It looks sort of like this…
When talking about the hosting platform I use to deliver the BKN sites it’s hard to get across the makeup of the network to someone who’s not familiar with virtual machines and vlans. This diagram illustrates how the network is logically divided and connected:
One managed switch is divided into an external vlan and an internal vlan. This prevents traffic from the private network from crossing over onto the upstream network which is also patched into the external side of the switch. There are currently four physical servers and each one has a physical (cat6) connection both to the external vlan and the internal vlan ports on the switch. It’s safe to think of the virtual machines as tiny servers stuffed in a physical server’s package. Inside of the physical server there are virtual network connections that function like real world cables and switches.
Any number of virtual machines may route for the internal vlan and since every physical server is connected to both the external and internal sides of the switch the physical location of the router VM can quickly move to or be replaced at any other server. This opens up not only the option to live-migrate the virtual machine without dropping connections but also run a standby router (or small army) with IP failover that can automatically cut in if the active physical server fails. Not yet implemented yet at this location but I’m working on it.