designsoliman - Fotolia
There are numerous considerations that can help with VM network configuration.
Isolate network segments
VM networks can be made more secure by separating or isolating the network segments used for everyday VM traffic from the network segments used for other services, such as network management, VM migration, fault tolerance, high availability and so on.
It's possible to even create entirely separate networks for critical services, such as vMotion. This prevents a disruption one network type from affecting other traffic types. Service separation can be accomplished during VM network configuration by creating and using virtual switches or virtual distributed switches for each service that you want to separate.
Deploy specific firewalls
VM security can also be improved by deploying firewalls in VMs that connect or route between pure virtual networks -- all VMs on the same physical host -- and virtual networks with uplink connections to physical networks through the host network interface card (NIC).
Avoid connection limits or timeouts
Avoid using connection limits or timeouts between hypervisor services during VM network configuration. Timeouts can accidentally disrupt traffic and cause services to become unavailable, resulting in unnecessary troubleshooting.
If you must invoke a timeout, such as setting the maximum transmission unit on virtual network adapters for a virtual distributed switch, it's critical to ensure that the same settings are used on all the related devices. Otherwise, the network might experience connectivity problems that are difficult to troubleshoot.
Use dedicated NICs
Dedicating a separate physical NIC to a group VMs or using features such as network I/O control and traffic shaping to provide stable bandwidth to VMs are both ways to improve VM performance.
The technical side VM networking
The difference between physical, virtual and virtual distributed switches and the difference between physical, virtual, uplink and group ports; how NIC teaming works; and network security features available in a virtual switch.
Separating VMs this way also helps to spread out the network load across multiple processors and further stabilizes available network bandwidth.
Organize the VM network
In terms of organizing the VM network, always use the latest VM NIC driver, such as VMXNET Generation 3. Make sure that the physical NICs associated with a virtual switch or virtual distributed switch are also connected to the same physical network to avoid unanticipated traffic confusion or loops that are difficult to troubleshoot.
It's possible to remove all NIC associations from a switch and to enable VMs on the same host to communicate through the isolated virtual switch. However, if only one NIC is still associated with the virtual switch, all of the VMs can still access the physical network through that NIC. This VM network configuration can lead to bottlenecks and performance problems after adding or removing NICs.
Dig Deeper on Network virtualization
Related Q&A from Stephen J. Bigelow
Microsoft Hyper-V on Windows comes with advanced protection schemes, including several virtualization-based security features the company introduced ... Continue Reading
The BitLocker encryption technology continues to evolve from its roots as a Windows Vista feature to protect resources both in the local data center ... Continue Reading
Some enterprises avoid the public cloud due to its multi-tenant nature and data security concerns. Learn what data separation is and how it can keep ... Continue Reading