31
Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks

Server Virtualization - 4

Embed Size (px)

Citation preview

Page 1: Server Virtualization - 4

Microsoft Virtual AcademyModule 4

Creating and Configuring Virtual Machine Networks

Page 2: Server Virtualization - 4

Module Overview

Creating and Using Hyper-V Virtual SwitchesAdvanced Hyper-V Networking Features•Configuring and Using Hyper-V Network Virtualization

Page 3: Server Virtualization - 4

Lesson 1: Creating and Using Hyper-V Virtual SwitchesOverview of the Hyper-V Virtual SwitchTypes of Virtual Switches•What Is VLAN Tagging?

Page 4: Server Virtualization - 4

Overview of the Hyper-V Virtual Switch• Software implemented layer two switch• Connects virtual machines to virtual and

physical networks• Parent partition is also A virtual machine

• Extensible, has advanced features, can be replaced• Policy enforcement, isolation, traffic shaping,

protection• Managed by Hyper-V Manager and

Windows PowerShell• Get-VMSwitch

• Parent partition can have multiple virtual NICs• Can be connected to different virtual switches• Can have different bandwidth limitations

Compares withVMware vSwitch (Not VDS)

Page 5: Server Virtualization - 4

Overview of the Hyper-V Virtual Switch

Page 6: Server Virtualization - 4

Overview of the Hyper-V Virtual Switch

Page 7: Server Virtualization - 4

Overview of the Hyper-V Virtual Switch

Page 8: Server Virtualization - 4

Types of Virtual Switches•Parent has physical network adapter(s)• Each virtual machine (and parent) has virtual network adapter(s)• Each virtual network adapter is connected to a virtual switch

•Type of virtual switch is:• External – connects to a physical or wireless adapter• Internal – parent and virtual machine connections only• Private – virtual machine connections only

•Configuration• Use Virtual Switch Manager to create virtual switches• Use virtual machine settings to connect a virtual network adapter to a switch

Page 9: Server Virtualization - 4

Types of Virtual Switches

- Physical network adapter- Virtual network adapter- Virtual switch

ParentApp

Virtual machine App Virtual

machineApp

ParentApp

Virtual machine App Virtual

machine App

Private

ParentApp

Virtual machine App

Virtual machine App

Internal

ExternalParent

App

Virtual machine App Virtual

machine App

No IP

IP IP

IP

NAT

Page 10: Server Virtualization - 4

Types of Virtual Switches

Page 11: Server Virtualization - 4

Types of Virtual Switches

Page 12: Server Virtualization - 4

Types of Virtual Switches

Page 13: Server Virtualization - 4

Types of Virtual Switches

Page 14: Server Virtualization - 4

Types of Virtual Switches

Page 15: Server Virtualization - 4

Types of Virtual Switches

Page 16: Server Virtualization - 4

Types of Virtual Switches

Page 17: Server Virtualization - 4

What Is VLAN Tagging?• Used to isolate network traffic for nodes that are connected to the same physical network• VLANs are used by Hyper-V to• Isolate Hyper-V server management networks• Isolate virtual machines that are connected to external virtual switches

• Isolate virtual machines on a single Hyper-V server• VLAN ID can be configured on• Virtual machine network adapter• External and Internal virtual switch

• VLAN is limited to a single physical subnet• VLAN ID has 12 bits (up to 4,094 VLAN IDs)

Page 18: Server Virtualization - 4

Lesson 2: Advanced Hyper-V Networking FeaturesVirtual Switch Expanded FunctionalityVirtual Switch ExtensibilityWhat Is SR-IOV?What Is Dynamic Virtual Machine Queue?Network Adapter Advanced Features•NIC Teaming in Virtual Machines

Page 19: Server Virtualization - 4

Virtual Switch Expanded Functionality•ARP/Neighbor Discovery Poisoning protection• Protects against ARP and Neighbor Discovery spoofing

•DHCP Guard protection• Protects against rogue DHCP server in virtual machine

•Port ACLs• Enables isolation by allowing/denying traffic

•Trunk mode to a virtual machine• Trunk mode forwards traffic from multiple VLANs

•Network traffic monitoring•Bandwidth limit and burst support

Page 20: Server Virtualization - 4

Virtual Switch Extensibility•Extensible• NDIS filter drivers• WFP callout drivers

•Extensions• Ingress• Forwarding• Egress• Monitoring

•Virtual switch can be replaced

Parent partition

Extension miniport

Extension protocolHyper-V virtual switch

Physical NIC

Virtual machine

Host NIC

Virtual machine NIC

Virtual machineVirtual machine

NIC

Filtering extensionsForwarding extension

WFP extensionsCapture extensions

Page 21: Server Virtualization - 4

What Is SR-IOV?• Requires support in network adapter• Provides Direct Memory Access to virtual

machines• Increases network throughput • Reduces network latency• Reduces CPU overhead on the Hyper-V server• Virtual machine bypasses virtual switch

• Supports Live Migration

Network I/O with SR-IOVNetwork I/O without SR-IOV

Physical NIC

Parent partition

Virtual switchRouting

VLAN Filtering

Virtual machine

Virtual NIC

SR-IOV Physical NIC

Virtual Function

VMBUS

• Even when different SR-IOV adapters are used

Page 22: Server Virtualization - 4

What Is Dynamic Virtual Machine Queue?

•Network adapter uses receive queues to route traffic to the appropriate virtual machine• Physical network adapter must support VMQ• Dynamically use multiple CPUs when processingvirtual machine network traffic• DMA reduces CPU overhead on Hyper-V server• Beneficial when virtual machines receive lot of network traffic

•VMQ is automatically configured and tuned• Based on processor networking and CPU load• VMQ is enabled by default on a virtual network adapter• Used only if the physical network adapter supports VMQ

Page 23: Server Virtualization - 4

Network Adapter Advanced Features• Same features

available for all virtual network adapters• Features are

implemented in Hyper-V virtual switch

Page 24: Server Virtualization - 4

NIC Teaming in Virtual Machines• Provides redundancy and aggregates bandwidth• Can be used at the operating system and virtual machine level• Multiple physical network adapters in an NIC team

• If a physical adapter fails, virtual switch has connectivity• Multiple virtual network adapters in an NIC team

• If a virtual switch fails, virtual machine has connectivity• Particularly important when SR-IOV is used• SR-IOV traffic bypasses the virtual switch• Intended and optimized to support teaming of SR-IOV

• May be used with any virtual network interface• Virtual machine must have multiple network adapters• Connected to different virtual switches• MAC address spoofing must be enabled

Page 25: Server Virtualization - 4

Lesson 3: Configuring & Using Hyper-V Network VirtualizationProviding Multitenant Network IsolationWhat Is Network Virtualization?Benefits of Network VirtualizationWhat Is Network Virtualization Generic Routing Encapsulation?•What Are Network Virtualization Policies?

Page 26: Server Virtualization - 4

Providing Multitenant Network Isolation

• Multiple isolated networks on the same infrastructure

• VLANs are often used• Limited scalability (maximum of 4094 VLANs)• VLANs cannot span multiple subnets• Challenging to reconfigure when adding or

moving virtual machineVLAN ID

Switch

Virtual machines

Switch

Page 27: Server Virtualization - 4

Providing Multitenant Network Isolation

• Private VLANs• Addresses some VLAN scalability issues• Reduces number of IP subnets and VLANs• Virtual switch can limit virtual machines to the

same VLAN • Port ACLs • Challenging to manage and update ACLs

Hyper-V virtual switch supports private VLANs and port ACLs• The solution is Software Defined Networking

Network virtualization is an implementation of Software Defined Networking• Hyper-V enables network virtualization

Page 28: Server Virtualization - 4

What Is Network Virtualization?

Server virtualization• Multiple virtual machines

on a same physical server

• Each virtual machine is isolated from others

Physical server

Blue virtual machine

Red virtual

machineBlue network Red network

Physical network Network virtualization• Multiple virtual

networks on a same physical network

• Each virtual network is isolated from others

Page 29: Server Virtualization - 4

Benefits of Network Virtualization• Flexible virtual machine placement•Multitenant network isolation without VLANs• IP address reuse• Live migration across subnets• Is compatible with existing network infrastructure•Transparent moving of virtual machines to shared IaaS cloud•Can be configured using Windows PowerShell• Can also use System Center 2012 R2 Virtual Machine Manager

Page 30: Server Virtualization - 4

What Is Network Virtualization Generic Routing Encapsulation?

10.1.1.11 10.1.1.11 10.1.1.12 10.1.1.12

192.168.5.55

192.168.2.22192.168.5.55

10.1.1.1110.1.1.12

10.1.1.1110.1.1.12

GRE Key=5001

GRE Key=6001

MAC

MAC192.168.2.22192.168.5.55

10.1.1.1110.1.1.12

10.1.1.1110.1.1.12

10.1.1.1110.1.1.12

10.1.1.1110.1.1.12

192.168.2.22 (Provider address )

192.168.5.55 (Provider address)

10.1.1.11 (Customer address)

10.1.1.11 (Customer address)

10.1.1.12 (Customer address)

10.1.1.12 (Customer address )

• Customer address space based on virtual machine configuration

• Provider address space based on physical network• Not visible to the virtual machines

Page 31: Server Virtualization - 4

What Are Network Virtualization Policies?

SQL 10.1.1.1

WEB

10.1.1.2

SQL 10.1.1.1

WEB

10.1.1.2

Blue Yonder Airlines

Customer Address

Provider Address

10.1.1.1 192.168.1.10

10.1.1.2 198.168.1.12Woodgrove Bank

Customer Address

Provider Address

10.1.1.1 192.168.1.10

10.1.1.2 192.168.1.12

Policy Settings Provider Address Space

Data Center Network

Hyper-V Host 1 Hyper-V Host 2

192.168.1.10

192.168.1.12

SQL SQL WEB

WEB

10.1.1.1

10.1.1.1

10.1.1.2

10.1.1.2Customer Address

Spaces

Blue Yonder Airlines

Woodgrove Bank

•Define customer address-provider address mappings• Specify on which Hyper-V server virtual machines are running• Hyper-V implements policies by translating incoming and outgoing packets• If a virtual machine is moved, policies are modified

• Virtual machine configuration stays the same