VMs are logically isolated entities. Isolation is key to VM security and integrity, preventing one VM from sharing...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
resources used by other VMs -- but this also means that VMs can't communicate outside of the hypervisor.
For a VM workload to be useful, the VM must have access to other VMs on the same -- or other -- hosts, as well as shared services, such as storage or the outside internet. VMs must support networks, but the challenge is to make physical network devices available to virtual entities with no physical quality.
A VM network provides the network technologies that enable VMs to interact outside of themselves. VM networking can enable VMs to interact with each other on the same physical host system, or to interact with the greater physical network outside of the physical host system.
VM networking accomplishes this goal by providing virtualized instances of physical network components, such as network adapters and switches, and then implementing the same Ethernet protocols that enable physical network devices to interoperate. Thus, each VM can be configured with at least one virtualized Ethernet adapter -- a network interface card (NIC) -- each with a unique IP and MAC address, which gives each VM the same networking properties as a traditional physical system on the network.
Physical network switches
Physical network switches are devices used to connect other devices, such as servers and storage subsystems, for communication across a network.
Consequently, a typical switch is a central point of communication, where the physical network port of each device is physically connected to a corresponding port at the switch. A switch can have many ports to enable connections from many network devices. Switches can also communicate with one another. A physical network can be composed of many switches.
Physical switches manage the flow of network traffic, take in packets and then redirect them to only the port where the destination device is connected, or they forward the packet on to another switch where the destination device is connected.
Typical Layer 2 switches operate at the data link layer -- of the Open Systems Interconnection model -- though more advanced Layer 3 switches can operate at the network layer. The switch basically learns the IP address of each connected device and uses the destination IP address in each packet header to direct the traffic to the proper port. Consequently, switches play a key role in efficient and secure network operation.
Just as a physical network adapter port connects to a corresponding port on a physical switch, a VM and its virtualized network adapter must also connect to a switch. This requires VM networking to create one or more virtual switches that can logically connect VMs running on a host. Hypervisors such as VMware ESXi can create one or more virtual switches within a host system -- no actual switch hardware is required.
The virtualized network adapter assigned to a VM can then be associated with -- that is, connected to -- one or more virtual switches. The virtual switches also associate with the host system's physical network adapters, so VM traffic intended for another VM on a different host will pass through the virtual switch to the host's NIC, out to a physical switch and to other switches as needed, then to a destination host and, through that destination host's virtual switches, to the intended VM. It's this relationship between VMs, virtual switches and physical network adapters that enable VMs to access and operate on Ethernet networks.
A virtual switch created by a hypervisor such as VMware provides two connection types. The first port type or port group is the VM port group that handles all of the VM networking traffic to and from the physical network. The second port type or port group is the VMkernel port group that is dedicated to service traffic such as IP storage, vMotion migration, ESXi management and so on. But both port types are connected from the host's physical NIC to the virtual switch uplink port.
Distributed virtual switches
While virtual switches are capable of handling many VMs on a host, standard virtual switches don't extend beyond the single host. This can be problematic when two or more hosts are combined into a cluster -- for objectives such as load balancing and resilience -- because administrators would need to ensure consistent configurations for virtual switches within clusters.
The use of distributed virtual switches helps to meet the switch demands of clustered virtualized hosts by enabling the cluster nodes to share the same switch across nodes.
Dig Deeper on Network virtualization
Related Q&A from Stephen J. Bigelow
One size does not fit all when administrators develop a protection policy for specific applications. Learn about the configuration options in System ...continue reading
Set up and operate a VM network using proven strategies to ensure security and performance. With a little planning, virtualization admins can avoid ...continue reading
Virtual switch security is achieved through a number of features. Virtualization admins can create and enforce policies, lock down MAC addresses and ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.