- Virtual networks enable virtual machines to communicate with all devices in the network including the other virtual machines, Physical machines and Hypervisor.
- Virtual switch is connected to the Uplink ports (Physical ports) on one side and on the other side it connects to “Virtual Machine Port Groups” or “VMkernel Ports”
- Virtual Machine port groups are the virtual port Groups for DMZ and local network. These virtual ports assign a VM to a network. The port groups are not assigned any IP address.
- VMkernel Ports are the ports for the Management of the VSphere or dedicated for the VSphere VMotion processes.
- Management port is the port that you connect to using the SSH or the VSphere client to configure the ESXi host itself.
- The port groups can be different VLANs in one virtual switch or different VLANs in different VLAN switches.
- The only downside of creating different virtual switches is that the need for the physical port increases. Each virtual switch needs to be connected to at least one dedicated physical port if it is required to be connected to the networks outside the ESXi host.
- Virtual Switches are used for several purposes: inter-connectivity between the virtual Machines OR connectivity between the Virtual machines and the Host+ Outside World
Virtual Switch Types:
- There are two types of virtual switches: Standard Virtual Switches and Distributed Virtual Switches.
- A Standard Virtual Switch is a dedicated virtual switch that is created on one ESXi host and is not replicated to the other ESXi hosts in the network. If you are going to move the virtual machines from one host to the other host; you need to create the same virtual machine on the destination server. Because the sources Port groups (VlANs) do not exist in the destination host.
- On the other hand; the Distributed Virtual Switch is being created on the VCenter server and are populated to all Host machines. By using the Distributed Virtual Switches if we move the VM from a host to another host. The VM will start recognizing the same VLAN on the destination host. (There is no need to manually create a new virtual switch or port groups on the destination server.
- Note; if the VCenter goes down for any reason such as maintenance operations; the Distributed Virtual Switches are not deleted on the hosts, but the administrators cannot create a new Distributed Virtual Switch or modify the existing ones.
- If there are multiple physical NICs connected to the Virtual switch; the network teaming should be enabled on the physical NICs and LACP should be configured on the physical switch.
- Management Port is a port that is connected to the management VLAN that only is accessed by the IT administrators and other users in the network will not be able to access it.
- Virtual Local Area Network
- VLANs are the independent logical networks that are created within a physical network.
- VLANs can span on multiple switches
- Using VLANs reduce the number of broadcasts that are being sent to different ports. Only ports within a VLAN receive the broadcast packets sent by devices in that VLAN.
- VLAN tagging is the process in which a switch adds a VLAN ID into a packet header and specifies which VLAN that packet belongs to.
- VLAN tagging types: 802.1q and ISL
- 802.1q VLAN tagging is an IEEE standard that supports 4096 VLANS.
- 802.1q adds a 4 byte tag to into the original frame and FCS (Frame Check Sequence) is re-calculated.
- 802.1q does not tage frames for the native VLAN.
ESXi and VLAN tagging:
- Only 802.1q VLAN tagging is supported by ESXi
- At the virtual machine side packets are tagged as they leave the Virtual machine and they are untagged as they return to the VM.
- On the Host side a VLAN ID is given to a port group.