summaryrefslogtreecommitdiff
path: root/unit4/unit4.typ
diff options
context:
space:
mode:
Diffstat (limited to 'unit4/unit4.typ')
-rw-r--r--unit4/unit4.typ112
1 files changed, 111 insertions, 1 deletions
diff --git a/unit4/unit4.typ b/unit4/unit4.typ
index d172fa8..33679d7 100644
--- a/unit4/unit4.typ
+++ b/unit4/unit4.typ
@@ -316,4 +316,114 @@ _LUN Masking is the process that provides data access control by defining which
- Suitable for applicaions where space consumtion is difficult to forecast.
- Reduces storage costs and simplifies storage management.
== Virtual Networks
-// Slide 39
+=== Virtual Network
+#figure(image("./assets/virtnet.png"))
+_A virtual network is a software based logical network that is either a segment of a physical network or spans across multiple physical networks._\
+- Uses the physical network only for simple packet forwarding.
+- To the nodes, it appears as a physical network.
+- Nodes with common set of requirements can be grouped into virtual network reguardless of geographical location.
+- Nodes can communicate without routing frames even if they are in different geographical locations.
+- Traffic needs to be routed only when nodes are in different virtual networks.
+- They are isolated and independent of each other.
+- Each has unque attributes:
+ - Routing
+ - Switching
+ - Independent policies
+ - Quality of service
+ - Bandwidth
+ - Security
+- Network management traffic and broadcasts do not propogate from one virtual network to another.
+- All types of networks can be virtualized.
+- Programmatically created, provisioned and managed from a network management workstation.
+- Network and security policies become part of individual VMs in accordance with network and security policies defined for each connected application.
+- When the VM is moved, it's networking and security also come with it.
+- When new VMs are created to scale the application, network and security policies are applied dynamically.
+- Can be scaled without reconfiguration of physical hardware.
+_Virtual networks allow cloud providers to create logical networks the span physical boundries, allowing network extension and optimizing resource utilization across clusters and cloud data centers._\
+=== Types of virtual networks
+==== Virtual LAN (VLAN)
+_A VLAN is a virtual network created on a LAN enabling communication between a group of nodes with a common set of functional requirements, independent of their physical location in the network._\
+- Allow a network administrator to logically segment a LAN, and the nodes do not have to be physically located in the same LAN.
+- Simplifies network configuration and administration.
+- Nodes may be members of multiple VLANs, provided OS, hypervisor and storage array OS support it.
+- To configure a VLAN
+ 1. Administrator defines VLANs on physical and virtual switches.
+ 2. Each VLAN is identified by a 12-bit VLAN ID.
+ 3. VLAN membership is configured based on techniques such as:
+ - *Port based*: Membership is defined by assigning VLAN ID to physical or virtual switch port or port group.
+ - *MAC based*: Membership is defined based on MAC address of node.
+ - *Protocol based*: Different VLANs are defined different protocols based on protocol types field found in OSI Layer 2 header.
+ - *IP-subnet address based*: Membership based on network IP subnet address in OSI Layer 3 header.
+ - *Application based*: Specific applications configured to execute on one VLAN.
+- If provider assigns one VLAN per customer, this limits the number of customers that can be supported.
+- Block addresses assigned to each consumer VLAN which leads to unused IP addresses.
+- As the number of nodes increase, the number of assigned addresses may not be large enough to support them.
+==== Private VLAN (PVLAN)
+#figure(image("./assets/pvlan.png"))
+_A PVLAN is an extension of VLAN where VLANs are further divided into sub-VLANS. A PVLAN is made of a primary VLAN and one or more secondary or private VLANs. The primary VLAN is the original VLAN being segregated into smaller groups._\
+- PVLANs exists only inside the primary VLAN.
+- Have unique VLAN ID and isolates the OSI Layer 2 traffic from other PVLANs.
+- Primary VLANs are promiscuous, ports on PVLAN can communicate with ports on VLAN.
+- Routers attached to promiscuous ports.
+- Two types of secondary PVLANs:
+ 1. *Isolated*: A node attached to a port can only communicate with the promiscuous PVLAN.
+ 2. *Community*: A node attached to a port can communicate with other ports in the same community PVLAN as well as promiscuous PVLAN.
+- To configure PVLAN:
+ 1. PVLAN feature must be supported and enabled on switch.
+ 2. Administrator creates a standard VLANs on a switch.
+ 3. VLANs then configured as primary and secondary.
+- Enable providers to support a larger number of customers.
+- Addresses issues with scalability with VLAN.
+- All members share a common address space, which is allocated to the primary VLAN.
+- When nodes are added to the PVLAN, they are assigned addresses allocated to primary VLAN.
+- Provide extra security between nodes that do not belong to the same VLAN.
+- Simplify administrative overhead of maintaining ACLs on different VLANs.
+==== Stretched VLAN
+#figure(image("./assets/strvlan.png"))
+_A stretched VLAN is a VLAN that spans multiple sites and enables Layer 2 communication between a group of nodes over a Layer 3 WAN infrastructure, independent of their physical location._\
+- Extends VLAN across sites and enables nodes to communicate over WAN as if they are in the same network.
+- Allow movement of VMs between sites without changing network configurations.
+- Enables high-availability clusters, VM migration, and application and workload mobility across sites.
+- Created by simply connecting two sites using long distance fibre.
+- Configured using different methods depending on underlying WAN technology.
+- Use:
+ 1. Dense wave division multiplexing (DWDM).
+ 2. Coarse wave division multiplexing (CWDM).
+ 3. Multi-protocol label switching (MPLS).
+ 4. IP network.
+==== Virtual Extensible LAN (VXLAN)
+_A VXLAN is a logical Layer 2 overlay network built on a Layer 3 network, which uses MAC-in-UDP encapsulation to enable communication between a group of nodes, independent of their physical location._\
+- VXLAN header is added to Layer 2 (MAC) frame, which is placed inside a UDP-IP packet and tunneled over a Layer 3 network.
+- Communication established between two tunnel end-points called Virtual Tunnel Endpoints (VTEPs).
+- At transmission, VETP encapsulates traffic into a VXLAN header and at destination, VTEP decapsulates it.
+- Enables logical creation of nodes across different networks.
+- In case of VMs, VETP is built into the hypervisor.
+- Enable seperation of nodes from physical networks.
+- Allow VMs to communicate using transparent overlay scheme over physical networks that span Layer 3.
+- Extends Layer 2 network across sites.
+- VMs are unaware of physical network constraints and only see the virtual Layer 2.
+- Nodes identified using a combination of MAC addresses and VXLAN ID.
+- VXLAN uses 24-bit ID.
+- Make it easier for administrators to scale cloud infrastructure while logically isolating resources of different customers.
+- Enable VM migrations across sites and over long distances.
+==== Virtual SAN (VSAN)
+#figure(image("./assets/vsan.png"))
+_A VSAN or virtual fabric is a logical fabric, created on a physical FC or FCoE SAN enabling communication between a group of nodes with a common set of requirements, independent of their physical location in the fabric._\
+- Functions conceptually same as a VLAN.
+- Each behaves and is managed as an independent fabric.
+- Each has it's own fabric services, configurations, FC addresses, etc.
+- Fabric related configurations in one VSAN do not affect other VSANs.
+- Disruptions in one VSAN do not affect other VSANs.
+- VSAN may be extended across sites using long distance fibre, using DWDM, CWDM, FCIP to carry traffic.
+- To configure VSANs:
+ 1. Define VSANs with VSAN IDs.
+ 2. F_Ports on the switch are assigned VSAN IDs to include them in VSANs.
+ 3. If N_Port connects to an F_Port that belongs to a VSAN, it becomes a member of that VSAN.
+_Both VSANs and Zones enable node ports within a fabric to be logically segmented into groups. But they are not the same and their purposes are different. There is a hierarchial relationship between them. An administrator first assigns physical ports to VSANs and then configures independent zones for each VSAN. A VSAN has it's own fabric services, but fabric services are not available on a per-zone basis._\
+=== Mapping VLAN and VSAN in an FCoE SAN
+#figure(image("./assets/vfcoesan.png"))
+- FCoE protocol enables transmission of FC SAN through a LAN that supports Data Center Bridging (DCB) functionality.
+- FC frames remain encapsulated into Ethernet frames during transmission through the LAN.
+- If VLANs and VSANs are created, a mapping is required between them.
+- Hence, a VLAN must be configured at the FCoE switch for every VSAN.
+- VLANs that carry regular LAN traffic should not be used for VSAN.
generated by cgit v1.2.3 (git 2.46.0) at 2026-04-06 23:24:01 +0000