Virtual networking is a computer network that consists of a virtual network link. The virtual network link does not consist of a physical, wired or wireless, connection between computing devices and is implemented using methods of network virtualization.
Two of the most common forms of virtual networks are protocol-based virtual networks and virtual networks that are based on virtual devices, such as, networks connecting virtual machines inside a hypervisor in a cloud based server.
Cloud based servers can operate multiple and different operating systems (OS) while maintaining separate and scalable servers to the users.
VMware environments or infrastructures allow you to network virtual machines in the same way you do physical machines. This allows you to build complex networks with a single ESX Server host or across multiple ESX server hosts. This ability can allow for production deployments or development and testing purposes, safely and efficiently.
A virtual machine can be configured with one or more virtual Ethernet adapters, each containing their own IP address and MAC address. This results in the virtual machines having the same properties as physical machines from a networking standpoint.
One of the keys for virtual networking components in a VMware infrastructure are virtual Ethernet adapters and virtual switches. Virtual switches allow virtual machines on the same VMware to communicate with each other using the same protocols that would be used over physical switches, without the need for any additional hardware. The virtual switch emulates a traditional physical Ethernet network switch and the virtual switch connects to the enterprise network through outbound Ethernet adapters.
Even though virtual switches act in much the same way as traditional modern physical Ethernet switches the difference is that unlike physical switches, virtual switches do not require a spanning tree protocol. There is no need to cascade virtual switches or prevent bad virtual switch connections, as leaks do not occur between switches.
The ports on a virtual switch provide logical connection points among virtual devices and between virtual and physical devices. Each virtual switch can have up to 1,016 virtual ports, with a limit of 4,096 ports on all virtual switches on a host. The virtual ports provide a rich control channel for communication with the virtual Ethernet adapters attached to them. Virtual switches can enforce security policies at the network layer by disabling promiscuous mode by default, locking down MAC address changes, and blocking forged transmit. These features prevent virtual machines from impersonating other nodes on the network.
Uplink ports are another component of the VMware environment. Uplink ports are ports that are associated with physical adapters. This provides a connection between a virtual network and the physical network, and the virtual ports that provide connectivity are called uplink ports. Virtual Ethernet adapters connect to the virtual ports either when you power on the virtual machine on which the adapters are configured, when you attempt to connect the device or when you migrate to a virtual machine using VMotion.
You can think of port groups as templates for creating virtual ports with particular sets of specifications. Port groups make it feasible to specify that a given virtual machine should have a particular type of connectivity on every host on which it runs.
A virtual Ethernet adapter updates the virtual switch port with MAC filtering information when it is initialized or when it changes. Port groups make it possible to specify that a given virtual machine should have a particular type of connectivity on every host, and they contain enough configuration information to provide persistent and consistent network access for virtual Ethernet adapters. Some of the information contained in a port group includes virtual switch names, VLANIDs and policies for tagging and filtering, the teaming policy and traffic shaping parameters. This is all the information needed for a switch port. Unlike a MAC address for a physical device, the MAC address for a virtual link can be changed. This allows for further expansion of the virtual network should the need arise.
Uplink ports are another component of the VMware environment. Uplink ports are ports that are associated with physical adapters. This provides a connection between a virtual network and the physical network. Virtual Ethernet adapters connect to the virtual ports when you power on the virtual machine on which the adapters are configured, when you take attempt to connect the device or when you migrate to a virtual machine using VMotion. You can think of port groups as templates for creating virtual ports with particles sets of specifications. Port groups make it feasible to specify that a given virtual machine should have a particular type of connectivity on every host on which it runs.
Other things to know:
- Virtual switches do not learn from the network to populate their forward tables, which helps to minimize denial of service errors.
- Virtual switches make private copies of frame data used to make forwarding or filtering decisions, ensuring the guest operating systems cannot access sensitive data once the frame is passed onto the virtual switch.
- VMware technology ensures that frames are contained within the appropriate VLAN on a virtual switch.
When you create a VLAN, logical groupings of switch ports enable communications between the stations as if they were on the same physical LAN. Technically, each VLAN is simply a broadcast domain, configured through software. If a machine is moved to another location, it can remain on the same VLAN broadcast domain without hardware reconfiguration. VLAN networks may have multiple virtual broadcast domains within the boundary of a bridged LAN.
To support VLANs for VMware Infrastructure users, the virtual or physical network must tag the Ethernet frames with 802.1Q tags using virtual switch tagging (VST), virtual machine guest tagging (VGT), or external switch tagging (EST).
NIC Teaming is a feature of VMware vSphere that allows you to connect a single virtual switch to multiple physical Ethernet adapters. A team can share traffic loads between physical and virtual networks and provides redundancy in case of an outage. NIC teaming policies are set at the port group level. This technique is much like mirror technique, where all Ethernet adapters contain the same image.
Benefits of NIC teaming include load balancing and failover. Load balancing allows you to spread network traffic from virtual machines on a virtual switch across two or more physical Ethernet adapters, providing higher throughput. This loosens packet flow when there is a wide variety of bandwidth usage across different physical adapters. The Beacon Probing method sends out beacon probes to detect upstream network connection failures. This method detects many of the failure types not detected by link status alone. By default, NIC teaming applies a fail-back policy, whereby physical Ethernet adapters are returned to active duty immediately when they recover, and displacing standby adapters.
Virtual switches can enforce security policies at the network layer by disabling promiscuous mode by default, locking down MAC address changes, and blocking forged transmit. These features prevent virtual machines from impersonating other nodes on the network. Otherwise, a virtual machines network address could potentially overlap with a physical machine and disrupt both networks. The benefits of VLANs include flexible network partition and configuration, performance improvement, and cost savings. VLANs partition the network based on logical groupings instead of physical topology, you can move users to new locations without reconfiguration. In a traditional network, frames reach all hosts within the network. This affects performance when you have a large number of end users. Segmenting broadcast traffic into port groupings helps preserve network bandwidth and saves processor time. Typically, physical routers are needed to partition LANs into multiple broadcast domains. VLANs eliminate this need, reducing hardware costs.