Wednesday, November 6, 2013

Understanding the Difference Between Physical and Virtual Networking


Introduction

As Windows Admins, we have become comfortable with connectivity to the physical network. You can go to any physical server (or desktop PC for that matter) and check the status of the network connection by seeing the “media state”, if it’s enabled, it’s speed, how long it’s been up, and what it’s connectivity state is, as defined by the Windows OS on that server. We are comfortable with network monitoring tools and agents for physical severs and their physical network connections. So how do things change when a physical server is converted into a virtual machine, run on top of a hypervisor (like vSphere or Hyper-V) and connected to a virtual network? With more and more servers being virtualized (greater than half of all servers in the world now), it’s time for Windows Admins to gain comfort with virtual network connections and the virtual infrastructure.

Physical Server NIC Review

We all know that physical servers have at least one (usually multiple) physical network interfaces (usually called NICs). Those physical NICs connect to physical switch ports. Virtual LANs (VLAN) configurations may or may not be in use to further segment the network (but I’ll leave that out of this discussion). One of the benefits of physical network configurations like this is that you have this 1:1 ratio between the physical server and the Ethernet switch port. This relationship makes mapping switch ports to servers simple. In fact, I have, many times over the years, created switch port mapping diagrams or spreadsheets to show these 1:1 relationships for troubleshooting and documentation purposes. We would print the diagrams and spreadsheets, put them in sheet protectors, and store them in binders in the wiring closet or a cabinet in the datacenter. Not only is mapping and documentation simple but troubleshooting is as well. If the media state on the server is down on the switch or on the physical server, you know that that server is down (and only that server). For example, if someone unplugs a network cable (maybe it has a tie-wrap cable identifier on it with the server’s name), you know which server just went down. Finally, if an Ethernet switch shows high utilization on a port, you can look at the server name on that port and determine quickly which server it is.

Virtual NIC Review on a Virtual Machine

On the other hand, with virtualized servers, each virtual machine has a “vNIC” or virtual network interface that connects that virtual machine to a virtual switch. There may or may not be any real connectivity from the virtual switch to the real physical network (and the physical switch) but in most cases, there are (as there virtual machines need network access). That physical network access is provided by an “uplink” (as it is commonly called) from the virtual switch to a hypervisor host server’s physical NIC that is then connected to a physical Ethernet switch. Still, keep in mind that it is entirely possible for test and development situations to have virtual machines connected to a virtual switch that has no uplinks and is, thus, a “private network”. These would allow the virtual machines to only communicate with other virtual machines on the same virtual switch (there are also configurations where VMs are allowed to only talk to the host server).
With these changes related to the virtual network (once servers are virtualized), the results are:
  • A single physical network connection from a physical server to an Ethernet switch can cause massive virtual machine network outage, or slowdown if it goes down
  • A single physical Ethernet connection on an Ethernet switch may go to hundreds of virtual machines
  • Just because the media state of a virtual machine network connection shows as “enabled” doesn’t mean that it has a real Internet or local Intranet network connection. That virtual network connection could be going to private switch/network.
So there are big changes for you in between using physical network adaptors on physical servers and virtual network adaptors on virtual machines. What causes the biggest change is the virtual switch in between.

How a Virtual Switch Changes Windows Networking

The part of the Windows OS that provides networking knows nothing about virtualization. Your Windows OS doesn’t know if it’s running as a virtual machine or on a physical server. The Windows OS just knows that it still has a NIC (it doesn’t know that it’s a virtual NIC), it knows the speed of the NIC and whether it is up or down. That virtual NIC is connected to a virtual switch, provided by the hypervisor that the VM is running on. There are various forms of virtual switches – the VMware distributed virtual switch, VMware standard virtual switch, Hyper-V virtual switch, and there is even an opensource vSwitch.
Here’s what this looks like:
Image
Figure 1: 
Virtual Switch Connection Between Hosts and OS Running in Virtual Machines (Graphic Thanks to VMware.com)
As long as the hypervisor has the virtual NIC of the VM configured to be in a “connected” state to the virtual switch, the network inside the Windows OS will appear to be “UP” (or at least the media state). Just because the media state is up, doesn’t mean that the Windows OS will be totally fooled. Today, the Windows OS looks actually tries to connect to the Internet to see if “the Internet” is really up or down.
For example, in the graphic below you can see that this Windows 2012 Server virtual machine has a “vEthernet Connection” to a “Virtual Switch”. That’s your first indicator that this Windows OS is running as a virtual machine instead of directly on a physical server.
You can see that this connection is enabled but that it has “No Internet Access”. It knows that it doesn’t have Internet access because it can’t really talk to servers on the Internet. Thus, just because the virtual machine’s network is “enabled” doesn’t mean that it’s “usable” if it can’t really talk to the Internet. Certainly you have networking applications that may work just fine (virtual machine to virtual machine on the same hypervisor) or local networking apps that don’t need DNS but Internet applications that need DNS aren’t going to work.
Image
Figure 2:
 Virtual Network Status From the Windows 2012 Server OS Network and Sharing Center
Another way to look at this is by looking at the network connection properties. You can see that this vEthernet interface has “no network access” for IPv4 and IPv6 even though the media state is “enabled” and the speed is set to 10Gbps (that’s fast!)
Image
Figure 3:
 vEthernet Network Connection
Image
Figure 4:
 Network Connection Details for vEthernet
If you dig deeper, you’ll find that even though this virtual machine has “No Internet Access” for IPv4, it still has an IPv4 IP address, subnet mask, DHCP server, and DNS server. Thus, don’t be fooled into thinking that the VM has no IP address by the “No Internet Access” indicator.
Keep in mind that you can configure VLAN network configuration on each of the virtual machine network interfaces (in the hypervisor) if you are using VLAN networking. Also, keep in mind that the virtual switch is an OSI layer 2 networking device (albeit a virtual device) that is switching Ethernet frames based on Ethernet MAC addresses. The virtual switch has nothing to do with OSI layer 3 IP networking or IP routing.
In summary, things change when the Windows OS is moved from a physical environment to running as a virtual machine. These changes include your view of network connectivity and can easily confuse network troubleshooting and documentation. Make sure that you know the differences between running the Windows OS with physical vs. virtual networking.

No comments:

ಚರ್ಮದ ತುರಿಕೆ? ಹಾಗಾದರೆ ಈ 6 ಮನೆಮದ್ದುಗಳನ್ನು ಪ್ರಯತ್ನಿಸಿ

  ಚರ್ಮದ ತುರಿಕೆ ತುಂಬಾ ಕಿರಿಕಿರಿ ಉಂಟುಮಾಡುತ್ತದೆ. ನೀವು ಹೆಚ್ಚು ಕೆರೆದುಕೊಂಡರೆ ಮಾಡಿದರೆ, ಅದು ಹೆಚ್ಚು ತುರಿಕೆಯಾಗುತ್ತದೆ. ಅತಿಯಾದ ಕೆರೆಯುವಿಕೆ ಚರ್ಮವನ್ನು ಹಾನಿಗ...