第二部分
配置标准交换机
virtual switches介绍
virtual switches分为两种类型:
1.vnetwork standard switches
2.vnetwork distributed switchs
virtual switches能够提供如下通讯:
1.between virtual machines within an esxi host
2.between virutal machines on different esxi hosts
3.between virutal machines and physical machines on the network
4.for vmkernel access to networks for vmotion,iscsi,nfs,or fault tolerance logging(and management on esxi)
vswitch和物理switch的区别(1)
vswitches do have some differences from physical switches.a vswitch does not support the use of dynamic negotiation protocols for establishing 802.1q trunks or port channels,such as dynamic trunking protocol(dtp)or port aggregation protocol(pagp).a vswitch cannot be connected to another vswitch,thereby eliminating a potential loop configuration.because there is no possibility of looping,the vswitches do not run spanning tree protocol(stp).looping can be a common network problem,so this is a real benefit of vswitches.
总结:不支持dtp和pagp,不运行stp
vswitch和物理switch的区别(2)
1.a vswitch authoritatively knows the mac addresses of the virutal machines connected to that vswitch,so there is no need to learn mac addresses from the network.(无需学习mac)
2.traffic received by a vswitch on one uplink is never forwarded out another uplink.this is yet another reason why vswitches do not run stp.(不会把一个uplink的流量发送给另一个uplink)
3.a vswitch does not need to perform internet group management protocol(igmp) snooping because it knows the multicast interests of the virtual machines attached to that vswitch.(不需要执行igmp)
uplink介绍
如果没有uplink就不能和物理网络进行通讯
两种不同的port和port group
1.vmkernel port(esxi自己接口)
2.virtual machine port group(vm接口)
port and port group
virtual switches alone can't provide connectivity,they need ports or port groups and uplinks
vmkernel网络
vmkernel ports are used for vmotion,iscsi nas/nfs access,and vmware ft.with esxi,vmkernel ports are also used for management.
添加vmkernel网络
virtual machine网络
the virtual machine port group is quite different from a vmkernel port.both of the other port have a one-to-one relationship with an interface.a virutal machine port group,on the other hand,does not have a one-to-one relationship,and it does not require an ip address
添加virtual machine网络
nic teaming介绍(冗余和负载均衡,多条上行链路)
nic teaming involves connecting multiple physical network adapters to single vswitch.nic teaming provides redundancy and load balancing of network communications to vmkernel,and virtual machines.
配置nic teaming
配置负载均衡
三种负载均衡方式
1.virtual switch port load balancing(虚拟交换端口负载均衡)
2.source mac load balancing(基于源mac的负载均衡)
3.ip hash load balancing(ip hash的负载均衡,必须两个口接同一个交换机)
port和source mac负载均衡能够连接多个物理交换机,802.3ad的link aggregation却不行.
链路状态判断
link status only只看链路状态好坏
beacon probing发送探测包来判断网卡好坏
通知交换机
1.a virtual machine is powered on(or any other time a client registers itself with the vswitch)(当一个虚拟机开机的时候这时候需要通知交换机)
2.a vmotion ccurs(迁移时候需要通知物理交换机)
3.a mac address is changed(修改mac需要通知交换机)
4.a nic team failover or failback has occurred(nic team多链路备份需要开启通知交换机)
故障恢复(failback当多条链路主备如果开启failback,当主用链路坏掉,备用变为active,而原主用又好了,一直保证主用链路切换到原主用,)
ip存储的接口最好设置故障恢复选项为"no"
流量控制(traffic shaping)
只控制网卡出的流量最大带宽是多少,入是没有办法控制的.
安全security(1)杂合模式
promiscuous mode(杂合模式)
accespt开启用来抓包等于把交换机改为hub
reject关闭每个接口只属于一个冲突域交换机模式
安全(2)mac地址更改/伪信号
the initial mac address is generated automatically and that resides in the configuration file.
the effective mac address is the mac address configured by the guest os that is used during communication with other systems.the effective mac address is included in network communicaton as the source mac of the vm.by default,these two addresses are identical.
mac address changes
当esxi主机给vm分配的mac初始化mac地址一般是和有效mac地址是相同的,当通过更改mac地址等手段,改变了有效mac地址,使得和初始mac不同,macaddress changes设置为reject时候,vm发送的流量将被虚拟交换机干掉,如果设置为accept不会.
forged transmits(欺骗传输)
如果设置为reject会把经过虚拟交换机到你的流量干掉.accept不会.
设置为reject等于不允许客户修改vm的mac地址.
