Product ion VM

Product ion LAN

Management LAN

IP Storag e LAN

Test LA NVLAN 101

VLAN 102

VLAN 103

1000 Mbps


8/41


A networking scenario

Virtual

Machines

Physical

Switches

1000 Mbps1000 Mbps 1000 Mbps 1000 Mbps

NAT clien t NAT router

Physical

NICs

Product ion VM

Product ion LAN

Management LAN

IP Storag e LAN

Test LA NVLAN 101

VLAN 102

VLAN 103

1000 Mbps


9/41


Virtual switch with no physical adapters (Internal only)

Each switch is an internal LAN, implemented entirely insoftware by the VMkernel

Provides networking for theVMs of single ESX Serversystem only

Zero collisions

Up to 1016 ports per switch

Traffic shaping is notsupported


10/41


Virtual switch with one physical adapter

Connects a virtual switch to one specific physical NIC

Up to 1016 ports available

Zero collisions oninternal traffic

Each Virtual NIC will have itsown MAC address

Outbound bandwidth can becontrolled with traffic shaping


11/41


Example: one-box firewall environment

Virtual switch with oneoutbound adapter acts as aDMZ

Back-end applications aresecured behind the firewallusing internal-only switches


12/41


Virtual switch with 2 or more physical adapters (NIC Team)

Can connect to an 802.3ad NIC team Up to 1016 ports per switch

Zero collisions on internaltraffic

Each Virtual NIC will have itsown MAC address

Improved network performanceby network traffic loaddistribution

Redundant NIC operation Outbound bandwidth can be

controlled with traffic shaping


13/41


Example: A high performance application

Automatic, configurablenetwork load distribution

Redundant networkconnectivity with

automatic failover

Configurableactive/standby NICs andfailover policies


14/41


15/41


Connection type: service console port

Virtual

NICs

Product ionLANs

Management LAN

Storage/Vmotion LAN

Physical

NICs

service console port

defined for thisvirtual switch


16/41


Virtual

NICs

Product ionLANs

Management LAN

Storage/Vmotion LAN

Physical

NICs

Connection type: VMkernel port

VMkernel port definedfor this virtual switch


17/41


Virtual

NICs

Product ionLANs

Management LAN

Storage/Vmotion LAN

Physical

NICs

Connection type: virtual machine port group

Virtual machine portgroups defined for

these virtual switches


18/41


Defining connections

A connection type is specified when creating a new

virtual switch Parameters for the connection are specified during setup

More connections can be added later


19/41


Naming virtual switches and connections

All virtual switchesare known asvSwitch#

Every port or portgroup has anetwork label

Service consoleports are known asvswif#


20/41


Lab for lesson 1

Create Virtual Switches In this lab, you will perform the following tasks:

Create an internal-only virtual switch

Create a virtual switch with one physical adapter


21/41


Lesson summary

ESX Server uses virtual switches to implementnetworking

Physical adapters are assigned at the virtual switch level

There are three connection types for virtual switches

service console port VMkernel port

Virtual machine port group

Multiple connections can be defined on a single switch


22/41

3-22VMware Infrastructure 3: Install and Configure

Rev B


Lesson 2:

Modify

Virtual Switch

Configurations


23/41


Lesson topics

Virtual switch properties Network policies

Network adapter speed/duplex setting

Network policies

VLAN Security

Traffic shaping

NIC teaming


24/41


Virtual switch properties

Number ofPorts

Policies existfor security,traffic shaping

and NICteaming

Virtual switchpolicies becomethe defaultpolicies for all

ports and portgroups


25/41


Network adapter properties

For eachphysicaladapter,speed andduplex can bechanged

(default isautonegotiate)

May benecessarywith certainNIC/switchcombinations


26/41


Network policies

There are four network policies:

VLAN

Security

Traffic shaping

NIC teaming

Policies are defined At the virtual switch level

Default policies for all the ports on the virtual switch

At the port or port group level

Effective policies: Policies defined at this level override the default

policies set at the virtual switch level


27/41


Network policy: VLANs

Virtual LANs (VLANs) allow the creation of multiple logicalLANs within or across physical network segments

VLANs free network administrators from the limitations ofphysical network configuration

VLANs provide several important benefits

Improved security: the switch only presents frames to those stationsin the right VLANs

Improved performance: each VLAN is its own broadcast domain

Lower cost: less hardware required for multiple LANs

ESX Server includes support for IEEE 802.1Q VLANTagging


28/41


Network policy: VLANs (2)

Virtual switch tagging

Packets leaving a VMare tagged as they passthough the virtual switch

Packets are cleared

(untagged) as theyreturn to the VM

Little impact onperformance


29/41


Network policy: security

Administrators can configure Layer 2 Ethernet security

options at the virtual switch and at the port groups

There arethree security

policyexceptions: Promiscuous

Mode

MAC AddressChanges

ForgedTransmits


30/41


31/41


Network policy: traffic shaping (2)

Disabled by default

Can be enabled forthe entire virtualswitch

Port group settingsoverride the switchsettings

Shaping parametersapply to each virtualNIC in the virtual

switch


32/41


Network policy: NIC teaming

NIC Teaming settings:

Load Balancing (outboundonly)

Network Failure Detection

Notify Switches

Rolling Failover

Failover Order Port group settings are

similar to the virtualswitch settings Except port group failover

order can override vSwitch

failover order


33/41


Load balancing method: vSwitch port-based (default)

VM ports

upl ink ports

Virtual

NICs

Teamed

physical

NICs


34/41


35/41


Load balancing method: IP-based

Internet

Client

Client

Client

Client

Router


36/41


Detecting and handling network failure

Network failure is detected by the VMkernel, which monitors

the following: Link state only

Link state + beaconing

Switches can be notified whenever

There is a failover event A new virtual NIC is connected to the virtual switch

Failover is implemented by the VMkernel based uponconfigurable parameters

Failover order: Explicit list of preferred links (uses highest-priority link

which is up)

Rolling failover -- preferred uplink list sorted by uptime


37/41


Multiple policies applied to a single team

Different port groups within a vSwitch can implement

different networking policies This includes NIC teaming policies

Example: different active/standby NICs for different portgroups of a switch using NIC teaming

1310 12 14111 2 3 4 5 6 7 8 9

VM ports

upl ink ports

A C D E FB

Active Standby

C D E F

Standby Standby

A E FB

Standby Active

A C D E FB

Active

C D

BA


38/41


Lab for lesson 2

Design networking In this lab, you will perform the following task:

Based on a given scenario, design the network configuration for an ESXServer system, specifying virtual switches, ports and port groups, portgroup policies, and physical connections


39/41


Lesson summary

Network adapter properties Port group policies

VLAN tagging

Security

Traffic shaping

NIC teaming


40/41


Module review

What are the three virtual switch connection types?Describe the purpose of each type.

What is an "internal-only" virtual switch?

What are the uses for a VMkernel port?

Name the different load-balancing algorithms that can beused by a NIC team.


41/41

VM I f t t 3 I t ll d C fi R B

Questions?

vi3 ic rev b - 03 networking

Documents