Best practice for NIC cards and vSwitches design

Best practice for NIC cards and vSwitches design

Introduction

In ESX the networking is quite different compared with VMware Server or Workstation: no NAT, host only... only "bridged" with a new concept of vSwitch.

Think at each vSwitch like a normal switch: it doesn't do routing, natting and firewall, it do not have an IP (unless real switches sometime does have it) can it can be connected to other (v)Switches using uplink (in ESX each physical NIC could be an uplink).

Each vSwitch can contain one or more port group that can be used for VM networking (each VM will have one or more vNIC), vmkernel networking (for VMotion, FT, iSCSI, NAS, ...) or Service Console networking (only for ESX).

Note that there are different type of vNIC, for more info see:

For more information on networking in ESX:

VMware Virtual Networking Concepts - http://www.vmware.com/files/pdf/virtual_networking_concepts.pdf

-


New features in vSphere

With vSphere there are several network improvement and changes:

  • with ESX Enterprise Plus (and vCenter Server) there is a new concept of DVS -

  • with ESX Enterprise Plus (and vCenter Server) the DVS could be change with 3rd part switch (like Cisco Nexus 1000v)

  • with ESX Advanced, Enterprise, Enterprise Plus there are also the new vShield Zones (useful for firewall control).

All those features are available only with new vSphere products.

-


vSwitches design

For a right design several informations are required:

  • kind of COS/vmkernel networking: COS/Management VMotion, FT, software iSCSI or NAS storage

  • kind of VM networks: different physical network (like DMZ network), different logical network, VLAN usage

  • number of pNIC of each ESX

The key things to consider are redundancy, performance, and security.

Usually, to have network HA, on each vSwitch are required at least two pNIC (and one pNIC could be assigned only to one vSwitch).

For this reason with few pNICs the design will probably be simple (but also limited).

But some kind of traffic is in clear (for example VMotion and iSCSI traffic), so for security reason could be necessary to isolate from other traffics and more vSwitches could be preferred.

VLAN can be a solution to isolate different networks without the overhead of use different physical switches.

But of storage traffic the best choice is use a dedicated storage network with different physical switches that the other networks.

There is also some great info on vSwitches design:

  • the Blue Gears series (http://www.networkworld.com/community/node/35063) by Edward Haletky

  • Ken Cline's Great vSwitch debate (http://kensvirtualreality.wordpress.com/).

  • Blue Gears - Networking (http://www.astroarch.com/wiki/index.php/Blog_Roll#Cisco_Subnet_-_Blue_Gears_-_Virtual_Networking)

  • Combining Networks (http://www.networkworld.com/community/node/35064)

  • vSphere Host NIC configuration (http://www.kendrickcoleman.com/index.php?/Tech-Blog/vsphere-host-nic-configuration.html)

Comments

Thanks.

I've added the link.

Andre

Andre,

Can you please update the link. I've finally transferred the domain to a new provider. the link is (.com and index.php? change):

http://www.kendrickcoleman.com/index.php?/Tech-Blog/vsphere-host-nic-configuration.html

Link updated.

Andre

got another for you andre.

VMware vSphere Host NIC design - 12 NICs http://kendrickcoleman.com/index.php?/Tech-Blog/vmware-vsphere-host-nic-design-12-nics.html

Version history
Revision #:
1 of 1
Last update:
‎10-25-2009 02:34 AM
Updated by: