5.vsphere(创建和管理虚拟网络).pdf-道客多多

资源描述

1、现任明教教主 VMware vSphere 5 作者：现任明教教主马海波现任明教教主北京Yeslab安全实验室出品 1.vSphere 5.0 简介 2. 安装部署VMware ESXi 5.0 3. 安装vCenter 4. 创建配置FC存储设备以及SAN Boot 5.创建和管理虚拟网络 6. 创建和管理iSCSI存储 7. 创建和管理VM 8.安全访问控制 9.管理资源分配 10.高可用性 11. 监控 vSphere 性能 12.VMware View 桌面虚拟化系统 13.VSA Cluster 部署与应用内容简介第一部分: 术语介绍第二部分: 配置标准交换机第三部分

2、: 配置分布式交换机第四部分: Cisco Nexus 1000v 介绍内容简介创建和管理虚拟网络内容简介现任明教教主/heymo vSphere 5.0第一部分术语介绍第一部分术语介绍现任明教教主/heymo vSphere 5.0虚拟网络第一部分术语介绍现任明教教主/heymo vSphere 5.0 虚拟网络是由虚拟和物理网络适配器，虚拟和物理交换机组成。第一部分术语介绍现任明教教主/heymo vSphere 5.0 术语介绍（1 ） vNetwork Standard Switch (vSwitch) ： A software-based switch

3、that resides in the VMkernel and provides traffic management for virtual machines. Users must manage vSwitches independently on each ESXi host. vNetwork Distributed Switch ： A software-based switch that resides in the VMkernel and provides traffic management for virtual machines the VMkernel. Distri

4、buted vSwitches are shared by and managed across entire clusters of ESXi hosts. 第一部分术语介绍现任明教教主/heymo vSphere 5.0 术语介绍（2 ） Port/port group ： A logical object on a vSwitch that provides specialized services for the VMkernel or VMs. A virtual switch can contain a VMkernel port or a VM port group. On

5、a vSphere Distributed Switch, these are called dvPort groups.第一部分术语介绍现任明教教主/heymo vSphere 5.0 术语介绍（3 ） VMkernel port ：A specialized virtual switch port type that is configured with an IP address to allow vMotion, iSCSI storage access, network attached storage (NAS) or Network File System (NFS) acc

6、ess, or vSphere Fault Tolerance (FT) logging. Now that vSphere 5 includes only VMware ESXi hosts, a VMkernel port also provides management connectivity for managing the host. A VMkernel port is also referred to as a vmknic. Virtual machine port group ：A group of virtual switch ports that share a com

7、mon configuration and allow virtual machines to access other virtual machines or the physical network.第一部分术语介绍现任明教教主/heymo vSphere 5.0 术语介绍（4 ） Virtual LAN ： A logical LAN configured on a virtual or physical switch that provides efficient traffic segmentation, broadcast control, security, and effi

8、cient bandwidth utilization by providing traffic only to the ports configured for that particular VLAN. Trunk port (Trunking) ：A port on a physical switch that listens for and knows how to pass traffic for multiple VLANs. It does this by maintaining the VLAN tags for traffic moving through the trunk

9、 port to the connected device(s). Trunk ports are typically used for switch-to-switch connections to allow VLANs to pass freely between switches. Virtual switches support VLANs, and using VLAN trunks allows the VLANs to pass freely into the virtual switches.第一部分术语介绍现任明教教主/heymo vSphere 5.0 术语介绍（5

10、） Access port ： A port on a physical switch that passes traffic for only a single VLAN. Unlike a trunk port, which maintains the VLAN identification for traffic moving through the port, an access port strips away the VLAN information for traffic moving through the port. Network interface card team ：

11、 The aggregation of physical network interface cards (NICs) to form a single logical communication channel. Different types of NIC teams provide varying levels of traffic load balancing and fault tolerance.第一部分术语介绍现任明教教主/heymo vSphere 5.0 术语介绍（6 ） vmxnet adapter ： A virtualized network adapter ope

12、rating inside a guest operating system. The vmxnet adapter is a high- performance, 1Gbps virtual network adapter that operates only if the VMware Tools have been installed. The vmxnet adapter is sometimes referred to as a paravirtualized driver. The vmxnet adapter is identified as Flexible in the vi

13、rtual machine properties. vlance adapter ： A virtualized network adapter operating inside a guest operating system. The vlance adapter is a 10/100Mbps network adapter that is widely compatible with a range of operating systems and is the default adapter used until the VMware Tools installation is co

14、mpleted.第一部分术语介绍现任明教教主/heymo vSphere 5.0 术语介绍（7 ） e1000 adapter ： A virtualized network adapter that emulates the Intel e1000 network adapter. The Intel e1000 is a 1Gbps network adapter. The e1000 network adapter is most common in 64-bit virtual machines.第一部分术语介绍现任明教教主/heymo vSphere 5.0 设计网络前需要考

15、虑的问题 1.Do you have or need a dedicated network for management traffic, such as for the management of physical switches? （是否需要设计专用的管理网络） 2.Do you have or need a dedicated network for vMotion traffic? （是否需要专用的网络来做vMotion ） 3.Do you have an IP storage network? Is this IP storage network a dedicated net

16、work? Are you running iSCSI or NAS/NFS? （是否需要一个IP 存储网络，是否需要专用的存储网络，使用iSCSI还是NAS/NFS 技术） 4.How many NICs are standard in your ESXi host design? （ESXi主机有多少个网卡） 5.Do the NICs in your hosts run 1 Gb Ethernet or 10 Gb Ethernet? （网卡是1Gb还是10Gb以太网） 6.Is there a need for extremely high levels of fault tole

17、rance for VMs? （是否需要为VM 启用FT功能） 7.Is the existing physical network composed of VLANs? （物理网络是否使用VLAN技术） 8.Do you want to extend the use of VLANs into the virtual switches? （是否在虚拟交换机中使用VLAN ）第一部分术语介绍现任明教教主/heymo vSphere 5.0第二部分配置标准交换机第二部分配置标准交换机现任明教教主/heymo vSphere 5.0第二部分配置标准交换机现任明教教主/heymo v

18、Sphere 5.0 Virtual switches 介绍 Virtual switches分为两种类型： 1.vNetwork Standard Switches 2.vNetwork Distributed Switches Virtual switches能够提供如下通讯： 1. between virtual machines within an ESXi host 2. between virtual machines on different ESXi hosts 3. between virtual machines and physical machines on the n

19、etwork 4. for VMkernel access to networks for VMotion, iSCSI, NFS, or fault tolerance logging (and management on ESXi)第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 vSwitch 和物理Switch 的区别（1 ） vSwitches do have some differences from physical switches. A vSwitch does not support the use of dynamic negotiation p

20、rotocols for establishing 802.1q trunks or port channels, such as Dynamic Trunking Protocol (DTP) or Port Aggregation Protocol (PAgP). A vSwitch cannot be connected to another vSwitch, thereby eliminating a potential loop configuration. Because there is no possibility of looping, the vSwitches do no

21、t run Spanning Tree Protocol (STP). Looping can be a common network problem, so this is a real benefit of vSwitches. 总结：不支持DTP 和PAgP ，不运行STP第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 vSwitch 和物理Switch 的区别（2 ） 1. A vSwitch authoritatively knows the MAC addresses of the virtual machines connected to that v

22、Switch, so there is no need to learn MAC addresses from the network. （无需学习MAC ） 2. Traffic received by a vSwitch on one uplink is never forwarded out another uplink. This is yet another reason why vSwitches do not run STP. （不会把一个uplink 的流量发送给另一个uplink ） 3. A vSwitch does not need to perform Internet

23、 Group Management Protocol (IGMP) snooping because it knows the multicast interests of the virtual machines attached to that vSwitch. （不需要执行IGMP ）第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 Uplink 介绍如果没有Uplink 就不能和物理网络进行通讯第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 两种不同的Port 和Port Group 1. VMkernel port 2. Vir

24、tual Machine port group第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 Virtual switches alone cant provide connectivity,they need ports or port groups and uplinks Port and Port Group第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 Vmkernel 网络 VMkernel ports are used for VMotion, iSCSI, NAS/NFS access, and VMware FT. Wit

25、h ESXi, VMkernel ports are also used for management.第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 添加Vmkernel （1 ）第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 添加Vmkernel （2 ）第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 Virtual Machine 网络 The virtual machine port group is quite different from a VMkernel port. Both of the o

26、ther ports have a one-to-one relationship with an interface.A virtual machine port group, on the other hand, does not have a one-to-one relationship, and it does not require an IP address.第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 添加Virtual Machine 网络（1 ）第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 添加Virtual Ma

27、chine 网络（2 ）第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 添加Virtual Machine 网络（3 ）第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 NIC Teaming 介绍 NIC teaming involves connecting multiple physical network adapters to single vSwitch. NIC teaming provides redundancy and load balancing of network communications to VMkerne

28、l, and virtual machines.第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 配置NIC Teaming （1 ）第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 配置NIC Teaming （2 ）第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 配置NIC Teaming （3 ）第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 已有vSwitch 配置NIC Teaming第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 配置负载均衡第二部

29、分配置标准交换机现任明教教主/heymo vSphere 5.0 三种负载均衡方式 1.Virtual Switch Port Load Balancing 2.Source MAC Load Balancing 3.IP Hash Load Balancing Port 和Source Mac 负载均衡能够连接多个物理交换机，802.3ad 的link aggregation 却不行。第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 Virtual Switch Port-Based Load Balancing第二部分配置标准交换机现任明教教主/heym

30、o vSphere 5.0 Source MAC-Based Load Balancing第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 IP Hash-Based Load Balancing第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 网络故障切换检测的两种方法第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 通知交换机 1. A virtual machine is powered on (or any other time a client registers itself with the vSwit

31、ch) 2. A VMotion occurs 3. AMAC address is changed 4. A NIC team failover or failback has occurred第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 故障恢复 IP 存储的接口最好设置故障恢复选项为“no”第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 流量控制（Traffic Shaping ）第二部分配置标准交换机现任明教教主/heymo vSphere 5.0 安全（1 ）杂合模式第二部分配置标准交换机现任明教教主/heymo vS

32、phere 5.0 安全（2 ）MAC 地址更改/ 伪信号 The initial MAC address is generated automatically and that resides in the configuration file. The effective MAC address is the MAC address configured by the guest OS that is used during communication with other systems. The effective MAC address is included in network

33、communication as the source MAC of the VM. By default, these two addresses are identical.第三部分配置分布式交换机第三部分配置分布式交换机现任明教教主/heymo vSphere 5.0第三部分配置分布式交换机现任明教教主/heymo vSphere 5.0 分布式交换机与普通交换机相同之处 1. Like a vSwitch, a vNetwork Distributed Switch provides connectivity for virtual machines, Service Co

34、nsole or Management traffic, and VMkernel interfaces. 2. Like a vSwitch, a vNetwork Distributed Switch leverages physical network adapters as uplinks to provide connectivity to the external physical network. 3. Like a vSwitch, a vNetwork Distributed Switch can leverage VLANs for logical network segm

35、entation.第三部分配置分布式交换机现任明教教主/heymo vSphere 5.0 分布式交换机的优点 vNetwork Distributed Switch spans multiple servers in a cluster instead of each server having its own set of vSwitches. This greatly reduces complexity in clustered ESX/ESXi environments and simplifies the addition of new servers to an ESX/ES

36、Xi cluster.第三部分配置分布式交换机现任明教教主/heymo vSphere 5.0 添加分布式交换机（1 ）第三部分配置分布式交换机现任明教教主/heymo vSphere 5.0 添加分布式交换机（2 ）第三部分配置分布式交换机现任明教教主/heymo vSphere 5.0 不同版本分布式交换机的比较 1.vSphere Distributed Switch Version: 4.0: This type of dvSwitch is compatible back to vSphere 4.0 and limits the dvSwitch to features

37、 supported only by vSphere 4.0. 2.vSphere Distributed Switch Version: 4.1.0: This type of dvSwitch adds support for Load-Based Teaming and Network I/O Control. This version is supported by vSphere 4.1 and later. 3.vSphere Distributed Switch Version: 5.0.0: This version is compatible only with vSpher

38、e 5.0 and later and adds support for all the new features such as userdefined network resource pools, Network I/O Control, NetFlow, and port mirroring.第三部分配置分布式交换机现任明教教主/heymo vSphere 5.0 添加分布式交换机（3 ）第三部分配置分布式交换机现任明教教主/heymo vSphere 5.0 添加分布式交换机（4 ）第三部分配置分布式交换机现任明教教主/heymo vSphere 5.0 创建端口组（1

39、）第三部分配置分布式交换机现任明教教主/heymo vSphere 5.0 创建端口组（2 ）第三部分配置分布式交换机现任明教教主/heymo vSphere 5.0 分布式交换机添加Vmkernel （1 ）第三部分配置分布式交换机现任明教教主/heymo vSphere 5.0 分布式交换机添加Vmkernel （2 ）第三部分配置分布式交换机现任明教教主/heymo vSphere 5.0 分布式交换机添加Vmkernel （3 ）第三部分配置分布式交换机现任明教教主/heymo vSphere 5.0 分布式交换机的Features 分布式交换机与3560之间配

40、置PVLAN,请参考: http:/ 分布式交换机上的CDP配置,请参考: http:/ 分布式交换机与Cisco 3560之间配置port-channel与接口负载均衡,请参考: http:/ 分布式交换机上的NetFlow配置,请参考: http:/ Cisco Nexus 1000v 介绍第四部分 Cisco Nexus 1000v介绍现任明教教主/heymo vSphere 5.0第四部分 Cisco Nexus 1000v介绍现任明教教主/heymo vSphere 5.0 Cisco Nexus 1000v 介绍 Nexus 1000v 是Cisco 出产的第三方虚

41、拟分布式交换机，它由两大组件组成： The Virtual Supervisor Module (VSM) the control plane of the switch and a virtual machine that runs NX-OS. The Virtual Ethernet Module (VEM) a virtual line card embedded in each VMware vSphere (ESX) host. The VEM is partly inside the kernel of the hypervisor and partly in a user w

42、orld process, called the VEM Agent.第四部分 Cisco Nexus 1000v介绍现任明教教主/heymo vSphere 5.0 Cisco Nexus 1000v 示意图第四部分 Cisco Nexus 1000v介绍现任明教教主/heymo vSphere 5.0 Mangement VLAN The Management VLAN is used for system login, configuration. and corresponds to the mgmt0 interface. The management interface app

43、ears as the mgmt0 port on a Cisco switch, and is assigned an IP address. Although the management interface is not used to exchange data between the VSM and VEM, it is used to establish and maintain the connection between the VSM and VMware vCenter Server. The management interface is always the secon

44、d interface on the VSM and is usually labeled Network Adapter 2 in the virtual machine network properties.第四部分 Cisco Nexus 1000v介绍现任明教教主/heymo vSphere 5.0 Packet VLAN The Control VLAN and the Packet VLAN are used for communication between the VSM and the VEMs within a switch domain. The VLANs are u

45、sed as follows: The Packet VLAN is used by protocols such as CDP, LACP, and IGMP. The third e1000 network adapter connects to a VLAN created for Nexus packet traffic第四部分 Cisco Nexus 1000v介绍现任明教教主/heymo vSphere 5.0 Control VLAN The Control VLAN is used for the following: VSM configuration commands t

46、o each VEM, and their responses VEM notifications to the VSM, for example a VEM notifies the VSM of the attachment or detachment of ports to the DVS VEM NetFlow exports are sent to the VSM, where they are then forwarded to a NetFlow Collector. The First e1000 network adapter connects to a VLAN creat

47、ed for Nexus packet traffic第四部分 Cisco Nexus 1000v介绍现任明教教主/heymo vSphere 5.0 N1KV 实验示意图第四部分 Cisco Nexus 1000v介绍现任明教教主/heymo vSphere 5.0 部署VSM （1 ）第四部分 Cisco Nexus 1000v介绍现任明教教主/heymo vSphere 5.0 部署VSM （2 ）注意:在后面的配置过程中要求VSM使用的网络必须是标准交换机的port group,不能用分布式交换机的.第四部分 Cisco Nexus 1000v介绍现任明教教主/heymo

48、vSphere 5.0 部署VSM （3 ）第四部分 Cisco Nexus 1000v介绍现任明教教主/heymo vSphere 5.0 部署VSM （4 ）第四部分 Cisco Nexus 1000v介绍现任明教教主/heymo vSphere 5.0 部署VSM （5 ）第四部分 Cisco Nexus 1000v介绍现任明教教主/heymo vSphere 5.0 部署VSM （6 ）第四部分 Cisco Nexus 1000v介绍现任明教教主/heymo vSphere 5.0 部署VSM （7 ）第四部分 Cisco Nexus 1000v介绍现任明教教主/heymo

49、vSphere 5.0 部署VSM （8 ）第四部分 Cisco Nexus 1000v介绍现任明教教主/heymo vSphere 5.0 部署VSM （9 ）第四部分 Cisco Nexus 1000v介绍现任明教教主/heymo vSphere 5.0 部署VSM （10 ）第四部分 Cisco Nexus 1000v介绍现任明教教主/heymo vSphere 5.0 部署VSM （11 ）第四部分 Cisco Nexus 1000v介绍现任明教教主/heymo vSphere 5.0 部署VSM （12 ）第四部分 Cisco Nexus 1000v介绍现任明教教主/heymo vSphere 5.0 部署VSM （13 ）第四部分 Cisco Nexus 1000v介绍现任明教教主/heymo vSphere 5.0 部署VSM （14 ）第四部分 Cisco N

展开阅读全文