Physical and virtual networking concepts are very similar. Both physical and virtual environments have network interface cards (NICs), switches, routers, gateways and firewalls. When it comes to networking and virtualization, however, the difference is in virtual network configuration and how these components can be connected.
In general, the connections are:
- virtual machine (VM) to virtual NIC;
- virtual NIC to virtual switch;
- virtual switch to physical NIC; and
- physical NIC to uplink on a physical switch.
Not directly. Most hypervisors have only one virtual switch. Hypervisors that have more than one require a VM to sit between the virtual switches to act as a firewall, gateway or router. How many virtual network configurations are there?
As many as you can dream up. But each hypervisor has a set of built-in networks that need to be addressed with your network administrator. In many cases, these networks are considered to be their own security zone. These networks are the following:
- Management console network
- Live Migration or vMotion network
- Storage network(s): Fibre Channel, iSCSI, network file system, common Internet file system, Fibre Channel over Ethernet (FCoE), etc.
- VM networks
This depends on the hypervisor and what it allows within the virtual network. In general, most hypervisor vendors provide paravirtualized network drivers for each guest operating system (OS). I recommend using this route. Optimization entails balancing your network load across multiple network paths, as necessary. Some hypervisors accomplish this by using load balancing within the virtual switch, allowing you to use multiple uplinks to one virtual switch for its networks. Other mechanisms for optimizing virtual network performance include implementing quality of service or better balance of virtual network payloads across hosts. Does virtual networking behave differently than physical machine networking?
Absolutely not. A guest OS recognizes virtual and physical networks in the same manner. Each hypervisor's data flow, however, may be different. This data flow is how the packets move around the network based on target, more than anything else. The virtual switch could route traffic outside the virtual host even if it's VM to VM. This behavior would depend on the hypervisor, though. What are some virtual network performance issues to consider?
The most important virtual network performance consideration is that VMs affect the network performance of other VMs. Typically, every VM on the vSwitch shares the uplinks from the physical switch to the virtual switch. This is true even if the data stays within the virtual switch, as this also takes the CPU from the hypervisor. This is often why there is more than one uplink to a virtual switch, and the virtual switch can either load balance or the administrator can pair an uplink to a VM. This is a balancing act that will continue until 10G is common place -- and, even then, the loads will increase as well. What should I tell my network administrator?
From the start, the network administrator needs to be a part of the virtualization and networking process. Later on, if the networking team joins the project, you need to provide them with all necessary documents so they can feel comfortable with previous decisions (i.e., access to what is happening and how things are working). This is a critical issue, for instance, when using FCoE and other converged networks. Are there any pre-planned virtual networks available?
Not really. The key to designing any network -- whether physical or virtual -- is to view the network in its entirety, and ignore the virtual aspect. Then, you can add in different functionality to meet specific requirements. By starting with this generalized networking perspective, the virtualization host will provide an edge switch that wasn't present before. It's not 100% accurate, but it's a very good way to begin the planning process.
ABOUT THE AUTHOR: Edward L. Haletky is the author of VMware ESX Server in the Enterprise: Planning and Securing Virtualization Servers. He recently left Hewlett-Packard Co., where he worked on the virtualization, Linux and high-performance computing teams. Haletky owns AstroArch Consulting Inc. and is a champion and moderator for the VMware Communities Forums.