VI3 IC REV B - 03 Networking
-
Upload
hern-segur -
Category
Documents
-
view
226 -
download
0
Transcript of VI3 IC REV B - 03 Networking
-
8/11/2019 VI3 IC REV B - 03 Networking
1/41
3-1VMware Infrastructure 3: Install and Configure Rev B
Copyright 2006 VMware, Inc. All rights reserved.
Networking
Module 3
-
8/11/2019 VI3 IC REV B - 03 Networking
2/41
3-2VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
You are here
ESX Server Installation
Networking
Storage
VM Creation and
ManagementData Protection
Resource Pools
ESX Server Installation
Virtual Machines
VM Access Control
VM Creation & Management
Virtual Infrastructure
VirtualCenter Installation
Operations
Networking
VMware Overview
Troubleshooting Tips
Data & Availability Protection
VM Resource Monitoring
Storage
ESX Server Installation
VM Resource Management
-
8/11/2019 VI3 IC REV B - 03 Networking
3/41
3-3VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Importance and module objectives
Importance The networking features of ESX Server allow virtual machines to
communicate with other virtual machines within the same box andwith the outside world, allow the service console to communicate,and allow the VMkernel to take advantage of IP-based storage andVMotion.
Objectives For the Learner
Understand the purpose and configuration of virtual switches
Create virtual switches
Configure virtual switch settings and policies
Plan a virtual switch layout based on a realistic scenario
-
8/11/2019 VI3 IC REV B - 03 Networking
4/41
3-4VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Module lessons
Lesson 1: Create Virtual Switches
Lesson 2: Modify Virtual Switch Configurations
-
8/11/2019 VI3 IC REV B - 03 Networking
5/41
3-5VMware Infrastructure 3: Install and Configure
Rev B
Copyright 2006 VMware, Inc. All rights reserved.
Lesson 1:
CreateVirtual Switches
-
8/11/2019 VI3 IC REV B - 03 Networking
6/41
3-6VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Lesson topics
Structure of ESX Server networking
Virtual switches
Virtual switch connection types
Physical connections
-
8/11/2019 VI3 IC REV B - 03 Networking
7/41
3-7VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
A networking scenario
Virtual
Machines
Physical
Switches
1000 Mbps1000 Mbps 1000 Mbps 1000 Mbps
NAT clien t NAT router
Physical
NICs
Product ion VM
Product ion LAN
Management LAN
IP Storag e LAN
Test LA NVLAN 101
VLAN 102
VLAN 103
1000 Mbps
-
8/11/2019 VI3 IC REV B - 03 Networking
8/41
3-8VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
A networking scenario
Virtual
Machines
Physical
Switches
1000 Mbps1000 Mbps 1000 Mbps 1000 Mbps
NAT clien t NAT router
Physical
NICs
Product ion VM
Product ion LAN
Management LAN
IP Storag e LAN
Test LA NVLAN 101
VLAN 102
VLAN 103
1000 Mbps
-
8/11/2019 VI3 IC REV B - 03 Networking
9/41
3-9VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Virtual switch with no physical adapters (Internal only)
Each switch is an internal LAN, implemented entirely insoftware by the VMkernel
Provides networking for theVMs of single ESX Serversystem only
Zero collisions
Up to 1016 ports per switch
Traffic shaping is notsupported
-
8/11/2019 VI3 IC REV B - 03 Networking
10/41
3-10VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Virtual switch with one physical adapter
Connects a virtual switch to one specific physical NIC
Up to 1016 ports available
Zero collisions oninternal traffic
Each Virtual NIC will have itsown MAC address
Outbound bandwidth can becontrolled with traffic shaping
-
8/11/2019 VI3 IC REV B - 03 Networking
11/41
3-11VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Example: one-box firewall environment
Virtual switch with oneoutbound adapter acts as aDMZ
Back-end applications aresecured behind the firewallusing internal-only switches
-
8/11/2019 VI3 IC REV B - 03 Networking
12/41
3-12VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Virtual switch with 2 or more physical adapters (NIC Team)
Can connect to an 802.3ad NIC team Up to 1016 ports per switch
Zero collisions on internaltraffic
Each Virtual NIC will have itsown MAC address
Improved network performanceby network traffic loaddistribution
Redundant NIC operation Outbound bandwidth can be
controlled with traffic shaping
-
8/11/2019 VI3 IC REV B - 03 Networking
13/41
3-13VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Example: A high performance application
Automatic, configurablenetwork load distribution
Redundant networkconnectivity with
automatic failover
Configurableactive/standby NICs andfailover policies
-
8/11/2019 VI3 IC REV B - 03 Networking
14/41
-
8/11/2019 VI3 IC REV B - 03 Networking
15/41
3-15VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Connection type: service console port
Virtual
NICs
Product ionLANs
Management LAN
Storage/Vmotion LAN
Physical
NICs
service console port
defined for thisvirtual switch
-
8/11/2019 VI3 IC REV B - 03 Networking
16/41
3-16VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Virtual
NICs
Product ionLANs
Management LAN
Storage/Vmotion LAN
Physical
NICs
Connection type: VMkernel port
VMkernel port definedfor this virtual switch
-
8/11/2019 VI3 IC REV B - 03 Networking
17/41
3-17VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Virtual
NICs
Product ionLANs
Management LAN
Storage/Vmotion LAN
Physical
NICs
Connection type: virtual machine port group
Virtual machine portgroups defined for
these virtual switches
-
8/11/2019 VI3 IC REV B - 03 Networking
18/41
3-18VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Defining connections
A connection type is specified when creating a new
virtual switch Parameters for the connection are specified during setup
More connections can be added later
-
8/11/2019 VI3 IC REV B - 03 Networking
19/41
3-19VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Naming virtual switches and connections
All virtual switchesare known asvSwitch#
Every port or portgroup has anetwork label
Service consoleports are known asvswif#
-
8/11/2019 VI3 IC REV B - 03 Networking
20/41
3-20VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Lab for lesson 1
Create Virtual Switches In this lab, you will perform the following tasks:
Create an internal-only virtual switch
Create a virtual switch with one physical adapter
-
8/11/2019 VI3 IC REV B - 03 Networking
21/41
3-21VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Lesson summary
ESX Server uses virtual switches to implementnetworking
Physical adapters are assigned at the virtual switch level
There are three connection types for virtual switches
service console port VMkernel port
Virtual machine port group
Multiple connections can be defined on a single switch
-
8/11/2019 VI3 IC REV B - 03 Networking
22/41
3-22VMware Infrastructure 3: Install and Configure
Rev B
Copyright 2006 VMware, Inc. All rights reserved.
Lesson 2:
Modify
Virtual Switch
Configurations
-
8/11/2019 VI3 IC REV B - 03 Networking
23/41
3-23VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Lesson topics
Virtual switch properties Network policies
Network adapter speed/duplex setting
Network policies
VLAN Security
Traffic shaping
NIC teaming
-
8/11/2019 VI3 IC REV B - 03 Networking
24/41
3-24VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Virtual switch properties
Number ofPorts
Policies existfor security,traffic shaping
and NICteaming
Virtual switchpolicies becomethe defaultpolicies for all
ports and portgroups
-
8/11/2019 VI3 IC REV B - 03 Networking
25/41
3-25VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Network adapter properties
For eachphysicaladapter,speed andduplex can bechanged
(default isautonegotiate)
May benecessarywith certainNIC/switchcombinations
-
8/11/2019 VI3 IC REV B - 03 Networking
26/41
3-26VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Network policies
There are four network policies:
VLAN
Security
Traffic shaping
NIC teaming
Policies are defined At the virtual switch level
Default policies for all the ports on the virtual switch
At the port or port group level
Effective policies: Policies defined at this level override the default
policies set at the virtual switch level
-
8/11/2019 VI3 IC REV B - 03 Networking
27/41
3-27VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Network policy: VLANs
Virtual LANs (VLANs) allow the creation of multiple logicalLANs within or across physical network segments
VLANs free network administrators from the limitations ofphysical network configuration
VLANs provide several important benefits
Improved security: the switch only presents frames to those stationsin the right VLANs
Improved performance: each VLAN is its own broadcast domain
Lower cost: less hardware required for multiple LANs
ESX Server includes support for IEEE 802.1Q VLANTagging
-
8/11/2019 VI3 IC REV B - 03 Networking
28/41
3-28VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Network policy: VLANs (2)
Virtual switch tagging
Packets leaving a VMare tagged as they passthough the virtual switch
Packets are cleared
(untagged) as theyreturn to the VM
Little impact onperformance
-
8/11/2019 VI3 IC REV B - 03 Networking
29/41
3-29VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Network policy: security
Administrators can configure Layer 2 Ethernet security
options at the virtual switch and at the port groups
There arethree security
policyexceptions: Promiscuous
Mode
MAC AddressChanges
ForgedTransmits
-
8/11/2019 VI3 IC REV B - 03 Networking
30/41
-
8/11/2019 VI3 IC REV B - 03 Networking
31/41
3-31VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Network policy: traffic shaping (2)
Disabled by default
Can be enabled forthe entire virtualswitch
Port group settingsoverride the switchsettings
Shaping parametersapply to each virtualNIC in the virtual
switch
-
8/11/2019 VI3 IC REV B - 03 Networking
32/41
3-32VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Network policy: NIC teaming
NIC Teaming settings:
Load Balancing (outboundonly)
Network Failure Detection
Notify Switches
Rolling Failover
Failover Order Port group settings are
similar to the virtualswitch settings Except port group failover
order can override vSwitch
failover order
-
8/11/2019 VI3 IC REV B - 03 Networking
33/41
3-33VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Load balancing method: vSwitch port-based (default)
VM ports
upl ink ports
Virtual
NICs
Teamed
physical
NICs
-
8/11/2019 VI3 IC REV B - 03 Networking
34/41
-
8/11/2019 VI3 IC REV B - 03 Networking
35/41
3-35VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Load balancing method: IP-based
Internet
Client
Client
Client
Client
Router
-
8/11/2019 VI3 IC REV B - 03 Networking
36/41
3-36VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Detecting and handling network failure
Network failure is detected by the VMkernel, which monitors
the following: Link state only
Link state + beaconing
Switches can be notified whenever
There is a failover event A new virtual NIC is connected to the virtual switch
Failover is implemented by the VMkernel based uponconfigurable parameters
Failover order: Explicit list of preferred links (uses highest-priority link
which is up)
Rolling failover -- preferred uplink list sorted by uptime
-
8/11/2019 VI3 IC REV B - 03 Networking
37/41
3-37VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Multiple policies applied to a single team
Different port groups within a vSwitch can implement
different networking policies This includes NIC teaming policies
Example: different active/standby NICs for different portgroups of a switch using NIC teaming
1310 12 14111 2 3 4 5 6 7 8 9
VM ports
upl ink ports
A C D E FB
Active Standby
C D E F
Standby Standby
A E FB
Standby Active
A C D E FB
Active
C D
BA
-
8/11/2019 VI3 IC REV B - 03 Networking
38/41
3-38VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Lab for lesson 2
Design networking In this lab, you will perform the following task:
Based on a given scenario, design the network configuration for an ESXServer system, specifying virtual switches, ports and port groups, portgroup policies, and physical connections
-
8/11/2019 VI3 IC REV B - 03 Networking
39/41
3-39VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Lesson summary
Network adapter properties Port group policies
VLAN tagging
Security
Traffic shaping
NIC teaming
-
8/11/2019 VI3 IC REV B - 03 Networking
40/41
3-40VMware Infrastructure 3: Install and Configure Rev BCopyright 2006 VMware, Inc. All rights reserved.
Module review
What are the three virtual switch connection types?Describe the purpose of each type.
What is an "internal-only" virtual switch?
What are the uses for a VMkernel port?
Name the different load-balancing algorithms that can beused by a NIC team.
-
8/11/2019 VI3 IC REV B - 03 Networking
41/41
VM I f t t 3 I t ll d C fi R B
Questions?