ESX Virtual Switches
I could go on forever about Virtual Switches used by Vmware, however, here’s a bit of a rundown.
Virtual switches fulfill similar functions to physical switches in an infrastructure ie. they grant virtual operating systems access to the physical network.
That’s not ENTIRELY true.
Virtual switches are also used for the Service Console (or management IP address) for the ESX server itself, They are also used for IP storage and Vmotion capabilities. More on these later. For the moment, I am just talking about the capabilities for virtual switches for virtual machines and generally about the switches themselves.
The switches used for virtual machines are known as Virtual Machine Port groups. They are unmanaged switches in that I cannot specifically connect my webserver to the first port in the virtual switch. At the moment! With the release of Vmware 4, it’ll be interesting to see what the partnership between Cisco and Vmware produces.
Virtual switches are, as of writing this, a single-tier topology. Each virtual switch has it own forwarding table. However, these tables are only locally significant, so configurations cannot be passed from one virtual switch to another even if the entries in one switch’s table exist in another virtual switch.
So, how are they similar to physical switches? They have a MAC:port forwarding table, do lookups on frames to figure out destination MAC addresses. Forward frames to one or more ports for transmission. They support standard VLAN segmentation ie. they are dot1q compliant; no ISL or LANE etc.
How are they different from physical switches? No spanning tree protocol, network traffic cannot flow directly from one virtual switch to another. This means that traffic from a virtual machine plugged into a virtual switch has to leave the ESX server to be passed to another virtual machines plugged into another separate virtual switch. Also, there is no trunking between virtual switches.
Or, to put it another way, there is no way to directly "cable" one virtual switch to another. All this, hopefully, makes sense below.
The other similarity between the virtual and physical switches is CDP capabilities. Virtual switches, like most vendor’s physical switches, are CDP aware. Via the command line I can enable or change CDP behaviour on the virtual switch. The four potential CPD modes are down (CDP disabled), listen (the default, detects and displays information about other CDP devices), advertise (broadcast but do not detect or display information), both (both advertise and detect and display CDP information).
Good writing. Keep up the good work. I just added your RSS feed my Google News Reader..
Matt Hanson
Any suggestions on counting traffic on Virtual Machines other than sniffing all of the data ? I’m interested in looking at the Cisco 1000V but its not out yet (or from what I can find) and really need a solution.
This is where the problem comes in with an unmanaged switch. It’ll be interesting to see what the 1000v adds to the game.
At the moment, the only thing I have found is data sniffing to monitor virtual machine traffic. The other possible solution would be the CLI and things like esxtop etc. to monitor.
Hope that helps a bit.
Hey Adam,
Awesome work, Just the info I was after :). ( Posting here as twitter has been inacessible for 2 weeks for me )
No worries, Josh. It’s interesting to see how close Vmware can get virtual switches to physical ones.
Adam,
Nice write up. The real power of Nexus 1000V is not so much what features it supports above and beyond the vSwitch (NetFlow, PVLANs, QoS classification, etc), rather the most powerful aspect (I think) will be the on the operations and management side of things. The network team can now manage and provision network connectivity for virtual machines with the same tools and troubleshooting processes as physical machines. This, in my opinion, will open the doors for virtualizing Tier 1 applications (SAP, Exchange, etc.).
Nice Blog – I’ve added you to my RSS and Blogroll
Brad,
Thanks for the comment! I reckon you’re right. Once we can treat virtual switches as “physical devices”, the opportunities will really open up.