How to Create logical networks to segregate traffic in a data center in RedHat Virtualization (RHV)
Networking in RedHat Virtualization
Network configuration is one of the most important factors influencing the performance of your virtualization environment. Networking in Red Hat Virtualization is defined in several layers. The underlying physical networking infrastructure must be in place and configured to allow connectivity between hardware and the logical components of the Red Hat Virtualization environment.
Red Hat Virtualization allows you to use logical networks to segregate different types of network traffic onto separate VLANs or physical networks for improved security and performance. For example, one VLAN can be used for management traffic, another for storage traffic, and a third for a network of virtual machines.
Logical networks are defined in a particular data center and assigned to one or more clusters. Each cluster has its own set of assigned networks. A logical network can be assigned to multiple clusters in the same data center, and this is one way for hosts in different clusters to communicate with each other.
When you create a new logical network, you give it a name, specify what data center it is in, whether you’re using VLAN tagging (and the VLAN ID) for that network, and whether it’s a VM network or not. You can also specify advanced settings for Quality of Service (QoS) and to limit bandwidth that the network can consume.
A VM Network is usable by virtual machines. Logical networks that are not VM Networks are only usable by the hosts. VM Networks are backed by a Linux bridge on cluster hosts. These software-defined network bridges connect the host’s network interface used by the logical network with the virtual network interface cards of virtual machines. Performance of the Linux bridge is only limited by the physical network interface card that it is attached to on the host and any advanced QoS settings that have been made. You may have more than one VM Network in a cluster or data center. When virtual machines are installed, you configure their virtual network interface card (vNIC) to use a particular VM Network.
Logical networks that do not carry virtual machine traffic do not have an associated bridge device on hosts.
Clusters can be configured to segregate different RHV infrastructure traffic on different logical networks
- Management Network: Logical network that facilitates communication between various components of Red Hat Virtualization. For example, RHV Hosts and RHV Manager.
- Display Network: Logical network that carries virtual machine display traffic.
- Migration Network: Logical network that segregates virtual machine migration-related network traffic. This makes it possible to use a dedicated network (without routing) for live migration, and ensures that the management network does not lose its connection to hypervisors during migration.
In addition, other logical networks that do not carry RHV infrastructure traffic might be used as a storage network for iSCSI or NFS traffic to the host or to VMs.
When you create a new logical network in a data center, it is added as a required network to all clusters in that data center by default. If it is an infrastructure network, it needs to be configured at the cluster level to indicate what type of infrastructure traffic it should carry. Each host in the cluster also needs to have the correct network interface on that host configured to use that network. This will be discussed further in the next section of this chapter.
The default data center is configured with a single logical network, called ovirtmgmt. This network is configured as a VM Network that also carries all infrastructure traffic. This is a functional configuration but provides no boundaries between the different types of network traffic in your data center and its clusters.
Required and Optional Networks
Required networks must be applied to all hosts in a cluster for the cluster and network to be operational. By default, new logical networks are added to clusters as required networks. When a required network becomes nonoperational for a host, virtual machines running on that host are migrated to another host. The extent of this migration is dependent upon the cluster policy. This is beneficial if you have machines running mission-critical workloads.
Optional networks are those logical networks that have not been explicitly declared as required networks. Optional networks can be implemented on only the hosts that use them. The presence or absence of these networks does not affect the operational status of a host. When an optional network becomes nonoperational, the virtual machines running on the network are not migrated to another host. This prevents unnecessary overhead caused by mass migrations.
NOTE: A virtual machine with a network interface on an optional VM Network will not start on a host that doesn’t have that network available.
Logical networks in the environment
Logical networks have different implications for each layer of the virtualization environment.
- Data Center Layer: Logical networks are defined at the data center level. Each data center has the ovirtmgmt management network by default. Further logical networks are optional but recommended. Designation as a VM Network and a custom MTU can be set at the data center level. A logical network defined for a data center must also be added to the clusters that use the logical network.
- Cluster Layer: Logical networks are made available from a data center, and must be added to the clusters that will use them. Each cluster is connected to the management network by default. You can optionally add logical networks to a cluster that have been defined for the cluster’s parent data center. When a required logical network has been added to a cluster, it must be implemented for each host in the cluster. Optional logical networks can be added to hosts as needed.
- Host Layer: Virtual machine logical networks are implemented for each host in a cluster as a software bridge device associated with a given network interface. Logical networks, when used apart from virtualization, do not use bridges but are associated with host network interfaces directly. Each host has a management network implemented as a bridge using one of its network devices as a result of being included in a Red Hat Enterprise Virtualization environment. Further required logical networks that have been added to a cluster must be associated with network interfaces on each host to become operational for the cluster.
- Virtual Machine Layer: Logical networks can be made available to virtual machines in the same way that a network can be made available to a physical machine. A virtual machine can have its virtual NIC connected to any virtual machine logical network that has been implemented on the host that runs it. The virtual machine then gains connectivity to any other device or destination available on the logical network it is connected to.
NOTE: Gigabit Ethernet is sufficient for the management network and is typically sufficient for the display network. But the migration network and any storage networks you might add will work better as dedicated high-bandwidth networks or VLANs (10 GbE or 40 GbE if available). Bandwidth requirements for your VM Networks depend on your applications. Using VLANs in conjunction with advanced QoS features can make it easier to manage physical host networking and the performance of the RHV environment.
Creating logical networks
Creating a logical network of any type with RHV:
1. In the Administration Portal, select the Networks tab and click New to create a new logical network. This opens a New Logical Network window. In the General pane, select the data center for the network and give the network a name. Check Enable VLAN tagging if the network is on a VLAN and enter the VLAN ID number. If the network is to be a VM Network, select VM network. If you accept these settings by clicking OK, the new network is attached to all clusters in the data center as a required network. You can change that now on the Clusters pane, or adjust settings cluster by cluster in the next step.
2. In the Clusters tab of the Administration Portal, select a cluster from the list. In the lower pane that appears, select the Logical Networks tab.
3. Using the Manage Networks button under that tab, access the Manage Networks network configuration window. This lists all logical networks in the data center and the cluster. With the help of the available check boxes, specify the network that carries each type of infrastructure traffic. You can also assign or unassign networks to the cluster, and indicate whether they are required or optional networks. Click OK when everything is configured.
4. Repeat the previous two steps for each cluster you are configuring with the new network. At this point, you have created a logical network and assigned it to a cluster, but it is not yet configured on any hosts. Before you can use the logical network, it needs to be attached to a network interface on hosts in the cluster. The next section of this chapter will cover how that is done.
NOTE: RHV has experimental support for using OpenStack Neutron networking for logical network configuration. The External Provider settings in the interface are for this purpose.
Adding logical networks to RHVH hosts
In the previous section, you learned how to create logical networks to separate different network traffic. This section describes the procedures needed for the logical networks to become active. It is essential to know how to attach those logical networks to your RHVH hosts. This type of reconfiguration of the RHV environment requires some caution, because a wrong step might make your RHVH host nonoperational.
Assigning Logical Networks
When a logical network is created, it is automatically attached to all clusters in the data center unless you specify otherwise. If the cluster has at least one RHVH host associated with it, the network state is Non Operational. The reason for that is that the RHVH host network configuration needs to be modified to attach the logical network to a physical network interface. When the reconfiguration is done, the logical network switches to Operational mode.
Once you have created a new logical network for your data center, the next step is to assign it to network interfaces on all hosts in the cluster. For a required logical network to become active, you need to assign it to all RHVH hosts in the cluster.
NOTE: This is true if the logical network is a required network, which is the default. If the new logical network is an optional network, the network becomes operational immediately. However, hosts in the cluster are still unable to use the optional logical network until it is actually associated with one of their network interfaces.
Here are the steps needed to assign a logical network to an RHVH host:
1. Click the Hosts tab and choose the appropriate host from the list by clicking on it.
2. In the lower part of the interface, click the Network Interfaces tab.
3. Click the Setup Host Networks button to open the Setup Host Networks dialog window.
4. Attach the logical network to a physical network interface by dragging and dropping the appropriate box representing the logical network next to the physical network interface.
5. Click the pencil icon next to the name of the newly assigned logical network to open the Edit Management Network dialog window.
6. Depending on your network environment configuration, select the appropriate Boot Protocol type.
7. Ensure that the Verify connectivity between Host and Engine check box is marked.
8. Ensure that the Save network configuration check box is marked to save your changes.
9. Click OK button apply the changes.
NOTE: On rare occasions, altered network configuration might not be saved on the hosts. This is the case when the host reboots or is unavailable during the reconfiguration step. If this is the case, you can always force synchronization of the current network configuration. To synchronize the new network configuration with a host, click the Sync All Networks button.
IMPORTANT: This procedure associates a logical network with the correct physical interface for that network on each host. This is necessary because hosts might have multiple network interfaces for different purposes. For example, your VM network might be VLAN 10 and your management network VLAN 20 on a host’s enp0s0 interface, while your storage network might be untagged traffic on the host’s enp2s0 network interface. You might also need to configure how the host gets its IP address on that logical network, and that is also done through this procedure.
Network Labels & Automatic host configuration
In a large RHV environment with multiple RHVH hosts, it might be difficult to assign logical networks manually to host interfaces as the network design changes. Network labels can make assignments of logical networks to host NICs simpler.
A network label is an arbitrary text string (upper and lowercase, underscores, or hyphens) that can be placed on a logical network or a host’s physical interface. When a new logical network with a network label is added to a cluster, if hosts in the cluster have network interfaces assigned with that label, they automatically add that logical network to that network interface. Setting a label on a specific logical network, for example on a migration network, causes an automatic mass deployment of that network on all RHVH hosts. Removing a label from a logical network removes that logical network from all RHVH hosts with that label.
Note that two or more logical networks can have the same label. This is very powerful. For example, you could have a label internal on a host network interface. Then you could set up logical networks for VLAN 10 and VLAN 20 with the label internal and both networks would be associated with that network interface on the host automatically.
Here are the steps to assign a network label to host network interface:
- Click the Hosts tab and choose the appropriate host from the list by clicking on it.
- In the lower part of the interface, click the Network Interfaces tab.
- Click the Setup Host Networks button to open the Setup Host Networks dialog window.
- Click the Labels radio button to create a new label.
- Drag and drop the [New Label] box onto the network interface you want to create the label for.
- In the Add new Label dialog window, specify the name for the label you want to create and click the OK button
After creating the new network label, every logical network you create using that label name will be automatically attached to the network interface tagged with this label. You can also add or remove logical networks to that interface by editing the logical network, and adding or removing that label.