Virtual networking concepts - vSphere Tutorial

- [Rick] In this video, we'll start to learn about the concepts of virtual networking. We'll learn about how virtual machines can communicate with other virtual machines inside the same ESXi host, or maybe VMs and other ESXi hosts, or even communicate with systems on the internet or on other external networks. So let's think about how a virtual machine actually handles transmitting and receiving network traffic. And in reality, they work pretty much the same way that a physical computer does. So here we see a virtual machine, and this virtual machine has a network interface card just like any other machine that is connected to a network. But in this case, we're dealing with a virtual NIC, a virtual network interface card. Now, the operating system itself, in this case it's Windows, has no idea that the virtual NIC is not an actual physical network interface card. So Windows just sees a network interface card. And from the perspective of the guest operating system, that's really the end of the story. So now let's assume that Windows needs to send some packet to the virtual NIC. And just like any physical NIC, my virtual NIC needs to be connected to a switch. So the virtual machines will connect to a virtual machine port group on the virtual switch, and the port group is used to define settings like VLAN membership and security policies and other settings like that. And the ESXi host has physical interfaces, but my traffic doesn't necessarily need to flow over a physical interface. So let's assume that I have multiple virtual machines that are connected to the same port group. Well, here you can see, and let's watch this one more time, this VM and another VM are connected to the same port group on the same host. And because they're connected to the same port group on the same host, they can communicate directly with one another. They can communicate without their traffic ever flowing over a physical network. But also, I'm probably going to have the need to communicate with physical networks as well. I'm probably going to need some kind of physical interface on my ESXi host. And that physical interface is called a vmnic. The vmnics are used when traffic needs to flow over the physical network. So think of the vmnic as a physical network adapter on the ESXi host. And so now we can follow traffic as it flows from a virtual machine and the traffic's going to originate in the VM, but the traffic needs to flow to some external network. Maybe it's a virtual machine on another physical host, maybe it's the internet. That traffic is going to flow through the virtual NIC of the VM, arrive at the virtual switch, and be sent out the physical adapter to a physical switch in my physical network. Okay, so now we understand that VMs are connected to port groups. Port groups do things like define VLANs, and we have vmnics, which are the physical adapters of my virtual switch and connect me to the outside world. But virtual machine port groups are really only half of the story. My virtual machine port groups handle all of my virtual machine traffic. Everything else is going to be handled by VMkernel ports. So the virtual machine port groups are kind of like ports on a switch that a computer would connect to, whereas a VMkernel port, these are special types of ports on a virtual switch that are used for traffic like vMotion or IP storage or management. These are the ports that the hosts and vCenter use to talk amongst themselves for purposes other than virtual machine traffic. So now let's take a few minutes to try to understand virtual machine port groups, the VLANs assigned to those virtual machine port groups, and trunk ports. And let's work our way through this concept by breaking down the diagram shown here on your screen in which we have two virtual machines. And the virtual machine on top is connected to a port group with VLAN 10 assigned to it. The virtual machine on the bottom is connected to a different port group, and that other port group has VLAN 20 assigned to it. And so as traffic flows out of the virtual machine and into the virtual switch at the top of my screen, it's going to hit a port group that is tagged with VLAN 10. And if that VM is trying to communicate with this other virtual machine while the other virtual machine's on a different VLAN, that traffic is actually going to have to be routed. So the traffic's going to have to flow out of the ESXi host on a trunk port to a physical switch. It's got to be sent to a router, and the router has to be able to route between VLANs and eventually that traffic will flow back in to the virtual switch and it'll be put out on VLAN 20 to this virtual machine. And that's how VLAN segmentation works, with a virtual switch, each VM connects to a port group. Each port group has a VLAN defined, and we will have a trunk port to a physical switch, and the trunk port is able to handle traffic across all of these VLANs on a single physical connection. So let's review this one more time. Traffic leaves virtual machine one, hits the port group on the virtual switch, and this traffic is now a part of VLAN 10 because it belongs to this port group. However, the trunk port is going to handle VLAN 10 and VLAN 20. So a tag is going to be placed on this ethernet frame and sent out over this trunk port. And the tag says, Hey, this traffic belongs to VLAN 10. It hits the physical switch and the physical switch then forwards it to the default gateway. The default gateway is a router. So that's where this frame was destined. It was destined for the default gateway. And the default gateway will look at the destination IP address, and the router, which is our default gateway, will say, oh, that's an IP address. That's on VLAN 20. Let me send it back through this trunk port on VLAN 20 tagged for VLAN 20. The traffic arrives at the virtual switch and it is sent to the destination virtual machine. So that's the purpose of a trunk port with a virtual switch. And that way the physical switch can actually see a consistent set of VLANs and it can see which virtual machine traffic, as it arrives, belongs on which VLAN. Okay, so now let's take a few moments and talk about another important networking concept called the Jumbo Frames. And what we want to understand here is how an improperly configured MTU or maximum transmission unit, can have a negative impact on performance. So here's our virtual machine, and this virtual machine sends what we call a jumbo frame. This is a large ethernet frame, and our virtual switch can support jumbo frames. The the point of jumbo frames is allowing a VM to send one big frame instead of a bunch of smaller frames. And in doing so, the whole process becomes more efficient. Think of it this way. Let's say that you wanted to ship four guitars out. If you could put 'em all in one big box and just put on one mailing label, that would be more efficient than doing it in four different boxes and taping up four different boxes and putting four mailing labels on. Well, handling frames is kind of the same thing. Instead of doing a bunch of smaller frames, we're trying to do one big jumbo frame. And the vSphere standard switch and the vSphere distributed switch support jumbo frames. But I have to configure a maximum transmission unit, which is essentially how big can a frame be. So in this case, we're assuming that our virtual switch and our physical switch are not configured consistently, that the MTU is higher on the virtual switch than it is on the physical switch. And so here comes this frame that is bound for something in the outside world. It's got to go over the physical network, and it arrives at the physical switch. And the physical switch says, wait a minute, 9,000 is too big. My MTU is 1524. I now need to take this frame, carve it up into multiple smaller chunks. And this is called fragmentation and reassembly. The physical switch can't handle a frame that big, so it needs to take the frame and carve it up into smaller pieces. And this has a huge negative impact on the performance of the switch because now the CPU of the switch is doing this with every single frame that's coming in from this virtual switch. It's got to carve them all up into smaller chunks, and it has to add headers to every one of those smaller frames that it creates. This is a big problem. And so the objective here is to make sure that if we're going to configure jumbo frames, that we configure this MTU setting consistently throughout our network, right? If our virtual switch is configured for an MTU of 9,000 and it's plugged in to a physical switch that has a lower MTU, that's going to be a big problem for us. So we just need to make sure that we're configuring this maximum transmission unit setting consistently across our entire environment. Okay, so let's take a moment to do a brief review of what we just learned. Virtual machines can connect to network resources using the vSphere standard switch. There's another type of virtual switch called the vSphere distributed switch. We'll learn more about that later. Our virtual machines are configured with virtual NICs or vNICs. This is a network interface card that is created in software. So we don't actually have a hardware NIC assigned to our virtual machines. They have a virtual NIC, and they use that virtual NIC to connect it to a virtual machine port group. We can define multiple port groups on a virtual switch, and each port group is going to have VLANs and security policies associated with it. We can also create VMkernel ports. VMkernel are going to be used for traffic that is not related to virtual machines, management traffic, storage traffic, vMotion traffic. If our ESXi hosts are communicating with one another, or if they're communicating with vCenter for management purposes, that's always going to happen over a VMkernel port. And then we learned that it's very important that jumbo frames are configured identically on physical and virtual switches. We want to make sure that we are using a consistent MTU across not only our physical network, but our virtual switches as well.