Virtualisation has gone from IT buzzword to IT staple, so it's vital for networking professionals to understand how server virtualisation and networks affect each other. In a server virtualisation environment, every host server abstracts and extends the network into its hypervisor, where a virtual switch manages traffic between virtual machines. Server virtualisation also introduces I/O bottlenecks and bandwidth capacity problems on the physical network by increasing the amount of traffic generated by individual physical servers. Consequently, virtualisation networking -- or networking for virtualisation -- is on every networking professional's agenda.
In this guide, networking professionals can learn about managing virtualisation networking, distributed virtual switching, network capacity planning for virtualisation and more.
TABLE OF CONTENTS
Considerations for virtual server networking
•Planning for virtualisation networking
•Virtualisation and network configuration
•The human factor in virtualisation networking
•Virtualisation and network performance
Managing virtualisation through the network
•Virtual switching: Managing virtualisation through the network
•802.1Q VLAN tagging
•Network management in a virtualised environment
CONSIDERATIONS FOR VIRTUAL SERVER NETWORKING
Server virtualisation networking requires involvement from the networking team at several key points -- including network capacity planning, configuration mapping and management, and network automation -- to support fluid virtual machines and changing traffic patterns.
Check out the resources below in each category to find out more about network considerations for virtualisation.
Planning for virtualisation networking
In planning for virtualisation, network managers must remember that demand for power and network capacity changes depending on peak traffic hours. For example, when the number of physical servers is reduced, the number of users on each server increases proportionately. Power usage and network utilisation for those servers must be monitored and managed accordingly, and network managers must be ready to turn bandwidth up and down depending on need.
- Data centre networks and virtualisation: Who has the silver bullet?
Virtualisation and network configuration
While virtualisation can save companies quite a bit of money by reducing the number of physical servers in the data centre, it can also cause headaches for network managers trying to map and manage ever-changing network configuration. Virtual machine (VM) sprawl can also cause security problems since it is difficult to set a security configuration that will follow a moving virtualised application. Many IT organisations solve this by setting up clusters of physical servers for similar applications that require comparable security and network settings. But as application demand grows, these clusters will run out of capacity, requiring manual network reconfigurations.
Network automation software can solve this problem by automatically allocating the necessary bandwidth and power while provisioning VMs to handle workloads on demand.
Server virtualisation also impacts the network by creating constantly changing and multiplying media access control (MAC) addresses. MAC addresses are generally burned into the network interface cards (NICs) on the servers and are a fixed value in a non-virtualisation environment. But in a virtualised environment, a MAC address can change during "cold migration" -- when a VM is shut down and moved from one location to another. Any configurations built around the old MAC address will no longer apply to the new address. While this isn't a prolific problem (as there aren't many instances in which network admins configure things based on the MAC address), it is a problem where these configurations do exist.
- Data centre network automation tool: Lab-style provisioning in the cloud
- Live Migration: Troubleshooting storage and network configurations
- The CIO shell game: Greg Ness
- Virtualisation adds urgency to core network services business
The human factor in virtualisation networking
One of the biggest challenges the IT team faces with virtualisation is the requirement for more collaboration between the network team and the server team. The implementation of VLANs is the perfect example of the need for teamwork. VLANs are crucial in managing network traffic flow in a virtual environment, but they are tightly integrated into server management as well. VLAN configuration occurs on switches and on physical servers running the server virtualisation software.
Network admins and server admins will also need to share information about which NICs are plugged into which network ports for link aggregation purposes, which allows the virtualisation solution to provide redundancy and/or more efficient use of multiple physical NICs.
- Data centre network infrastructure trends: Networking professionals must insert themselves into the data centre conversation
- IT job security fears over cloud computing: Network jobs still vital
- Virtual switch standards: Let the fighting begin (again)
- Virtual network switches give the networking team more of a role in virtualisation
Virtualisation and network performance
Server virtualisation can seriously affect network performance. The consolidation of workloads onto fewer physical servers can affect traffic flow within the network, disrupting network performance and throughput. In a non-virtualised environment, fixed-configuration switches, or "rack switches," provide uplinks to the core network, and traffic aggregation occurs within the rack switch itself. But when server virtualisation is implemented, traffic aggregation occurs at the physical server level, not on the rack switch. Server workload consolidation leads to heavier use of the network links to the physical servers. Using a rack switch to uplink to the core to try to aggregate already aggregated traffic can result in bottlenecks and thus major problems in network performance and throughput.
Site consolidation can also affect network latency. With enterprises consolidating multiple data centres and pulling out branch office data systems, the entire wide area network (WAN) can be affected. Let's take this analogy from Harold Byun, senior product marketing manager at Riverbed: 200 passengers need to drive from New York to Los Angeles. A small car that can carry only five passengers at a time would need to make 40 roundtrips to get everyone to LA. Building a new freeway with wider lanes and better traffic flow won't help -- the car still has to make 40 trips, no matter how you cut it. With great distance over a WAN, a network will experience latency, regardless of how upgraded the network link is. The solution is to minimise the number of "trips" that applications must make across the network. By encapsulating the overhead of standard office application protocols, which are running over a wider network in a more consolidated virtual environment, the network can make fewer trips to carry data. With this analogy, large buses that can carry 50 passengers would be replacing the cars, reducing the number of trips from 40 to four.
Another solution would be WAN acceleration. This can be achieved with WAN optimisation controllers (WOCs), which are a type of virtual appliance based on network appliance software running on a VM. Other virtual appliances include application delivery controllers (ADCs), and virtual appliances work in conjunction with virtual desktops and virtual servers.
- VIDEO: How virtualisation affects the network
- Network availability considerations for virtualisation
MANAGING VIRTUALISATION THROUGH THE NETWORK
Virtualisation networking was once a game of hit or miss for network managers, but the emergence of third-party virtual switches and distributed virtual switching strategies has given the networking team more control over the environment. In this section, learn about distributed virtual switch implementation and managing virtual servers through networking.
Virtual switching: Managing virtualisation through the network
A virtual switch is software that emulates a physical Ethernet switch and allows one VM to communicate with another. The switch inspects packets before passing them on and is often included as part of virtualisation software or in a server's hardware as part of its firmware. Because of this, the server management team usually claims responsibility for management of virtual switches. But proposed changes to virtual switch standards, including the Virtual Ethernet Port Aggregation (VEPA) and the VN-Tagging port extension approach, give the networking team more control over the virtual switching that takes place in server virtualisation. How the proposed changes will affect the relationship between the server and network teams is anyone's guess, but data centre managers and CIOs need to keep the possible disharmony in mind.
As previously mentioned, a major challenge with virtualisation is figuring out how to move VMs across physical hosts without continuously having to reconfigure them individually. Virtual switching can address this challenge.
Technologies like VMware's vSwitch and vSphere can make this happen by combining the resources of multiple physical hosts. Among vSphere's networking features are distributed vSwitches, which allow a single switch to be used across multiple hosts; private VLANs, which let administrators control and restrict communication between VMs on a vSwitch; and IPv6 support, which allows for the 16-byte, hexadecimal IPv6 addresses that will become more widely used once the industry starts to experience exhaustion of IP addresses supported by IPv4. But these technologies can cause a bottleneck. Administrators can address this by using virtual switches in conjunction with virtual appliances, such as the Arista virtual Extensible Operating System (vEOS), which can make the vSwitch more scalable for network administrators.
Managing virtual switches is no easy feat. There are several virtual switch problems, including limited traffic visibility, poor manageability, and inconsistent network policy enforcement, as well as limited I/O bandwidth. (Read more about virtual switch challenges.) But some solutions to these virtual network switch woes exist, including edge virtualisation technologies such as distributed virtual switching (DVS), edge virtual bridging (EVB) and single root I/O virtualisation (SR-IOV).
DVS is the aggregation of multiple virtual switches. It simplifies a network engineer's task by allowing him to configure servers in clusters across the network instead of configuring each one individually. The control plane and the data plane of the virtual switch are de-coupled, allowing the data planes of multiple virtual switches to be controlled by an external centralised management system. This de-coupling allows the vSwitch control plane to be tightly integrated with the control planes of physical access switches and/or the virtual server management system. With DVS, the shortcomings of traditional vSwitches can be addressed.
The Cisco Nexus 1000v distributed virtual switch is an option for addressing vSwitch shortcomings. It works with any manufacturer's physical switch, so non-Cisco physical networks can use the 1000v for virtual network management.
- Open vSwitch: Can you use an open source distributed virtual switch?
802.1Q VLAN tagging
Configuring vSphere VLANs is as challenging and complex as establishing VLANs in a typical physical network. 802.1Q VLAN tagging is a popular method for tackling the problem of configuring vSphere VLANs. The 802.1Q networking standard allows multiple bridged networks to transparently share the same physical network link without leaking of information among the networks. 802.1Q VLAN tagging allows for multiple VLANs to be used on a single physical switch port, enabling a network administrator to reduce the number of physical NICs on a server from one per VLAN to one per host.
Tagging applies tags to all network frames to identify them as belonging to a particular VLAN. The types of VLAN tagging include virtual machine guest tagging (VGT mode), external switch tagging (EST mode), and virtual switch tagging (VST mode). VST mode is the most commonly used with VLANs in vSphere because it's the easiest to configure and manage, and it also eliminates the need to install a specific VLAN driver inside a virtual machine. (Find out how to configure VST mode for vSphere VLANs here.)
- VLAN guide for networking professionals
Network management in a virtualised environment
It's not easy to manage virtual network relationships. In the "old days," infrastructure was static. Applications lived on dedicated physical servers with static NICs that could be configured once and forgotten. But finding a way to "reconnect" physical resources and virtual workloads that are mobile and fluid is a challenge. Many vendors are developing products that offer an "end-to-end" view of physical resources and how they are being utilised by virtual workloads at any given time. In the meantime, there are various steps toward managing virtual network relationships that an IT organisation can take, including documentation, live migration limitation, and management tools.
Another important tool in virtualisation network management is network change and configuration management (NCCM), which is significantly more challenging in a virtualised environment. Use this primer on virtualisation change and configuration management to further your understanding of this concept.
- Virtualisation selection and the enterprise network
- Server virtualisation standards may fix network management, security
- Compliance in a virtualised world: Server virtualisation and NAC security
- Virtualisation: The next generation of application delivery challenges
This was first published in January 2011