VI3 IC REV B - 03 Networking

3-1
VMware Infrastructure 3: Install and Configure Rev B

Copyright 2006 VMware, Inc. All rights reserved.
Networking
Module 3
3-2
You are here
ESX Server Installation
Networking
Storage
VM Creation and
Management
Data Protection
Resource Pools
Virtual Machines
VM Access Control
VM Creation & Management
Virtual Infrastructure
VirtualCenter Installation
Operations
Networking
VMware Overview
Troubleshooting Tips
Data & Availability Protection
VM Resource Monitoring
Storage
VM Resource Management
3-3
Importance and module objectives
Importance
The networking features of ESX Server allow virtual machines to
communicate with other virtual machines within the same box and
with the outside world, allow the service console to communicate,
and allow the VMkernel to take advantage of IP-based storage and
VMotion.
Objectives For the Learner
Understand the purpose and configuration of virtual switches
Create virtual switches
Configure virtual switch settings and policies
Plan a virtual switch layout based on a realistic scenario
3-4
Module lessons
Lesson 1: Create Virtual Switches
Lesson 2: Modify Virtual Switch Configurations
3-5
Lesson 1:
Create
Virtual Switches
3-6
Lesson topics
Structure of ESX Server networking
Virtual switches
Virtual switch connection types
Physical connections
3-7
A networking scenario
Virtual
Machines
Physical
Switches
1000 Mbps 1000 Mbps 1000 Mbps 1000 Mbps
NAT client NAT router
Physical
NICs
Production VM
Production LAN
Management LAN
IP Storage LAN
Test LAN
VLAN 101
VLAN 102
VLAN 103
1000 Mbps
3-8
A networking scenario
Virtual
Machines
Physical
Switches
1000 Mbps 1000 Mbps 1000 Mbps 1000 Mbps
NAT client NAT router
Physical
NICs
Production VM
Production LAN
Management LAN
IP Storage LAN
Test LAN
VLAN 101
VLAN 102
VLAN 103
1000 Mbps
3-9
Virtual switch with no physical adapters (Internal only)
Each switch is an internal LAN, implemented entirely in
software by the VMkernel
Provides networking for the
VMs of single ESX Server
system only
Zero collisions
Up to 1016 ports per switch
Traffic shaping is not
supported
3-10
Virtual switch with one physical adapter
Connects a virtual switch to one specific physical NIC
Up to 1016 ports available
Zero collisions on
internal traffic
Each Virtual NIC will have its
own MAC address
Outbound bandwidth can be
controlled with traffic shaping
3-11
Example: one-box firewall environment
Virtual switch with one
outbound adapter acts as a
DMZ
Back-end applications are
secured behind the firewall
using internal-only switches
3-12
Virtual switch with 2 or more physical adapters (NIC Team)
Can connect to an 802.3ad NIC team
Up to 1016 ports per switch
Zero collisions on internal
traffic
Each Virtual NIC will have its
own MAC address
Improved network performance
by network traffic load
distribution
Redundant NIC operation
Outbound bandwidth can be
controlled with traffic shaping
3-13
Example: A high performance application
Automatic, configurable
network load distribution
Redundant network
connectivity with
automatic failover
Configurable
active/standby NICs and
failover policies
3-14
Network connections
There are three types of network connections:
Service console port access to ESX Server management network
VMkernel port access to VMotion, iSCSI and/or NFS/NAS networks
Virtual machine port group access to VM networks
More than one connection type can exist on a single virtual
switch, or each connection type can exist on its own virtual
switch
Virtual machine port groups
uplink ports
Service
Console
port
VMkernel
port
3-15
Connection type: service console port
Virtual
NICs
Production
LANs
Management LAN
Storage/Vmotion LAN
Physical
NICs
service console port
defined for this
virtual switch
3-16
Virtual
NICs
Production
LANs
Management LAN
Storage/Vmotion LAN
Physical
NICs
Connection type: VMkernel port
VMkernel port defined
for this virtual switch
3-17
Virtual
NICs
Production
LANs
Management LAN
Storage/Vmotion LAN
Physical
NICs
Connection type: virtual machine port group
Virtual machine port
groups defined for
these virtual switches
3-18
Defining connections
A connection type is specified when creating a new
virtual switch
Parameters for the connection are specified during setup
More connections can be added later
3-19
Naming virtual switches and connections
All virtual switches
are known as
vSwitch#
Every port or port
group has a
network label
Service console
ports are known as
vswif#
3-20
Lab for lesson 1
Create Virtual Switches
In this lab, you will perform the following tasks:
Create an internal-only virtual switch
Create a virtual switch with one physical adapter
3-21
Lesson summary
ESX Server uses virtual switches to implement
networking
Physical adapters are assigned at the virtual switch level
There are three connection types for virtual switches
service console port
VMkernel port
Virtual machine port group
Multiple connections can be defined on a single switch
3-22
Lesson 2:
Modify
Virtual Switch
Configurations
3-23
Lesson topics
Virtual switch properties
Network policies
Network adapter speed/duplex setting
Network policies
VLAN
Security
Traffic shaping
NIC teaming
3-24
Virtual switch properties
Number of
Ports
Policies exist
for security,
traffic shaping
and NIC
teaming
Virtual switch
policies become
the default
policies for all
ports and port
groups
3-25
Network adapter properties
For each
physical
adapter,
speed and
duplex can be
changed
(default is
autonegotiate)
May be
necessary
with certain
NIC/switch
combinations
3-26
Network policies
There are four network policies:
VLAN
Security
Traffic shaping
NIC teaming
Policies are defined
At the virtual switch level
Default policies for all the ports on the virtual switch
At the port or port group level
Effective policies: Policies defined at this level override the default
policies set at the virtual switch level
3-27
Network policy: VLANs
Virtual LANs (VLANs) allow the creation of multiple logical
LANs within or across physical network segments
VLANs free network administrators from the limitations of
physical network configuration
VLANs provide several important benefits
Improved security: the switch only presents frames to those stations
in the right VLANs
Improved performance: each VLAN is its own broadcast domain
Lower cost: less hardware required for multiple LANs
ESX Server includes support for IEEE 802.1Q VLAN
Tagging
3-28
Network policy: VLANs (2)
Virtual switch tagging
Packets leaving a VM
are tagged as they pass
though the virtual switch
Packets are cleared
(untagged) as they
return to the VM
Little impact on
performance
3-29
Network policy: security
Administrators can configure Layer 2 Ethernet security
options at the virtual switch and at the port groups
There are
three security
policy
exceptions:
Promiscuous
Mode
MAC Address
Changes
Forged
Transmits
3-30
Network policy: traffic shaping
Network traffic shaping is a mechanism for controlling a
VMs outbound network bandwidth
Average rate, peak rate, and burst size are configurable
3-31
Network policy: traffic shaping (2)
Disabled by default
Can be enabled for
the entire virtual
switch
Port group settings
override the switch
settings
Shaping parameters
apply to each virtual
NIC in the virtual
switch
3-32
Network policy: NIC teaming
NIC Teaming settings:
Load Balancing (outbound
only)
Network Failure Detection
Notify Switches
Rolling Failover
Failover Order
Port group settings are
similar to the virtual
switch settings
Except port group failover
order can override vSwitch
failover order
3-33
Load balancing method: vSwitch port-based (default)
VM ports
uplink ports
Virtual
NICs
Teamed
physical
NICs
3-34
Load balancing method: source MAC-based
Internet
Client
Client
Client
Client
Router
3-35
Load balancing method: IP-based
Internet
Client
Client
Client
Client
Router
3-36
Detecting and handling network failure
Network failure is detected by the VMkernel, which monitors
the following:
Link state only
Link state + beaconing
Switches can be notified whenever
There is a failover event
A new virtual NIC is connected to the virtual switch
Failover is implemented by the VMkernel based upon
configurable parameters
Failover order: Explicit list of preferred links (uses highest-priority link
which is up)
Rolling failover -- preferred uplink list sorted by uptime
3-37
Multiple policies applied to a single team
Different port groups within a vSwitch can implement
different networking policies
This includes NIC teaming policies
Example: different active/standby NICs for different port
groups of a switch using NIC teaming
13 10 12 14 11 1 2 3 4 5 6 7 8 9
VM ports
uplink ports
A C D E F B
Active Standby
C D E F
Standby Standby
A E F B
Standby Active
A C D E F B
Active
C D
B A
3-38
Lab for lesson 2
Design networking
In this lab, you will perform the following task:
Based on a given scenario, design the network configuration for an ESX
Server system, specifying virtual switches, ports and port groups, port
group policies, and physical connections
3-39
Lesson summary
Network adapter properties
Port group policies
VLAN tagging
Security
Traffic shaping
NIC teaming
3-40
Module review
What are the three virtual switch connection types?
Describe the purpose of each type.
What is an "internal-only" virtual switch?
What are the uses for a VMkernel port?
Name the different load-balancing algorithms that can be
used by a NIC team.
3-41
Questions?

VI3 IC REV B - 03 Networking

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

VI3 IC REV B - 03 Networking

Caricato da

Copyright:

Formati disponibili

3-1

VMware Infrastructure 3: Install and Configure Rev B

Potrebbero piacerti anche