Understanding Red Hat OpenShift networking options as a VMware admin
In addition to storage, networking poses an important role to your organization’s infrastructure to ensure everything is connected easily and securely. Next we will dive into how common networking features in Red Hat OpenShift, and what each of the Red Hat OpenShift Virtualization networking options mean for VMware vSphere admins.
What will you learn?
- How OpenShift menu and features map to ones you may know from VMware
What do you need before starting?
- VMware vSphere 8.0 or higher (as referenced in this path)
- Red Hat OpenShift 4.18 (as referenced in this path)
Networking feature mapping chart
This section addresses commonly used networking features in VMware vSphere and how they map to deploying, managing, and maintaining virtual machines in OpenShift.
| Feature | VMware | OpenShift |
| Host network configuration and management | Per-host configuration via vSwitch or single point management via Distributed Virtual Switch (DvSwitch) | NMstate Operator and Multus |
| Software-defined networking: protect/limit/control VM-to-VM communication | Multiple capabilities here, e.g. QinQ, but this is most often referring to NSX’s microsegmentation, a.k.a. distributed firewall | OpenShift SDN provides a robust networking solution with OVN (Open Virtual Networking). Overlay based networking uses Generic Network Virtualization Encapsulation GENEVE which tunnels to enable VM-to-VM communication
|
| Pod-to-VM and VM-to-Pod connectivity | Traffic between Pods and VMs must traverse through the Kubernetes ingress or similar mechanism, e.g. NodePort | VMs and Pods are native peers when connected to the SDN or the same UDN, with all of the features and capabilities equally available to both |
| Network observability | vSwitch port mirroring to third party solutions and NSX traffic analysis for security purposes | Network Observability Operator |
Menu mapping chart
This section addresses what the OpenShift Virtualization networking menu selection items mean from a VMware vSphere perspective. As noted in previous resources, OpenShift is conceptually different in select areas from VMware to achieve the same or similar items. These instances will be marked as “N/A”.
| OpenShift Virtualization menu | VMware comparable | Explanation |
| NodeNetworkConfigurationPolicy | vSwitch/DvSwitch | Desired network configuration on cluster nodes |
| NodeNetworkState | Similar to v/DvSwitch view at ESX/vCenter | Network status on nodes |
| Service | N/A | Layer4 load balancing configurations with self-discovery and automatic DNS internal to the SDN. Combined with ingress LB solutions such as MetalLB or Cloud provided load balancing it allows to expose services outside the cluster |
| Storage - PersistentVolumesClaims | N/A | Manage and troubleshoot storage requests, their binding to persistent volumes and their allocation to workloads (containers and VMs). PVCs also define characteristics of how PVs are bounded and their lifecycle |
| Routes and Ingresses | NSX Load Balancer | Routes: Application load balancing configurations to expose web services outside the cluster Ingresses: Accessing application with unique hostname |
| NetworkPolicy | NSX-T Firewall (Microsegmentation Rules) | Manage application-centric network policies |
| NetworkAttachmentDefinitions | Port Groups | Virtual machine connectivity to networks, e.g. VLANs, private networks, etc. |
| UserDefinedNetwork | NSX-T Overlay Segments | Create and manage overlay network segments |
Now that you have explored the basic networking options available in OpenShift as to how they pertain to VMware vSphere, see how it can be configured. Next we will look into the comparisons between the two solutions in regards to compute features.
