The VMkernel networking layer provides connectivity to hosts and handles the standard infrastructure traffic of vSphere vMotion, IP storage, Fault Tolerance, and Virtual SAN. You can set up VMkernel adapters for the standard infrastructure traffic on vSphere standard switches and on vSphere distributed switches.

TCP/IP Stacks at the VMkernel Level

The default TCP/IP stack at the VMkernel level provides networking support for the standard infrastructure types of traffic. You can add custom TCP/IP stacks at the VMkernel level and forward networking traffic through custom applications.

Securing Infrastructure Traffic

You should take appropriate security measures to prevent unauthorized access to the management and application traffic in your vSphere environment. For example, you should isolate the vMotion traffic in a separate network that includes only the ESXi hosts that participate in the migration. You should isolate the management traffic in a network that only network and security administrators are able to access. For more information, see vSphere Security and vSphere Installation and Setup.

Infrastructure Traffic Types on the Default TCP/IP Stack

You should dedicate a separate VMkernel adapter for every traffic type. For distributed switches, dedicate a separate distributed port group for each VMkernel adapter.

Management traffic

It carries the configuration and management communication for ESXi hosts and vCenter Server as well as the host-to-host High Availability traffic. By default, when you install the ESXi software, a vSphere Standard switch is created on the host together with a VMkernel adapter for management traffic. To provide redundancy and increase bandwidth, you can connect two or more physical NICs to a VMkernel adapter for management traffic.

vMotion traffic

To accommodate the vMotion traffic, a VMkernel adapter for vMotion is required both on the source and the target hosts. The VMkernel adapters for vMotion should handle only the vMotion traffic. For better performance, you can assign multiple physical NICs to the port group of the VMkernel adapter. In this way, multiple physical NICs are used for vMotion, which results in greater bandwidth.

Note:

vMotion network traffic is not encrypted. You should provision secure private networks for use by vMotion only.

IP storage traffic

Storage types that use standard TCP/IP networks and depend on the VMkernel networking layer require VMkernel adapters. Such storage types are software iSCSI, depended hardware iSCSI, and NFS. If you have two or more physical NICs for iSCSI, you can configure iSCSI multipathing. NFS does not require a separate VMkernel adapter. It uses the management traffic on the host for I/O. ESXi hosts support only NFS version 3 over TCP/IP.

Fault Tolerance traffic

The traffic that the primary fault tolerant virtual machine sends to the secondary fault tolerant virtual machine over the VMkernel networking layer. A separate VMkernel adapter for Fault Tolerance logging is required on every host that is part of a vSphere HA cluster.

Virtual SAN traffic

Every host that participates in a Virtual SAN cluster must have a VMkernel adapter to handle the Virtual SAN traffic.