When you create a VLAN, logical groupings of switch ports enable communications between the stations as if they were on the same physical LAN. Technically, each VLAN is simply a broadcast domain, configured through software. If a machine is moved to another location, it can remain on the same VLAN broadcast domain without hardware reconfiguration. Whereas traditional 802.1D bridged LANs have only one broadcast domain, VLAN networks may have multiple virtual broadcast domains within the boundary of a bridged LAN.

The benefits of VLANs include flexible network partition and configuration, performance improvement, and cost savings.

  • Flexibility: Because VLANs partition the network based on logical groupings instead of physical topology, you can move users to new locations without reconfiguration. This provides more flexibility and time savings.
  • Performance improvement: In a traditional network, frames reach all hosts within the network. This affects performance when you have a large number of end users. Segmenting broadcast traffic into port groupings helps preserve network bandwidth and saves processor time.
  • Cost savings: Typically, you need routers to partition LANs into multiple broadcast domains. VLANs eliminate this need, reducing hardware costs.

VLAN Tagging

To support VLANs for VMware Infrastructure users, the virtual or physical network must tag the Ethernet frames with 802.1Q tags using virtual switch tagging (VST), virtual machine guest tagging (VGT), or external switch tagging (EST). VST mode is the most common configuration, where one port group is provisioned on a virtual switch for each VLAN, and the virtual adaptor is attached to the port group instead of the switch directly. The port group tags outbound frames, removes tags for inbound frames, and ensures frames on one VLAN don’t leak into another VLAN.

NIC Teaming

NIC Teaming is a feature of VMware vSphere that allows you to connect a single virtual switch to multiple physical Ethernet adapters. A team can share traffic loads between physical and virtual networks and provide passive failover in case of an outage. NIC teaming policies are set at the port group level.

Benefits of NIC teaming include load balancing and failover:

  • Load balancing: Load balancing allows you to spread network traffic from virtual machines on a virtual switch across two or more physical Ethernet adapters, providing higher throughput. NIC teaming offers different options for load balancing, including route based load balancing on the originating virtual switch port ID, on the source MAC hash, or on the IP hash.
  • Failover: You can specify either Link status or Beacon Probing to be used for failover detection. Link Status relies solely on the link status of the network adapter. Failures such as cable pulls and physical switch power failures are detected, but configuration errors are not. The Beacon Probing method sends out beacon probes to detect upstream network connection failures. This method detects many of the failure types not detected by link status alone. By default, NIC teaming applies a fail-back policy, whereby physical Ethernet adapters are returned to active duty immediately when they recover, displacing standby adapters.

Layer 2 Security

Virtual switches can enforce security policies at the network layer by disabling promiscuous mode by default, locking down MAC address changes, and blocking forged transmit. These features prevent virtual machines from impersonating other nodes on the network.