TA2103_Virtual Networking With vSphere4

8/6/2019 TA2103_Virtual Networking With vSphere4

1/46

TA2103 vSphere 4.0 vNetworkWhats New

Guy Brunsdon, Group Manager, Tech

Marketing, VMware, Inc.


2/46

Copyright 2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents li sted at http://www.vmware.com/go/patents.

Disclaimer

This session may contain product features that are

currently under development.

This session/overview of the new technology representsno commitment from VMware to deliver these features inany generally available product.

Features are subject to change, and must not be included incontracts, purchase orders, or sales agreements of any kind.

Technical feasibility and market demand will affect final delivery.

Pricing and packaging for any new technologies or features

discussed or presented have not been determined.These features are representative of feature areas under development. Feature commitments aresubject to change, and must not be included in contracts, purchase orders, or sales agreements ofany kind. Technical feasibility and market demand will affect final delivery.


3/46


Agenda

Virtual Networking BackgroundThe network before and after virtualization

Solutions

vNetwork Standard Switch

vNetwork Distributed Switch

Unified Management

Private VLANs

Bi-Directional traffic shaping

3rd party distributed switch support

3rd Party Distributed Switch (Nexus 1000V)


4/46


Agenda

Networking Scale LimitsCNAs / Unified Fabrics

VMXNET3

VMDirectPathIPv6


5/46


The Need for Virtual Networking


6/46


Traditional Networking Before Virtualization

PhysicalSwitch

PhysicalSwitch

Access Layer

Physical Servers

Access Physical Switches

Corporate

WAN /ProviderNetwork

Corporate

WAN /ProviderNetwork


7/46Copyright 2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents li sted at http://www.vmware.com/go/patents.

Virtual Networking: Comparing Physical to Virtual

VirtualS

witch

Ph

ysicalSwitch

PhysicalSwitch

Virtual network is similar tophysical network

After virtualization, old access layermoves into ESX host (standard ordistributed virtual switch)

Before

Virtualization

After

Virtualization


8/46



Copyright 2005 VMware, Inc. All rights reserved.


What is it?

Virtual network living inside ESXproviding interconnectivity betweenVMs and the external physical networkvia standard networking protocols(Ethernet)

Enables many VMs to share samephysical NIC and communicate directlywith each other

Standard Networking Features

L2 Ethernet switching (inter-vm traffic)

VLAN Segmentation

Rate limiting - restrict traffic generatedby a VM

NIC port aggregation and redundancyfor enhanced availability and loadbalancing of physical networkresources (VMware NIC Teaming)

I/O Features

Enhanced VMXNET, E1000, VLANCE

Checksum off-loading, TSO, JumboFrames, NetQueue

10GigE, FCoE

IB (community support)



Standard Switch Up Close

Port Groups

created for each host

Uplinks (physical NICs)

attached to vSwitch

vNetwork StandardSwitch (vSwitch)

Standard Switch for eachESX host

Virtual Machines



Networking - Standard Switch Style

Standard Switch

Virtual Machine

Network

W2003EE-32-A W2003EE-32-B

ESX HOST 1

Standard Switch Host1




Virtual Switch

Virtual Machine

Network

W2003EE-32-A W2003EE-32-B

Virtual Switch Host1

Virtual Switch

Virtual Machine

Network

W2003EE-32-A2 W2003EE-32-B2

Virtual Switch

Virtual Machine

Network

W2003EE-32-A3 W2003EE-32-B3

Virtual Switch

Virtual Machine

Network

W2003EE-32-A4 W2003EE-32-B4

Virtual Switch Host2 Virtual Switch Host3 Virtual Switch Host4

ESX HOST 1 ESX HOST 2 ESX HOST 3 ESX HOST 4




Aggregated cluster level (and

beyond) virtual network management

Simplified setup and change

Easy troubleshooting, monitoringand debugging

Additional features include:

Private VLANs

Bi-directional traffic shaping

Network VMotion

3rd party distributed switchsupport

Bundled with vSphere EnterprisePlus

OS

APP

OS

APP

OS

APP

OS

APP

OS

APP

OS

APP

OS

APP

OS

APP

OS

APP

VMware vSphere





Virtual Switch

Virtual MachineNetwork

W2003EE-32-A W2003EE-32-B

Virtual Switch Host1

Virtual Switch


W2003EE-32-A2 W2003EE-32-B2

Virtual Switch


W2003EE-32-A3 W2003EE-32-B3

Virtual Switch


W2003EE-32-A4 W2003EE-32-B4

Virtual Switch Host2 Virtual Switch Host3 Virtual Switch Host4

ESX HOST 1 ESX HOST 2 ESX HOST 3 ESX HOST 4



becomes distributedwith vNetworkDistributed Switch

W2003EE-32-A W2003EE-32-B

vSwitch

SingleDistributed

PortGroup

W2003EE-32-A2 W2003EE-32-B2 W2003EE-32-A3 W2003EE-32-B3 W2003EE-32-A4 W2003EE-32-B4

Single Distributed Switch

DistributedVirtual Machine NetworkSingle

DistributedVirtual Switch

SinglevDS

spanning Host1,Host2, Host3, Host4

Host1 Host2 Host3 Host4



vNetwork Distributed Switch: Configuration View

DV Port Groups

span all hosts

covered by vDS

DV Uplink Port Group

defines uplink policies

DV Uplinks abstract

actual physical nics

(vmnics) on hosts

vmnics on each host

mapped to dvUplinks



vSphere Network Solution ComparisonsvNetwork

Standard SwitchvNetwork

Distributed Switch

L2 Forwarding YES YES

VLAN Segmentation YES YES

802.1Q Tagging YES YES

NIC Teaming YES YES

TX Rate Limiting YES YES

CDP Support YES YES

vNetwork Appliance APIs YES YES

Datacenter-level management YES

RX Rate Limiting YES

VM Network Port Block YESPVLAN Support YES

Network VMotion YES

3rd Party Distributed Switch Support YES



When Inter-VM Traffic is BAD

ChallengeYou want EVERY VM isolated

Prevent every VM from communicating directly with each other onthe same ESX host (inter-VM traffic)

To accomplish today (example)

Single standard switch

Hint: single standard switch ensures maximum use of teaming andload balancing of all physical NICs on the ESX host

Create a VLAN (port group) PER VM (YIKES!) using long subnet

masks (e.g. /30)



W2003EE-32-A W2003EE-32-B W2003EE-32-A W2003EE-32-B W2003EE-32-A W2003EE-32-B W2003EE -32-A W2003EE -32-B W2003EE -32-A W2003EE -32-B W2003EE-32-A W2003EE-32-B




PG PG PG PG PG PG PG PG PG PG PG PG

TOTAL COST: 12 VLANs (one per VM)

When Inter-VM Traffic is BAD



Private VLANs: Traffic Isolation for Every VM

Solution: PVLAN

Place VMs on the same virtualnetwork but prevent them fromcommunicating directly witheachother (saves VLANs!)

Avoids scaling issues from assigning

one VLAN and IP subnet per VM

Details

Instead, configure a SINGLE DV portgroup to have a SINGLE isolated*VLAN (ONLY ONE)

Attach all your VMs to this SINGLEisolated VLAN DV port group

Distributed

Switch with

PVLAN

Private VLAN traffic isolation

between guest VMs

CommonPrimary VLAN

on uplinks

SEE MORE DETAILS AT:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1010691
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1010691http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1010691







Private VLANs







TOTAL COST: 1 PVLAN (over 90% savings)



PG (with Isolated PVLAN)

Private VLANs



VMware ESX

Bi-Directional Traffic Shaping

Ingress and EgressTraffic Shaping

Relative to the switch port

Ingress: Traffic coming intothe switch port

Egress: Traffic going out ofthe switch port

Configuration support for

Average Bandwidth

Peak Bandwidth

Burst Size


Ingress Traffic Egress Traffic

Egress Traffic Ingress Traffic



Virtual vs. Physical Network Management

Separation of Network and

Server provisioning andmanagement systems

Virtual Center managing &provisioning ESX hosts andvirtual switches

Physical network managed /

provisioned by existingnetworking vendors toolsand applications

Network visibility ends atphysical switch port

Different interfacesand tools

IOS CLI for physical network

VC GUI and esxcfg clifor vSwitches

Network

Management

Virtual Center



25/46


vSphere Network Solution Comparisons

vNetworkStandard Switch

vNetworkDistributed Switch




NIC Teaming YES YES

TX Rate Limiting YES YESCDP Support YES YES




VM Network Port Block YESPVLAN Support YES

Network VMotion YES



26/46


3rd Party Distributed SwitchAggregated cluster level virtualnetwork management

Simplified setup and change

Easy troubleshooting, monitoringand debugging

Additional features including privateVLANs, bi-directional traffic shapingand network VMotion

Enterprise networking vendors canprovide their own implementations ofthe virtual switch leveraging thevNetwork switch API interfaces

Enables support for 3rd party

networking capabilities, includingmonitoring and management ofthe virtual network

Supported with vSphere EnterprisePlus

OS

APP

OS

APP

OS

APP

OS

APP

OS

APP

OS

APP

OS

APP

OS

APP

OS

APP

VMware vSphere

vNetwork Distributed SwitchCisco Nexus 1000V


27/46


vSphere Networking - 3rd PartyDistributed Switch Style

W2003EE-32-A W2003EE-32-B

vSwitch

SingleDistributed

PortGroup

Host1

W2003EE-32-A2 W2003EE-32-B2

Host2

W2003EE-32-A3 W2003EE-32-B3

Host3

W2003EE-32-A4 W2003EE-32-B4

Host4

vNetwork

3rd Party Distributed Virtual Machine NetworkSingle

DistributedVirtual Switch

3rd Party Distributed

Switch SpanningHost1, Host2, Host3,Host4


28/46


Nexus 1000V & vCenter Server Views

show interface from Nexus 1000V VSM consoleView from vSphere Client to vCenter Server

show module from Nexus 1000V VSM console

access portassignedto single VLAN

VSM

VEM


29/46


Nexus 1000V Features (page 1 of 3)

Feature vNetworkStandard

Switch

vNetwork

Distributed

Switch

Cisco

Nexus

1000v

Switching FeaturesLayer 2 Forwarding Yes Yes Yes

IEEE 802.1Q VLAN Tagging Yes Yes Yes

Multicast Support (IGMPv2/v3) Yes Yes Yes

IGMP Snooping v3 - - Yes

VMotion Support Yes Yes Yes

Network VMotion - Yes Yes

Physical Switch ConnectivityEtherChannel Yes Yes Yes

Virtual Port Channels - - Yes

Link Aggregation Control Protocol (LACP) - - Yes

Load Balancing Algorithms

Virtual Port ID Yes Yes Yes

Source MAC Yes Yes YesSource-Destination IP Yes Yes Yes

Source-Destination MAC - - Yes

Source-Destination-Port IP - - Yes

Additional Hashing Options - - Yes


30/46



Feature vNetwork

StandardSwitch

vNetwork

DistributedSwitch

Cisco Nexus

1000v

Traffic Management Features

Tx (from VM) Rate Limiting Yes Yes Yes

Rx (to VM) Rate Limiting - Yes Yes

Quality of Service MarkingDSCP - - Yes

Type of Service - - Yes

Class of Service - - Yes

Security FeaturesPort Security Yes Yes Yes

VMSafe Compatible Yes Yes Yes

Private VLANs - Yes Yes

Local PVLAN Enforcement - - Yes

Access Control Lists - - Yes


31/46



Feature vNetwork

Standard

Switch

vNetwork

Distributed

Switch

Cisco Nexus

1000v

Management FeaturesVMware vCenter Support Yes Yes Yes

Third Party Accessible APIs Yes Yes Yes

Network Policy Groups Yes Yes Yes

Multi-Tier Policy Groups - - Yes

VMware Port Mirroring (promiscuous) Yes Yes -

SPAN - - Yes

ERSPAN - - Yes

Netflow v5 - - Yes

Netflow v9 - - Yes

SNMP v3 Read/Write - - Yes

CDP v1/v2 Yes Yes Yes

Syslog Yes** Yes** Yes

Packet Capture & Analysis - - Yes

Radius/TACACS+ - - YesConfiguration and Management Console/Interface vSphere Client vSphere Client to

vCenter Server

vCenter &

Cisco CLI

* Experimental Support

** Virtual Switch Network Syslog information is exported and included with ESX Server related events.


32/46


vSphere - 3rd Party Distributed Switch Option

Cisco Nexus 1000V

(3rd

party distributed switch for vSphere)

http://www.cisco.com/go/nexus1000v
http://www.cisco.com/go/nexus1000vhttp://www.cisco.com/go/nexus1000v


33/46


vNetwork - 3rd Party Virtual SwitchesWho does what?

Third Party VSwitch

Roles and Responsibilities vNetwork

DistributedSwitch

vNetwork

(with 3rd

Party virtualswitching)

Associate VMs to virtual networks vSphere Admin vSphere Admin

Associate server NICs to virtual networks vSphere Admin vSphere Admin

Create Virtual Switches vSphere Admin Network Admin

Create Port Groups vSphere Admin Network Admin

Modify VLAN Settings (virtual) vSphere Admin Network Admin

Configure NIC Team vSphere Admin Network Admin

Monitors Virtual Network vSphere Admin Network Admin

3rd Party Virtual Switches enable end to end

physical and virtual networking feature parity Network admins now able to provision and

monitor the virtual networkusing existing physicalnetwork managementtools


34/46


vNetwork Solution ComparisonsVMwareStandardSwitch

VMwareDistributed Switch

Cisco Nexus 1000V

Virtual Network Model Per Host Per Datacenter Per Datacenter


Cisco Catalyst /Nexus Features and

Functionality



NIC Teaming YES YES

TX Rate Limiting YES YES

CDP Support YES YES




VM Network Port Block YES

PVLAN Support YES

Network VMotion YES



35/46


Networking Scalability and Limits

vSpherenetworking

maximums can befound on the

VMware website:http://www.vmware.com/


36/46




37/46




38/46




39/46


vSphere Traffic Types (Animated)

Traffic Types

VMotion TrafficManagement

HA Heartbeats

VM Traffic

NFS

iSCSI

Storage VMotion

FT

ESX Host 1

VirtualCenteriSCSI FCNFS

ESX Host 2

vSphere supports over 7different traffic types today

vSphere I/O infrastructure

must be performanceoptimized for all types

10gigE Interfaceoptimized for

vSphere traffic

types

VMotion Traffic

Storage VMotion

from FC to iSCSI

Storage VMotionfrom NFS to iSCSI


40/46


CNAs

App

OS

App

OS

App

OS

App

OS

App

OS

Unified Fabric


41/46


VMXNET3The Badass Para-virtualizedVMVirtual NIC

Next evolution of Enhanced VMXNET introduced in ESX 3.5

Adds

MSI/MSI-X support (subject to guest operating system kernel support)

Receive Side Scaling (supported in Windows 2008 when explicitly enabledthrough the device's Advanced configuration tab)

Large TX/RX ring sizes (configured from within the virtual machine)

High performance emulation mode (Default)

Supports

High DMA

TSO (TCP Segmentation Offload) over IPv4 and IPv6

TCP/UDP checksum offload over IPv4 and IPv6

Jumbo Frames

802.1Q tag insertion


42/46


VMDirectPath for VMs

I/O Device

Device Driver

Virtualization

Layer

What is it?

Enables direct assignment of PCI devices to VMTypes of workloads

I/O Appliances

High performance VMs

DetailsGuest controls the physical H/W

Requirements

vSphere 4

I/O MMU Used for DMA Address Translation (Guest

Physical Host Physical) and protection

Generic device reset (FLR, Link Reset, ...)
http://vmweb.vmware.com/product_mktg/diagrams/images/icons/NIC_icon.zip


43/46


IPv6

IPv6 guests supported since ESX 3.5vSphere 4.0 adds additional support for IPv6specifically:

ESX/ESXi

vSphere Client

vCenter Server

VMotion

IP Storage iSCSI, NFS (experimental)

Note: no support for vSphere vCLI, HA and FT


44/46


vSphere Networking Summary

What is it?

Virtual network (i.e., set of virtual switches) livinginside ESX providing interconnectivity between VMsand the external physical network

Enables many VMs to share physical NICs andcommunicate directly with each other

Virtual Networking with vSphere 4

L2 Switching Features and Management

Cluster level unified virtual networkmanagement

Datacenter class features including VLAN,Private VLANs, CDP, RX/TX rate limiting etc.

Built-in availability (NIC Teaming) providing pnicredundancy, availability and load balancing

vNetwork Platform Extensibility

3rd Party Distributed Switch Support (CiscoNexus 1000-V)

VMsafe-Net Support

IPv6 Support (VM, management, VC server)

vSphere 4 I/O Features

VMXNET Generation 3 (VMXNET3)HW offloading(Checksum/TSO/LRO)

Jumbo Frames (VM, NFS andSW iSCSI)

NetQueue v2

VMDirectPath

10GigE

FCoE


45/46


46/46

Q & A

Questions?

TA2103_Virtual Networking With vSphere4

Documents

Transcript of TA2103_Virtual Networking With vSphere4