The term port is typically taken to mean a point of access or entry into a system. However, networking technology can often refer to numerous different port types, and it's easy to become confused about ports -- especially when adding virtualization to the environment.
Physical network ports
Physical networks employ physical network ports. Modern Ethernet networks employ eight-pin RJ-45 connections for each network port.
The network adapters or network interface cards (NICs) on every server, storage subsystem, appliance or other device will have at least one physical network port. Physical switches might have many corresponding physical ports -- one for every physical device attached to it.
Virtual network ports
As with physical devices, each VM requires a means of communicating with the network. However, since VMs aren't tangible things, they can't possess a physical network port. Instead, virtualization creates a virtual network port for every VM.
The ins and outs of VM networking
Learn the difference between physical, virtual and virtual distributed switches; how NIC teaming works in a VM network environment; what network security features are available in a virtual switch; and best practices for VM network configuration.
Virtual network ports enable a VM to exchange traffic with a corresponding virtual switch created for the system. All VMs talk to the virtual switch, and the virtual switch can pass data to the virtual network port of other VMs on the same system without ever using the system's NIC or physical port.
A virtualization platform, such as VMware, can provide over 1,000 virtual ports on a virtual switch, and can support over 4,000 virtual switch ports on the system when multiple virtual switches are created.
But a virtual switch can also exchange data with the system's physical NIC. This specialized interface is the virtual uplink port of the virtual switch, and it accesses the network stack used by the physical NIC. Thus, the virtual network created within a system becomes capable of accessing and operating on the physical network and the internet.
Not all virtual switches will -- nor should -- have an uplink port. For example, a virtual switch that connects a firewall VM to other VMs shouldn't have an uplink port -- preventing that virtual switch and its attached VMs from accessing the greater network ensures that all the traffic stays constrained between the firewall and its constituent VMs.
Port groups are a means of applying an established set of specifications or a known configuration to a group of virtual network ports -- often virtual switch ports. This kind of capability isn't commonplace with physical networks, but it can be an important feature for virtual networks with sophisticated capabilities, such as VMware vMotion.
For example, if a VM migrates from one system to another, it's important to specify an identical configuration for the virtual network port and virtual switch port at the destination system.
The use of port groups enables administrators to describe a virtual switch name; virtual LAN IDs; and policies for tagging, filtering, streaming, security and traffic shaping. Then, once the VM is migrated, the port group tells the destination system to create this kind of port and connectivity. Tools like VMware can enable over 500 port groups on a single host.
Dig Deeper on Network virtualization
Related Q&A from Stephen J. Bigelow
Learn how load balancing in the cloud differs from a traditional network traffic distribution, and explore services available from AWS, Google and ... Continue Reading
Access management is critical to securing the cloud. Understand the differences between AWS IAM roles and users to properly restrict access to AWS ... Continue Reading
Containers have rapidly come into focus as a popular option for deploying applications, but they have limitations and are fundamentally different ... Continue Reading