Chapter 4. Network Architecture
A well designed and built network ensures, for example, that high bandwidth tasks receive adequate bandwidth, that user interactions are not crippled by frustrating latency, and virtual machines can be successfully migrated within a migration domain. A poorly built network can cause, for example, unacceptable latency, and migration and cloning failures resulting from network flooding.
Red Hat Enterprise Virtualization networking is discussed in this chapter in terms of basic networking, networking within a cluster, and host networking configurations. Basic networking terms cover the basic hardware and software elements that facilitate networking. Networking within a cluster includes network interactions among cluster level objects such as hosts, logical networks and virtual machines. Host networking configurations covers supported configurations for networking within a host.
4.1. Introduction: Basic Networking Terms
Red Hat Enterprise Virtualization provides networking functionality between virtual machines, virtualization hosts, and wider networks using:
NICs, bridges, and VNICs allow for network communication between hosts, virtual machines, local area networks, and the Internet. Bonds and VLANs are optionally implemented to enhance security, fault tolerance, and network capacity.
4.1.1. Network Interface Controller (NIC)
The NIC (Network Interface Controller) is a network adapter or LAN adapter that connects a computer to a computer network. The NIC operates on both the physical and data link layers of the machine and allows network connectivity. All virtualization hosts in a Red Hat Enterprise Virtualization environment have at least one NIC, though it is more common for a host to have two or more NICs.
One physical NIC can have multiple Virtual NICs (VNICs) logically connected to it. A virtual NIC acts as a physical network interface for a virtual machine. To distinguish between a VNIC and the NIC that supports it, the Red Hat Enterprise Virtualization Manager assigns each VNIC a unique MAC address.
A Bridge is a software device that uses packet forwarding in a packet-switched network. Bridging allows multiple network interface devices to share the connectivity of one NIC and appear on a network as separate physical devices. The bridge examines a packet's source addresses to determine relevant target addresses. Once the target address is determined, the bridge adds the location to a table for future reference. This allows a host to redirect network traffic to virtual machine associated VNICs that are members of a bridge.
In Red Hat Enterprise Virtualization a logical network is implemented using a bridge. It is the bridge rather than the physical interface on a host that receives an IP address. The IP address associated with the bridge is not required to be within the same subnet as the virtual machines that use the bridge for connectivity. If the bridge is assigned an IP address on the same subnet as the virtual machines that use it, the host is addressable within the logical network by virtual machines. As a rule it is not recommended to run network exposed services on a Red Hat Enterprise Virtualization host. Guests are connected to a logical network by their VNICs, and the host is connected to remote elements of the logical network using its NIC. Each guest can have the IP address of its VNIC set independently, by DHCP or statically. Bridges can connect to objects outside the host, but such a connection is not mandatory.
A Bond aggregates multiple NICs in a parallel manner to provide combined speed that is beyond single NIC speeds. Bonding provides increased fault tolerance by increasing the number of failures required for networking to fail completely. The NICs that form a bond device must be of the same make and model in order to ensure that both devices support the same options and modes.
The packet dispersal algorithm for a bond is determined by the bonding mode used.
Bonding Modes
Red Hat Enterprise Virtualization uses mode 4 by default but supports the following common bonding modes:
Mode 1 (active-backup policy) sets all interfaces to the backup state while one remains active. Upon failure on the active interface, a backup interface replaces it as the only active interface in the bond. The MAC address of the bond in mode 1 is visible on only one port (the network adapter), to prevent confusion for the switch. Mode 1 provides fault tolerance and is supported in Red Hat Enterprise Virtualization.
Mode 2 (XOR policy) selects an interface to transmit packages to based on the result of an XOR operation on the source and destination MAC addresses multiplied by the modulo slave count. This calculation ensures that the same interface is selected for each destination MAC address used. Mode 2 provides fault tolerance and load balancing and is supported in Red Hat Enterprise Virtualization.
Mode 3 (broadcast policy) transmits all packages to all interfaces. Mode 3 provides fault tolerance and is supported in Red Hat Enterprise Virtualization.
Mode 4 (IEEE 802.3ad policy) creates aggregation groups for which included interfaces share the speed and duplex settings. Mode 4 uses all interfaces in the active aggregation group in accordance with the IEEE 802.3ad specification and is supported in Red Hat Enterprise Virtualization.
Mode 5 (adaptive transmit load balancing policy) ensures the outgoing traffic distribution is according to the load on each interface and that the current interface receives all incoming traffic. If the interface assigned to receive traffic fails, another interface is assigned the receiving role instead. Mode 5 is supported in Red Hat Enterprise Virtualization.
4.1.4. Virtual Network Interface Controller(VNIC)
An NIC is the physical network interface controller for the host. A VNIC is a virtual NIC based on the physical NIC. Each host can have one or more NICs and each NIC can be a base for multiple VNICs. Every virtual machine with a network interface results in a new VNIC with a unique MAC address on the host where the virtual machine runs. These VNICs are then added to the network bridge which implements the logical network that a virtual machine is connected to. For details about NICs, refer to
Section 4.1.1, “Network Interface Controller (NIC)”. For details about bridges, refer to
Section 4.1.2, “Bridge”.
Running the
ifconfig
command on a Red Hat Enterprise Virtualization shows all of the VNICs that are associated with virtual machines on a host. Also visible are any network bridges that have been created to implement logical networks, and any NICs used by the host.
[root@ecs-cloud-rhevh-01 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr E4:1F:13:B7:FD:D4
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2527437 errors:0 dropped:0 overruns:0 frame:0
TX packets:7353099 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1842636390 (1.7 GiB) TX bytes:4527273914 (4.2 GiB)
Interrupt:169 Memory:92000000-92012800
bond0 Link encap:Ethernet HWaddr 00:1B:21:98:25:E4
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:1207008987 errors:0 dropped:2132 overruns:0 frame:0
TX packets:1172475485 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1564609462833 (1.4 TiB) TX bytes:885715805671 (824.8 GiB)
rhevm Link encap:Ethernet HWaddr E4:1F:13:B7:FD:D4
inet addr:10.64.14.122 Bcast:10.64.15.255 Mask:255.255.254.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:445040 errors:0 dropped:0 overruns:0 frame:0
TX packets:4721866 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:41575335 (39.6 MiB) TX bytes:4171361904 (3.8 GiB)
storage Link encap:Ethernet HWaddr 00:1B:21:98:25:E4
inet addr:192.168.29.10 Bcast:192.168.29.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:86956273 errors:0 dropped:0 overruns:0 frame:0
TX packets:62074574 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:106661218057 (99.3 GiB) TX bytes:83616530712 (77.8 GiB)
vnet000 Link encap:Ethernet HWaddr FE:1A:4A:40:0E:04
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:477233 errors:0 dropped:0 overruns:0 frame:0
TX packets:630027 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:123257049 (117.5 MiB) TX bytes:387924090 (369.9 MiB)
vnet001 Link encap:Ethernet HWaddr FE:1A:4A:40:0E:30
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1642 errors:0 dropped:0 overruns:0 frame:0
TX packets:120753 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:318222 (310.7 KiB) TX bytes:14323345 (13.6 MiB)
vnet002 Link encap:Ethernet HWaddr FE:1A:4A:40:0E:2E
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:239673 errors:0 dropped:0 overruns:0 frame:0
TX packets:555398 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:17514233 (16.7 MiB) TX bytes:620136453 (591.4 MiB)
The given console output shows one bond device,
bond0
; one ethernet NIC
eth0
; two network bridges:
storage
and
rhevm
; and a number of VNICs that are associated virtual machine network interfaces using
virtio drivers
. For more information on virtualized hardware refer to
Appendix C, Virtualized Hardware.
The VNICs displayed in the given console output are members of the network bridge for a logical network. Bridge membership can be displayed using the
brctl show
command:
[root@ecs-cloud-rhevh-01 ~]# brctl show
bridge name bridge id STP enabled interfaces
rhevm 8000.e41f13b7fdd4 no vnet002
vnet001
vnet000
eth0
storage 8000.001b219825e4 no bond0
The given console output shows that the virtio VNICs are members of the
rhevm
bridge, because all of the virtual machines that the VNICs are associated with are connected to the
rhevm network. The
eth0
NIC is also a member of the
rhevm
bridge. The
eth0
device is cabled to a switch that provides connectivity beyond the host.
Figure 4.1, “Networking within a cluster”. depicts that each host in this setup has three NICs, except Host C. VNICs cannot exist without either a physical NIC or bridge attached to the host, but virtual machines can remain unconnected to any network or VNIC/NIC. A virtual machine connects directly to a VNIC, which uses the bridge and physical NIC to form a network link with objects connected to a given logical network.
4.1.5. Virtual LAN (VLAN)
A VLAN (Virtual LAN) is an attribute that can be applied to network packets. Network packets can be "tagged" into a particular numbered VLAN. A VLAN is a security feature used to completely isolate network traffic at the switch level as VLANs are completely separate and mutually exclusive. The Red Hat Enterprise Virtualization is VLAN aware and able to tag and redirect VLAN traffic, however VLAN implementation requires a switch that supports VLANs.
At the switch level, ports are assigned a VLAN designation. A switch applies a VLAN tag to traffic originating from a particular port, marking the traffic as part of a VLAN, and ensures that responses carry the same VLAN tag. A VLAN can extend across multiple switches. VLAN tagged network traffic on a switch is completely undetectable except by machines connected to a port designated with the correct VLAN. A given port can be tagged into multiple VLANs, which allows traffic from multiple VLANs to be sent to a single port, to be deciphered using software on the machine that receives the traffic.