Virtual Networking 101: Understanding VMware Networking
- select the contributor at the end of the page -
On a basic, structural level, virtual networks in VMware aren't that different from physical networks; vSphere is designed to mimic the functions of a physical network, so a lot of the network hardware you'll find in the real world, you'll find virtualized in VMware. If you understand how physical networks operate, then understanding virtual networking shouldn't be too difficult.
Before jumping into an explanation of how VMware handles virtual networking, I'll first provide a quick refresher of the basic equipment that makes up a physical network. If you already have a firm understanding of how networking works, then you can skip the following paragraph.
To connect to a network, a computer must be network-capable, meaning that it must have a working network interface controller (NIC), also known as a network card or network adapter, installed. Like its name indicates, the NIC enables the computer to interface with a network. In most business environments, computers are usually connected to a device called a switch, which creates a local area network (LAN). A LAN is a collection of interconnected network-capable devices confined to a small area. Switches are responsible for intelligently routing this network traffic to the appropriate destination.
A virtual network is made up of all of the same hardware described above, but these objects are, obviously, virtualized. A virtual network consists of one or more virtual machines that can send data to and receive data from one another. Each virtual machine represents a single computer within the network and resides on an ESX or ESXi server.
In VMware, switches are used to establish a connection between the virtual network and the physical network. With ESX and ESXi, two different kinds of switches can be used: standard switches and distributed switches.
Standard Switches
A network standard switch, virtual switch, or vSwitch, is responsible for connecting virtual machines to a virtual network. A vSwitch works similar to a physical switch -- with some limitations -- and controls how virtual machines communicate with one another.
The vSwitch uses the physical NICs (pNICs) associated with the host server to connect the virtual network to the physical network. In VMware, these pNICs are also called uplink adapters. Uplink adapters use virtual objects called vmnics, or virtual network adapters, to interface with the vSwitch.
Once the vSwitch has bridged the connection between the virtual network and the physical network, the virtual machines residing on the host server can begin transferring data to, and receiving data from, all of the network-capable devices connected to the physical network. That is to say, the virtual machines are no longer limited to communicating solely across the virtual network.
VMware can create a virtual network from a vSwitch mapped to one or more uplink adapters, or mapped to no uplink adapters at all. A vSwitch that lacks an assigned pNIC is called an internal vSwitch and cannot communicate with other virtual or physical machines outside of the ESX or ESXi host. Internal vSwitches are used whenever the host must remain isolated from the external network, such as when configuring a virtual appliance.
On a more technical level, a vSwitch attaches to the VMkernel inside a host server. The vSwitch is responsible for routing network traffic to the VMkernel, the VM network, and the Service Console. The VMkernel is used to manage features like vMotion, fault tolerance, network file system (NFS), and Internet small computer system interface (iSCSI); the VM network enables virtual machines running on an ESX or ESXi host to connect to the virtual and physical network; and the Service Console is used for remote management. Only ESX uses the Service Console; in ESXi, the VMkernel instead serves as the management front-end.
To connect to a vSwitch, a virtual machine must have a virtual NIC (vNIC) mapped to it -- just like how physical machines can't connect to a network without a working network adapter. In fact, if a physical machine residing outside the virtual environment were to receive data from a vNIC associated with a virtual machine, the physical machine wouldn't be able to tell that the information was coming from a virtualized network adapter. Like pNICs, vNICs have both a MAC address and an IP address.
Each virtual machine interfaces with the vSwitch via a port. vSwitches can consist of one or more port groups, which describe how the virtual switch should route traffic between the virtual network and the virtual machines connected to the specified ports. Administrators can use port groups to configure traffic shaping and bandwidth limitations, NIC failover, and other settings.
Distributed Switches
Distributed virtual switches, or DvSwitches, simplify the network management of multiple ESX or ESXi hosts. DvSwitches provide the same features and functions as do vSwitches, but with one major difference: while a standard virtual switch can't be assigned to more than one host server at a time, a DvSwitch can. So, rather than create identical vSwitches for multiple hosts in a datacenter, you can instead create and associate a single DvSwitch with all the applicable ESX or ESXi servers.
Unlike vSwitches, which can be managed from the local host, due to its inherent architecture, DvSwitches must be created and controlled through vCenter Server. A DvSwitch is made up of a control plane and an input/output (I/O) plane. The control plane resides in vCenter Server and is used to configure DvSwitches, NIC bonding, uplink adapters, and VLANs. The I/O plane, or data plane, on the other hand, is a "hidden" virtual switch built into the host server.
DvSwitches also support port groups, called distributed port groups, or dvport groups. dvport groups provide the same basic functionality as do standard port groups, but offer additional features that the latter does not. For example, administrators can define not just outbound traffic shaping, but inbound traffic shaping as well, when working with dvPort groups.
That sums up the basics of virtual networking. Virtual switches are powerful networking objects that provide even greater utility than what's described in this article. Once you understand the fundamentals, however, the more advanced aspects of VMware networking are much easier to grasp.