You must have Adobe Flash Player 7 or above to view this content.See http://www.adobe.com/products/flashplayer to download now.
Download for later:
Network analysis in a virtualized environment with Brien M. Posey and Associate Editor Elaine Hom
• Internet Explorer: Right Click > Save Target As
• Firefox: Right Click > Save Link As
• Do virtual machines bear the same MAC address as the host server?
• Is it possible to differentiate between the traffic produced by each guest machine?
• Is it common for host machines to saturate the available bandwidth?
• Are there techniques for limiting a host server's impact on bandwidth consumption?
• Does the management and monitoring process for virtual machines cause any significant performance degradation or bandwidth shortages?
• What are the differences between external, internal and private networking in a virtualized environment?
• Is there any incentive to create VLANs for virtual machines?
Virtual networks enable communications between virtual machines. Internal and private virtual networks do not place any traffic on the physical network, so monitoring virtual network traffic is usually a non-issue. If you do need to monitor virtual network traffic, though, you will have to install a protocol analyzer on one of the virtual machines that is using the virtual network. Hardware-based protocol analyzers can examine only traffic that is flowing across external virtual networks.
In a Microsoft Hyper-V environment, each virtual machine is assigned a dynamic MAC address by default. This MAC address differs from that of the host server and normally differs from the MAC addresses assigned to other virtual machines. Hyper-V also gives you the option of assigning a static MAC address to each virtual network adapter within a virtual machine. A VMware ESX also gives you the option of using either static or dynamic MAC addresses on virtual machines.
Yes. With a hypervisor, the majority of the virtual machine's hardware requests (including those used for networking) are serviced directly by the server's hardware rather than being serviced by the host operating system. This means that a virtual machine's dynamic MAC address is actually used in communications on the physical network and can be used to identify traffic produced by the virtual machine. The virtual machine's IP address can also be used as an identifier.
Although this is theoretically possible, I have never seen it happen in the real world. Typically, virtual machines are distributed across host servers according to the workload that they are expected to place on the host machine. For example, if a virtual machine is expected to produce a lot of network traffic, then it might be paired with other virtual machines that don't generate much traffic. Another common solution is to assign each virtual machine a dedicated network interface card (NIC).
In addition to the techniques that I have already mentioned, some high-demand applications offer bandwidth throttling. This allows the administrator to control the amount of traffic that the application is generating. It is usually more effective, though, just to assign a high-demand virtual machine a dedicated NIC.
Network monitoring is usually a passive activity. Network monitoring software runs in promiscuous mode and sniffs traffic as it flows across the network. If you run network monitoring software directly on a virtual machine, you will consume resources such as CPU time, memory, and disk throughput, but you will not typically place any significant amount of additional traffic on the network.
Hyper-V offers three types of virtual networks: external, internal and private. External virtual networks bind to the physical NIC so that virtual machines can access the physical network. Internal virtual networks are network connections that allow virtual machines to communicate with other virtual machines running on the host server, as well as with the host server itself. Private virtual networks allow communications only on virtual machines residing on the same host server. Private virtual networks do not let a virtual machine communicate with the host server, and neither private nor internal virtual networks allow communications with the outside world.
VMware uses the concept of virtual switches. Virtual switches can be created to isolate traffic to virtual machines that are running on the host server, or they can use an uplink to bridge the virtual switch and the physical network, allowing communications with the outside world. You cannot interconnect multiple virtual switches, however, and traffic cannot flow directly from one virtual switch to another.
A VLAN (Virtual LAN) is a set of computers that are configured to communicate with one another as though they resided in a common broadcast domain, regardless of physical location. In a virtualized environment, the physical location of a virtual machine is ambiguous, to say the least. Since physically connecting a virtual machine to the desired network segment may not always be an option, VLANs offer an ideal solution for creating the desired network topology in a virtualized environment.
About the author
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, CNET, ZDNet, TechTarget, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at www.brienposey.com.
This was first published in February 2009