VMWARE NETWORKINGVMware ESX/ESXi networking features allow
virtual machines to communicate with other virtual and physical
machines, allow management of the ESX/ESXi host, and allow the
VMkernel to access IP-based storage and perform VMware vMotion
migrations. Failure to properly configure ESX/ESXi networking can
negatively affect virtual machine management and storage
operation.
Networking Terminology
vSphere Standard Switch: A software-based switch that resides in
the VMkernel and provides traffic management for VMs. Users must
manage vSphere Standard Switches independently on each ESXi
host.
vSphere Distributed Switch: A software-based switch that resides
in the VMkernel and provides traffic management for VMs and the
VMkernel. Distributed vSwitches are shared by and managed across
entire clusters of ESXi hosts.
Port/Port Group: A logical object on a vSwitch that provides
specialized services for the VMkernel or VMs. A virtual switch can
contain a VMkernel port or a VM port group. On a vSphere
Distributed Switch, these are called distributed port groups.
VMkernel Port: A specialized virtual switch port type that is
configured with an IP address to allow hypervisor management
traffic, vMotion, iSCSI storage access, network attached storage
(NAS) or Network File System (NFS) access, and vSphere Fault
Tolerance (FT) logging. A VMkernel port is also referred to as a
vmknic VM Port Group: A group of virtual switch ports that share a
common configuration and allow VMs to access other VMs or the
physical network.
Virtual LAN: A logical LAN configured on a virtual or physical
switch that provides efficient traffic segmentation, broadcast
control, security, and efficient bandwidth utilization by providing
traffic only to the ports configured for that particular virtual
LAN (VLAN).
Trunk Port (Trunking): A port on a physical switch that listens
for and knows how to pass traffic for multiple VLANs. It does this
by maintaining the 802.1q VLAN tags for traffic moving through the
trunk port to the connected device(s). Trunk ports are typically
used for switch-to-switch connections to allow VLANs to pass freely
between switches. Virtual switches support VLANs, and using VLAN
trunks allows the VLANs to pass freely into the virtual
switches.
Access Port: A port on a physical switch that passes traffic for
only a single VLAN. Unlike a trunk port, which maintains the VLAN
identification for traffic moving through the port, an access port
strips away the VLAN information for traffic moving through the
port.
Network Interface Card Team: The aggregation of physical network
interface cards (NICs) to form a single logical communication
channel. Different types of NIC teams provide varying levels of
traffic load balancing and fault tolerance.
vmxnet Adapter: A virtualized network adapter operating inside a
guest operating system (guest OS). The vmxnet adapter is a
high-performance, 1 Gbps virtual network adapter that operates only
if VMware Tools have been installed. The vmxnet adapter is
sometimes referred to as a paravirtualized driver. The vmxnet
adapter is identified as Flexible in the VM properties.
vlance Adapter: A virtualized network adapter operating inside a
guest OS. The vlance adapter is a 10/100 Mbps network adapter that
is widely compatible with a range of operating systems and is the
default adapter used until the VMware Tools installation is
completed.
e1000 Adapter: A virtualized network adapter that emulates the
Intel e1000 network adapter. The Intel e1000 is a 1 Gbps network
adapter. The e1000 network adapter is the most common in 64-bit
VMs.
An ESXi networking examplevSphere Standard SwitchesvSphere
standard switches(vSwitches) provide the connectivity to provide
communication as follows:
Between VMs within an ESXi host Between VMs on different ESXi
hosts
Between VMs and physical machines on the network
For VMkernel access to networks for vMotion, iSCSI, NFS, or
Fault Tolerance logging (and management on ESXi)Comparison of
vSwitches and physical switchesvSwitchesPhysical Switches
vSwitch functions at layer 2Functions at layer 2
Maintains MAC address tablesMaintains MAC address tables
Supports VLAN configurationsSupports VLAN configurations
A vSwitch does not support the use of dynamic negotiation
protocols for establishing 802.1q trunks or port channels, such as
Dynamic Trunking Protocol (DTP) or Link Aggregation Control
Protocol (LACP).Supports both
A vSwitch does not need to perform Internet Group Management
Protocol (IGMP) snooping because it knows the multicast interests
of the VMs attached to itCan use IGMP
Port and Port GroupsA vSwitch allows several different types of
communication, including communication to and from the VMkernel and
between VMs. To help distinguish between these different types of
communication, ESXi uses ports and port groups. A vSwitch without
any ports or port groups is like a physical switch that has no
physical ports; there is no way to connect anything to the switch,
and it is, therefore, useless.Port groups differentiate between the
types of traffic passing through a vSwitch, and they also operate
as a boundary for communication and/or security policy
configuration. The two different types of ports and port groups
that you can configure on a vSwitch:
VMkernel port
VM port group
Uplinks
VMs in the ESXi host cannot communicate with the physical
network without uplinks. vSwitches must be connected to the ESXi
host's physical NICs as uplinks to communicate with the rest of the
network.Unlike ports and port groups, uplinks aren't required for a
vSwitch to function. Physical systems connected to an isolated
physical switch with no uplinks to other physical switches in the
network can still communicate with each otherjust not with any
other systems that are not connected to the same isolated switch.
Similarly, VMs connected to a vSwitch without any uplinks can
communicate with each other but not with VMs on other vSwitches or
physical systems.
This sort of configuration is known as an internal-only vSwitch.
It can be useful to allow VMs to communicate only with each other.
VMs that communicate through an internal-only vSwitch do not pass
any traffic through a physical adapter on the ESXi host.A vSwitch
bound to at least one physical network adapter allows VMs to
establish communication with physical servers on the network or
with VMs on other ESXi hosts.The vSwitch associated with a physical
network adapter provides VMs with the amount of bandwidth the
physical adapter is configured to support. All the VMs will share
this bandwidth when communicating with physical machines or VMs on
other ESXi hosts. In this way, a vSwitch is once again similar to a
physical switch. For example, a vSwitch bound to a network adapter
with a 1 Gbps maximum speed will provide up to 1 Gbps of bandwidth
for the VMs connected to it; similarly, a physical switch with a 1
Gbps uplink to another physical switch provides up to 1 Gbps of
bandwidth between the two switches for systems attached to the
physical switches.
A vSwitch can also be bound to multiple physical network
adapters. In this configuration, the vSwitch is sometimes referred
to as a NIC team. A vSwitch can have a maximum of 32 uplinks. In
other words, a single vSwitch can use up to 32 physical network
adapters to send and receive traffic from the physical switches.
Binding multiple physical NICs to a vSwitch offers the advantage of
redundancy and load distribution.
A vSwitch using NIC teaming has multiple available adapters for
data transfer. NIC teaming offers redundancy and load
distribution.
