-3

I've been reading up on how VMs communicate on the internet using vNICs, vSwitches etc. Would like to confirm a few things

  1. For outbound traffic, the pNIC can be overridden send frames/packets with ip/MAC of the VM instead of host ip and hardcoded NIC MAC. Correct ?

  2. If and when this traffic hits a switch, MAC table of switch will have multiple entries for a particular port( host+VM(s) ). Correct ?

  3. For inbound traffic, switch directs all traffic from step 2 to that port. is the NIC only responsible for layer 2 processing ( ie does it only extract the IP packet from a frame and pass it to OS ?? ) .

  4. A hardware hypervisor like esxi is programmed to look at the destination ip of the packet and route it to the corresponding VM. Correct ?

  5. If so, this means that the esxi/host os will receive all packets for both itself and its VMs. when are IP packets procesed to extract transport layer data ? For example, if I send a ssh command to a VM, when does the host process this packet and figure out it is not meant for itself but for the VM?

Thomas
  • 4,155
  • 5
  • 21
  • 28
Abhinav Vishak
  • 21
  • 2

2 Answers2

5
  1. Yes.
  2. Yes.
  3. Yes.
  4. It can be but doesn't by default.
  5. When the packet arrives its destination is evaluated by its internal virtual switch to decide which VMs to send it to or if it's for its own kernel.
Chopper3
  • 100,240
  • 9
  • 106
  • 238
  • so even the host OS is connect to this virtual switch ? that makes sense for a hardware hypervisor, but what about something like VMware player ? – Abhinav Vishak Aug 08 '17 at 14:17
  • Generally yes - regarding Player, it's less clear, also we don't cover that kind of thing here, that's more for our consumer cousins over at superuser.com, serverfault is for professional production environments sorry. – Chopper3 Aug 08 '17 at 14:34
  • Is that the reason I'm getting downvoted ? I hope my question was reasonable. – Abhinav Vishak Aug 08 '17 at 14:38
  • Don't know, maybe it's because it's a bit of a basic question, we don't really cater to beginners finding their feet, we're really here for seasoned pros, who have usually read the help pages and know what we're here for and what we're not - don't read too much into it. – Chopper3 Aug 08 '17 at 14:40
3

A hardware hypervisor like esxi is programmed to look at the destination ip of the packet and route it to the corresponding VM. Correct ?

Not normally. The hypervisor contains a software version of a switch. Each virtual adapter will have its own mac address. The virtual switch in ESXi will look at the destination MAC of the frame and simply pass it to the relevant guest, just like a real switch. It has no need to look at the IP address or packet contents.

USD Matt
  • 5,321
  • 14
  • 23
  • does it do this by putting the pNIC in promiscuous mode ? so that all frames are passed to this virtual switch as opposed to only the MAC for the pNIC ? – Abhinav Vishak Aug 08 '17 at 14:19
  • I can't find confirmation (at least not with a quick search) but I would expect so. Otherwise the physical adapter will ignore frames that don't have its own MAC as destination and not pass them to ESXi. – USD Matt Aug 08 '17 at 14:55