Get to know VM networking basics

Admins can create a network between isolated VMs with the help of several features and products, such as network interface cards and virtual LANs.

VM networking improves network speed, reliability, flexibility, scalability, security, productivity and efficiency. But network virtualization requires various components such as network interface cards, virtual LANs, software-defined networking and virtual switches, which might cause confusion for some. To better help admins virtualize their data center operations, they should get to know these key VM networking terms.

Prior to network virtualization, admins were heavily involved in data center management. Upkeep costs could skyrocket depending on the size and physical requirements of their data centers. But network virtualization introduced new techniques, such as VM networking, to help convert their physical hardware components to virtual instances, reducing power consumption and optimizing system performance.

Network virtualization abstracts resources into VMs, all of which typically run on a single server. But VMs are isolated entities; they don't inherently connect to other VMs on the same server. Networking enables VMs to interact with other guests in the network. It also enables a system to perform tasks automatically, which helps diminish network complexity.

Important terms to know

Network interface cards (NICs). NICs provide support for I/O interrupt, direct memory access, data transmission, network traffic engineering and partitioning. NICs are generally designed as circuit boards or chips, which link to a computer's network and provide connection through a physical layer of circuitry required to communicate with a data link layer standard, such as Wi-Fi.

NICs can send signals at the physical layer, transmit data packets at the network layer and operate as an interface with the TCP/IP layer with the help of the Open Systems Interconnection model. There are different ways that NICs create connections, such as wireless, wired, USB and fiber optic.

Virtual storage area network (VSAN). VSAN is a partition within a physical storage area network that isolates traffic within specific areas of a SAN to prevent issues from spreading to other parts of the network. Admins can use VSAN to pool unused storage capacity, which virtual servers can access.

Virtual routing and forwarding (VRF). VRF is typically included in IP network routers. It enables multiple router tables to exist and work simultaneously in a given router. VRF requires only a single routing table to execute tasks such as segmenting network paths. It also uses a forwarding table to designate the next hop for each data packet, deliver a list of devices that might be required to forward a packet, and provide rules and routing protocols that directs how the packet is forwarded.

Virtual LAN (VLAN). VLANs are subnetworks that enable network admins to partition a single switched network. This helps admins match both the functional and security requirements of a system while reducing the need for new cables or other changes to their network infrastructure. VLANs also gather devices that communicate with each other most frequently, improving the overall performance of their networks. There are different types of VLANs, such as protocol, static and dynamic.

Software-defined networking (SDN). SDN is a network architecture that includes an application layer, control layer and infrastructure layer. SDN makes networks more agile and flexible through a consolidated SDN controller, which directs switches to deliver network services where needed. It also uses several technologies, such as functional separation, network virtualization and automation, which provide benefits such as traffic load management, network management, end-to-end visibility, diminished hardware footprint and reduced operational costs.

Software-defined WAN (SD-WAN). SD-WAN relies on SDN to automatically distribute network traffic across a WAN, which enables IT staff to remotely program edge devices, reduce provisioning times and minimize the need to manually configure routers in branch locations. There are typically two types of SD-WAN products: overlay SD-WAN or network as a service. Overlay SD-WAN provides an edge device that contains the software necessary to run SD-WAN tech, whereas network-as-a-service SD-WAN products enable admins to access their own private networks.

Network functions virtualization (NFV). NFV architecture enables admins to virtualize network functions and eliminates specific hardware. NFV aims to virtualize specific network services such as routing, load balancing and firewalls that are traditionally run on vendor-exclusive, dedicated hardware. With NFV, admins can add, move or change network functions at the server level in a provisioning process.

Virtual switch. Virtual switches are software programs that enable a single VM to communicate with another, and they help admins forward data packets and direct communication on a network through the inspection of packets before they're passed on. Virtual switches are generally embedded into virtualization software but can also be installed into a server's firmware. Virtual switches' inherent intelligence helps them ensure the integrity of a VM's profile as admins move the VM across physical hosts.

Virtual private network (VPN). A VPN uses tunneling procedures to help establish a secure, encrypted connection within a less secure network, such as public Wi-Fi. A VPN's tunneling procedure includes both a point-to-point connection that unauthorized users can't access, as well as an endpoint device that runs a VPN client locally or in the cloud. This helps encrypt data on the sending end and decrypt data at the receiving end, providing users access to applications hosted on proprietary networks.

Microsegmentation. Admins use microsegmentation to break a network into smaller pieces, which increases the overall security of the network. Once admins separate and secure the smaller, individual parts of a system's infrastructure, they can maintain each segment on a reduced scale. The different segments include workloads, applications, VMs and OSes. Microsegmentation implementation works best when an admin uses VLAN or LAN segments, which are typically set up on a virtual router.

VMware NSX. VMware NSX is a virtual networking and security software that offers admins specific features such as switching, routing, distributed firewalling, load balancing, virtual private network, NSX Edge gateway, application programming interface, operations, dynamic security policy, cloud management, cross-vCenter networking and security, and log management. NSX was created from VMware's vCloud Networking and Security, and Nicira's Network Virtualization Platform. Admins typically use NSX for microsegmentation, IT automation and disaster recovery, which help resolve issues such as poor traffic performance and insufficient security.

Next Steps

Evaluate PowerVS for a streamlined hybrid cloud environment

Dig Deeper on Containers and virtualization

Software Quality
App Architecture
Cloud Computing
Data Center