VMware Network Principles
VMware is a virtualization platform. If NSX network virtualization plugin is not used, it only provides Layer 2 network switching functionality and does not have complete network management capabilities. The platform supplements network management capabilities for VMware, providing IP address and network configuration information management capabilities.
Basic Concepts
VMware has the following basic network concepts:
Virtual Switch (vSwitch)
Multiple virtual switches can be configured within each ESXi host to implement network switching between virtual machines and between virtual machines and external physical networks.
Distributed Virtual Switch (Distributed vSwitch)
Multiple hosts managed by vCenter can define shared distributed virtual switches to implement Layer 2 network switching between virtual machines across ESXi.
Port Group
Port group is a logical concept under virtual switches or distributed virtual switches, corresponding to a VLAN segment.
Basic Principles
Simply put, virtual switches or distributed virtual switches in VMware correspond to Layer 2 networks in the platform. However, because different virtual switches may connect to the same Layer 3 physical device, multiple virtual switches may correspond to one Layer 2 network.
Port groups in VMware correspond to IP subnets in the platform. Port groups and corresponding IP subnets are associated through VLAN IDs. Similarly, there may be cases where multiple ports correspond to one IP subnet.
The following summarizes the relationship between VMware-related concepts and platform-related concepts.
| VMware Concept | Platform Concept | How to Associate | Relationship |
|---|---|---|---|
| Virtual Machine | Virtual Machine | Associated through UUID | One-to-one |
| Port | Virtual NIC | Associated through IP address | One-to-one |
| Port Group | IP Subnet | Associated through VLAN ID | Many-to-one |
| Virtual Switch | Layer 2 Network | Associated through port group | Many-to-one |
When managing a VMware cloud account, the platform can obtain the IP address of each host. If the virtual machine is running and vmtools inside it is running normally, the platform can also obtain the virtual machine's IP address. Based on host and virtual machine IP address information on hosts, the platform automatically determines which Layer 2 network ESXi hosts are associated with. Thereby determining the network topology of ESXi hosts.
When creating VMware virtual machines in the platform, the platform will automatically allocate an IP address to the virtual machine from the IP subnet connected to the virtual machine. When creating this virtual machine on the VMware platform, the platform will find a port group on the ESXi host in VMware that matches the VLAN ID of this IP subnet (if there are multiple, select one), and allocate a port for the virtual machine. And configure the IP address allocated to the virtual machine, subnet mask, gateway, DNS and other configuration information for this port.
VMware Network Configuration
When managing a VMware cloud account, there should be Layer 2 network and IP subnet configurations corresponding to VMware in the platform. These Layer 2 networks and IP subnets can be configured in advance, or can be automatically generated by the platform during management, and then supplemented later.
Pre-configuration
Pre-configuration is recommended. But the prerequisite is to have a good understanding of the network topology of the VMware cluster to be managed.
Configuration principles are as follows:
- Determine the broadcast domains that VMware connects to. It is common to have one broadcast domain, but for larger clusters, there may be multiple. There are also scenarios where two broadcast domains are configured for a smaller-scale VMware cluster to distinguish between virtual machine business and management traffic. Create a Layer 2 network (wire) for each broadcast domain.
- Determine IP network segments within each broadcast domain, as well as VLAN ID, gateway, subnet mask and other information for each segment. Create an IP subnet for each segment under the corresponding Layer 2 network (wire), and configure VLAN ID, gateway, subnet mask and other information.
Post-configuration
After managing a VMware account, it will automatically scan virtual switches, distributed virtual switches, and port group information connected to physical NICs of ESXi hosts in the VMware account. If the host's IP address does not have a corresponding IP subnet in the platform, it will automatically create Layer 2 networks and IP subnets according to the principle that Layer 2 networks correspond to virtual switches or distributed virtual switches, and IP subnets correspond to port groups, and the created IP subnets include the host's IP address. Because the platform does not know the specific Layer 3 network topology, it will use the most conservative algorithm to create a separate Layer 2 network for each virtual switch, and associate the corresponding ESXi host with the corresponding Layer 2 network. Therefore, the created Layer 2 networks may not match the actual situation. At this time, Layer 2 networks need to be merged according to the actual Layer 3 network topology. For example, if it is known that several ESXi hosts actually connect to the same Layer 3 switch, the Layer 2 networks connected to these hosts need to be merged.
At the same time, the platform will obtain virtual machine IP addresses (obtained through vmtools). If this IP address has a corresponding IP subnet in the platform, and the connection relationship meets network constraints (that is, the Layer 2 network connected to the host where the virtual machine is located is consistent with the Layer 2 network of the IP subnet), it will automatically connect the virtual machine to this IP subnet and occupy this IP. Otherwise, it will save this IP address in the virtual machine's tags, with the tag key as "sync_ips". At this time, users can see in the platform's web console that this virtual machine is associated with this IP, but will see a prompt "This IP address has no associated IP subnet! Please add an IP subnet containing this IP address and resynchronize the cloud account". Administrators should find the Layer 2 network associated with the ESXi host corresponding to this virtual machine on the platform, and create an appropriate IP subnet on this Layer 2 network, which includes this virtual machine's IP address. After creation, resynchronize the cloud account, and the virtual machine will automatically be associated with the newly created IP subnet and occupy this IP address.