VMs are logically isolated entities. Isolation is key to VM security and integrity, preventing one VM from sharing...
resources used by other VMs -- but this also means that VMs can't communicate outside the hypervisor.
For a VM workload to be useful, the VM must have access to other VMs on the same -- or other -- hosts, as well as shared services, such as storage or the outside internet. VMs must support networks, but the challenge is to make physical network devices available to virtual entities with no physical quality.
A VM network provides the network technologies that enable VMs to interact outside themselves. VM networking can enable VMs to interact with each other on the same physical host system, or to interact with the greater physical network outside the physical host system.
VM networking accomplishes this goal by providing virtualized instances physical network components, such as network adapters and switches, and then implementing the same Ethernet protocols that enable physical network devices to interoperate. Thus, each VM can be configured with at least one virtualized Ethernet adapter -- a network interface card (NIC) -- each with a unique IP and MAC address, which gives each VM the same networking properties as a traditional physical system on the network.
Physical network switches
Physical network switches are devices used to connect other devices, such as servers and storage subsystems, for across a network.
Consequently, a typical switch is a central point , where the physical network port each device is physically connected to a corresponding port at the switch. A switch can have many ports to enable connections from many network devices. Switches can also communicate with one another. A physical network can be composed many switches.
Physical switches manage the flow of network traffic, take in packets and then redirect them to only the port where the destination device is connected, or they forward the packet on to another switch where the destination device is connected.
Typical Layer 2 switches operate at the data link layer -- of the Open Systems Interconnection model -- though more advanced Layer 3 switches can operate at the network layer. The switch basically learns the IP address of each connected device and uses the destination IP address in each packet header to direct the traffic to the proper port. Consequently, switches play a key role in efficient and secure network operation.
Just as a physical network adapter port connects to a corresponding port on a physical switch, a VM and its virtualized network adapter must also connect to a switch. This requires VM networking to create one or more virtual switches that can logically connect VMs running on a host. Hypervisors such as VMware ESXi can create one or more virtual switches within a host system -- no actual switch hardware is required.
The virtualized network adapter assigned to a VM can then be associated with -- that is, connected to -- one or more virtual switches. The virtual switches also associate with the host system's physical network adapters, so VM traffic intended for another VM on a different host will pass through the virtual switch to the host's NIC, out to a physical switch and to other switches as needed, then to a destination host and, through that destination host's virtual switches, to the intended VM. It's this relationship between VMs, virtual switches and physical network adapters that enable VMs to access and operate on Ethernet networks.
A virtual switch created by a hypervisor such as VMware provides two connection types. The port type or port group is the VM port group that handles all the VM networking traffic to and from the physical network. The second port type or port group is the VMkernel port group that is dedicated to service traffic such as IP storage, vMotion migration, ESXi management and so on. But both port types are connected from the host's physical NIC to the virtual switch uplink port.
Distributed virtual switches
While virtual switches are capable handling many VMs on a host, standard virtual switches don't extend beyond the single host. This can be problematic when two or more hosts are combined into a cluster -- for objectives such as load balancing and resilience -- because administrators would need to ensure consistent configurations for virtual switches within clusters.
The use distributed virtual switches helps to meet the switch demands clustered virtualized hosts by enabling the cluster nodes to share the same switch across nodes.
Dig Deeper on Network virtualization
Related Q&A from Stephen J. Bigelow
Microsoft Hyper-V on Windows comes with advanced protection schemes, including several virtualization-based security features the company introduced ... Continue Reading
The BitLocker encryption technology continues to evolve from its roots as a Windows Vista feature to protect resources both in the local data center ... Continue Reading
Some enterprises avoid the public cloud due to its multi-tenant nature and data security concerns. Learn what data separation is and how it can keep ... Continue Reading