Silvano Rebai - Fotolia

VM networking best practices to boost network performance

Admins who familiarize themselves with VM network switches and activity can better understand issues and employ best practices to mitigate lackluster network performance.

Physical and virtual switches, as well as network ports, are essential to VM networking. These components enable VMs to communicate with each other, as well as with the outside internet. But introducing switches and network ports can cause bottlenecks and connection timeouts, which can severely limit network performance.

Certain best practices, such as isolating network segments, deploying firewalls and using dedicated network interface cards (NICs), can eliminate bottlenecks and traffic issues.

Understanding VM networking basics, such as getting to know the various network switches and employing security practices, can help admins ensure sufficient network performance between VMs and the outside network.

Get to know physical and virtual network switches

Because VMs are logically isolated entities, they cannot communicate with other VMs on the same hosts, storage or outside internet. This makes a VM network critical: Not only does the network let VMs interact with outside entries, it also enables VMs to interact with each other through virtualization instances of physical network components, such as switches.

There are two main types of switches: physical and virtual. Admins can use physical network switches to link other devices from across a network with a physical network port.

Virtual switches require VM networking to create one or more virtual switches that links VMs running on a given host. Admins can do this through hypervisors such as VMware ESXi, which creates multiple virtual switches.

Admins can also use distributed virtual switches, which manage multiple hosts within a single luster.

How a network switch works

Explore various types of network ports

There are several different types of network ports: physical, virtual and uplink ports and port groups. All of these ports provide a point of access into a system or network, especially VM networks.

Physical network ports. These ports are used for physical networks and have eight-pin RJ45 connections for each network port. NICs have at least one physical network port.

Virtual network ports. These ports send traffic packets through a corresponding virtual switch to enable VM-to-VM communication. A typical VMware system can support over 1,000 virtual ports on a single virtual switch.

Uplink ports. These ports help virtual switches communicate with a system's physical NIC through the network stacked used by the physical NIC. The virtual network can then access the physical network and the internet.

Port groups. These ports let admins apply a set of established specifications or configurations to a group of virtual network ports. This is critical if admins use VMware vMotion, because it enables admins to specify configurations of VMs as they migrate from one system to another.

Available security features in a virtual switch

Virtual switches are useful to admins for many reasons, but largely because of their ability to provide improved network security features. Admins can create and enforce security policies with virtual switch ports, which can detect the configuration of other virtual switch ports connected to them.

Virtual switch ports can lock down media access control (MAC) addresses. Because MAC addresses are easy to change on a VM, this MAC lockdown capability reduces the number of attack vectors. Virtual switch ports can also block forged traffic from VMs and successfully eliminate any malicious traffic sent through the port, such as MAC spoofing.

VM network configuration best practices for virtual systems

When it comes to configuring VM networks, there are several best practices that admins can adapt. Among others, admins can isolate network segments, deploy firewalls and avoid connection limits to ensure proper VM network configuration.

Using dedicated NICs for a group of VMs provides a stable bandwidth to VMs and spreads out network load across multiple processors, helping to improve performance.

Isolate network segments. Network segment isolation helps admins separate VM traffic from network segments used for other services, such as network management and VM migration. This prevents disruption amongst networks and increases security.

Deploy firewalls. Firewall deployment between VMs, pure virtual networks and uplink connections to physical networks adds a layer of security and protects against malicious activities.

Avoid connection limits and timeouts. Admins should avoid connection limits and timeouts between hypervisor tasks during VM network configuration. This is because connection limits and timeouts can disrupt traffic and restrict service availability.

Use dedicated NICs. Dedicating NICs for a group of VMs provides a stable bandwidth to VMs and spreads out network load across multiple processors, helping to improve performance.

Organize VM networks. Admins who organize their VM networks with the latest VM NIC driver can help to avoid unanticipated traffic confusion or loops which can make VM networks difficult to troubleshoot.

Take advantage of load balancing in NIC teaming software

Using multiple physical NICs in virtual systems enables admins to take advantage of load balancing and failover. These capabilities help to ensure sufficient VM network performance.

Multiple VMs can communicate with a single virtual switch in a VM network, which can cause a bandwidth bottleneck in the NIC port. But load balancing routes and spreads traffic from VMs across two or more physical NICs and eliminates the bottleneck.

Admins can use failover configurations to enable virtual switches to reroute traffic to an alternate physical port in the case of a port failure. Beacon probing is another failover technique, which searches for and evaluates link failures and trigger failovers for troubleshooting.

Dig Deeper on Containers and virtualization

Software Quality
App Architecture
Cloud Computing
Data Center