Tuesday, September 11, 2012
VMware vNetwork Distributed Switch Architecture
Now let’s look at a diagram that
shows the distributed switch architecture which is driven from the datacenter
level and is the recommended architecture to use when you are setting up your
vNetwork.
First off we have distributed
switches. A distributed switch acts as a single virtual switch across all
associated hosts. This allows virtual machines to maintain consistent network
configuration as they migrate across hosts. Like a standard switch, a
distributed switch is a network hub for virtual machines. A distributed switch
can route traffic internally between virtual machines or link to an external
network.
Distributed switches are
managed entities configured inside of vCenter Server.
Distributed switches exist
across two or more clustered ESX or ESXi hosts. vCenter Server owns the
configuration of distributed switches, and the configuration is consistent
across all hosts. The uplink ports on the distributed switch link to uplink
ports on hidden vSwitches. The hidden vSwitch uplink ports connect to physical
NICs, which then connect to the physical switch ports.
Be careful not to confuse a
distributed switch with a single switch spanning across several hosts. Two
virtual machines on different hosts can communicate with each other only if
both virtual machines have uplinks in the same broadcast domain. Consier a
distributed switch as a template for the network configuration on each ESX or
ESXi host.
Each distributed switch
includes distributed ports. A distributed port represents a port to which you
can connect any networking entity, such as a virtual machine, the service
console, and so on. vCenter Server stores the state of distributed ports in
the vCenter Server database, so networking statistics and policies migrate with
virtual machines when moved from host to host. This network vMotion feature is
key to implementing state-dependent features such as inline IDS/IPS firewalls, and
third-party virtual switches.
Distributed port groups perform the
same functions as port groups in standard vSwitches:
- They provide a way to logically group distributed ports to simplify configuration,
- They inherit and can override all distributed switch properties,
And they do not constitute the means
to segregate traffic within the distributed switch (unless you use Private
VLANs).
