pixel - Fotolia


What is the Citrix vSwitch Controller and what does it do?

The vSwitch Controller provides admins with extensive visibility into the network environment, making it easier to optimize that environment and improve application performance.

The Citrix vSwitch Controller provides an integrated system for managing and monitoring network traffic flow across VMs in a XenServer resource pool. Together with vSwitch virtual network switches, the vSwitch Controller can help simplify administration in a virtual network, while offering greater security, visibility and control over the components in that environment.

The vSwitch infrastructure

The XenServer resource pool forms the foundation for the vSwitch infrastructure. A resource pool is made up of multiple XenServer hosts that each provide a virtualization platform for running one or more VMs. Citrix resource pools use clustering technologies and shared-storage architectures to extend VM management beyond the boundaries of a single server, making it possible to host the VMs on any of the pooled servers or move them between servers.

The system configures each XenServer host in a resource pool with a vSwitch component that brings visibility, control and security to the virtual network environment. Because the switch is virtualization-aware, it's possible to bind configuration and statistic information to a VM even if it moves from one host to another in the resource pool.

The vSwitch Controller is a centralized server for managing vSwitch components and coordinating their behavior. Each vSwitch sends network data to the controller, which uses fine-grained security policies to control traffic flow to and from VMs. The controller also provides detailed visibility into the network environment, making it possible to monitor traffic behavior and performance across the virtualized infrastructure.

Citrix uses NetFlow technologies to facilitate communications between the vSwitch Controller and individual vSwitch components. NetFlow is a network protocol developed by Cisco for collecting and monitoring IP traffic. NetFlow uses datagrams that conform to the User Datagram Protocol to exchange records between the controller and switches. The vSwitch components generate NetFlow records for IPv4 flows after five seconds of inactivity or 60 seconds of total activity. The vSwitch Controller uses this information to generate data flow statistics and charts.

Working with the vSwitch Controller

The system deploys the vSwitch Controller as a virtual appliance on a XenServer host. The physical requirements for that controller's host depend on the size of the supported resource pools. The controller can run independently of the resource pools or in one of the pools it manages, although this can result in longer connection times after a controller migration or restart.

When the vSwitch Controller starts for the first time, it attempts to acquire an IP address from a Dynamic Host Configuration Protocol server. However, Citrix recommends that administrators assign a static IP address to the vSwitch Controller to support fail-safe mode in the resource pools. Fail-safe mode ensures that the system can activate backup methods when a node is only partially available.

Before admins can use vSwitch Controller to manage a virtual network, they must define at least one XenServer resource pool in the XenCenter management console.

Before admins can use vSwitch Controller to manage a virtual network, they must define at least one XenServer resource pool in the XenCenter management console. Admins can then add the resource pool to the controller's list of managed resources. Once admins add a resource pool, they will have full visibility into the networks, hosts, VMs and virtual interfaces (VIFs) in that pool.

The vSwitch Controller provides a GUI for viewing and managing network resources. Admins can access the GUI locally through the XenCenter console or remotely through a web browser. The GUI lets them configure network policies related to VM access control, traffic mirroring and quality of service (QoS). They can apply those policies to specific components in the virtual network environment. For example, admins can control which traffic is allowed or denied to a VM or how the system applies QoS rules at various levels in the resource pool.

The vSwitch Controller implements the policies in a hierarchical model that correlates to the resource pool, with policies targeting the pool's VIFs. At the top of the policy hierarchy is the global level, which includes all VIFs in all resource pools. The next level includes the individual resource pools, in which the system applies policies to the VIFs in a specified pool. The network level is next. In this case, the system applies policies to the VIFs in the specified network. Then comes the VM level, in which the system applies policies to the VIFs in a VM. The lowest level in the hierarchy is the VIF itself, which enables the system to apply policies to a specified VIF.

The vSwitch Controller GUI also gives admins ample visibility into the virtual network. For example, the dashboard provides summary statistics about status, flow and network events, along with specifics such as throughput, flows and bit rates. The dashboard also provides an inventory of network components, including resource pools, XenServer hosts, networks and VMs.

Admins can also use the GUI to modify the controller's configuration, such as assigning a static IP address to the vSwitch Controller, and view information about events that occur on the vSwitch Controller itself.

Dig Deeper on Containers and virtualization

Software Quality
App Architecture
Cloud Computing
Data Center