Simplify VMware vSphere* 4 Networking with Intel Ethernet 10 Gigabit Server Adapters

ManualsBrandsIntel ManualsOtherIntel 10 Gigabit CX4 Dual Port Server Adapter

• Network failover allows one physical

server adapter to provide redundancy for

another while dramatically reducing the

number of physical switch ports required.

•Network VMotion allows the tracking of

the VM’s networking state (for example,

counters and port statistics) as the VM

moves from host to host.

Placing the service console network

separate from the vDS can help avoid

a race condition and provides additional

levels of redundancy and security.

For a deeper discussion around best

practices for the use of virtual switches,

see the following resources:

•KenCline’sblogentriesonThe Great

vSwitch Debate

•TheVMwarewhitepaper,“What’s New in

VMware vSphere™ 4: Virtual Networking”

Best Practice 2: Streamline

Configuration Using Port Groups

Port groups provide the means to apply

congurationpoliciestomultiplevirtual

switch ports as a group. For example, a

bi-directionaltrafc-shapingpolicyina

vDS can be applied to this logical grouping

of virtual ports with a single action by

the administrator. If changes need to be

made in response to a security event or

a change in business requirements, this

capability enables faster response, and in

normal day-to-day operations it enables

greaterefciencybyaugmentingphysical

resources with more sophisticated virtual

ones.

Best Practice 3: Use VLANs with

VLAN Trunking

TheuseofVLANsallowsnetworktrafc

to be segmented without dedicating

physical ports to each segment, reducing

the number of physical ports needed

toisolatetrafctypes.Asstatedin

VMware’s paper “vSphere Hardening

Guide: ESX and Virtual Networking”

(rev B: public draft January 2010): “In

general, VMware believes that VLAN

technology is mature enough that it can

be considered a viable option for providing

network isolation.”

Thefollowingtrafcshouldbecongured

on dedicated VLANs:

•Service console should be on a

dedicated port group with its own

dedicated VLAN ID; use port 2. An option

to connect to a dedicated management

network that is not part of a vDS can

provide additional benefits but does

add additional network connections and

network complexity.

•VMotion should be on its own dedicated

port group with its own dedicated VLAN

ID; use port 2 in a two-port configuration.

•IP-based storage traffic (iSCSI,

NFS) should be on its own port group

in the vDS; use port 2 in a two-port

configuration.

•VM traffic can use one or more VLANs,

depending on the level of separation that

is needed between the VMs. The VMs

should not share the service console,

VMotion, or IP-based storage traffic

VLAN IDs and should use port 1 in a

two-port configuration.

802.1Q VLAN trunking provides the

ability to combine multiple VLANs onto

a single wire. This capability makes the

administrationofVLANsmoreefcient

because the grouping can be managed as

a unit over one physical wire and broken

into dedicated networks at the switch

level instead of at each host.

Best Practice 4: Use Dynamic Logical

Segmentation Across Two 10GbE Ports

If two physical 10GbE ports are used, as

shown in Figure 3, place administrative,

live migration, and other back-end

trafcontoonephysicalconnectionand

VMtrafcontotheother.Toprovide

redundancy between the two links,

congurethenetworksothatthetrafc

from each link fails over to the other if

a link path failure with a NIC, cable, or

switch occurs.

This approach provides redundancy,

increases bandwidth because both

ports are being utilized, and can provide

additional security through physical

isolation in a non-failed mode. While the

use of two 10GbE ports helps to reduce

solution cost, some organizations may

prefer the use of four 10GbE ports to

provide additional bandwidth, additional

redundancy, or simply to interface with

existing network infrastructure.

Best Practice 5: Proactively

VMotion VMs Away from Network

Hardware Failures

Install 10GbE ports in pairs so they can

beconguredinaredundantmannerto

enhance reliability. If two 10GbE ports

areused,thenrunVMtrafcprimarily

onport1andallothertrafconport2.

This design uses the bandwidth of both

10GbEportsandcanbeconguredina

redundant manner for network failover.

Note that, in the event of a failover, all

trafcwouldbetravellingoverthesame

wire. Because the duration of that status

should be as short as possible, the host

and management software should be

reconguredtomigrateallVMsoffthe

host with VMotion as quickly as possible,

to maintain redundancy and help ensure

reliability.

Using live migration in conjunction with

network monitoring software helps to

ensure uninterrupted operation of the

VM(s) while minimizing the amount of

time that they operate on a physical host

where redundancy has been compromised.

Simplify VMware vSphere* 4 Networking with Intel® Ethernet 10 Gigabit Server Adapters