VMWare ESX Essentials

Networking

Basics:
  • VMWare infrastructure creates a single-tier network topology and interconnecting between different virtual switches is not possible. Thus the Spanning tree protocol is not needed, nor present.
  • Port groups are templates for creating virtual ports. 

There are 3 types of virtual switches:
  •  Internal Virtual Switch - it does not have a physical uplink attached to it and it is suitable for isolating traffic from the physical network, i.e. keeping it entirely virtual.
  •  Virtual Switch with one physical NIC uplink port - as its name suggests it has only one physical NIC attached to it. Because of this it lacks failover and imposes single point of failure.
  • NIC team - this is a virtual switch with more than one physical uplink port. It allows failover and load balancing capabilities.
Virtual switches security properties - policies exceptions:
  • Promiscuous Mode - when policy is set to reject traffic sniffing is not possible. This might be very useful for IDS / Debugging when traffic on one port is duplicated to another.
  • MAC Address Changes - if policy is set to allow mac impersonation is possible and vice versa. By default MAC address changes are allowed.
  • Forged Transmits - by default it is allowed because this is an essential functionality for load balancing.
NIC Teaming allows:
  • Load Balancing
  • Network Failover Detection
  • Notify Switches 
  • Failback and failover
Load balancing options:
  • Route based on the originating virtual port ID (Default) 
  • Route based on IP hash 
  • Route based on source MAC hash
  • Use explicit failover order


blog comments powered by Disqus