| Subcribe via RSS

VMWare Plays Hard-Ball with Hyper-V

July 31st, 2008 | 1 Comment | Posted in Virtualization

  

The Register is today reporting of VMWares apparent response to Microsoft Hyper-V’s competitive pricing scheme – tipped to be a wide factor in the uptake of the Redmond based technology. It is reported that VMWare have slashed the price of VMWare ESXi to $0 - also known as free – in an attempt to stop customers from deserting to the infant hypervisor technology implemented by Uncle Bill and co.

As of yet, im unsure as to what the difference beetween ESXi and Vi3 is – are they one and the same, or is ESXi the hypervisor, but Vi3 includes all the management features, VMotion etc? If anyone knows please drop me a line at sam@sam-marsh.net or leave a post on here!

I intend to download myself a free copy of ESXi and install it on one of the servers in our data centre by the end of next week so i can see for myself how it fares as a free OS. This price slash on ESXi will not only rock the boat for Microsoft, but for their other main competitor, Citrix XenSource, which is also free. Now if you ask me, personally the only reason i’d have chosen Xen over ESX in previous years was the fact that ESX costs an arm and a leg to finance – now that it is free i cant see many viable reasons for going to Xen over ESX, except for potential hardware support benefits (storage drivers spring to mind).

The link to download ESXi for free is here : http://www.vmware.com/go/getesxi

 

Tags: , , , , ,

VMNetworking Throughput

July 31st, 2008 | No Comments | Posted in Networking, Security, Virtualization

In normal P2P transfer/ad-hoc network transfer; the data transfer rate (MBps) is constrained by the medium; the NIC, the stack and the drivers, normally limiting to either 100Mbps or 1000Mbps (full/half). These are physical issues which need to be addressed at a layer 1 level / layer 2 level.

My question to you, the world, is – why arent virtual networking p2p transfers faster? If you want to transfer files beetween 1 VM and another VM; the transfer should be upwards of 1/2GBps – as you are transferring files in beetween the same file system (granted via a few security measures). There is no interaction with the physical NIC’s or mediums at all. In theory, all it will be doing (please correct me if wrong), is transferring a file out of the virtual machine hard drive, from the hard drive through the VM Container, out onto the VMBus/Hypervisor bus, back into the other container, and then into the other VM’s hard drive. The only constraint here, is the TCP/IP stack, which im sure can be slightly modified / a new protocol made for VM Transfer, allowing 2/3/4 GBps and upwards transfer.

[Shamelessly stolen from my Personal blog, written July 2008, Sam Marsh 2008 (c)]

Tags: , , , , ,

VMWare and Cisco Interconnectivity

July 31st, 2008 | No Comments | Posted in Cisco, Networking, Virtualization

As many people know, Virtualization is as prominent a technology in the Networking industry as it is in the Server industry. Like the server market, Virtualization is used in Networking also for consolidation via VLANs – used to make what used to be 100 seperate networks, using seperate NIC’s and Switches, consolidated into one easily manageable and more remote-access friendly switch. Using VLANs you can change what network a port is on with less than 6 commands, opposed to patching and re-patching cables etc. Until recently, Virtual LAN’s and Virtual Servers (ESX for this article) have had no real technological advantage while working in cohesion compared to their physical counterparts, however recently VMWare and Cisco released a white paper outlining plans and guidelines for greater connectivity beetween the 2 technologies.

http://www.vmware.com/files/pdf/vmi_cisco_network_environment.pdf (White Paper)

In VMWare, there are various Networking technologies that have been virtualized – mainly vSwitch(es) and vNIC(s). These virtual entities simulate the actions and features of their physical counterparts, and can be used together to create virtual networks; a series of virtual machines, using virtual NICs to interconnect using a Virtual switch. This can be then further enhanced by briding the vSwitch onto a physical NIC attached to “the outside world”, which, if all on the same subnet, will allow traffic to flow through from the phys. NIC into the virtual servers ensuring full virtual -> physical network flow. The maximum number of virtual switches allowed per VMware ESX install is a staggering 248! Thats 248 virtual Switches running on top of one piece of hardware, not to mention all the VM’s etc. On top of the 248 switches, you are allowed a maximum of 1016 virtual NIC’s, per switch, giving you a potential number of interconnects in the range of 1016 * 248!

Although vSwitches are very similar to physical Switches (pSwitches from here on), there are a few differences:-

  • Spanning-Tree Protocol (STP) is not supported on Virtual Switches, as “VMWare infrastructure enforces a single-tier networking topology within the ESX Server”. Basically, the quote says that there is no possible way for you to interconnect multiple vSwitches, thus, “ESX Networks cannot be configured to introduce loops”. Because theres no way for you to attach 2 pNICs to one vSwitch, there is no way to fool an ethernet adapter into doing loopback or any other configuration which could cause a leak between virtual switches.
  • “ESX Provides a direct channel from virtual Ethernet Adapters for such configuration information as authoritative MAC Filter Updates, therefore there is no need to learn unicast addresses or perform IGMP snooping to learn multicast group membership” – basically, the vSwitch works by acting as a cable, it notices VM1 trying to send to VM2, therefore it puts a temporary cable inbeetween the VM’s and allows communication, due to this it doesnt need to know multicast group membership.

Due to this apparent transparency and the lack of use for STP, there is no need to cascade virtual switches as virtual infrastrucutre provides no capability to connect vSwitches.

Virtual switch correctness: “It is important to ensure virtual machines or other nodes on the network do not affect the behaviour of the vSwitch”

  •  ”Virtual switches do not learn MAC addresses from the network in order to populate their forwarding tables. This eliminates a likely vector for denial- of-service (DoS) or leakage attacks, either as a direct denial of service attempt or, more likely, as a side effect of some other attack, such as a worm or virus as it scans for vulnerable hosts to infect. “
  • “Virtual switches make private copies of any frame data used to make forwarding or filtering decisions. This is a critical feature of the virtual switch and is unique to virtual switches. The virtual switch does not copy the entire frame, because that would be inefficient, but ESX Server must make sure that the guest operating system does not have access to any sensitive data once the frame is passed on to the virtual switch.”

 

 More to come. Sam.

Tags: , , ,
« Older Entries