6.4. Virtual Network Interface Cards
6.4.1. vNIC Profile Overview
A Virtual Network Interface Card (vNIC) profile is a collection of settings that can be applied to individual virtual network interface cards in the Manager. A vNIC profile allows you to apply Network QoS profiles to a vNIC, enable or disable port mirroring, and add or remove custom properties. A vNIC profile also offers an added layer of administrative flexibility in that permission to use (consume) these profiles can be granted to specific users. In this way, you can control the quality of service that different users receive from a given network.
Note
Starting with Red Hat Enterprise Virtualization 3.3, virtual machines now access logical networks only through vNIC profiles and cannot access a logical network if no vNIC profiles exist for that logical network. When you create a new logical network in the Manager, a vNIC profile of the same name as the logical network is automatically created under that logical network.
6.4.2. Creating or Editing a vNIC Profile
Summary
Create or edit a Virtual Network Interface Controller (vNIC) profile to regulate network bandwidth for users and groups.
Note
If you are enabling or disabling port mirroring, all virtual machines using the associated profile must be in a down state before editing.
Procedure 6.4. Creating or editing a vNIC Profile
- Use the Networks resource tab, tree mode, or the search function to select a logical network in the results pane.
- Select the vNIC Profiles tab in the details pane. If you selected the logical network in tree mode, you can select the vNIC Profiles tab in the results list.
- Click or to open the VM Interface Profile window.
- Enter the Name and Description of the profile.
- Select the relevant Quality of Service policy from the QoS list.
- Use the Port Mirroring and Allow all users to use this Profile check boxes to toggle these options.
- Select a custom property from the custom properties list, which displays Please select a key... by default. Use the and buttons to add or remove custom properties.
- Click .
Result
You have created a vNIC profile. Apply this profile to users and groups to regulate their network bandwidth. Note that if you edited a vNIC profile, you must either restart the virtual machine or hot unplug and then hotplug the vNIC.
6.4.3. Explanation of Settings in the VM Interface Profile Window
Table 6.5. VM Interface Profile Window
|
Field Name
|
Description
|
|---|---|
|
Network
|
A drop-down menu of the available networks to apply the vNIC profile.
|
|
Name
|
The name of the vNIC profile. This must be a unique name with any combination of uppercase and lowercase letters, numbers, hyphens, and underscores between 1 and 50 characters.
|
| Description |
The description of the vNIC profile. This field is recommended but not mandatory.
|
| QoS |
A drop-down menu of the available Network Quality of Service policies to apply to the vNIC profile. QoS policies regulate inbound and outbound network traffic of the vNIC.
|
| Port Mirroring |
A check box to toggle port mirroring. Port mirroring copies layer 3 network traffic on the logical network to a virtual interface on a virtual machine. It it not selected by default.
|
| Device Custom Properties |
A drop-down menu to select available custom properties to apply to the vNIC profile. Use the and buttons to add and remove properties respectively.
|
| Allow all users to use this Profile |
A check box to toggle the availability of the profile to all users in the environment. It is selected by default.
|
6.4.4. Port Mirroring
Port mirroring copies layer 3 network traffic on a given logical network and host to a virtual interface on a virtual machine. This virtual machine can be used for network debugging and tuning, intrusion detection, and monitoring the behavior of other virtual machines on the same host and logical network.
The only traffic copied is internal to one logical network on one host. There is no increase on traffic on the network external to the host; however a virtual machine with port mirroring enabled uses more host CPU and RAM than other virtual machines. Port mirroring is enabled or disabled by editing the network interface on the virtual machine.
Port mirroring has the following requirements and limitations:
- Port mirroring requires an IPv4 IP address.
- Hot plugging profiles with port mirroring is not supported.
Port mirroring is included in vNIC profiles but cannot be altered when the vNIC profile associated with port mirroring is attached to a virtual machine. To use port mirroring, create a dedicated vNIC profile that has port mirroring enabled.
Important
Enabling port mirroring reduces the privacy of other network users.
6.4.5. Removing a vNIC Profile
Summary
Remove a vNIC profile to delete it from your virtualized environment.
Procedure 6.5. Removing a vNIC Profile
- Use the Networks resource tab, tree mode, or the search function to select a logical network in the results pane.
- Select the Profiles tab in the details pane to display available vNIC profiles. If you selected the logical network in tree mode, you can select the VNIC Profiles tab in the results list.
- Select one or more profiles and click to open the Remove VM Interface Profile(s) window.
- Click to remove the profile and close the window.
Result
You have removed the vNIC profile.
6.4.6. Assigning Security Groups to vNIC Profiles
Note
This feature is only available for users who are integrating with OpenStack Neutron. Security groups cannot be created with Red Hat Enterprise Virtualization Manager. You must create security groups within OpenStack. For more information, see the Red Hat Enterprise Linux OpenStack Platform Administration Guide, available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/.
Summary
You can assign security groups to the vNIC profile of networks that have been imported from an OpenStack Networking instance and that use the Open vSwitch plug-in. A security group is a collection of strictly enforced rules that allow you to filter inbound and outbound traffic over a network interface. The following procedure outlines how to attach a security group to a vNIC profile.
Note
A security group is identified using the ID of that security group as registered in the OpenStack Networking instance. You can find the IDs of security groups for a given tenant by running the following command on the system on which OpenStack Networking is installed:
# neutron security-group-list
Procedure 6.6. Assigning Security Groups to vNIC Profiles
- Click the Networks tab and select a logical network in the results list.
- Click the vNIC Profiles tab in the details pane.
- Click , or select an existing vNIC profile and click , to open the VM Interface Profile window.
- From the custom properties drop-down list, select SecurityGroups. Leaving the custom property drop-down blank applies the default security settings, which permit all outbound traffic and intercommunication but deny all inbound traffic from outside of the default security group. Note that removing the SecurityGroups property later will not affect the applied security group.
- In the text field, enter the ID of the security group to attach to the vNIC profile.
- Click .
Result
You have attached a security group to the vNIC profile. All traffic through the logical network to which that profile is attached will be filtered in accordance with the rules defined for that security group.
6.4.7. User Permissions for vNIC Profiles
Summary
Configure user permissions to assign users to certain vNIC profiles. Assign the VnicProfileUser role to a user to enable them to use the profile. Restrict users from certain profiles by removing their permission for that profile.
Procedure 6.7. User Permissions for vNIC Profiles
- Use tree mode to select a logical network.
- Select the vNIC Profiles resource tab to display the vNIC profiles.
- Select the Permissions tab in the details pane to show the current user permissions for the profile.
- Use the button to open the Add Permission to User window, and the button to open the Remove Permission window, to affect user permissions for the vNIC profile.
Result
You have configured user permissions for a vNIC profile.