Shulou(Shulou.com)06/02 Report--

In this article, the editor introduces "what is the virtual network in Linux" in detail, the content is detailed, the steps are clear, and the details are handled properly. I hope this article "what is the virtual network in Linux" can help you solve your doubts.

We start at the high level of the problem and then delve into the various approaches to network virtualization that Linux builds and supports.

In a traditional environment (see figure 1), a series of physical servers support the required application settings. In order to achieve communication between servers, each server contains one or more network interface cards (NICs) that are connected to an external network facility. NIC with network software stack supports communication between endpoints through network facilities. As shown in figure 1, this is functionally represented as a switch that supports efficient packet communication between the participating endpoints.

Figure 1. Traditional network infrastructure

The key reform behind server consolidation is the abstraction of physical hardware, which allows multiple operating systems and applications to share hardware (see figure 2). This reform is called hypervisor (or virtual machine [VM] monitor). Each VM (an operating system and application setting) treats the underlying hardware as unshared, a complete machine, even though some of them may not exist or may be shared by multiple VM. The virtual NIC (vNIC) is an example. The hypervisor creates one or more vNICs for each VM. These NICs can be used as physical NICs for VM, but they really only represent the interface of NIC. The hypervisor also allows dynamic construction of virtual networks, completed by virtual switches, and supports communication between configurable VM endpoints. Finally, the hypervisor also allows communication with the physical network infrastructure, by connecting the physical NICs of the server to the hypervisor's logical facility, allowing efficient communication between VMs in the hypervisor, as well as with external networks.

Figure 2. Virtual network facilities

Virtual network facilities also support other interesting innovations, such as virtual devices. In addition to the elements of the virtual network, we also pay attention to these contents as part of this exploration.

Virtual switch

One of the key developments of virtual network facilities is the development of virtual switches. The virtual switch connects the vNICs to the physical NICs of the server and-more importantly-it connects the vNICs to other vNICs in the server for local communication. This is interesting because in a virtual switch, the limitations are not related to network speed, but to memory bandwidth, which allows efficient communication between local VMs and minimizes the overhead of network facilities. This savings is due to the fact that the physical network is used only for communication between servers, and cross-VM traffic is isolated during service.

However, because Linux already includes a layer 2 switch in the kernel, one might ask, why do you need a virtual switch? The answer includes several attributes, but one of the most important is defined by the new classification of these switch types. The new class, called distributed virtual switch, supports cross-server bridging by making the underlying server architecture more transparent. Virtual switches in one server can transparently connect to virtual switches in other servers (see figure 3), making VM migration between servers (and their virtual interfaces) easier because they can connect to another server's distributed virtual switch and transparently connect to its virtual switching network.

Figure 3. Distributed virtual switch

One of the most important projects during this period is called Open vSwitch, which is discussed next in this article.

One problem with isolating local traffic in the server is that the traffic is not externally visible (for example, to network analysts). The implementation solves this problem through various plans, such as OpenFlow,NetFlow and sFlow, which are also used to output remote access to control and monitor traffic.

Open vSwitch

The early implementation of the distributed virtual switch is over and is limited by the operation of the proprietary settings of the hypervisor. But in today's cloud environment, a heterogeneous environment that supports the coexistence of multiple hypervisors is ideal.

Open vSwitch is a multi-layer virtual switch that can be used as an open resource under the Apache 2.0 license. As of May 2010, Open vSwitch version 1.0.1 is available and supports a number of useful features. Open vSwitch supports leading open source hypervisor solutions, including kernel-based VM (KVM), VirtualBox,Xen and XenServer. It is also a drop-down replacement for the current Linux bridge module.

Open vSwitch consists of kernel modules that guard the switch and manage the flow-based switch. A variety of other daemons and entities exist to manage the switch (especially from the OpenFlow side). You can run Open vSwitch completely in user space, but doing so can lead to performance degradation.

In addition to providing a production-quality switch for the VM environment, Open vSwitch also has an impressive feature roadmap that competes with other similar, proprietary solutions.

Network device Virtualization

Virtualization of NIC hardware has been around for some time in various forms-before the advent of virtual switches. This section describes some of the implementation and hardware acceleration that can be used to improve the speed of network virtualization.

QEMU

Although QEMU is a platform simulator, it also provides software emulation of a variety of hardware devices, including NICs. In addition, QEMU provides an internal Dynamic Host Configuration Protocol server for IP address allocation. QEMU and KVM work together to provide platform simulation and independent device simulation, providing a platform for KVM-based virtualization.

Virtio

Virtio is an input / output (Linux) quasi-virtualization framework that simplifies and speeds up VM-to-hypervisor Imax O communications. Virtio creates a standardized transport mechanism for VM and Ibino between hypervisors for virtual block devices, general peripheral component interconnection (PCI) devices, network devices, etc.

TAP and TUN

Virtualization has been implemented in the network stack for some time, allowing the VM guest network stack to access the host network stack. The second plan is TAP and TUN. TAP is a virtual network kernel driver that implements Ethernet devices and operates at the Ethernet framework level. The TAP driver provides Ethernet "tap" through which the guest Ethernet framework can communicate. The TUN (or network "channel") simulates the network layer device and communicates at the upper layer of the IP packet, which provides some optimization because the underlying Ethernet device is able to manage the layer 2 framework of TUN's IP packet.

IBO Virtualization

ICompo virtualization comes from a standardization program of PCI-Special Interest Group (SIG) that supports accelerated virtualization at the hardware layer. In particular, Single-root IOV (SR-IOV) provides an interface through which independent PCI Express (PCIe) cards can appear in front of a large number of users as multiple PCIe cards, allowing multiple independent drivers to connect to the PCIe card without knowing each other. SR-IOV is implemented by extending virtual functionality to a variety of users, which is a physical function of the PCIe space, but is represented as a shared function in the card.

The benefit that SR-IOV brings to network virtualization is performance. Compared to the hypervisor that implements physical NIC sharing, the card itself is composite, allowing a direct access from the guest VM Imaco interface to the card.

Linux today includes support for SR-IOV, which is good for the KVM hypervisor. Xen also includes support for SR-IOV, allowing it to efficiently display vNIC to guest VMs. Support for SR-IOV is on the Open vSwitch roadmap.

Virtual LANs

Although relevant, virtual LANs (VLANs) is the physical method of network virtualization. VLANs provides the ability to create virtual networks across distributed networks so that different hosts appear (on separate networks) if they are part of the same broadcast domain. VLANs does this by using the VLAN message tagging framework to identify the membership of a particular LAN (according to the Institute of Electrical and Electronics Engineers [IEEE] 802.1Q standard). The host operates with the VLAN switch to virtualize the physical network. However, although VLANs provides the illusion of independent networks, they share the same network and available bandwidth, affecting the results of congestion.

Hardware acceleration

Many virtualization accelerations are beginning to emerge for iPot O, addressing NICs and other devices. Intel ®Virtualization Technology for Directed iCandle O (VT-d) provides the ability to isolate iAccord O resources for improved reliability and security, including remapping direct memory access (using multi-level page tables) and device-related interrupt remapping to support uncorrected and virtualization-aware visitors. Intel Virtual Machine Device Queues (VMDq) also accelerates network traffic in virtualization settings through embedded sorting and intelligent sorting in hardware, achieving lower CPU utilization of hypervisors and greater improvement in overall system performance. Linux includes support for both.

Network virtual device

So far, this paper has discussed the virtualization of NIC devices and switches, part of the current implementation, and some methods of accelerating virtualization through hardware. Now, let's extend this discussion to the usual web services.

One of the interesting innovations in the scope of virtualization is the ecosystem evolved from server consolidation. Instead of putting the application into a specific hardware version, part of the server is isolated from the powerful VM of extended services within the server. These VMs are called virtual appliances because they focus on a specific application and are deployed for virtualization settings.

Virtual devices are usually connected to hypervisors-or good network settings with hypervisors-to extend specific services. What makes this unique is that in the merge server, parts of the processing function (such as core) and Imax O bandwidth can be dynamically configured for virtual devices. This feature makes it more cost-effective (because a stand-alone server is not isolated for it), and you can dynamically change its functionality according to the needs of other applications running on the server. Virtual appliances can also be easier to manage because the application is bundled in the operating system (within VM). No special configuration is required because VM is preconfigured as a whole. This is a benefit worth considering for virtual devices, which is why it has been growing today.

Virtual devices have been developed for many enterprise software, including WAN optimization, routers, virtual private networks, firewalls, intrusion prevention / detection systems, mail classification and management, and so on. In addition to network services, virtual devices are also used for storage, security, application frameworks, and content management.

After reading this, the article "what is the virtual network in Linux" has been introduced. If you want to master the knowledge of this article, you still need to practice and use it yourself to understand it. If you want to know more about related articles, welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.