Information Technology Reference
In-Depth Information
and networking features, so it will be up to you to learn the nuances of your chosen pro-
vider's virtual network implementation solution.
Virtual switches are the key components of a virtual network implementation, which
allows you to create multiple switches that can number up to the hundreds, again depend-
ing on your chosen virtualization solution. In theory and practice, virtual switches are
similar to physical switches, but in some notable ways they are very different. This is
mainly because developers can be more creative with virtual switches because they are all
implemented via software, and the possibilities, as you may know, are quite numerous to
say the least.
Similarities to Physical Switches
Most implementations of virtual switches work in the same way as modern Ethernet
switches. A virtual switch relays packets and maintains a MAC port forwarding table.
It can perform the same functions as a physical switch:
Forwards frames to one or many ports for transmission
■
Checks each frame's MAC destination upon arrival
■
Avoids unnecessary forwarding, unlike hubs, which just forward everything
■
Differences between Physical Switches and Virtual Switches
Since virtual switches are essentially programs, they can be configured for functions that are
not being used in physical switches. For example, some virtual switch implementations have
built-in shortcuts to certain functions that require a lot of tinkering for physical switches,
such as learning multicast group membership or automatically switching ports to mirror
mode when sensing that a virtual NIC's promiscuous bit is set.
Another major difference, at least in some implementations such as VMware's, is that
virtual switches cannot be cascaded within the same host. The virtual switch can provide
all of the ports required. That is why, unlike a physical switch with a very limited number
of ports, it does not need to be cascaded. This has added benefits:
■
Bad virtual switch connections are avoided.
■
Virtual switches do not share network adaptors because only one is required per
host, so there is no way to create loopback that would cause leakage between virtual
switches.
Each virtual switch's forwarding table does not contain any entries that point to a port
on another virtual switch, and there is actually no mechanism to do this. So every destina-
tion that the virtual switch can look up matches only ports on itself, as the originator of the
frame. This is called virtual switch isolation, and it is quite unlikely that an attacker can
circumvent this.
Virtual Local Area Networks
Virtual local area networks (VLANs) are often confused with virtual networks because of
the name, but they refer to different concepts. This confusion is quite common because not
all professionals who work in the field of computers actually deal with networks; many are
Search WWH ::
Custom Search