what’s new in vmware vsphere™ 4: virtual...
TRANSCRIPT
What’s New in VMware vSphere™ 4:Virtual Networking
W H I T E P A P E R
2
VMware white paper
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
VMware vNetwork: Summary of enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
vNetwork Distributed Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Simplified Network provisioning, Configuration, and Management with vDS . . . . . . . . . . . 3
Distributed Virtual port Groups and Distributed Virtual Uplinks . . . . . . . . . . . . . . . . . . . . . . . . 4
New Features with vDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
private VLaNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Network VMotion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Bi-directional traffic Shaping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
third party Virtual Switch Support with the Cisco Nexus 1000V Series Virtual Switch . . . 7
additional Features Introduced with VMware vNetwork . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
VMXNet3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
ipv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
VMDirectpath . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3
VMware white paper
IntroductionVMware vSphere™ introduces a number of new features and capabilities to virtual networking under VMware® vNetwork. vNetwork is the new name to describe the collection of networking technologies for optimally integrating networking and I/O functionality into vSphere.
These vNetwork enhancements provide the server admin and network admin with an unprecedented level of control while simplifying deployment, ongoing management, and troubleshooting.
This paper provides an overview of the major enhancements introduced with VMware vNetwork.
VMware vNetwork: Summary of enhancementsThe major enhancements to VMware vNetwork are as follows. These are further explained in the sections below.
• vNetwork Distributed Switch (vDS)—VMware’s next generation virtual networking solution for spanning multiple hosts with a single virtual switch representation. vDS enables and includes some additional enhancements as follows:
• PrivateVLANs
• NetworkVMotion—trackingofVMnetworkingstate,improvingtroubleshootingandenabling
• 3rdPartyVirtualSwitchsupportwiththeCiscoNexus1000VSeriesVirtualSwitch
• Bi-directionaltrafficshaping
• VMXNET3—Thirdgenerationpara-virtualizedNIC
• IPv6—supportextendedtovmkernelandServiceConsoleports
vNetwork Distributed Switch The vNetwork Distributed Switch (vDS) extends the features and capabilities and features of virtual networks while simplifying provisioning and the ongoing process of configuration, monitoring, and management.
With ESX 3.5 and prior releases, virtual networks were constructed using virtual switches or vSwitches. Each ESX host woulduseoneormorevSwitchestoconnecttheVMswiththeserverNICsandtheoutsidephysicalnetwork.
Simplified Network Provisioning, Configuration and Management with vDS In addition to continuing support for the vSwitch (now known as the Standard Switch), vSphere introduces an additional choice for VMware virtual networking with the vNetwork Distributed Switch. vDS eases the management burden of per host,virtualswitchconfigurationmanagementbytreatingthenetworkasanaggregatedresource.Individual,host-level virtual switches are abstracted into a single large vNetwork Distributed Switch that spans multiple hosts at the Datacenterlevel.PortGroupsbecomeDistributedVirtualPortGroups(DVPortGroups)thatspanmultiplehostsandensure configuration consistency for VMs and virtual ports necessary for such functions as VMotion.
Forexample,a300-hostESXenvironmentinvolvesmanagementof300ormoreindividualvSwitches.Asinglechangemight requirereplicationonall300hostsandvSwitches.WithvSphere,asinglevDScanspanthesame300hostenvironment.AnychangeisreflectedacrossallhostscoveredbythevDS.
4
VMware white paper
Figures1and2illustratetheconceptualdifferenceinmanagementforaStandardSwitchenvironmentversusavDSenvironment.EachoftheStandardSwitchesinFigure1requiresaseparateconfigurationfromaseparatemanagementpanel. The vDS in Figure 2 requires just one management panel for the single switch that spans multiple hosts.
Distributed Virtual Port Groups and Distributed Virtual UplinksMany of the concepts involved in configuring and managing a Standard Switch are carried forward with the vDS.
Distributed Virtual Port Groups (DV Port Groups) are port groups associated with a vDS and specify port configuration optionsforeachmemberport.DVPortGroupsdefinehowaconnectionismadethroughthevDStotheNetwork.ConfigurationparametersaresimilartothoseavailablewithPortGroupsonStandardSwitches.TheVLANID,trafficshaping parameters, port security, teaming and load balancing configuration, and other settings are configured here.
Distributed Virtual Uplinks (dvUplinks) are a new concept introduced with vDS. dvUplinks provide a level of abstraction forthephysicalNICs(vmnics)oneachhost.NICteaming,loadbalancing,andfailoverpoliciesonthevDSandDVPortGroupsareappliedtothedvUplinksandnotthevmnicsonindividualhosts.Eachvmniconeachhostismappedtoa dvUplinks, permitting teaming and failover consistency irrespective of vmnic assignments. This is illustrated in the dvUplinkboxinFigure3.vmnic0oneachofthethreehosts(esx09a,esx10b,esx9b)ismappedtodvUplink1.Ifdesired,anyofthevmnicscouldbeassignedonanyofthehoststodvUplink1.
VM VM VM
vSphere Client
vCenter Server
Standard Switch
VM VM VM
Standard Switch
VM VM VM
Standard Switch
vNetwork Distributed Switch
VM VM VM VM VM VM VM VM VM
vSphere ClientdvUplink
vCenter Server
Figure 1 - Standard Switches are individually managed and configured.
Figure 2 - Management of vNetwork Distributed Switches is independent of the number of hosts.
5
VMware white paper
Figure 3 illustrates the vDS view from a vSphere client for a three host sample environment.
New Features with vDSIn addition to easing the configuration and management burden, vDS brings with it a number of new features and capabilities to address some common and emerging virtual network requirements. Note that these features are not available with Standard Switches.
Private VLANs PrivateVLAN(PVLAN)supportenablesbroadercompatibilitywithexistingnetworkingenvironmentsusingPrivateVLANtechnology.PrivateVLANsenableuserstorestrictcommunicationbetweenvirtualmachinesonthesameVLANornetwork segment, significantly reducing the number of subnets needed for certain network configurations.
Figure4illustrateshowthisconceptworkswithavDS.PrivateVLANsareconfiguredonavDSwithallocationsmadetothePromiscuousPrivateVLAN,theCommunityPrivateVLANandtheIsolatedPrivateVLAN.DVPortGroupscanthenuseoneofthesePrivateVLANsandVMsarethenassignedtoaDVPortGroup.Withinthesubnet,VMsonthePromiscuousPrivateVLANcancommunicatewithallVMs;VMsontheCommunityPrivatePVLANcancommunicateamongstthemselves andthoseonthePromiscuousPrivateVLAN;VMsontheisolatedPrivateVLANcanonlycommunicatewithVMsonthePromiscuousPrivateVLAN.
NotethattheadjacentphysicalswitchesmustsupportPrivateVLANsandbeconfiguredtosupportthePrivateVLANsallocated on the vDS.
Figure 3 – An example vDS for a small three host environment showing highlighted path through switch to dvUplinks for the dv-management Distributed Virtual Port Group.
6
VMware white paper
Network VMotionNetwork VMotion is the tracking of virtual machine networking state (e.g. counters, port statistics) as the VM moves from host to host on a vNetwork Distributed Switch. This provides a consistent view of a virtual network interface regardless of the VM location or VMotion migration history. This greatly simplifies network monitoring and troubleshooting activities where VMotion is used to migrate VMs between hosts.
Bi-directional Traffic ShapingvDSexpandsupontheegressonlytrafficshapingfeatureofStandardSwitcheswithbi-directionaltrafficshapingcapabilities. Egress(fromVMtonetwork)andnowingress(fromnetworkintoVM)trafficshapingpoliciescannowbeappliedonDVPortGroupDefinitions.
TrafficshapingisusefulincaseswhereyoumaywishtolimitthetraffictoorfromaVMorgroupofVMstoeitherprotectaVMorothertrafficinanoversubscribednetwork.
Policiesaredefinedbythreecharacteristics:averagebandwidth,peakbandwidth,andburstsize.SeeFigure5below.
All VMs are part of the same IP subnet
Primary Private VLAN 10(Promiscuous)
SecondaryPrivate VLAN 2002
(Community)
SecondaryPrivate VLAN 2001
(Isolated)
SecondaryPrivate VLAN 10(Promiscuous)
DV Port Group C
vDSDV Port Group BDV Port Group A
VM VM VM VM VM VM
Figure 4 - Private VLANs provide a simple way of selectively isolating VMs without exhausting IP subnets.
Figure 5 - Traffic shaping policy definition on DV Port Group.
7
VMware white paper
Third Party Virtual Switch Support with the Cisco Nexus 1000V Series Virtual SwitchThe vNetwork Distributed Switch includes switch extensibility for seamless integration of 3rd party control planes, data planes,anduserinterfaces.CiscohascollaboratedwithVMwaretoexploitthisextensibilitytoproducetheCiscoNexus1000VSeriesVirtualSwitch.
TheCiscoNexus1000VusesthesamedistributedswitchingmodelastheVMwarevNetworkDistributedSwitch.VirtualEthernet Modules (VEMs) are the switching data planes on each ESX host and provide the frame forwarding capabilities. TheVEMsleveragetheESXhostAPIsandsocanleveragethesamephysicalNICsandHCL(HardwareCompatibilityList)as the VMware Standard Switch and vNetwork Distributed Switch. Virtual Supervisor Modules (VSMs) are implemented ontheCiscoNX-OSoperatingsystem.TheyprovidethecontrolplanefunctionfortheVEMsandcanexistasaguestVMor standalone appliance.
VSMsprovideafamiliarCiscoCLI(CommandLineInterface)formanagementandconfiguration.TheyalsocommunicatewithvCenterServerforoptionalmanagementandconfigurationthroughavSphereClient.
TheCiscoNexus1000VhasanexpandedfeaturesetsimilartothatprovidedbyphysicalCiscoCatalystandNexusswitches.
FormoreinformationontheCiscoNexus1000V,gotohttp://cisco.com/go/nexus1000v.
additional Features Introduced with VMware vNetwork
VMXNET3VMXNET3buildsuponVMXNETandEnhancedVMXNETasthethirdgenerationparavirtualizedvirtualnetworkingNICfor guest operating systems.
New VMXNET3 features over previous version of Enhanced VMXNET include:
• MSI/MSI-Xsupport(subjecttoguestoperatingsystemkernelsupport)
• ReceiveSideScaling(supportedinWindows2008whenexplicitlyenabledthroughthedevice'sAdvancedconfigurationtab)
• IPv6checksumandTCPSegmentationOffloading(TSO)overIPv6
• VLANoff-loading
• LargeTX/RXringsizes(configuredfromwithinthevirtualmachine)
IPv6IPv6(IPversion6)isthesuccessortothedominantIPv4protocolusedintheInternettoday.IPv6incorporatesanumberofimprovementsoverIPv4,namelyintegratednetworksecurity,plusanincreasedaddressspacetoalleviateIPv4address exhaustion.
IPv6supportforguestoperatingsystemswasintroducedinVMwareESX3.5.WithvSphere,IPv6supportisextendedtoincludethevmkernelandserviceconsoleallowingIPstorageandotherESXservicestocommunicateoverIPv6.
VMDirectPathVMDirectPathisanewcapabilityprovidedinvSpherefordirectassignmentofPCIdevicestoaVMforguestcontrolofphysical hardware.
VMDirectPathisdesignedforspecialpurposeI/OappliancesandhighperformanceVMsthatrequiretheportabilityandmanagement benefits of a VM, but do not need support for additional VM functions such as VMotion, fault tolerance and suspend/resume.
VMware, Inc. 3401 Hillview Ave Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.comCopyright © 2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All othermarks and names mentioned herein may be trademarks of their respective companies. VMW_09Q1_WP_vSphereNetworking_P8_R1