VKernel.co.uk – Your interface to the world

Virtual Networking Idea

In normal P2P transfer/ad-hoc network transfer; the data transfer rate (MBps) is constrained by the medium; the NIC, the stack and the drivers, normally limiting to either 100Mbps or 1000Mbps (full/half). These are physical issues which need to be addressed at a layer 1 level / layer 2 level.

My question to you, the world, is – why arent virtual networking p2p transfers faster? If you want to transfer files beetween 1 VM and another VM; the transfer should be upwards of 1/2GBps – as you are transferring files in beetween the same file system (granted via a few security measures). There is no interaction with the physical NIC’s or mediums at all. In theory, all it will be doing (please correct me if wrong), is transferring a file out of the virtual machine hard drive, from the hard drive through the VM Container, out onto the VMBus/Hypervisor bus, back into the other container, and then into the other VM’s hard drive. The only constraint here, is the TCP/IP stack, which im sure can be slightly modified / a new protocol made for VM Transfer, allowing 2/3/4 GBps and upwards transfer.

Sam Marsh 2008 (c)

Tags: Virtual Networking, Virtualization

VMWare and Cisco Interconnectivity

As many people know, Virtualization is as prominent a technology in the Networking industry as it is in the Server industry. Like the server market, Virtualization is used in Networking also for consolidation via VLANs – used to make what used to be 100 seperate networks, using seperate NIC’s and Switches, consolidated into one easily manageable and more remote-access friendly switch. Using VLANs you can change what network a port is on with less than 6 commands, opposed to patching and re-patching cables etc. Until recently, Virtual LAN’s and Virtual Servers (ESX for this article) have had no real technological advantage while working in cohesion compared to their physical counterparts, however recently VMWare and Cisco released a white paper outlining plans and guidelines for greater connectivity beetween the 2 technologies.

http://www.vmware.com/files/pdf/vmi_cisco_network_environment.pdf (White Paper)

In VMWare, there are various Networking technologies that have been virtualized – mainly vSwitch(es) and vNIC(s). These virtual entities simulate the actions and features of their physical counterparts, and can be used together to create virtual networks; a series of virtual machines, using virtual NICs to interconnect using a Virtual switch. This can be then further enhanced by briding the vSwitch onto a physical NIC attached to “the outside world”, which, if all on the same subnet, will allow traffic to flow through from the phys. NIC into the virtual servers ensuring full virtual -> physical network flow. The maximum number of virtual switches allowed per VMware ESX install is a staggering 248! Thats 248 virtual Switches running on top of one piece of hardware, not to mention all the VM’s etc. On top of the 248 switches, you are allowed a maximum of 1016 virtual NIC’s, per switch, giving you a potential number of interconnects in the range of 1016 * 248!

Although vSwitches are very similar to physical Switches (pSwitches from here on), there are a few differences:-

• Spanning-Tree Protocol (STP) is not supported on Virtual Switches, as “VMWare infrastructure enforces a single-tier networking topology within the ESX Server”. Basically, the quote says that there is no possible way for you to interconnect multiple vSwitches, thus, “ESX Networks cannot be configured to introduce loops”. Because theres no way for you to attach 2 pNICs to one vSwitch, there is no way to fool an ethernet adapter into doing loopback or any other configuration which could cause a leak between virtual switches.
• “ESX Provides a direct channel from virtual Ethernet Adapters for such configuration information as authoritative MAC Filter Updates, therefore there is no need to learn unicast addresses or perform IGMP snooping to learn multicast group membership” – basically, the vSwitch works by acting as a cable, it notices VM1 trying to send to VM2, therefore it puts a temporary cable inbeetween the VM’s and allows communication, due to this it doesnt need to know multicast group membership.

Due to this apparent transparency and the lack of use for STP, there is no need to cascade virtual switches as virtual infrastrucutre provides no capability to connect vSwitches.

Virtual switch correctness: “It is important to ensure virtual machines or other nodes on the network do not affect the behaviour of the vSwitch”

•  ”Virtual switches do not learn MAC addresses from the network in order to populate their forwarding tables. This eliminates a likely vector for denial- of-service (DoS) or leakage attacks, either as a direct denial of service attempt or, more likely, as a side effect of some other attack, such as a worm or virus as it scans for vulnerable hosts to infect. “
• “Virtual switches make private copies of any frame data used to make forwarding or filtering decisions. This is a critical feature of the virtual switch and is unique to virtual switches. The virtual switch does not copy the entire frame, because that would be inefficient, but ESX Server must make sure that the guest operating system does not have access to any sensitive data once the frame is passed on to the virtual switch.”

 

 More to come. Sam.

Tags: Cisco, Virtualization, VLAN, VTP

XenSource Wiki

http://wiki.xensource.com/xenwiki/

Interesting little Wiki i stumbled on a while ago on XenSource. Particularly interesting is the supported CPU’s list: http://wiki.xensource.com/xenwiki/HVM_Compatible_Processors . Which seems to not list any of the new Intel (new being last 1-2 years) Xeon CPU’s as compatible with their hardware virtualization technology – no Xeon 5100 Series (Woodcrest), no Xeon 5300 Series (Clovertown) and no 5400 Series (Harpertown). Also no Xeon 7200 Series (dual-core Tigerton Caneland) and no Xeon 7300 (Quad-core Tigerton Caneland). Quite surprising really – seeing as the page was updated yesterday and also includes the desktop CPU QX6800.

Ive always been a little sceptical of XenSource; it seems a little empty compared to its feature-rich cousin VMWare ESX, it does the job but it doesnt have any key technologies such as VMotion, the flashy ViCLient interface, etc. 

However - the one benefit that comes from having (without being derogatory here), a rather less-feature rich O/S, is that it works on a heck of a lot more platforms. Being the server engineer i am, at home i have 5 servers, all enterprise level. 2 are running Intel S5000PSL boards, one is running an S5000XVN Workstation board (got it for free, i cant complain) and 2 are running Supermicro X7DB8+ motherboards. I tried to install VMWare ESX on the Supermicro motherboards, and it wouldnt install due to the fact that the storage controller wasnt part of the drivers built into VMWare ESX’s libraries, meaning it wouldnt find the hard drive on the RAID controller, etc. When i came to install Xen, it installed no problem – this leads me to believe that ESX’s VMFS needs, for some reason, to have the specific storage driver for that chip in its repositories (e.g. MPT_scsi2xx…) unlike Xen which is a lot more open, true to its GPL.

On a personal note, i like Xen, but unfortunately it just doesnt offer that..extra bit of technology that really makes you sit up and go “oh, you know what, that is really useful”, like VMWares VMotion, or Microsofts Hyper-V being bundled with 2008 etc.

 

Tags: Virtualization, Wiki, Xen, XenSource