What's New in VMware vSphere 4: Virtual Networking
Abstract
VMware vSphere introduces a number of new features and
capabilities to virtual networking under VMware® vNetwork. vNetwork
is the new name to describe the collection of networking
technologies for optimally integrating networking and I/O
functionality into vSphere.
VMware vNetwork: Summary of Enhancements
The major enhancements to VMware vNetwork are as follows. These
are further explained in the sections below.
- vNetwork Distributed Switch (vDS)-VMware's
next generation virtual networking solution for spanning multiple
hosts with a single virtual switch representation. vDS enables and
includes some additional enhancements as follows:
- Private VLANs
- Network VMotion-tracking of VM networking state, improving
troubleshooting and enabling
- 3rd Party Virtual Switch support with the Cisco Nexus 1000V
Series Virtual Switch
- Bi-directional traffic shaping
- VMXNET3-Third generation para-virtualized
NIC
- IPv6-support extended to vmkernel and Service
Console ports
vNetwork Distributed Switch
The vNetwork Distributed Switch (vDS) extends the features and
capabilities and features of virtual networks while simplifying
provisioning and the ongoing process of configuration, monitoring,
and management.
With ESX 3.5 and prior releases, virtual networks were
constructed using virtual switches or vSwitches. Each ESX host
would use one or more vSwitches to connect the VMs with the server
NICs and the outside physical network.
Simplified Network Provisioning, Configuration and Management
with vDS
In addition to continuing support for the vSwitch (now known as
the Standard Switch), vSphere introduces an additional choice for
VMware virtual networking with the vNetwork Distributed Switch. vDS
eases the management burden of per host, virtual switch
configuration management by treating the network as an aggregated
resource. Individual, host-level virtual switches are abstracted
into a single large vNetwork Distributed Switch that spans multiple
hosts at the Datacenter level. Port Groups become Distributed
Virtual Port Groups (DV Port Groups) that span multiple hosts and
ensure configuration consistency for VMs and virtual ports
necessary for such functions as VMotion.
Distributed Virtual Port Groups and Distributed Virtual
Uplinks
Many of the concepts involved in configuring and managing a
Standard Switch are carried forward with the vDS.
Distributed Virtual Port Groups (DV Port
Groups) are port groups associated with a vDS and specify
port configuration options for each member port. DV Port Groups
define how a connection is made through the vDS to the Network.
Configuration parameters are similar to those available with Port
Groups on Standard Switches. The VLAN ID, traffic shaping
parameters, port security, teaming and load balancing
configuration, and other settings are configured here.
Distributed Virtual Uplinks (dvUplinks) are a
new concept introduced with vDS. dvUplinks provide a level of
abstraction for the physical NICs (vmnics) on each host. NIC
teaming, load balancing, and failover policies on the vDS and DV
Port Groups are applied to the dvUplinks and not the vmnics on
individual hosts. Each vmnic on each host is mapped to a dvUplinks,
permitting teaming and failover consistency irrespective of vmnic
assignments. This is illustrated in the dvUplink box in Figure 3.
vmnic0 on each of the three hosts (esx09a, esx10b, esx9b) is mapped
to dvUplink1. If desired, any of the vmnics could be assigned on
any of the hosts to dvUplink1.
New Features with vDS
In addition to easing the configuration and management burden,
vDS brings with it a number of new features and capabilities to
address some common and emerging virtual network requirements. Note
that these features are not available with Standard Switches.
Private VLANs
Private VLAN (PVLAN) support enables broader compatibility with
existing networking environments using Private VLAN technology.
Private VLANs enable users to restrict communication between
virtual machines on the same VLAN or network segment, significantly
reducing the number of subnets needed for certain network
configurations.
Figure 4 illustrates how this concept works with a vDS. Private
VLANs are configured on a vDS with allocations made to the
Promiscuous Private VLAN, the Community Private VLAN and the
Isolated Private VLAN. DV Port Groups can then use one of these
Private VLANs and VMs are then assigned to a DV Port Group. Within
the subnet, VMs on the Promiscuous Private VLAN can communicate
with all VMs; VMs on the Community Private PVLAN can communicate
amongst themselves and those on the Promiscuous Private VLAN; VMs
on the isolated Private VLAN can only communicate with VMs on the
Promiscuous Private VLAN.
Note that the adjacent physical switches must support Private
VLANs and be configured to support the Private VLANs allocated on
the vDS.
Related Courses
VMware vSphere Fast Track Program (VSFT)
VMware vSphere: Install, Configure, Manage (VSICM)