Product SiteDocumentation Site

Chapter 4. Network Architecture

4.1. Introduction: Basic Networking Terms
4.1.1. Network Interface Controller (NIC)
4.1.2. Bridge
4.1.3. Bond
4.1.4. Virtual Network Interface Controller(VNIC)
4.1.5. Virtual LAN (VLAN)
4.2. Networking in Data Centers and Clusters.
4.2.1. Cluster Networking
4.2.2. Logical Networks
4.3. Networking in Hosts and Virtual Machines
4.3.1. Host Networking Configurations
4.3.2. Virtual Machine Connectivity
A well designed and built network ensures, for example, that high bandwidth tasks receive adequate bandwidth, that user interactions are not crippled by frustrating latency, and virtual machines can be successfully migrated within a migration domain. A poorly built network can cause, for example, unacceptable latency, and migration and cloning failures resulting from network flooding.
Red Hat Enterprise Virtualization networking is discussed in this chapter in terms of basic networking, networking within a cluster, and host networking configurations. Basic networking terms cover the basic hardware and software elements that facilitate networking. Networking within a cluster includes network interactions among cluster level objects such as hosts, logical networks and virtual machines. Host networking configurations covers supported configurations for networking within a host.

4.1. Introduction: Basic Networking Terms

Red Hat Enterprise Virtualization provides networking functionality between virtual machines, virtualization hosts, and wider networks using:
  • A Network Interface Controller (NIC)
  • A Bridge
  • A Bond
  • A Virtual NIC
  • A Virtual LAN (VLAN)
NICs, bridges, and VNICs allow for network communication between hosts, virtual machines, local area networks, and the Internet. Bonds and VLANs are optionally implemented to enhance security, fault tolerance, and network capacity.

4.1.1. Network Interface Controller (NIC)

The NIC (Network Interface Controller) is a network adapter or LAN adapter that connects a computer to a computer network. The NIC operates on both the physical and data link layers of the machine and allows network connectivity. All virtualization hosts in a Red Hat Enterprise Virtualization environment have at least one NIC, though it is more common for a host to have two or more NICs.
One physical NIC can have multiple Virtual NICs (VNICs) logically connected to it. A virtual NIC acts as a physical network interface for a virtual machine. To distinguish between a VNIC and the NIC that supports it, the Red Hat Enterprise Virtualization Manager assigns each VNIC a unique MAC address.

4.1.2. Bridge

A Bridge is a software device that uses packet forwarding in a packet-switched network. Bridging allows multiple network interface devices to share the connectivity of one NIC and appear on a network as separate physical devices. The bridge examines a packet's source addresses to determine relevant target addresses. Once the target address is determined, the bridge adds the location to a table for future reference. This allows a host to redirect network traffic to virtual machine associated VNICs that are members of a bridge.
In Red Hat Enterprise Virtualization a logical network is implemented using a bridge. It is the bridge rather than the physical interface on a host that receives an IP address. The IP address associated with the bridge is not required to be within the same subnet as the virtual machines that use the bridge for connectivity. If the bridge is assigned an IP address on the same subnet as the virtual machines that use it, the host is addressable within the logical network by virtual machines. As a rule it is not recommended to run network exposed services on a Red Hat Enterprise Virtualization host. Guests are connected to a logical network by their VNICs, and the host is connected to remote elements of the logical network using its NIC. Each guest can have the IP address of its VNIC set independently, by DHCP or statically. Bridges can connect to objects outside the host, but such a connection is not mandatory.

4.1.3. Bond

A Bond aggregates multiple NICs in a parallel manner to provide combined speed that is beyond single NIC speeds. Bonding provides increased fault tolerance by increasing the number of failures required for networking to fail completely. The NICs that form a bond device must be of the same make and model in order to ensure that both devices support the same options and modes.
The packet dispersal algorithm for a bond is determined by the bonding mode used.

Bonding Modes

Red Hat Enterprise Virtualization uses mode 4 by default but supports the following common bonding modes:
  • Mode 1 (active-backup policy) sets all interfaces to the backup state while one remains active. Upon failure on the active interface, a backup interface replaces it as the only active interface in the bond. The MAC address of the bond in mode 1 is visible on only one port (the network adapter), to prevent confusion for the switch. Mode 1 provides fault tolerance and is supported in Red Hat Enterprise Virtualization.
  • Mode 2 (XOR policy) selects an interface to transmit packages to based on the result of an XOR operation on the source and destination MAC addresses multiplied by the modulo slave count. This calculation ensures that the same interface is selected for each destination MAC address used. Mode 2 provides fault tolerance and load balancing and is supported in Red Hat Enterprise Virtualization.
  • Mode 3 (broadcast policy) transmits all packages to all interfaces. Mode 3 provides fault tolerance and is supported in Red Hat Enterprise Virtualization.
  • Mode 4 (IEEE 802.3ad policy) creates aggregation groups for which included interfaces share the speed and duplex settings. Mode 4 uses all interfaces in the active aggregation group in accordance with the IEEE 802.3ad specification and is supported in Red Hat Enterprise Virtualization.
  • Mode 5 (adaptive transmit load balancing policy) ensures the outgoing traffic distribution is according to the load on each interface and that the current interface receives all incoming traffic. If the interface assigned to receive traffic fails, another interface is assigned the receiving role instead. Mode 5 is supported in Red Hat Enterprise Virtualization.

4.1.4. Virtual Network Interface Controller(VNIC)

An NIC is the physical network interface controller for the host. A VNIC is a virtual NIC based on the physical NIC. Each host can have one or more NICs and each NIC can be a base for multiple VNICs. Every virtual machine with a network interface results in a new VNIC with a unique MAC address on the host where the virtual machine runs. These VNICs are then added to the network bridge which implements the logical network that a virtual machine is connected to. For details about NICs, refer to Section 4.1.1, “Network Interface Controller (NIC)”. For details about bridges, refer to Section 4.1.2, “Bridge”.
Running the ifconfig command on a Red Hat Enterprise Virtualization shows all of the VNICs that are associated with virtual machines on a host. Also visible are any network bridges that have been created to implement logical networks, and any NICs used by the host.
[root@ecs-cloud-rhevh-01 ~]# ifconfig 
eth0      Link encap:Ethernet  HWaddr E4:1F:13:B7:FD:D4  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2527437 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7353099 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1842636390 (1.7 GiB)  TX bytes:4527273914 (4.2 GiB)
          Interrupt:169 Memory:92000000-92012800 

bond0     Link encap:Ethernet  HWaddr 00:1B:21:98:25:E4  
          UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:1207008987 errors:0 dropped:2132 overruns:0 frame:0
          TX packets:1172475485 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1564609462833 (1.4 TiB)  TX bytes:885715805671 (824.8 GiB)


rhevm     Link encap:Ethernet  HWaddr E4:1F:13:B7:FD:D4  
          inet addr:10.64.14.122  Bcast:10.64.15.255  Mask:255.255.254.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:445040 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4721866 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:41575335 (39.6 MiB)  TX bytes:4171361904 (3.8 GiB)

storage   Link encap:Ethernet  HWaddr 00:1B:21:98:25:E4  
          inet addr:192.168.29.10  Bcast:192.168.29.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:86956273 errors:0 dropped:0 overruns:0 frame:0
          TX packets:62074574 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:106661218057 (99.3 GiB)  TX bytes:83616530712 (77.8 GiB)

vnet000 Link encap:Ethernet  HWaddr FE:1A:4A:40:0E:04  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:477233 errors:0 dropped:0 overruns:0 frame:0
          TX packets:630027 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:123257049 (117.5 MiB)  TX bytes:387924090 (369.9 MiB)

vnet001 Link encap:Ethernet  HWaddr FE:1A:4A:40:0E:30  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1642 errors:0 dropped:0 overruns:0 frame:0
          TX packets:120753 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:318222 (310.7 KiB)  TX bytes:14323345 (13.6 MiB)

vnet002 Link encap:Ethernet  HWaddr FE:1A:4A:40:0E:2E  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:239673 errors:0 dropped:0 overruns:0 frame:0
          TX packets:555398 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:17514233 (16.7 MiB)  TX bytes:620136453 (591.4 MiB)
The given console output shows one bond device, bond0; one ethernet NIC eth0; two network bridges: storage and rhevm; and a number of VNICs that are associated virtual machine network interfaces using virtio drivers. For more information on virtualized hardware refer to Appendix C, Virtualized Hardware.
The VNICs displayed in the given console output are members of the network bridge for a logical network. Bridge membership can be displayed using the brctl show command:
[root@ecs-cloud-rhevh-01 ~]# brctl show
bridge name	bridge id		STP enabled	interfaces
rhevm		8000.e41f13b7fdd4	no		vnet002
							vnet001
							vnet000
							eth0
storage		8000.001b219825e4	no		bond0
The given console output shows that the virtio VNICs are members of the rhevm bridge, because all of the virtual machines that the VNICs are associated with are connected to the rhevm network. The eth0 NIC is also a member of the rhevm bridge. The eth0 device is cabled to a switch that provides connectivity beyond the host.
Figure 4.1, “Networking within a cluster”. depicts that each host in this setup has three NICs, except Host C. VNICs cannot exist without either a physical NIC or bridge attached to the host, but virtual machines can remain unconnected to any network or VNIC/NIC. A virtual machine connects directly to a VNIC, which uses the bridge and physical NIC to form a network link with objects connected to a given logical network.

4.1.5. Virtual LAN (VLAN)

A VLAN (Virtual LAN) is an attribute that can be applied to network packets. Network packets can be "tagged" into a particular numbered VLAN. A VLAN is a security feature used to completely isolate network traffic at the switch level as VLANs are completely separate and mutually exclusive. The Red Hat Enterprise Virtualization is VLAN aware and able to tag and redirect VLAN traffic, however VLAN implementation requires a switch that supports VLANs.
At the switch level, ports are assigned a VLAN designation. A switch applies a VLAN tag to traffic originating from a particular port, marking the traffic as part of a VLAN, and ensures that responses carry the same VLAN tag. A VLAN can extend across multiple switches. VLAN tagged network traffic on a switch is completely undetectable except by machines connected to a port designated with the correct VLAN. A given port can be tagged into multiple VLANs, which allows traffic from multiple VLANs to be sent to a single port, to be deciphered using software on the machine that receives the traffic.