Virtualization technologies such as VMware and Virtual Server are becoming prevalent in the market place. These technologies provide a virtual hardware abstraction to guest operating systems, and allow them to run as applications (virtual machines) in a functionally isolated environment on a host computer without being modified. Virtualization allows multiple virtual machines (VMs) to run on a single physical server (host computer) simultaneously, providing functional and performance isolation for processor, memory, storage, etc. among the multiple instances of virtual machines.
Isolation and virtualization of networks is an important aspect of virtualization. There are four primary methods of providing such network isolation: 1) each virtual machine can only communicate to the host computer (host only mode); 2) each virtual machine can communicate to the external network via a network address translation (NAT) gateway (NAT mode); 3) each virtual machine can appear as an independent computer on the network (bridged mode); and 4) each virtual machine can talk to other virtual machines on the same computer via an isolated internal network. Each of these methods has its shortcomings.
With host-only mode, a virtual machine cannot communicate to other virtual machines or physical servers on the network. With NAT mode, while a virtual machine can initiate network connection with external servers (virtual and/or physical) on the network, a virtual machine behind a NAT gateway is not externally addressable from outside that gateway. These are severe limitations for virtual machines running in a server farm environment, where it is desirable for many virtual machines to be running on many physical servers.
In bridged mode, virtual machines appear as independent servers on the network and can communicate with one another. While functional as such, bridged mode does not provide any way to isolate a subset of the virtual machines into a separate private network segment. In other words, virtual machines can talk to each other in a flat network segment as individual units, but there is no easy way to create segments containing a subset of virtual machines in a network.
In a server farm environment, it can be very important to create a private network segment, or to overlay a logical network on top of the physical one especially for the virtual machine configurations. For example, it is highly desirable to segregate virtual machine configurations into private networks when, e.g., conducting testing involving viruses, conducting testing with real customer data, or instantiating identical systems on the same physical network for reproducing errant configurations or to perform parallel operations.
Virtual machines can be cloned relatively easily, such that the resulting cloned systems are 100% identical. Cloned systems have identical media access control (MAC) addresses, identical internet protocol (IP) addresses, identical machine names and identical security identifiers (SIDS). This creates conflicts that cause virtual machines and networking equipment such as switches, hubs and routers to malfunction, because MAC addresses are required to be unique in a physical environment.
It would be desirable for a configuration in the form of a group of coordinating virtual machines to be created as a single functional unit, such that virtual machines in the configuration can be deployed onto a server farm, where individual virtual machines in the same configuration can be deployed onto different physical servers. Such a configuration should be cloneable in order to be able create additional identical configurations. It would be desirable for these identical configurations to be able to run simultaneously without causing addressing conflicts.
The desired networking behaviors for the isolated configurations (herein called “fenced configurations”) are:
1) Transparency. Within a configuration, virtual machines should be able to communicate with each other unmodified. For instance, virtual machine 1 in configuration 1 should be able to talk to virtual machine 2 in configuration 1 without either virtual machine being modified.
2) Isolation. When two (identical) configurations are deployed at the same time, the two configurations should be functionally isolated from each other. Virtual machines in one configuration should not be able to talk to any virtual machine in another configuration in fence mode.
3) External Access. Virtual machines in a fenced environment should be able to communicate to servers outside the fence via a NAT gateway. For instance, the virtual machine should be able to browse to www.google.com.
4) External Addressability. Servers outside the fence should be able to initiate network connections to virtual machines inside the fence.
Both VMware's ESX product and Ensim's Entrapid product allow construction of virtual networks within a single physical server (this is sometimes called “network-in-a-box”). For example, ESX users can create multiple virtual machines on the same physical server and use a virtual network to interconnect them. With these products, virtual machines in the same network must all reside on the same physical server. This means the target physical server must have ample memory and processing power, which limits the number of active virtual machines that can participate in the private network.
However, the user may want to construct a server farm with a large number of low end physical servers to host a large number of virtual machines. In this case, it may be desirable to form a single network using a subset of these virtual machines that are deployed on different physical servers. In other words, the desired network configuration can span multiple physical machines, and for this construction “network-in-a-box” does not work.
One solution for segregating a physical local area network (LAN) into multiple logical LANs is virtual LAN (VLAN), usually available in high-end managed switches. Unlike normal switches and hubs where all ports are on the same layer two network, VLAN-capable switches allow a subset of ports to form a virtualized LAN, where a switch may contain multiple. VLANs.
There are limitations for using a VLAN-capable switch to implement this solution:
1) Switch-dependency. The system needs to use vendor specific application program interfaces (APIs) to control different switches, which makes integration more difficult.
2) Separate Management Interface. Physical machines in the server farm need to have a separate management interface in addition to the network interface card (NIC) connected to the switch.
3) Price. VLAN-capable switches are more expensive than layer two switches.
4) Unique MAC Address Requirement. Most importantly, switches are built on the assumption that only physical servers with physical NICs are connected to, the switch, where NIC manufacturers guarantee that all NICs have a unique MAC address. This is not the case with virtual machines cloned from virtual machine images. Due to the cloned virtual machines' violation of MAC uniqueness requirements, it is problematic for switches to handle the same MAC address appearing on different ports. Some switches may treat this situation as if a server has been moved from one port to another. Thus, the VLAN technology in managed switches cannot be used satisfactorily to address this problem.
What is needed are methods, systems and computer readable media that provide the above-described desired functionality, without the above-described shortcomings of the existing systems.