Database Reference
In-Depth Information
on our experience.
Virtual Switches
Virtual switches (vSwitches) connect virtual machines to virtual networks, as well as to
each other, on the same host. When a virtual switch is configured with a physical
adapter, it can connect virtual machines to the physical network and the outside world.
Each virtual machine connects to a virtual switch port on a port group. The port group
forms the boundary for communications on a virtual switch. This is an important concept
to understand, especially for security.
A virtual switch and a port group are layer 2 only; they do not perform any routing, and
there is no code that allows a VM connected to one port group to communicate with
another VM on another port group. Communications between different port groups is
prevented even if they are on the same virtual switch, unless the traffic goes via a router
or firewall VM or if traffic is sent out to the physical network and routed back into the
host.
A port group is where you define VLAN tags and other properties of the virtual
networks that are connected to the virtual switch. Communications between VMs that
are connected to the same port group and virtual switch remain within a host and are
performed at memory speed. They are not limited to the speed of any network adapter,
but instead are limited only to the speed of the host CPUs and memory bus.
There are two main types of virtual switch, as
Table 8.4
shows.
