Go to main content

Managing Network Virtualization and Network Resources in Oracle® Solaris 11.3

Exit Print View

Updated: April 2018
 
 

Overview of Network Virtualization

Virtualization enables multiple virtual machines to run simultaneously on a single physical machine. Virtualization technologies provide isolation between multiple virtual machines, enabling multiple instances of an operating system to run on a single machine. Network virtualization takes server virtualization to the next level - the ability to virtualize entire network topologies of servers, routers, switches, and firewalls all running on a single platform and requiring no additional investment in networking hardware. Network virtualization can be used for a variety of purposes, from prototyping to developing and testing to service deployment.

Note -  For a description of the example IP addresses used in this guide, see the IP address entry in Glossary of Networking Terms.

Network virtualization is an OS-provisioned mechanism that enables you to programmatically create and configure virtual networks that are decoupled from the underlying physical network. A virtual network is therefore a pseudo network that uses the physical network only as a packet forwarding backbone. Virtual networks usually consist of one system using virtual machines or zones whose network interfaces are configured over a physical network interface card (NIC) or an etherstub. These network interfaces are called virtual network interface cards or virtual NICs (VNICs). The virtual machines or zones with VNICs can communicate with each other as though they are on the same local network, effectively becoming a virtual network on a single host.

Benefits of Network Virtualization

Network virtualization provides the following benefits:

  • Enables you to achieve better utilization of the available resources by consolidating various applications on a few servers. You can then replace many systems with a single system that has multiple zones or virtual machines without significantly losing separation, security, and flexibility. For a demonstration, see Consolidating the Data Center With Network Virtualization (http://download.oracle.com/otndocs/tech/OTN_Demos/data-center-consolidation.html).

  • Is cost effective because you can virtualize a hardware NIC at the MAC layer.

  • Reduces the time to provision your network, thereby reducing the time to deploy applications.

  • Provides base for building a fully automated cloud environment.

  • Provides isolated networks because you can create VLANs, VXLANs, or PVLANs based virtual networks.

  • Overcomes the limitations in current network topologies (such as scalability issues in VLANs).

  • Using SR-IOV VF VNICs reduces system overhead.

  • Improves system performance by allocating hardware resources such as NIC rings and CPUs to VNICs.

  • Provides better network resource management by enforcing service-level agreements on the VNICs.

  • Provides observability into the network at the level of virtual ports and flows

Network Virtualization Technologies That Are Supported by Oracle Solaris

Oracle Solaris supports the following network virtualization technologies:

  • Edge Virtual Bridging (EVB) – Enables a host to exchange information related to virtual links on a system with an external switch. EVB is used to exchange information about all the virtual links behind a port whereas data center bridging (DCB) is used to exchange information about the port. For more information about EVB, see Administering Server-Network Edge Virtualization by Using Edge Virtual Bridging.

  • Virtual Extensible Local Area Network (VXLAN) – VXLAN addresses the 4K limitation of virtual local area network (VLAN) and also reduces the demand of virtualization on physical infrastructure such as switches. It uses physical server resources effectively in a data center that spans multiple L2 networks and provides scalability and network isolation for virtual networks. For more information, see Configuring Virtual Networks by Using Virtual Extensible Local Area Networks.

  • Single Root I/O Virtualization (SR-IOV) – Enables the creation of a virtual function (VF) based VNIC on a network device that supports SR-IOV. For more information, see Using Single Root I/O Virtualization With VNICs.

  • Private Virtual Local Area Network (PVLAN) VNICs – Enables you to configure PVLAN VNICs that are used for dividing a VLAN into sub-VLANs to isolate the network traffic thereby providing better usage of the limited number of available VLANs.

Network Virtualization Components

The components of network virtualization are as follows:

  • Virtual Network Interface Card (VNIC)

  • Virtual switch

  • Etherstub

  • Elastic virtual switch

Virtual Network Interface Card (VNIC)

A VNIC is an L2 entity or virtual network device that behaves just like a physical NIC when configured. You can either configure a VNIC by using the dladm command or system creates the VNICs which are known as system-created VNICs. You configure a VNIC over an underlying datalink to share it between multiple zones or VMs. In addition, the system's resources treat VNICs as if they were physical NICs. All physical Ethernet interfaces support the creation of VNICs. For more information about how to configure a VNIC, see How to Configure VNICs and Etherstubs.

A VNIC has an automatically generated MAC address. Depending on the network interface in use, you can assign a MAC address to a VNIC other than the automatically generated MAC address. For more information, see Modifying VNIC MAC Addresses.

In addition to the VNICs that you can create by using the dladm create-vnic command, the system also creates VNICs known as system-created VNICs that help in virtual network I/O for Oracle VM Server for SPARC vnet. The system-created VNICs follow the naming convention <entity>-<name>, where entity refers to the system entity that created the VNIC and name refers to the VNIC name within the system entity. The user-created VNIC name cannot contain a hyphen (-). Only a system-created VNIC contains a hyphen (-), which helps you to differentiate between a system-created VNIC and a user-created VNIC. You cannot modify, rename, plumb, or delete system-created VNICs. For more information, see Oracle VM Server for SPARC 3.1 Administration Guide.

You can use the dlstat and snoop commands to monitor network traffic on system-created VNICs. You can also create flows over system-created VNICs by using the flowadm command. Flows help you to not only manage network resources but also to monitor network traffic statistics. You can monitor network traffic statistics on flows by using the flowstat command. For more information about flows, see Configuring Flows.

Virtual Switch

A virtual switch is an entity that facilitates communication between virtual machines (VMs) that share the same datalink. The virtual switch loops traffic between virtual machines (inter-VM traffic) within the physical machine and does not send this traffic out on the wire. A virtual switch is implicitly created whenever you create a VNIC on top of an underlying datalink. The VNICs configured with the VMs need to be on the same VLAN or VXLAN for inter-VM communication. Virtual switches can be managed by EVS. For information about EVS, see About Elastic Virtual Switches.

As per Ethernet design, if a switch port receives an outgoing packet from the host connected to that port, that packet cannot go to a destination on the same port. This Ethernet design is a limitation for systems that are configured with virtual networks because the virtual networks share the same NIC. This Ethernet design limitation is overcome by using the virtual switches, which enable VMs to communicate with one another.

In certain cases, communication between VMs in a system might require the use of a switch. For example, communication between VMs might need to be subjected to access control lists (ACLs) that are configured on the switch. By default, a switch cannot send packets on the same port where the packets are received. Therefore, reflective relay is enabled on the switch for communication between VMs that use a switch. Reflective relay enables the switch to forward the packets on the same port where the packets are received. For more information, see Reflective Relay in Managing Network Virtualization and Network Resources in Oracle Solaris 11.3.

Etherstub Virtual NIC

An etherstub is a pseudo Ethernet NIC that is configured at the datalink layer (L2) of the Oracle Solaris network stack. You can create VNICs over an etherstub instead of over a physical NIC. With etherstubs, you can construct a private virtual network that is isolated both from the other virtual networks on the system and from the external network. For example, you can use etherstubs to create a network environment without the external connectivity or resources.

Elastic Virtual Switch

Oracle Solaris network virtualization capabilities are expanded to enable managing virtual switches directly. The Oracle Solaris Elastic Virtual Switch (EVS) feature provides virtual networking infrastructure within a data center or a multitenant cloud environment to interconnect virtual machines that reside on multiple systems. EVS enables centralized management of virtual switches on multiple hosts and hence VNICs connected to the elastic virtual switch. Virtual machines connected to the same elastic virtual switch can communicate with each other. For more information, see About Elastic Virtual Switches. For more information about how to administer elastic virtual switches, see Administering Elastic Virtual Switches.

Types of VMs for Network Virtualization in Oracle Solaris

Although you can assign VNICs to resources in a single instance of the Oracle Solaris OS, you can extend their use in network virtualization by using them in virtualized environments such as Oracle Solaris Zones, Oracle Solaris Kernel Zones, or Oracle VM Server for SPARC.

Oracle Solaris Zones

A zone is a virtualized operating system environment created within a single instance of the Oracle Solaris operating system. Etherstubs and VNICs are only a part of the virtualization features of Oracle Solaris. By assigning VNICs or etherstubs for use by Oracle Solaris zones, you can create a network within a single system. For more information about zones, see Introduction to Oracle Solaris Zones.

Oracle Solaris Kernel Zones

An Oracle Solaris Kernel Zone, also called a solaris-kz branded zone, uses the branded zones framework to run a zone with a separate kernel and operating system (OS) installation from the global zone. The separate kernel and OS installation provide for greater independence and enhanced security of operating system instances and applications.

Oracle VM Server for SPARC

Oracle VM Server for SPARC provides highly efficient, enterprise-class virtualization capabilities for SPARC T-Series, SPARC M5, Fujitsu SPARC M12, and Fujitsu M10 platforms. You can create virtual servers called “logical domains” that can run an instance of an operating system to enable multiple operating systems on the same computer. For more information, see Oracle VM Server for SPARC 3.3 Administration Guide.

How a Virtual Network Works

The following figure shows the working of a virtual network and its components in a system.

Figure 1  Working of a Virtual Network

image:The figure shows VNIC configuration for a single interface.

The figure shows a single system with one NIC. The NIC is configured with three VNICs. Each VNIC is assigned to a zone. Zone 1, Zone 2, and Zone 3 are the three zones configured for use in the system. The zones communicate with each other and with the external network by using their respective VNICs. The three VNICs connect to the underlying physical NIC through the virtual switch. The function of a virtual switch is equivalent to the function of a physical switch as both provide connectivity to the systems.

When a virtual network is configured, a zone sends traffic to an external host in the same way as a system without a virtual network. Traffic flows from the zone, through the VNIC to the virtual switch, and then to the physical interface, which sends the data to the network.

The zones can also exchange traffic with one another inside the system if all the VNICs configured to the zones are part of the same VLAN. For example, packets pass from Zone 1 through its dedicated VNIC 1. The traffic then flows through the virtual switch to VNIC 3. VNIC 3 then passes the traffic to Zone 3. The traffic never leaves the system, and therefore never violates the Ethernet restrictions.

Alternatively, you can create a virtual network based on the etherstub. Etherstubs are entirely software based and do not require a network interface as the basis for the virtual network.

The following figure shows a private virtual network based on the etherstub.

Figure 2  Private Virtual Network

image:The figure shows a private virtual network based on the etherstub.

This figure shows etherstub0 over which VNIC1, VNIC2, and VNIC3 are configured. Each VNIC is assigned to a zone. The private virtual network based on the etherstub cannot be accessed by external networks. For more information, see Use Case: Configuring a Private Virtual Network.

Oracle also provides the Oracle Enterprise Manager Ops Center for managing some aspects of network virtualization, for example, the ability to create virtual networks inside a virtual data center. For more information about the Oracle Enterprise Manager Ops Center, see http://www.oracle.com/pls/topic/lookup?ctx=oc122&id=OPCCM.

With the release of Oracle Virtual Networking Drivers for Oracle Solaris, Oracle Virtual Networking now supports Oracle Solaris on x86 and SPARC servers. For more information about Oracle Virtual Networking, see Oracle Virtual Networking Documentation (http://docs.oracle.com/cd/E38500_01/).

Copyright © 2011, 2018, Oracle and/or its affiliates. All rights reserved. 
Previous
Next