View
237
Download
0
Category
Tags:
Preview:
Citation preview
Understanding Hyper-V Network Virtualization: Demo ExtravaganzaArnaud Lheureux | Stanislas QuastanaTechnical Evangelists, CISSP | Microsoft France
DCIM-B365
Session Objectives And TakeawaysSession Objectives: Understand what is Hyper-V Network Virtualization and how it worksDeploy network virtualization with System Center 2012 R2Understand how to link real world and virtualized networks
Hyper-V Network Virtualization = System Center 2012 R2 Virtual Machine Manager+ Windows Server 2012 R2 Hyper-V+ HNV Gateway
Click icon to add picture
What is Network Virtualization?
Network Virtualization decouples IP virtual networks and addresses from physical network infrastructure, providing isolation and concurrency between multiple virtual IP networks on the same physical network infrastructure
ObjectivesRun multiple virtual IP networks on a physical network Each virtual network has illusion it is running as a physical network
Network Virtualization?
Network Virtualization?
For companies/private cloudPrivate Cloud with network isolation between internal customers/business unitsExtend Corporate Datacenters to external resources Hybrid CloudFlexible VM placement without reconfiguration Easier Integration of acquired company network infrastructure
For hostersMulti-tenancyCustomers can bring their own IP and IP network topologyFlexible VM placement in datacenter networks without reconfiguration
Network virtualization benefits
How Hyper-V Network Virtualization works?
PA: Provider Address IP Address owned and managed by infrastructure/cloud provider/hosterIP Address assigned to provider’s hypervisor
CA: Customer Address IP Address owned and managed by Cloud/Hoster’s customerIP Address assigned to a customer’s virtual machine
2 types of IP addresses
Customer VM Network Network isolation boundaryComprised of one or more Virtual SubnetsRouting between VM subnets is explicit
Virtual Subnet (VSID)Broadcast boundary (in Windows Server 2012 not R2)
Customer VM Network & Virtual Subnet
Blue Corp Red Corp
Blue Subnet1
Blue Subnet3Blue Subnet2
Blue Subnet5
Blue Subnet4
Red Subnet2
Red Subnet1
Blue R&D Net Blue Sales Net Red HR Net
Multitenant Datacenter eg: Hoster Datacenter/Private Cloud
CustomerVM Network
VirtualSubnet
Blue CorpBlue R&D Net
Hyper-V Network Virtualization is transparent for virtual machines that knows only Customers IP Addresses
Only VM Network traffic is virtualizedHyper-V administration network traffic is not virtualized
Hyper-V Network Virtualization - Principles
Different subnets
NVGRE – How it works
10.0.0.5 10.0.0.5 10.0.0.7 10.0.0.7
192.168.2.22 192.168.5.55
192.168.2.22192.168.5.55
10.0.0.5 10.0.0.7
GRE Key Blue Subnet
MAC
10.0.0.5 10.0.0.7
GRE Key Red Subnet
MAC192.168.2.22
192.168.5.55
10.0.0.510.0.0.7
10.0.0.510.0.0.7
10.0.0.5 10.0.0.7
10.0.0.510.0.0.7
Provider Address (PA)
Customer Address (CA)
Configuration propagation
Blue• VM1: MAC1, CA1, PA1
• VM2: MAC2, CA2, PA3
• VM3: MAC3, CA3, PA5
• … Red• VM1: MACX, CA1, PA2
• VM2: MACY, CA2, PA4
• VM3: MACZ, CA3, PA6
• …
System Center 2012 R2
Virtual Machine Manager
Hyper-V n°1with VMM
agent@IP : PA1
Hyper-V n°2with VMM
agent@IP : PA3
Hyper-V n°3with VMM
agent@IP : PA3
VM Networks configuration
network virtualizationConfiguration
Networking in SCVMM 2012 at first look
Hyper-V Network virtualization configuration step by step with System Center VMM 2012 R2
Configuration step by step1. Create a “Logical Network”2. Create an ”IP Pool” (Provider Addresses)3. Create a ”Logical Switch” 4. Assign a Logical Switch to an Hyper-V host5. Create a “VM Network”6. Create an “IP Pool” for “VM Network”
(Customer Adresses)7. Assign a “VM Network” to a virtual machine
Pro
vid
er
Cu
sto
mer
Configuration step by step1. Create a “Logical Network”2. Create an ”IP Pool” (Provider Addresses)3. Create a ”Logical Switch” 4. Assign a Logical Switch to an Hyper-V host5. Create a “VM Network”6. Create an “IP Pool” for “VM Network”
(Customer Adresses)7. Assign a “VM Network” to a virtual machine
Pro
vid
er
Cu
sto
mer
IP range for hypervisors in Paris Datacenter 172.16.0.0/16
IP range for hypervisors in Seattle Datacenter 172.17.0.0/16
1 Logical Network to define those networks : InfraNetworkCloudProvider
Configuration step by step1. Create a “Logical Network”2. Create an ”IP Pool” (Provider Addresses)3. Create a ”Logical Switch” 4. Assign a Logical Switch to an Hyper-V host5. Create a “VM Network”6. Create an “IP Pool” for “VM Network”
(Customer Adresses)7. Assign a “VM Network” to a virtual machine
Pro
vid
er
Cu
sto
mer
Configuration step by step1. Create a “Logical Network”2. Create an ”IP Pool” (Provider Addresses)3. Create a ”Logical Switch” 4. Assign a Logical Switch to an Hyper-V host5. Create a “VM Network”6. Create an “IP Pool” for “VM Network”
(Customer Adresses)7. Assign a “VM Network” to a virtual machine
Pro
vid
er
Cu
sto
mer
Logical switch prerequisite 1: Uplink Port Profile
Logical Switch Prerequisite 2: Virtual network adapter port profiles
VMQSR-IOVIPsec task OffloadingDHCP Guard…
Logical switch prerequisite 3:Port Classifications
Configuration step by step1. Create a “Logical Network”2. Create an ”IP Pool” (Provider Addresses)3. Create a ”Logical Switch” 4. Assign a Logical Switch to an Hyper-V host5. Create a “VM Network”6. Create an “IP Pool” for “VM Network”
(Customer Adresses)7. Assign a “VM Network” to a virtual machine
Pro
vid
er
Cu
sto
mer
Configuration step by step1. Create a “Logical Network”2. Create an ”IP Pool” (Provider Addresses)3. Create a ”Logical Switch” 4. Assign a Logical Switch to an Hyper-V host5. Create a “VM Network”6. Create an “IP Pool” for “VM Network”
(Customer Adresses)7. Assign a “VM Network” to a virtual machine
Pro
vid
er
Cu
sto
mer
Configuration step by step1. Create a “Logical Network”2. Create an ”IP Pool” (Provider Addresses)3. Create a ”Logical Switch” 4. Assign a Logical Switch to an Hyper-V host5. Create a “VM Network”6. Create an “IP Pool” for “VM Network”
(Customer Adresses)7. Assign a “VM Network” to a virtual machine
Pro
vid
er
Cu
sto
mer
Configuration step by step1. Create a “Logical Network”2. Create an ”IP Pool” (Provider Addresses)3. Create a ”Logical Switch” 4. Assign a Logical Switch to an Hyper-V host5. Create a “VM Network”6. Create an “IP Pool” for “VM Network”
(Customer Adresses)7. Assign a “VM Network” to a virtual machine
Pro
vid
er
Cu
sto
mer
Some useful commands
Cmdlet Hyper-VGet-NetVirtualizationProviderAddressGet-NetVirtualizationLookupRecordGet-NetVirtualizationCustomerRoute
Cmdlet SCVMM 2012 R2Get-SCIPAddressRevoke-SCIPAddressGet-SCStaticIPAddressPool
Commands you need to know
“Follow the packets”
Packet Flow:VM are in different Virtual SubnetVM running on different hyper-V hostsVSID 5001, 5222 in the same routing
domain
Packet Flow: Blue1 send to Blue2
PA : 192.168.4.11
NIC NIC
PA : 192.168.4.22
CA : 10.0.0.5 CA : 10.0.1.7
Blue1 Blue2Virtual Subnet ID :
5001Virtual Subnet ID :
5222
Packet Flow: Blue1 Blue2where is default gateway ?
ARP for 10.0.0.1 (default gateway)
Hyper-V Switch broadcasts ARP to:1. All local VMs on VSID 50012. Network Virtualization filter
OOB: VSID:5001
Network Virtualization filter responds to ARP with MACDGW
ARP for 10.0.0.1
ARP is NOT broadcast to the network
192.168.4.11NIC
Hyper-V Switch
VSID ACL Enforcement
Blue1 Red1
Network Virtualization
10.0.0.510.0.0.5
MACPA1
VSID5001
VSID6001
IP VirtualizationPolicy Enforcement
Routing
192.168.4.22NIC
Network Virtualization
MACPA2
Hyper-V Switch
VSID ACL Enforcement
Blue2 Red2
10.0.0.710.0.1.7
VSID5222
VSID6001
IP VirtualizationPolicy
EnforcementRouting
MACDGW
Different VSID :: Different Hosts
Packet Flow: Blue1 Blue2
MACPA1
OOB: VSID:5001
Use MACDGW for 10.0.0.1
Default Gateway at MACDGW
Blue1 learns MAC of Default Gateway
192.168.4.11NIC
Hyper-V Switch
VSID ACL Enforcement
Blue1 Red1
Network Virtualization
10.0.0.510.0.0.5
MACPA1
VSID5001
VSID6001
IP VirtualizationPolicy Enforcement
Routing
192.168.4.22NIC
Network Virtualization
MACPA2
Hyper-V Switch
VSID ACL Enforcement
Blue2 Red2
10.0.0.710.0.1.7
VSID5222
VSID6001
IP VirtualizationPolicy
EnforcementRouting
MACDGW
Different VSID :: Different Hosts
Packet Flow: Blue1 Blue2sent from Blue1
MACB1MACDGW 10.0.0.5 10.0.1.7
OOB: VSID:5001
in Hyper-V switch
MACB1MACDGW 10.0.0.5 10.0.1.7
in Network Virtualization filterOOB: VSID:5001
MACB1MACDGW 10.0.0.5 10.0.1.7
NVGRE on the wireMACPA1 MACPA2 192.168.4.11 192.168.4.22 5222 MACB1MACB2 10.0.0.5 10.0.1.7
192.168.4.11NIC
Hyper-V Switch
VSID ACL Enforcement
Blue1 Red1
Network Virtualization
10.0.0.510.0.0.5
MACPA1
VSID5001
VSID6001
IP VirtualizationPolicy Enforcement
Routing
192.168.4.22NIC
Network Virtualization
MACPA2
Hyper-V Switch
VSID ACL Enforcement
Blue2 Red2
10.0.0.710.0.1.7
VSID5222
VSID6001
IP VirtualizationPolicy
EnforcementRouting
MACDGW
5222
Different VSID :: Different Hosts
Packet Flow: Blue1 Blue2received by Blue2
MACB1MACB2 10.0.0.5 10.0.1.7
OOB: VSID:5222
in Hyper-V switch
MACB1MACB2 10.0.0.5 10.0.1.7
NVGRE on the wire
in Network Virtualization filterOOB: VSID:5222
MACB1MACB2 10.0.0.5 10.0.1.7
MACPA1 MACPA2 192.168.4.11 192.168.4.22 5222 MACB1MACB2 10.0.0.5 10.0.1.7
192.168.4.11NIC
Hyper-V Switch
VSID ACL Enforcement
Blue1 Red1
Network Virtualization
10.0.0.510.0.0.5
MACPA1
VSID5001
VSID6001
IP VirtualizationPolicy Enforcement
Routing
192.168.4.22NIC
Network Virtualization
MACPA2
Hyper-V Switch
VSID ACL Enforcement
Blue2 Red2
10.0.0.710.0.1.7
VSID5222
VSID6001
IP VirtualizationPolicy
EnforcementRouting
MACDGW
Different VSID :: Different Hosts
Network Trace Analysis
How to connect Hyper-V Virtualized Networks to other networks ?
Hyper-V Network Virtualization Gateway bridges network virtualized environment with non-network virtualized environment
The HNV Gateway adds or removes NVGRE encapsulation and routes to physical network or encapsulates it in a VPN packet to send to a remote location
HNV Gateway
Hyper-V Network Virtualization & real datacenter networks
Hyper-V Network
Virtualization
Gateway
DC SQL DNS
subnet 10.2x.x/16
subnet 10.3.x.x/16
subnet 10.4.x.x/16
R1 R2B1 B2 B3 R3 R4Y1 Y2
172.16.x.x/16 Provider Addresses
Consolidated Datacenter Hyper-V Network Virtualization (“NVGRE world”)
Host1 Host2 Host3
Customer Addresses
CorpNet10.1.x.x/16
Hyper-V Network Virtualization & Hybrid Cloud
Hyper-V Network
Virtualization
Gateway
DC SQLDNS
subnet 10.2x.x/16
subnet 10.3.x.x/16
subnet 10.4.x.x/16
R1 R2B1 B2 B3 R3 R4Y1 Y2
172.16.x.x/16 Provider Addresses
Consolidated Datacenter Hyper-V Network Virtualization (“NVGRE world”)
Host1 Host2 Host3
Customer Addresses
S2S VPN
Internet
S2S VPNCorpNet10.1.x.x/16
HNV Gateway configuration & Deployment
WSG = Hypervisor + VM with RRAS services
Configuration done by SC VMM
Typically uses 3 network interfaces
N° 1 frontal, datacenter networkN° 2 backend, NVGRE networkN° 3 management network
/!\ Hypervisor hosting WSG cannot host VM using HNV
Windows Server Gateway topology
Hyper-V n°4With VMM agent
NIC 1 : PA/LogicalSwitchNIC 2 : Datacenter
NIC 3 : Management
VM : WSG1vNIC 1 : PA/LogicalSwitch
vNIC 2 : DatacentervNIC 3 : Management
1. Setup Windows Server Gateway Host and VM
2. Add the Gateway to VMM Network Fabric
3. Configure VM Networks to use Windows Server Gateway
3 steps to deploy Windows Server Gateway
Pro
vid
er
Cu
sto
mer
Configuring HNV Gateway on VM Networks
WhitepaperWindows Server Gateway Hardware and Configuration Requirements http://technet.microsoft.com/library/dn423897.aspx
VMM Configuration template
VMM Service model for 2 or 3 NICs configuration
http://technet.microsoft.com/en-us/library/dn249417.aspx
Building a highly available WSG
1. Install NVGRE Gateway provider in VMM
2. Add a new Gateway to VMM Network Fabric
3. Configure VM Networks to use NVGRE Gateway
3 steps to deploy 3rd party NVGRE Gateway
Pro
vid
er
Cu
sto
mer
IPAM Windows Server 2012 R2
Key takeaways
Hyper-V Network Virtualization provide a virtual IP network abstraction overlaid on a physical network
Hyper-V Network Virtualization = Windows Server 2012/2012 R2 Hyper-V + System Center 2012 SP1/2012 R2 Virtual Machine Manager + NVGRE Gateway (Windows Server 2012 R2, F5 Networks…) [+ IPAM Windows Server 2012 R2]
Key Takeaways
http://aka.ms/ArnaudTwitter : @arnaudlheureux http://aka.ms/stanislas
Stanislas Quastana
http://aka.ms/StanislasTwitter : @squastana
http://aka.ms/stanislas
Arnaud Lheureux
Thank you for your attention!
Related ContentBreakout Sessions/Chalk TalksDCIM-B380 What’s New in Windows Server 2012 R2 Hyper-V DCIM-B322 Implementing Enterprise-Scale Disaster Recovery with Hyper-V Recovery Manager, Network Virtualization, and Microsoft System Center 2012 R2 DCIM-B373 How IPv6 Impacts Private Cloud Deployments
Hands-on LabsDCIM-IL300 Configuring Networking with Microsoft System Center 2012 R2 Virtual Machine Manager
TechNet ContentHow to Add a Gateway in System Center 2012 R2 - http://technet.microsoft.com/en-us/library/dn249416.aspx Configuring VM Networks and Gateways in VMM- http://technet.microsoft.com/en-us/library/jj721575.aspx
Come Visit Us in the Microsoft Solutions Experience!
Look for Datacenter and Infrastructure ManagementTechExpo Level 1 Hall CD
For More InformationWindows Server 2012 R2http://technet.microsoft.com/en-US/evalcenter/dn205286
Windows Server
Microsoft Azure
Microsoft Azurehttp://azure.microsoft.com/en-us/
System Center
System Center 2012 R2http://technet.microsoft.com/en-US/evalcenter/dn205295
Azure PackAzure Packhttp://www.microsoft.com/en-us/server-cloud/products/windows-azure-pack
Resources
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
msdn
Resources for Developers
http://microsoft.com/msdn
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Sessions on Demand
http://channel9.msdn.com/Events/TechEd
Complete an evaluation and enter to win!
Evaluate this session
Scan this QR code to evaluate this session.
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Recommended