Ports¶
Description¶
Ports are logical networking entities that represent a connection point for attaching network interfaces (such as virtual NICs) to networks. Ports play a crucial role in defining the network connectivity for instances (virtual machines), routers, and other network-enabled resources. They provide the endpoints for VM network interfaces, handle IP and MAC address assignment, enforce security policies, and facilitate traffic routing within and between networks.
Features¶
- Attachment points, enabling ports to serve as attachment points for network interfaces on instances, routers, and other network devices (when an instance is created, a port is automatically created and attached to the instance's network interface, connecting it to the specified network)
- IP address assignment, assigned from the subnet(s) associated with the network to which the port is connected (these IP addresses are used for communication with the port)
- MAC address, that identifies the network interface attached to the port. This is used for layer 2 (data link layer) networking.
- Security groups, which define a set of firewall rules that control the traffic allowed to and from the port (this provides a way to enforce security policies at the port level)
- Port binding, for when a port is attached to a network interface on an instance or other device (the binding process involves configuring the network backend (such as Open vSwitch or Linux Bridge) to ensure that traffic is properly routed to and from the port)
- Port states, that indicate their status, such as "ACTIVE" (when the port is successfully bound and ready for use) or "DOWN" (when the port is not in use or the interface is disconnected).
- Port metadata, such as the name of the instance to which they are attached or custom key-value pairs (this metadata can be used for identification and management purposes)
- API and CLI access, includng a RESTful API and CLI commandsfor managing ports, allowing you to create, list, show details of, update, and delete ports programmatically (this enables automation and integration with other tools and systems)
Key concepts¶
How it works¶
In the context of creating virtual machines (VMs) and networks in a virtualized environment, ports help establish network connectivity for the VMs.
- When a virtual network is created, it provides an isolated communication domain for VMs. This network is typically associated with one or more subnets, which define the IP address range and other network settings.
- When a VM is created and attached to a virtual network, a port is automatically created for each network interface of the VM. This port acts as the endpoint for the VM's network interface on the virtual network.
- Each port is associated with an IP address (or multiple IP addresses) from the subnet's IP address range. This IP address is assigned to the VM's network interface and is used for communication within the network.
- Each port is also associated with a unique MAC (Media Access Control) address, which is used for layer 2 (data link layer) networking. The MAC address is assigned to the VM's network interface and is used for Ethernet frame addressing.
- Ports can be associated with security groups, which define a set of firewall rules that control the traffic allowed to and from the port. These rules help secure the VM's network interface by filtering incoming and outgoing traffic based on the specified criteria.
- The port is connected to a virtual switch (such as Open vSwitch or a Linux bridge) within the hypervisor or network node. The virtual switch is responsible for forwarding network traffic between the VM's network interface and other endpoints on the virtual network or external networks.
- When the VM sends or receives network traffic, the traffic flows through the port and is routed by the virtual switch according to the network topology and routing rules. This includes communication with other VMs on the same network, access to external networks (via routers or gateways), and connectivity to services like DHCP and DNS.
- You can manage ports through the virtualization platform's management interface or API. This includes creating, updating, and deleting ports, as well as configuring port settings such as IP addresses, security groups, and other network parameters.