With the proliferation of server virtualisation, a new network access layer has emerged that is composed of the virtual network switches embedded within hypervisor software, providing connectivity among the virtual machines (VMs) that live on the same physical server. In networking for virtualisation, the traditional virtual switch (vSwitch) may provide a simple solution for VM-to-VM connectivity, but this layer of virtual switching can come with drawbacks and complications as well. This guide provides an overview of those challenges and available solutions.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Virtual network switch challenges
In a traditional physical environment, network groups manage the network connection of a server from the switch all the way to the NIC. Virtualisation changes that by extending the network into the server. This poses a host of new problems:
Administration: The virtual switch is usually managed by virtualisation administrators, which can cause some concern among network admins because they can no longer control and manage part of the network that is inside a virtual host.
Switch management: Much of the traffic between VMs on the same host never leaves the host, so it does not go over the physical network. As a result, it cannot be monitored or managed by the network devices on the physical network, such as network firewalls and IDS/IPS.
Policy enforcement: Traditional vSwitches can lack the advanced features that are required to provide granular traffic control and isolation in the data centre. Even when vSwitches support these features, they must be configured manually through the virtual server management application and may not be fully compatible with similar features on physical access switches. This situation results in inconsistent network policy enforcement.
I/O bandwidth: The more VMs per server, the higher the traffic load and the greater the number of CPU cycles required to move traffic through a software-based virtual switch.
Solutions to virtualisation networking challenges
Strategies to address the shortcomings of the traditional vSwitch include providing improved network support for server virtualisation. Most of the efforts to improve networking for virtualisation involve various approaches to network edge virtualization.
Distributed Virtual Switching (DVS): DVS enables the decoupling of the control plane and the data plane of the virtual switch. This allows the data planes of multiple virtual switches to be controlled by an external centralized management system that implements the control plane functionality.
Cisco Nexus 1000v: The Cisco Nexus 1000v is an example of a distributed virtual switch. It shifts virtual network management inside a virtual host back to network administrators and helps to make peace between server and network teams. In addition to solving the political problem of administration, it also adds many advanced features and better security to virtualisation networking inside a host. The Nexus 1000v provides features not found in the VMware-provided vSwitches, including QoS, support for Switch Port Analyzer (SPAN), Encapsulated Remote SPAN (ERSPAN), NetFlow, RADIUS and TACACS, access control lists, packet capture/analysis, DHCP/IGMPv3 snooping and much more. Learn more about solving the network administration issue with distributed virtual switches in this tip.
Edge Virtual Bridging (EVB): EVB is a standard based on Virtual Ethernet Port Aggregator (VEPA). Using VEPA, all traffic from VMs is forwarded to the adjacent physical access switch and directed back to the same physical server if the destination VM is co-resident on the same server. In the latter case, the traffic does a 180-degree turn. VEPA therefore gives the network access switch visibility into, and policy control over, all the virtual machine traffic flows.
Single Root I/O Virtualisation (SR-IOV): SR-IOV technology will soon be used in hardware NICs to move software-based virtual switch functionality into PCI NIC hardware. Hardware-based SR-IOV NICs will improve I/O performance and will give hardware support for edge networking technologies such as FCoE and iSCSI. However, they will not address management scalability and limited visibility into network traffic flows.
Learn more about edge virtualisation technologies that solve virtual network switch woes in this tip.