Welcome to VCP4.com !

Are u looking to Pass your Vmware VCP-410 Exam? Then you have came to the right place here you will find real exam questions of VCP-410 exam taken from the testing center and aslo links to sites that sell them. So now passing VCP-410 has become much easier than before all you have to do is memorize the questions you will see exactly the same questions in the real exam. In today world time is money so by this not only you save time plus you aslo save yourself the hassale of failing

October 26 2009

Vsphere VCP-410 Lab 5 part 2

How a Virtual Switch Is Similar to a Physical Switch
A virtual switch, as implemented in ESX Server 4, works in much the same way as a modern Ethernet switch. It
maintains a MAC:port forwarding table and performs the following functions:
• Looks up each frame’s destination MAC when it arrives.
• Forwards a frame to one or more ports for transmission.
• Avoids unnecessary deliveries (in other words, it is not a hub).
An ESX Server 4 virtual switch supports VLAN segmentation at the port level. This means each port can be
configured in either of the following ways:
With access to a single VLAN, making it what’s called an access port in the world of physical switches, or in
ESX Server terminology, using virtual switch tagging.
With access to multiple VLANs, leaving tags intact, making it what’s called a trunk port in the world of physical
switches, or in ESX Server terminology, using virtual guest tagging.
An ESX Server 4 virtual switch supports copying packets to a mirror port. By using what is called promiscuous
mode, ESX Server makes a virtual switch port act as a SPAN port or mirror port. This capability makes it
possible to debug using a sniffer or to run monitoring applications such as IDS.
In addition, an administrator can manage many configuration options for the switch as a whole and for
individual ports using the Virtual Infrastructure Client.
How a Virtual Switch Is Different from a Physical Switch
ESX Server provides a direct channel from virtual Ethernet adapters for such configuration information as
authoritative MAC filter updates. So there is no need to learn unicast addresses or perform IGMP snooping to
learn multicast group membership.
Ports on the virtual switch may automatically enter mirror mode when the virtual Ethernet adapter’s
promiscuous bit is set — if virtual switch and port group policies allow.
Spanning Tree Protocol Not Needed

www.certifyme.com
VMware Infrastructure 4 enforces a single-tier networking topology. In other words, there is no way to
interconnect multiple virtual switches, thus the network cannot be configured to introduce loops. As a result,
Spanning Tree Protocol (STP) is not needed and is not present.
Virtual Switch Isolation
Network traffic cannot flow directly from one virtual switch to another virtual switch within the same host.
Virtual switches provide all the ports you need in one switch, leading to the following benefits:
• Because there is no need to cascade virtual switches, Virtual Infrastructure 4 provides no capability to
connect virtual switches.
• Because there is no way to connect virtual switches, there is no need to prevent bad virtual switch
connections.
• Because virtual switches cannot share physical Ethernet adapters, there is no way to fool the Ethernet
adapter into doing loopback or some similar configuration that would cause a leak between virtual
switches.
In addition, each virtual switch has its own forwarding table, and there is no mechanism to allow an entry in one
table to point to a port on another virtual switch. In other words, every destination the switch looks up can
match only ports on the same virtual switch as the port where the frame originated, even if other virtual
switches’ lookup tables contain entries for that address.
It is unlikely that a would-be attacker could circumvent virtual switch isolation because it would be possible
only if there were a substantial unknown security flaw in the vmkernel. Because ESX Server parses so little of
the frame data — primarily just the Ethernet header — this would be difficult, and once an attacker had such
access, richer targets than breaking virtual switch isolation are readily available.
There are natural limits to this isolation. If you connect the uplinks of two virtual switches together, or if you
bridge two virtual switches with software running in a virtual machine, you open the door to the same kinds of
problems you might see in physical switches.
Changing the Number of Ports for a vSwitch
A vSwitch serves as a container for port configurations that use a common set of network adapters, including
sets that contain no network adapters at all. Each virtual switch provides a finite number of ports through which
virtual machines and network services can reach one or more networks..

Filed Under (VCP 4 Lab 5) by admin
No Comments Read more

Post a comment

kambakkht-ishq kambakkht-ishq

Tag Cloud