Embed Size (px)
Citation preview
TechNet
Windows Server 2012 Hyper-V NetworkingCarlos Mayol y Oscar BonaquePremier Field Engineers (PFE’s)Microsoft
TechNet
TechNet
Serv
er
Vir
tualiz
ation
Hyp
er-V
2012
----- Updated to 8000
Serv
er
Vir
tualiz
ation
Serv
er
Vir
tualiz
ation
Hyp
er-V
2012
TechNet
NIC Teaming and Hyper-VDo not require Switch configuration
Static or Dynamic Teaming (LACP)Requires Switch configuration
Sw
itch
D
ependent
Sw
itch
In
depende
nt
TechNet
NIC Teaming and Hyper-V (Balancing Modes Summary)
Address Hash Hyper-V port
Switch Independent
Best for: Active/Standby and Teaming in a VM(Acceptable for all cases)
Best for: Hyper-V *
Switch Dependent
Best for: Native Acceptable for: Hyper-V
Best for: Hyper-V • Sends on all active members, receives on all active members, traffic from
same port always on same NIC• Each Hyper-V port will be bandwidth limited to not more than one team member’s
bandwidth• Each VM (Hyper-V port) is associated with a single NIC, this also allows maximum
use of dVMQs for better performance over all
TechNet
Host Network configurationsConverged Option1
10GbE each
VMNVM1
10GbE eachSto
rage
Live M
igra
tion
Clu
ster
Man
ag
e
Non-converged
1GbE 1GbE 1GbE 10GbEHBA/
10GbE
Sto
rage
Live M
igra
tion
Clu
ster
Man
ag
e
VM1 VMN
Converged Option2
VMNVM1
Sto
rage Live M
igra
tion
Clu
ster
Man
ag
e
RDMA Traffic 10GbE each
Non converged configuration can be accomplish with multiple physical NICs or using partition software at hardware level, normally equipped on Blade chassis systems like:• Dell NPAR• HP FLEXfabric• Cisco FEX
TechNet
Converged NetworksQoS Windows Server 2012• Bandwidth management• Classification and tagging• Priority based flow control
Bandwidth mechanisms:• DCB (Data Center Bridging)• QoS Software Hyper-V Switch
Bandwidth options:• Absolute: bits per second• Weight: an integer in the range between 1 and
100 (Minimum bandwidth)
Best Practices for Minimum Bandwidth configurations:1. Keep the sum of the weights around or under 1002. Assign a relatively large weight to critical workloads even if they don’t require that percentage
of bandwidth3. Gap the weight assignment to differentiate the level of service to be provided (5, 3, 1)4. Make sure that traffic that is not specifically filtered out is also accounted for with a weight
assignment
Serv
er
Vir
tualiz
ation
Hyp
er-V
2012
Demo: Converged Networks
TechNet
Dynamic Switch PortsBy default, every vSwitch is
placed in the default Primordial pool for theEthernet resource pool
Dynamic Switch Port functionality allows a VM to request to connect to one or more virtual switches in a poll of virtual switches
Primordial pool
vEthernet (Public) vEthernet (DMZ)
Public pool DMZ pool
vEthernet (Public) vEthernet (DMZ)
Resource pool configuration using PowerShell (New-VMResourcePool)
Two-part process1. Create the Ethernet resource pool2. Add the vSwitch to the resource
poolNote: Properly configured Ethernet resource pools on Hyper-V hosts should allow for a proper automatic connection when a VM migrates because the virtual machine network configuration is now part of the virtual machine configuration
Serv
er
Vir
tualiz
ation
Hyp
er-V
2012
Demo: Dynamic Switch Ports
TechNet
Virtual Switch Expanded Functionality VM Settings
Network Adapter
Advanced Features
ARP/ND Poisoning (Spoofing) Protection
DHCP/Router Guard Network Traffic Monitoring
Per VM Bandwidth
Management QoS
Port Mirroring (Source or destination)
Netmon inside the VM required
Pseudo QoS to limit VM Network adapter bandwidth
MAC Spoofing protection
IP6 ND Spoofing attacks protection
Prevents VMs acting as DHCP servers or sent Router Advertisements
Can be managed using Hyper-V powershell module
Set-VMNetworkAdapter -ComputerName localhost -VMName VM1 -PortMirroring Source
Set-VMNetworkAdapter -Name “Network Adapter“ –VMName VM -MaximumBandwidth 20000000
Set-VMNetworkAdapter -ComputerName localhost -VMName VM1 -MacAddressSpoofing On
Set-VMNetworkAdapter -ComputerName localhost -VMName VM1 -DhcpGuard On
TechNet
Per VM Bandwidth Management QoSSwitch bandwidth mode is defined during creation
• VM bandwidth modes, where?• UI = Absolute values (Mpbs)• PS = Absolute or Weight
This is an outbound traffic limit!
Serv
er
Vir
tualiz
ation
Hyp
er-V
2012
Demo: VM Bandwidth limitVM Network Monitor
TechNet
Dynamic Virtual Machine Queue
Requires support from NIC vendors
Supported on
VMQ spreads interrupts for virtual environments the way RSS does for native workloads
Dynamic VMQ reassigns available queues based on changing networking demands of the VMs
All Hyper-V customers should be using VMQ on their 10Gb NICs. Customers without VMQ and with I/O loads in VMs may see each VM’s CPU0 run hot.
Can be configured with Powershell: Get-NetAdapterVmq and NetAdapterVmq
TechNet
Single Root I/O Virtualization (SR-IOV) Remaps interrupts and provides
Direct Memory Access to virtual machines
Requires support in the Hyper-V server chipset (BIOS firmware) and in a Network Adapter (NIC) (driver + firmware) in the host
Virtual Functions (VF) in the SR-IOV-capable adapter are mapped directly to the virtual machine
SR-IOV is supported in VM mobility scenarios
Reduces Network Latency
Reduces CPU overhead
VM network traffic bypasses the vSwitchVery similar to basic RDMA functionality
Not enabled if a destination Host does not support SR-IOV
Host
Root PartitionHyper-V Switch
SR-IOV Physical NIC
Virtual Machine
Virtual Function
RoutingVLAN Filtering
Data Copy
TechNet
Network Isolation
Physical separation
Physical switches and adapters for each type of traffic
Layer 2:VLAN
Tag is applied to packets which is used to control the forwarding
Network Virtualization
Isolation through encapsulation. Independence from physical address space.
Layer 2:Private VLAN (PVLAN)
Primary and Secondary tags are used to isolate clients while still giving access to shared services.
TechNet
Network Isolation Vlan challengesV
LAN
s to
day
Limited scalability. Up to 4094 VLANs
VLANs cannot span multiple subnets
Cumbersome configuration when VMs need to be moved within the Datacenter can result in network outage
Physical Switch support limitations
TechNet
Private VLAN (PVLAN) Isolation
Microsoft
Secondary VLANs
Primary VLAN
Isolated
Promiscuous
Community
VLAN pairs used to provide isolation with small numbers of VLANs.
TechNet
Network Virtualization
Microsoft
• Customer Address (CA) space is based on their network infrastructure
• Provider Address (PA) space is assigned by a hoster based on the physicaladdress space in the datacenter (not visible to the VM)
Questions?
