designsoliman - Fotolia
There are numerous considerations that can help with VM network configuration.
Isolate network segments
VM networks can be made more secure by separating or isolating the network segments used for everyday VM traffic from the network segments used for other services, such as network management, VM migration, fault tolerance, high availability and so on.
It's possible to even create entirely separate networks for critical services, such as vMotion. This prevents a disruption of one network type from affecting other traffic types. Service separation can be accomplished during VM network configuration by creating and using virtual switches or virtual distributed switches for each service that you want to separate.
Deploy specific firewalls
VM security can also be improved by deploying firewalls in VMs that connect or route between pure virtual networks -- all VMs on the same physical host -- and virtual networks with uplink connections to physical networks through the host network interface card (NIC).
Avoid connection limits or timeouts
Avoid using connection limits or timeouts between hypervisor services during VM network configuration. Timeouts can accidentally disrupt traffic and cause services to become unavailable, resulting in unnecessary troubleshooting.
If you must invoke a timeout, such as setting the maximum transmission unit on virtual network adapters for a virtual distributed switch, it's critical to ensure that the same settings are used on all the related devices. Otherwise, the network might experience connectivity problems that are difficult to troubleshoot.
Use dedicated NICs
Dedicating a separate physical NIC to a group of VMs or using features such as network I/O control and traffic shaping to provide stable bandwidth to VMs are both ways to improve VM performance.
The technical side of VM networking
The difference between physical, virtual and virtual distributed switches and the difference between physical, virtual, uplink and group ports; how NIC teaming works; and network security features available in a virtual switch.
Separating VMs this way also helps to spread out the network load across multiple processors and further stabilizes available network bandwidth.
Organize the VM network
In terms of organizing the VM network, always use the latest VM NIC driver, such as VMXNET Generation 3. Make sure that the physical NICs associated with a virtual switch or virtual distributed switch are also connected to the same physical network to avoid unanticipated traffic confusion or loops that are difficult to troubleshoot.
It's possible to remove all NIC associations from a switch and to enable VMs on the same host to communicate through the isolated virtual switch. However, if only one NIC is still associated with the virtual switch, all of the VMs can still access the physical network through that NIC. This VM network configuration can lead to bottlenecks and performance problems after adding or removing NICs.
Dig Deeper on Network virtualization
Related Q&A from Stephen J. Bigelow
Embedded systems and hypervisors go hand in hand. By understanding both, admins can maximize system benefits such as multiple OS support and legacy ... Continue Reading
Application load balancers and API gateways both manage network traffic, but in their own ways. Learn the differences between them and how to use ... Continue Reading
Developers don't have a lot of free time. Code reuse helps dev teams focus on the most value aspects of a project, so ensure everyone knows how to ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.