Книга: Mastering VMware® Infrastructure3

Chapter 3: Creating and Managing Virtual Networks

Chapter 3: Creating and Managing Virtual Networks

Identify the components of virtual networking. Virtual networking is made up of a combination of relationships that exist between the logical networking components created in the VMkernel of ESX Server and the physical network devices. The virtual machines are configured on vSwitches bound to physical network adapters that are connected to physical switches.

Create virtual switches and virtual switch port groups. Virtual switches, ports, and port groups are the cornerstone of the virtual networking architecture. These virtual components provide the tools for connecting to the physical network components to allow communication between the virtual and physical environments.

Master It Virtual machines need to communicate with physical servers on the production network.

Solution Create a vSwitch with a virtual machine port group. Associate the vSwitch with a physical network adapter connected to a physical switch used for the production network.

Master It Service console communication must occur on a dedicated management network.

Solution Create a vSwitch with a Service Console port, assigning it a valid IP address for the management network. Associate the vSwitch with a physical network adapter connected to a physical switch for the management network.

Master It A dedicated network has been implemented to support VMotion.

Solution Create a vSwitch with a VMkernel port, assigning it a valid IP address for the VMotion network. Associate the vSwitch with a physical network adapter connected to a physical switch for the VMotion network.

Master It A dedicated storage network has been implemented to support communication to iSCSI and NFS storage devices.

Solution Create a vSwitch with a VMkernel port, assigning it a valid IP address for the storage network. Associate the vSwitch with a physical network adapter connected to a physical switch for the storage network.

Create and manage NIC teams. NIC teams offer the opportunity for redundancy and load balancing of network traffic. NIC teams offer three load-balancing policies: port-based, source MAC-based, and IP hash-based load balancing.

Master It Virtual machines with one virtual network adapter must be capable of using multiple physical network adapters when connecting to multiple network destinations.

Solution Create a NIC team set to use the IP hash-based load balancing policy.

Master It A vSwitch configured with a NIC team needs to experience failback when a physical network adapter is repaired after failover.

Solution Configure the virtual switch Rolling Failover policy to No or create an explicit Failover Order.

Master It Bandwidth available on multiple physical network adapters must be accessible to a single virtual network adapter on a virtual machine.

Solution Connect the virtual machine to a vSwitch with a NIC team using multiple physical network adapters connected to the same physical switch. Configure the physical switch for link aggregation in static (manual) mode and configure the vSwitch to use the IP hash-based failover policy.

Master It Discovery time after a failover event on a NIC team needs to be minimized to prevent unnecessary delays.

Solution Configure the virtual switch's Notify Switches setting to Yes.

Create and manage virtual LANs (VLANs). The use of vLANs in a virtual networking architecture offers security, scalability, and communication efficiency.

Master It A vSwitch needs to be configured with two vLANs named VLAN101 and VLAN102.

Solution Create two virtual machine port groups with the appropriate VLAN IDs in the port group configuration.

Master It A vSwitch is configured with vLANs identical to those configured on the physical switch to which it is connected; however, traffic between the two switches is not functioning.

Solution Configure the physical switch port to which the vSwitch is connected as a trunk port.

Configure virtual switch security policies. Virtual switch security comes in a tight little package that includes three specific security settings that deal with identifying and processing traffic through a virtual switch. Promiscuous Mode, MAC Address Changes, and Forged Transmits each provides a securable vSwitch architecture, which ensures that only the right systems are sending and receiving traffic as expected.

Master It A virtual machine with an installed intrusion detection system (IDS) needs to "sniff" the traffic passing through a vSwitch but the vSwitch is not configured to allow virtual machines to identify all traffic on the switch. You need to allow the functionality of the IDS while minimizing the security impact on the network.

Solution Create a virtual machine port group on the switch. Set the Promiscuous Mode option to Accept and configure the virtual machine to use the new virtual machine port group.

Master It An administrator of a Windows Server 2003 computer has changed the IP address of the guest operating system from the properties of the network adapter. The administrator now states that the Windows Server 2003 computer cannot communicate with requesting clients. You identify that the virtual machine port group to which the virtual machine is connected does not permit the vSwitch to send traffic when the effective and initial MAC addresses do not match.

Solution On the virtual machine port group, set the Forged Transmits option to Accept.

Оглавление книги