| 
Distributed Virtual Switching Features
• True network portability
• Network fault tolerance
• Improved network security
• Transparent network compliance
• Industry standard network monitoring
• Comprised of 2 components: Open vSwitch & Distributed Virtual Switch Controller - DVSC
Open vSwitch
• Open Source Virtual Switch maintained at www.openvswitch.org
• Rich Layer 2 feature set
• Ships with XenServer 5.6 FP1 or higher
• Features:
– ACLs and QoS policies
–NetFlow
– Traffic monitoring
– Port bonding
– Per VM traffic policy
• Enable Open vSwitch:
– xe-switch-network-backend openvswitch
– Changes XenServer network backend to Open vSwitch
Switch to Linux Bridge
• Disable HA
• Migrate VMs to different XS host
• Enable Linux bridge mode:
– xe-switch-network-backend bridge
• Reboot XenServer
• Migrate VMs back to XS
• Enable HA
Distributed Virtual Switch Controller - DVSC
• vSwitch Controller:
–Manage up to 64 XS hosts
– Embedded NetFlow visualizer
– Apply network policies on global or specific virtual interfaces
–DVS Controller is a XenServer Virtual Appliance that controls multiple Open vSwitches
vSwitch Controller Virtual Appliance
• Configure the appliance - XenCenter, Web browser, SSH client
Monitoring
• Server statistics
• Network statistics
• Recent network events
• Recent administrative events
• Throughput, flows and bitrate graphs
• Flow statistics: Address group, Virtual machine group
Policy Configuration Hierarchy
• Global
• Resource pools
• Networks
• Virtual machines
• Virtual interfaces
ACL Policies
• Action
• Protocol
• Direction
• Remote Addresses
• ACL hierarchy: Mandatory rules, Child rules, Default rules
• Fail modes: Fail-open, Fail-safe
Fail Modes
• Fail-open
– ACLs are lost, all traffic is allowed
• Fail-safe
– Traffic routed based on existing ACLs
– All ACLs enforced
– Traffic is denied if:
• New VIF is plugged in
• VM migrated using XenMotion
• VMs are added to pool
• If vSwitch is rebooted, all ACL configuration is lost
– Remains in Fail-Safe mode until connectivity is restored
Port Configuration Policies
• QoS
• Traffic mirroring
• MAC spoof policy
Cross-Server Private Network
• XS 6.0 or later
• Open vSwitch for networking
• Pool must have a vSwitch controller
• IP-enabled PIF
• Compatible with XenMotion and Workload Balancing
• True network portability
• Network fault tolerance
• Improved network security
• Transparent network compliance
• Industry standard network monitoring
• Comprised of 2 components: Open vSwitch & Distributed Virtual Switch Controller - DVSC
Open vSwitch
• Open Source Virtual Switch maintained at www.openvswitch.org
• Rich Layer 2 feature set
• Ships with XenServer 5.6 FP1 or higher
• Features:
– ACLs and QoS policies
–NetFlow
– Traffic monitoring
– Port bonding
– Per VM traffic policy
• Enable Open vSwitch:
– xe-switch-network-backend openvswitch
– Changes XenServer network backend to Open vSwitch
Switch to Linux Bridge
• Disable HA
• Migrate VMs to different XS host
• Enable Linux bridge mode:
– xe-switch-network-backend bridge
• Reboot XenServer
• Migrate VMs back to XS
• Enable HA
Distributed Virtual Switch Controller - DVSC
• vSwitch Controller:
–Manage up to 64 XS hosts
– Embedded NetFlow visualizer
– Apply network policies on global or specific virtual interfaces
–DVS Controller is a XenServer Virtual Appliance that controls multiple Open vSwitches
vSwitch Controller Virtual Appliance
• Configure the appliance - XenCenter, Web browser, SSH client
Monitoring
• Server statistics
• Network statistics
• Recent network events
• Recent administrative events
• Throughput, flows and bitrate graphs
• Flow statistics: Address group, Virtual machine group
Policy Configuration Hierarchy
• Global
• Resource pools
• Networks
• Virtual machines
• Virtual interfaces
ACL Policies
• Action
• Protocol
• Direction
• Remote Addresses
• ACL hierarchy: Mandatory rules, Child rules, Default rules
• Fail modes: Fail-open, Fail-safe
Fail Modes
• Fail-open
– ACLs are lost, all traffic is allowed
• Fail-safe
– Traffic routed based on existing ACLs
– All ACLs enforced
– Traffic is denied if:
• New VIF is plugged in
• VM migrated using XenMotion
• VMs are added to pool
• If vSwitch is rebooted, all ACL configuration is lost
– Remains in Fail-Safe mode until connectivity is restored
Port Configuration Policies
• QoS
• Traffic mirroring
• MAC spoof policy
Cross-Server Private Network
• XS 6.0 or later
• Open vSwitch for networking
• Pool must have a vSwitch controller
• IP-enabled PIF
• Compatible with XenMotion and Workload Balancing