Information Technology Reference
In-Depth Information
access control lists (ACLs), local port mirroring (SPAN), remote port mirroring (ERSPAN),
and advanced VM troubleshooting and visibility.
The DVS 5000V Controller performs the central management and coni guration of the
DPMs that exist on a number of ESXi hosts, communicating with vCenter Server so that the
5000V looks like a distributed switch to the VMware environment.
◆
One point of difference between the Cisco 1000V and the IBM 5000V is that the IBM 5000V
supports newer Ethernet technologies such as Edge Virtual Bridging (EVB), Virtual Ethernet
Port Aggregation (VEPA), and Virtual Station Interface (VSI) Discovery and Coni guration
Protocol (VDP). These technologies are intended to enable greater integration between the vir-
tual switches in a vSphere environment and the physical switches upstream.
For more details about the IBM DVS 5000V, please refer to IBM's website at
www-03.ibm.com/systems/networking/switches/virtual/dvs5000v/index.html
HP FlexFabric Virtual Switch 5900v
In May 2013, HP unveiled its third-party distributed virtual switch, the HP FlexFabric Virtual
Switch 5900v, initially expected to be available in the fourth quarter of 2013. Because of the dates
of announcement and availability, information about the HP FlexFabric 5900v was fairly limited
at the time of writing.
HP took a slightly different approach with the 5900v than IBM and Cisco did with their
virtual switches. Whereas both IBM and Cisco support multiple types and brands of upstream
physical switches, the HP 5900v is designed to work only with HP's FlexFabric 5900AF top-of-
rack (ToR) switches through the use of EVB, VEPA, and VDP. In this arrangement, all trafi c—
even VM-to-VM trafi c on the same ESXi host—l ows through the HP 5900AF ToR switch, giving
the networking teams full visibility and full control over the trafi c. This enables HP to support
a full range of networking features like QoS, ACLs, and hardware-based sFlow. The HP 5900v
is also designed to integrate with HP Intelligent Management Center (IMC) to simplify creating
and applying policies that control features like ACLs and QoS to trafi c l owing through the HP
5900v and HP 5900AF ToR switches.
For more details about the HP 5900v, please contact HP. (There was no public URL for the HP
FlexFabric Virtual Switch 5900v available at the time of writing.)
Before we wrap up this chapter on networking with a quick look toward the future, we'd like
to discuss some security-related settings and features available in vSphere environments.
Confi guring Virtual Switch Security
Even though vSwitches and distributed switches are considered to be “dumb switches,” you
can coni gure them with security policies to enhance or ensure layer 2 security. For vSphere
Standard Switches, you can apply security policies at the vSwitch or at the port group level. For
vSphere Distributed Switches, you apply security policies only at the distributed port group
level. The security settings include the following three options:
Promiscuous mode
◆
◆
MAC address changes
Forged transmits
◆
