VMs are logically isolated entities. Isolation is key to VM security and integrity, preventing one VM from sharing...
resources used by other VMs -- but this also means that VMs can't communicate outside of the hypervisor.
For a VM workload to be useful, the VM must have access to other VMs on the same -- or other -- hosts, as well as shared services, such as storage or the outside internet. VMs must support networks, but the challenge is to make physical network devices available to virtual entities with no physical quality.
A VM network provides the network technologies that enable VMs to interact outside of themselves. VM networking can enable VMs to interact with each other on the same physical host system, or to interact with the greater physical network outside of the physical host system.
VM networking accomplishes this goal by providing virtualized instances of physical network components, such as network adapters and switches, and then implementing the same Ethernet protocols that enable physical network devices to interoperate. Thus, each VM can be configured with at least one virtualized Ethernet adapter -- a network interface card (NIC) -- each with a unique IP and MAC address, which gives each VM the same networking properties as a traditional physical system on the network.
Physical network switches
Physical network switches are devices used to connect other devices, such as servers and storage subsystems, for communication across a network.
Consequently, a typical switch is a central point of communication, where the physical network port of each device is physically connected to a corresponding port at the switch. A switch can have many ports to enable connections from many network devices. Switches can also communicate with one another. A physical network can be composed of many switches.
Physical switches manage the flow of network traffic, take in packets and then redirect them to only the port where the destination device is connected, or they forward the packet on to another switch where the destination device is connected.
Typical Layer 2 switches operate at the data link layer -- of the Open Systems Interconnection model -- though more advanced Layer 3 switches can operate at the network layer. The switch basically learns the IP address of each connected device and uses the destination IP address in each packet header to direct the traffic to the proper port. Consequently, switches play a key role in efficient and secure network operation.
Just as a physical network adapter port connects to a corresponding port on a physical switch, a VM and its virtualized network adapter must also connect to a switch. This requires VM networking to create one or more virtual switches that can logically connect VMs running on a host. Hypervisors such as VMware ESXi can create one or more virtual switches within a host system -- no actual switch hardware is required.
The virtualized network adapter assigned to a VM can then be associated with -- that is, connected to -- one or more virtual switches. The virtual switches also associate with the host system's physical network adapters, so VM traffic intended for another VM on a different host will pass through the virtual switch to the host's NIC, out to a physical switch and to other switches as needed, then to a destination host and, through that destination host's virtual switches, to the intended VM. It's this relationship between VMs, virtual switches and physical network adapters that enable VMs to access and operate on Ethernet networks.
A virtual switch created by a hypervisor such as VMware provides two connection types. The first port type or port group is the VM port group that handles all of the VM networking traffic to and from the physical network. The second port type or port group is the VMkernel port group that is dedicated to service traffic such as IP storage, vMotion migration, ESXi management and so on. But both port types are connected from the host's physical NIC to the virtual switch uplink port.
Distributed virtual switches
While virtual switches are capable of handling many VMs on a host, standard virtual switches don't extend beyond the single host. This can be problematic when two or more hosts are combined into a cluster -- for objectives such as load balancing and resilience -- because administrators would need to ensure consistent configurations for virtual switches within clusters.
The use of distributed virtual switches helps to meet the switch demands of clustered virtualized hosts by enabling the cluster nodes to share the same switch across nodes.
Dig Deeper on Network virtualization
Related Q&A from Stephen J. Bigelow
Application load balancers and API gateways both manage network traffic, but in their own ways. Learn the differences between them and how to use ... Continue Reading
Developers don't have a lot of free time. Code reuse helps dev teams focus on the most value aspects of a project, so ensure everyone knows how to ... Continue Reading
Although there are a handful of tools to help run Firecracker more easily, admins might find issues with the lack of major tool integration for the ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.