In a VMware environment, networking can be tricky, especially in large, complex infrastructures. But a strong network architecture can facilitate vMotion, High Availability, Fault Tolerance and other VMware features.
Server virtualization destroys traditional data center models, in which servers are treated as islands. In doing so, it also complicates data center networking, because it extends a network to virtual hosts. A VMware virtual network can pose several technology-based drawbacks, including less visibility into network traffic and network manageability challenges. And a network architecture can blur the roles and responsibilities of data center personnel, which can create technical and political problems.
The answers to these frequently asked questions about VMware networking will help you understand vSphere’s network architecture, features and pain points and offer some VMware networking strategies.
Which vSphere features offer new functionality for VMware networking?
There are several new vSphere networking features:
- Private VLANs: control data access and visibility on virtual switches (vSwitches). Private VLANs serve as firewalls on LANs, and they prevent breaches from outside sources.
- Support for new virtual network interface cards: VSphere 4 supports VMXNET3 — a third-generation, high-performance virtual network interface card (NIC).
- Support for IPv6: a networking standard that resolves the increasing scarcity of numerical IPv4 addresses. Now vSphere 4 hosts are identifiable through iPv6 hexadecimal addresses.
Other VMware networking features (PDF) include support for third-party virtual switches, network vMotion and bidirectional traffic shaping.
When it comes to security, what are good VMware networking strategies?
There are several ways to protect a VMware network. VMware vShield Zones is a virtual firewall that protects virtual machines (VMs), vSwitches and network traffic. It also analyzes traffic to troubleshoot and detect suspicious activity.
VMware has also added new vShield security features with vShield App and vShield Edge. VShield Edge is a routing virtual firewall built on the VMsafe application programming interface, and VShield App provides cross-host isolation at the application level. With vShield App, administrators can prevent designated groups from communicating with specific machines.
There are also many third-party security tools for VMware networking.
What virtual switches are available for VMware networking?
There are three virtual switch options for vSphere infrastructures:
- VMware vSwitch: This virtual switch comes standard with vSphere at no additional cost. It offers basic VMware networking features, such as 802.1Q VLAN tagging, jumbo frames and port groups.
- VSphere vNetwork Distributed Switch: Enterprise Plus shops can use this VMware networking switch for centralized traffic management and creating VLANs. It’s managed through vCenter, and it’s simpler than host profiles for network configuration.
- Cisco Nexus 1000V: This switch is the most costly option, but network administrators can use it to automate management of the virtual network instead of relying on virtualization staff. It runs the familiar Cisco IOS command-line interface, and it integrates with other third-party switches.