It's rare these days to encounter computers or applications that don't, in some way, rely on a network connection. General networking principals apply to virtual machines just as they apply to physical ones. But because the host's network adapters will be providing resources for all VMs, there are some special considerations.
In this article, I'll present some ways to design networks with virtualization performance in mind.
Note: For an introduction to working with Virtual Server's networking options, see Configuring virtual networks in Virtual Server – Microsoft Virtual Server from the ground up.
Managing host network adapters
When multiple VMs perform network-intensive operations, the host's network adapter can become a bottleneck. In the simplest network configuration, a Virtual Server host computer will have only physical network port. Although this system will allow you to share the network adapter with VMs, you can add some security and manageability by adding a second network port.
Figure 1 shows an example. Since it's a good idea to isolate network traffic (for security and performance reasons), you can choose to place all VMs on a separate virtual LAN (VLAN) on your switch.
Figure 1: Using multiple host network adapters
Since Virtual Server allows you to connect up to four virtual NICs per VM, you can add additional physical network connections, as needed.
Using the Virtual DHCP Server
Virtual Server's built-in DHCP Server can be enabled for virtual networks and can help you create logically separate networks on the same physical network segments. By using differing IP address ranges, this technique can help segregate network traffic without requiring the configuration of VLANs or other devices on your switches.
Figure 2 shows an example of a potential configuration.
Figure 2: Using DHCP to logically isolate network traffic
Using NIC teaming
NIC teaming allows multiple network ports to act as one logical unit, with two main goals. The first is automatic fail-over. If one of the connections becomes unavailable (due to a port or switch failure), the other port can seamlessly take over the load.
The other goal is performance. Having multiple ports working together in a group can increase effective bandwidth. Keep in mind that some configurations will depend on support from the network infrastructure side (for example, port grouping options on switches).
Another network optimization is to change the default TCP packet size. If you'll be routinely transferring large files (such as VHDs) between servers, using Jumbo Frames can greatly reduce overhead and increase performance.
Virtual Server and firewalls
It usually goes without saying that firewalls and port-level filters provide an important layer of defense for Virtual Server hosts and VMs. Theoretically, if an unauthorized user gained access to your Virtual Server host, she could gain access to the VMs themselves.
If you want to place a firewall between Virtual Server and potential users, you'll need to keep in mind the ports you might need to open to make various services available (see Table 1).
|TCP Port Number||Purpose||Notes|
|1024||Virtual Server administration Web site||The port can be changed during the installation of Virtual Server, or afterwards (see Chapter #9 for details). Administrators can also enable SSL within IIS.|
|5900||VMRC Server||By default, the VMRC server is disabled. The port number can be modified using the Virtual Server Administration Web Site (see Chapter #9).|
|88, 137, 138||VMRC Kerberos Authentication||These ports are used only when Kerberos is being used (for example, when Active Directory-based users are attempting to authenticate to the VMRC server).|
|137-139||NetBIOS over TCP/IP||This is only necessary if NetBIOS is being used for file transfers across the firewall.|
Table 1: TCP Ports used by various Virtual Server-related services
Monitoring network-related performance
When planning for virtualization network configurations, it can be useful to get statistics about traffic traversing the host and guest interfaces. Table 2 provides an example of statistics that can be collecting using Windows System Monitor.
When measured at the host level, you can get an aggregate summary of how much bandwidth is being used and if there's an outbound queue. To drill-down on the source of the network information, each guest OS can be monitored. You can further filter the details per network adapter.
|Measures the total rate of data transfer over the selected instance(s).|
|These counters show network traffic based on the number of packets transferred. You can determine the average packet size by comparing this value to the number of bytes transferred. The resulting value (bytes/packet) will help determine if jumbo frames might help improve performance.|
|Current bandwidth||This counter attempts to show the theoretical maximum transfer rate for a connection. Note that this data is not always accurate.|
|Output queue length||This counter shows the number of packets that are waiting to be processed. Most modern network adapters perform queuing at the hardware level, so the fact that the queue is 0 does not necessarily indicate that processes are not waiting for network access.|
| -Packets outbound errors
-Packets received errors
-Packets outbound discarded
-Packets received discarded
|These counters show the numbers of errors that occurred during network transmissions. On busy networks, some errors are acceptable. A large number of errors could indicate a network-level problem.|
Table 2: Network performance counters of the "Network Interface" object
You can configure networks to better support virtual machines in many ways. We looked at methods for segmenting traffic, increasing throughput, configuring firewalls and monitoring network statistics. All of this can help optimize network performance in virtualized environments of any size.