VMWare ESX Essentials
- VMWare infrastructure creates a single-tier network topology and interconnecting between different virtual switches is not possible. Thus the Spanning tree protocol is not needed, nor present.
- Port groups are templates for creating virtual ports.
There are 3 types of virtual switches:
- Internal Virtual Switch - it does not have a physical uplink attached to it and it is suitable for isolating traffic from the physical network, i.e. keeping it entirely virtual.
- Virtual Switch with one physical NIC uplink port - as its name suggests it has only one physical NIC attached to it. Because of this it lacks failover and imposes single point of failure.
- NIC team - this is a virtual switch with more than one physical uplink port. It allows failover and load balancing capabilities.
Virtual switches security properties - policies exceptions:
- Promiscuous Mode - when policy is set to reject traffic sniffing is not possible. This might be very useful for IDS / Debugging when traffic on one port is duplicated to another.
- MAC Address Changes - if policy is set to allow mac impersonation is possible and vice versa. By default MAC address changes are allowed.
- Forged Transmits - by default it is allowed because this is an essential functionality for load balancing.
- Load Balancing
- Network Failover Detection
- Notify Switches
- Failback and failover
Load balancing options:
- Route based on the originating virtual port ID (Default)
- Route based on IP hash
- Route based on source MAC hash
- Use explicit failover order
blog comments powered by Disqus