VMware Network 101
22
VMware Network 101 More details on network
description
VMware Network 101. More details on network. Agenda. Datacenter design ESX Requirements VLANs & Trunking PNic, vNic vSwitches Distributed Switches Cisco Nexus 1000V Virtual Machine Configuration Screen Shots Appendix. Datacenter Design. Datacenter Design. - PowerPoint PPT Presentation
Transcript of VMware Network 101
VMware Network 101
More details on network
Agenda
• Datacenter design• ESX Requirements• VLANs & Trunking• PNic, vNic• vSwitches• Distributed Switches• Cisco Nexus 1000V• Virtual Machine Configuration• Screen Shots• Appendix
Datacenter Design
• Traditional network design in a Data Center consists of a core, aggregation, and access layer. Each has their own requirements.
• Servers usually connect to the access layer.
• Some configurations physically separate out internal access layer with a DMZ/secure access layers.
• This design also encompasses numerous virtual networks within this physical network construct.
• Taken together, this adds some complexity when virtualizing systems, as one physical server may need to connect many networks together depending on which virtual machines it is currently running.
• With the added benefit of virtual machines moving from one physical server to another, each physical server's network connectivity becomes extremely critical.
Datacenter Design
• For a typical ESX deployment there are two different network requirements.
• First, there are management requirements, including connectivity for VMotion, VirtualCenter which is a management console for ESX, and depending on other add-ons may include a connectivity for FT, which is a Fault Tolerance option.
• Additionally, there has to be connectivity for the virtual machines (VM) themselves.
• If you add up the requirements for each host you realize how many network connections are needed. Making this more complicated is the R word, redundancy, which says double every connection to ensure the loss of one connection does not cause any outages.
• Luckily there are some options to ensure this does not get out of control.
ESX Requirements
• Starting with the management networks, we know that the Virtual Center traffic is very light. We can go against recommendations and go with just one connection for each of these requirements.
• Some designs combine the VMotion and the VirtualCenter connection to reduce the requirements.
• This becomes more difficult in blade environments as there are less network connections by default.
• If there is no requirement for FT virtual machines then that connection is not needed.
• The loss of any of these connections would reduce functionality, but should not cause any outages (there are options in VirtualCenter that can cause the loss of a management connection to lead to an outage so be careful).
• At a minimum there needs to be one network connection for management, and some of the best practices out there say to use two for redundancy. You can combine those functions so that one is primary for one function and secondary for the other.
ESX Requirements
• Virtual Machine connectivity is the other major requirement for an ESX server.
• This is used to connect the VM’s themselves to the network.
• This can be tricky if you’re in a typical environment with lots of internal networks.
• The more important discussion to have first is with the network team on their design, and finding out how to get to every network. The next few slides will try to explain VLAN’s and Trunking at a high level and how it impacts ESX.
• The network connections used for the VM’s themselves should always have redundancy. Those connections are usually configured to support all networks in the Datacenter.
• Some designs create one large pool of network connections to be split between VM traffic and management traffic. This is more common with blade server deployments, and is usually against best practices.
ESX Requirements
• In the network world, one of the best ways to split up one physical network into multiple logical networks is to define “VLAN”, which are Virtual Local Area Networks.
• Each VLAN is a separate logical network that segregates traffic from other networks.
• A router is needed to route, or move, traffic from one VLAN to another the same as if these were different physical networks
• With traditional servers, the physical network port they are attached to on a switch is configured for one particular VLAN.
• This allows the switch to “tag” all the data leaving this port with the proper VLAN tag, so the switches and routers know where to send the data.
• In the virtual world, this doesn’t work since the physical server needs connectivity to every VLAN, or at least a large subset.
VLANs & Trunking
• In the networking world, when a physical port needs to be able to accept traffic from multiple VLAN’s, it is called a “trunk” port.
• A trunk port is designed to allow some other device attached to the physical port to “tag” data with the correct VLAN.
• ESX has a way to “tag” traffic for each VM based on which network each VM is connected to.
• Depending on your network configuration you may need multiple trunks if there are any security restrictions on which physical ports can connect to what networks.
VLANs & Trunking
• Within ESX, the first part of the networking configuration is simple. You need to connect as many network adaptors as you determined are needed in your design.
• Sometimes these are called vNics or vmnic’s, as Vmware will name them vmnic0, vmnic1, etc.
• Each of these network adaptors should have a basic configuration, whether that’s hard-coded to 1000/Full, or Auto, based on the network configuration.
pNic, vNic
• After the layer 1, physical connectivity configuration, it’s time to configure Virtual Switches.
• These are just like regular switches in that we can configure a number of options depending on the network configuration we have decided upon.
• The Virtual Switches are named vSwitch0 and up.
• In the Virtual Switch, first we’ll add however many physical NIC’s we want to be included.
• If we’re configuring an EtherChannel of three switch ports together, then we should add those three pNIC’s to the vSwitch.
• It’s very important to ensure the vSwitch configuration matches the pNic configuration.
Virtual Switch
• Next on the list is defining the networks, or VLAN's, that are allowed on this virtual switch.
• This requires help typically from network groups.
• When VLAN's are defined on a virtual switch this will allow the virtual switch to "tag" traffic with different VLAN tags.
• Later we'll see how to configure virtual machines to "live" on a particular VLAN.
• There are other configuration options for each virtual switch as well for load-balancing across multiple physical network cards as well as other advanced options.
Virtual Switch
• A virtual switch in many ways is like a physical switch in that traffic goes from VM to switch which will then figure out how to forward on and tag the traffic with the right VLAN id.
• There are also options for "shaping" the bandwidth available and some other fine tuning that is possible.
Virtual Switch
Screenshots
Screenshots
Screenshots
Screenshots
Screenshots
• With the advent of ESX 4.x, there is a new option for virtual switch.
• With virtual switches every ESX host has it's own collection of virtual switches.
• If these ESX hosts are in one cluster or other grouping then each virtual switch has to have identical configuration.
• Distributed switches allow you to define one switch that is distributed across multiple hosts.
• The configuration is a bit more complex initially, but on-going maintenance is easier.
• A distributed switch has some basic configuration along with a list of the ESX hosts that will be part of this distributed switch, as well as which physical ports on those hosts can this distributed switch use.
Distributed Switch
• Cisco has also introduced a “virtual” switch of their own, called Nexus 1000V.
• The goal of this design is to create a virtual switch that has the same abilities as any other Cisco physical switch.
• Also, this allows the networking configuration to be very easily administered by existing networking resources, as the Nexus 1000v has the same administration capabilities of any other Nexus switch.
• There are other features available in the Nexus 1000V that are not available in the traditional vSwitch or vDSwitch (Distributed)
Cisco Nexus 1000V
• Once we have our VLAN’s defined in our Virtual Switch configuration, we can then define a network adaptor for our virtual machines
• This is a simple task that requires you to edit the configuration of the virtual machine
• You can then add, or edit an existing, network adaptor
• Next there’s a drop down for “Network Label” which is where you select which network/VLAN the virtual machine should be on.
• Once that’s set, your Virtual Switch will now tag traffic leaving this Virtual Machine with the correct VLAN tag.
Virtual Machine Config
• This presentation should be used to get a high level handle on networking and Vmware ESX.
• For more detailed information, please go to www.vmware.com as there are some great documents on design and such
• Also, there are many great blogs on ESX, but one of my personal favorites is Yellow Bricks at www.yellow-bricks.com
• Also I have deliberately left out security for now as that is definitely a topic for a lot more information than a quick presentation.
Appendix
