380 likes | 561 Views
Virtual Networking PAVMUG: July 24, 2008. Jonathan Butz Services Manager Arraya Solutions, Inc. jbutz@arrayasolutions.com. Halim Chtourou Senior Solutions Engineer Arraya Solutions, Inc. hchtourou @. Virtual Networking Outline. Arraya Introduction Virtual Networking Design Essentials
E N D
Virtual NetworkingPAVMUG: July 24, 2008 Jonathan Butz Services Manager Arraya Solutions, Inc. jbutz@arrayasolutions.com Halim Chtourou Senior Solutions Engineer Arraya Solutions, Inc. hchtourou@
Virtual Networking Outline • Arraya Introduction • Virtual Networking • Design Essentials • Design Examples • Advanced Concepts
Arraya Solutions, Inc. • IT Infrastructure Consultants since 1999 • Consulting Services in Industry Leading Technologies • Custom Solutions and Services
The Arraya Team • Experienced and Knowledgeable • Certified Professionals • Responsive Sales Professionals • Consultative Approach with a Proven Track Record • Flexible • Local Presence and Premier Service • In-house Demo Center, New Data Center • Successful • Consistent Double-Digit Growth Since Inception • Portfolio of Satisfied Reference Customers
Custom Solutions • Exchange 2007 CCR Design and Migration • Storage architecture, deployment, migration • DR architecture and implementation • VMware architecture and deployment • Health Checks, Report and Recommendations SAN, VMware, Active Directory, Exchange, TSM
VMware Solutions • VMware Virtual Infrastructure Partner since 2003 • VMware Authorized Consulting Partner • VMware Premier Partner, VAC Gold Partner • 9 VMware Certified Professionals on Staff • Close Relationships With VMware Team • Planning & Design Accreditation
Virtual Networking Outline • Arraya Introduction • Virtual Networking • Design Essentials • Design Examples • Advanced Concepts
Physical to Virtual • Increased scale on similar physical footprint • ESX host servicing multiple endpoints • Networking concepts remain the same • Virtual Networking enables additional flexibility
Physical to Virtual Physical Switch Physical Switch Virtual Switch
Increased Flexibility • Add vSwitches as required • Assign guest OS and physical NICs (vmnics) as required • Guest OS traffic switched internally Virtual Switch Virtual Switch Virtual Switch
Virtual Networking Outline • Arraya Introduction • Virtual Networking • Design Essentials • Design Examples • Advanced Concepts
Design Essentials • Virtual network topology: same as physical • Conventional access, distribution, core design • Virtual Switches are Access Switches • Isolate certain traffic types where possible
Traffic Types • Virtual Machine Traffic • Traffic sourced and received from virtual machines • Traffic between VMs on same vswitch stays internal • VMotion Traffic • Traffic sent when moving a virtual machine from one ESX host to another • Should be isolated from VM traffic • Management Traffic • Should be isolated from VM traffic • Includes heartbeats if VMware HA is enabled • iSCSI Traffic • Should be isolated from all other traffic
Virtual Switch Capabilities • L2 Ethernet Switching • VLAN Trunking and Segmentation (802.1Q) • Rate limiting: restrict traffic generated by a VM • VMware NIC Teaming • Load balancing for better use of physical network • Redundancy for enhanced availability • Layer 2 functionality only — no routing • MAC addresses known by registration rather than learned • No MAC learning required • Prevents MAC spoofing
VLAN Trunking in ESX • Enables logical network partitioning • Virtual machines connect to virtual switch portgroups • Virtual switch portgroups are associated with a particular VLAN • Virtual switch tags packets exiting virtual machine just as physical switches do for physical servers
VLAN Tagging Options VST – Virtual Switch Tagging VGT – Virtual Guest Tagging EST – External Switch Tagging Port Groups assigned to a VLAN vSwitch vSwitch vSwitch vnic vnic vnic vnic vnic vnic vnic vnic vnic VLAN Tags applied in vSwitch VLAN Tags applied in Guest PortGroup set to VLAN “4095” Physical Switch Physical Switch Physical Switch External Physical switch applies VLAN tags Preferred
Redundant Paths: Uplinks and Switches NIC Teaming A1 A2
Teaming Options for ESX Uplinks • “Originating Virtual Port ID” or “Source MAC” based Teaming • NIC chosen based on originating virtual switch port ID or source MAC • Traffic from the same vNIC sent via same physical NIC (vmnic) until failover • Simple: no link aggregation • “IP Hash” Teaming • NIC chosen based on SRC-DST IP • Link aggregation (EtherChannel) required on physical switch • Limited teaming to single switch except where explicitly supported (Cisco Catalyst 6500 VSS, Nortel Split MLT and some stacked switches) • Better balancing if guest has large number of IP peers • Recommendation: Choose Originating Virtual Port ID based teaming for simplicity and multi-switch redundancy (default)
Multiport NICs ESX Host
Virtual Networking Outline • Arraya Introduction • Virtual Networking • Design Essentials • Design Examples • Advanced Concepts
Design and Network Ports Question • How do I best design the virtual network given VM traffic, VMotion and Management for security and isolation? Answer • Depends on number of physical ports • 4 NIC ports per server recommended, +2 for iSCSI • VLAN trunking highly recommended Design Examples • ESX flexibility allows for multiple variations of valid configurations • Understand your requirements and resultant traffic types and design accordingly
Example Infrastructure • 4 ESX Servers • 2 logical groups of virtual machines • VLANs • VLAN 10: Management • VLAN 20: VMotion • VLAN 105: Finance • VLAN 106: Engineering VLANs 10, 20, 105, 106 ESX Host 1 ESX Host 2 VLANs 10, 20, 105, 106 ESX Host 3 VLANs 10, 20, 105, 106 VLANs 10, 20, 105, 106 ESX Host 4 VC Server VLAN 10
VLANs 10, 20, 105, 106 ESX with 2 NICs • Create one virtual switch • Connect both physical NICs • Port groups • Port group 10 for Service Console • Port group 20 for VMotion • Port group 105 for Finance VMs • Port group 106 for Engineering VMs • On-board NIC0 (vSwitch1 Uplink) • PG10 (preferred) and PG20 (preferred) • On-board NIC1 (vSwitch1 Uplink) • PG105 (preferred) and PG106 (preferred)
ESX with 4 NICs: Option 1 • Create two virtual switches • Connect two physical NICs to each VSwitch • Port groups • Virtual Switch0 • Port group 10 for Service Console • Port group 20 for VMotion • Virtual Switch1 • Port group 105 for Finance VMs • Port group 106 for Engineering VMs
Team Team ESX for 4 NICs: Option 1 • On-board NIC0 (vSwitch0 uplink) • PG10 (preferred) and PG20 • On-board NIC1 (vSwitch1 uplink) • PG105 and PG106 • PCI based NIC0 (vSwitch0 uplink) • PG10 and PG20 (preferred) • PCI based NIC1 (vSwitch1 uplink) • PG105 and PG106
ESX with 4 NICs: Option 2 • Create one virtual switch • Connect all 4 NICs to VSwitch • Port groups • Port group 10 for Service Console • Port group 20 for VMotion • Port group 105 for Finance VMs • Port group 106 for Engineering VMs • Configure preferred physical NICs • More effective use of available bandwidth • Simplest physical switch configuration: all ports are VLAN Trunks carrying VLANs 10, 20, 105 and 106 SC VMkernel PG105 PG10 PG20 vSwitch vmnic0 1 2 3 Preferred vnic vnic vnic Standby
ESX with More than 4 NICs • With Trunks • Use previous approach and scale up to meet additional bandwidth and redundancy requirements • Dedicate NIC pair for iSCSI (if using VM software initiator) • Without Trunks • Dedicate NIC pair for VMotion • Dedicate NIC pair for Service Console • Separate NIC pairs for each network • Dedicate NIC pair for iSCSI (if using VM software initiator)
DMZ Architecture • Regulations may require DMZ traffic separation • SOX and HIPPA requirements for isolation are open to interpretation • Many customers dedicate NICs to DMZ traffic • Allows internal and DMZ traffic in same cluster • Compliance may vary by auditor
Virtual Networking Outline • Arraya Introduction • Virtual Networking • Design Essentials • Design Examples • Advanced Concepts
iSCSI Design • Provides SCSI block storage access over IP network • Relevant for VMs using the iSCSI software-based initiator • Design depends on NIC ports available • General Design Guidance • Keep iSCSI traffic on its own dedicated vlan and subnet • Dedicate NIC pairs to iSCSI traffic • Use teaming as appropriate • “Virtual Source Port ID” setting if all your iSCSI targets share the same IP address • “IP Hash” setting for other scenarios, including the case for multiple targets
iSCSI Examples • Two NIC ports • Buy additional NICs if possible • Follow two port example • For high VM traffic • Set SC + VMotion + iSCSI to prefer NIC0 • Set VM traffic to prefer NIC1 • For low VM traffic • Set SC + VMotion to prefer NIC0 • Set VM traffic + iSCSI to prefer NIC1 • Four NIC Ports • Buy additional NICs if possible • Follow two port example • Create additional VSwtich, connect remaining NICs for iSCSI • Six NIC Ports • Follow four port example, dedicate additional NICs to iSCSI
Spanning Tree: Not Used by ESX • ESX does not alter STP on physical network • ESX does not participate (does not generate/consume BPDUs) • Use “portfast” or “trunkfast” on physical switch to progress immediately to “forwarding” state • Interconnections between virtual switches are not possible • Loops are not possible within a single virtual switch Virtual Switch Virtual Switch
Link-state Tracking: faster failover ESX Host Virtual Switch “Link State Tracking” associates upstream and downstream links
C C MACC MACC IPC IPC VMotion: Step by Step ESX Host 1 ESX Host 2 B A MACA MACB IPA IPB VMotion Traffic RARP for MAC move(L2 broadcast to network) MACAMACB MACC MACC Physical Switch Physical Switch
Questions? Arraya Solutions, Inc. 521 Plymouth Road Suite 113J Plymouth Meeting, PA 19462 http://www.arrayasolutions.com 866.229.6234 Jonathan Butz Services Manager jbutz@arrayasolutions.com 610.684.8616