Hyper-v 2012 and System Center 2012 Virtual Machine Manager: Network Management

Hyper-V in Windows Server 2012 introduces a new paradigm for managing virtual networks leading to all intents to fully level virtualization networking. Virtual Machine Manager allows you to manage this new model at its best. This post wants to shed light on the management of new artifacts necessary for the virtual network infrastructure definition by showing how to better integrate Virtual Machine Manager and Hyper-v and what mistakes you should avoid.

[auth]

Network virtualization with Hyper-V

Server virtualization allows ’ running multiple instances of the server, However isolated from each of them, on a single physical host. Each virtual machine operates as if it were unique server running on the physical computer l ’. Network virtualization offers similar functionality, where on the same physical network, potentially with overlapping IP addresses, I am running multiple virtual network infrastructure, each of which operates as if it were running on the virtual network ’ ’ l single shared network infrastructure.

1

Network virtualization you can achieve using Hyper-V provides the concept of a virtual network that is independent of the underlying physical network. Thanks to this concept of Virtual Network the physical location of an IP subnet is decoupled from the virtual network topology.

 

Managing IP addresses on network virtualization

Virtual network architecture the individual virtual network adapters are associated with two IP addresses:

  • Customer Address (CA): is the IP address assigned to the virtual machine, based on your current network infrastructure. Using this IP address you can exchange network traffic with the virtual machine.
  • Provider Address (PA): is the ’ IP address visible on the physical network, but not to the virtual machine. This address is displayed in network packets exchanged with the Hyper-V server that hosts the virtual machine.

In the diagram below the virtual machines send the address space CA data packets that, through their virtual networks (tunnel), Cross l ’ physical network infrastructure. You can consider the tunnel as "envelopes" that wrap around the data packets (Red and blue) from ’ source host to destination host ’ left to be delivered all right.

This simple analogy stresses the essential aspects of network virtualization:

  • L ’ CA address of each virtual machine is mapped to a physical host address all ’ PA;
  • Virtual machines send packets of data that are placed in an envelope with a pair of source and destination addresses PA;
  • Address mappings CA-PA must allow hosts to distinguish packets destined for various virtual machines.

How the hosts set the "shipping address" (PA) Blue and Red correspond to CA addresses are essential, as well as the way the target host can drop packets and deliver them correctly to virtual machines target red and blue.

The mechanisms Network virtualization used in Hyper-V Windows Server 2012 are two:

  • Generic Routing Encapsulation The first network virtualization mechanism uses Generic Routing Encapsulation (NVGRE) as part of the ’ tunnel header. In the mechanism NVGRE the virtual machine bundle is encapsulated all ’ in another package. L ’ resulting new package header contains source and destination IP addresses appropriate PA, In addition to the ’ virtual subnet ID stored in the key field of ’ GRE header. L ’ ’ virtual subnet ID included in the GRE header identifies the virtual machine all ’ within any package, even if the address overlap PA and CA. In this way all virtual machines on the same host can share a single address PA. The sharing of ’ PA address network scaling because it definitely affects dramatically reduce the number of IP and MAC addresses that the network infrastructure must learn ’. For example,, If the hosts have on average 30 virtual machines, the number of IP addresses and MAC that l ’ the network infrastructure must learn is reduced by a factor 30. Windows Server 2012 provides full support of NVGRE without having to update the ’ network hardware or to buy new components. This is because the package NVGRE in transit is a normal IP packet PA address space compatible with today's network infrastructures.

  • IP Rewrite The second mechanism is supported by Hyper-V virtualization rewriting IP. With this mechanism AC source and destination IP addresses are rewritten with the corresponding addresses PA, as soon as the packets leave l ’ host. Similarly, When packets arrive in ultimate host ’, PA IP addresses are rewritten using appropriate CA addresses before being delivered to the virtual machines. The main difference between IP and Rewriting NVGRE, In addition to the package format, is the fact that the IP Rewrite mechanism requires a PA address unique for each CA address of a virtual machine.

NVGRE or Rewrite IP ?

Encapsulation NVGRE

IP Rewrite

Recommended for most scenarios for the benefits in terms of scalability:

• Compatible with today's network infrastructure hardware ’

• One IP address per host that reduces the load on switches

• Standards based – Support for industry standards and RFC 2784 and 2890

• Full MAC headers and explicitly label virtual subnet ID support analysis, multi-tenant traffic measurement and control

• Hardware soon made to integrate with NVGRE will offer similar performance to the IP rewrite

Currently listed for a stage performance of virtual machines 10 Gbps

NVGRE is the virtualization mechanism recommended for most scenarios network virtualization with Hyper-V. NVGRE is compatible with today's network infrastructures and with the future market entry of products specially made for its integration will offer many other benefits. The mechanisms of IP rewrite is aimed at specific scenarios where virtual machines require very high bandwidth.

Features and benefits of virtualization of network

  • Allows flexible positioning systems Network virtualization using Hyper-V decouples from the virtual networks ’ physical network infrastructure (such as hosting service providers), allowing more freedom in the positioning of VM. The placement of virtual machines is no longer limited by ’ IP addressing or insulation requirements given by the physical network VLAN.
  • Makes moving IaaS cloud systems (Infrastructure as a Service) shared
    Network IP addresses with virtualization and virtual machine configurations remain unchanged. In this way you can easily move the VM from its data center in an IaaS hosting providers (Infrastructure as a Service).
  • Enables live migration across subnets Live migration of virtual machines was traditionally restricted to the same IP subnet or VLAN because switching between subnet required that the guest operating system on the virtual machine to change IP address. This change of address truncates existing communication and disrupts the services that are running on the virtual machine. Network virtualization enables live migration of servers from one subnet to a ’ other without changing their IP addresses.
  • Simplifies the network and improves ’ server and network resource utilization The greater flexibility of placement of virtual machines can simplify network management and improve network and server resources ’.
  • Use Windows PowerShell and WMI Windows PowerShell cmdlets allow administrators to create automated scripts for configuring, monitoring and troubleshooting.
  • Compatible with existing infrastructure and new technologies ’ l Network virtualization can be used in today's data center, but at the same time it is compatible with the latest technologies and is guaranteed theInteroperability with existing resources.

How to better manage network virtualization ?

Virtual Machine Manager 2012 SP1 allows you to manage this new model at best and completely. It then becomes the key tool to more easily manage network virtualization in complex environments. Without SCVMM 2012 SP1 before you can configure network virtualization you need to use Powershell as there is the possibility to directly control the configuration through the Hyper-V Manager.


Network architecture in VMM 2012 SP1

Although simplified diagram below illustrates the various layers that make up l ’ virtual network solution architecture. We find your physical network and then Hyper-V hosts at the bottom of the diagram and the virtual machines and virtual services top. To the right are the names of all the components and on the left we find how these components are linked together.

Logical Network

The Logical Network represent a ’ abstraction of the underlying physical network infrastructure ’ and allow you to model your network as needed and connectivity properties. A logical network is used to organize and simplify network assignments to hosts, to the virtual machines and services.

Network Site

When creating a Logical Network Thereis the ability to create Network Site (also known as Logical Network Definition) to define VLAN, IP subnets and IP subnet pairs / VLAN.

In the following picture you can see the Network Site associated with a Logical Network called "Production":

To enable the Logical Network "Production" is supported in both of these locations are needed 2 Network Site as shown in Figure.

To the scoping of the logical network on a host group of Network site does not automatically make the Logical Network available in every host in the Group, but this prevents the possibility of associating the Logical Network to hosts that are not within the host group targets. To make the Logical Network available on a host, you must associate it with a physical network adapter to that host.

Static IP pools defined in site of the logical network are used only when creating a VM from a VM template or from a Service Template.

IP / MAC Address Pools

Virtual Machine Manager can automatically assign IP addresses for the pool a:

  • Stand alone Windows based VM running on any managed host (Hyper-V, VMware ESX or Citrix XenServer);
  • VMS deployed as part of a service;
  • Physical computers when you use VMM to configure the Hyper-V role.

The concept of IP address pool we find both in Logical Network in VM Network:

  • IP address pool associated Logical Network:
    • IP addresses belonging to the pool are known as Provider Address (PA)
    • Each machine must be assigned an IP address from a Pool that has been defined for the Logical Network
    • Must be routable between Hyper-V hosts
  • IP address pool associated VM Network:
    • These addresses are referred to as Customer Addresses (CA) -> Visible only within the VM
    • Need to define the range of IP that can be assigned to virtual machines connected to this network
    • The first IP pool is assigned to the switch
    • You can create multiple IP address Pool all ’ within the same VM Network

At the time, there can be no overlap between Provider Address (PA) range and Customer Addresses (CA) range.

How is the association between the host and the Logical Network ?

After defining the Logical Network l ’ recommended approach in Virtual Machine Manager 2012 SP1 is to establish l ’ set of properties and characteristics that you want to apply to the network adapters on each host using Port Profile and Logical Switch.

The advantage principal of using this approach is that it allows you to consistently apply the same settings to network adapters on multiple hosts.

Uplink Port Profile

A Uplink port profile is a template Thanks to which:

  • You define the characteristics of the connection between logical switch and the physical network
  • You define the network adapter teaming load balancing algorithm and for teaming
  • You specify which Logical Network are able to connect through a network adapter

An Uplink port profile can be added to a Logical Switch which can be applied to a network adapter to a physical host.

In most cases it will create an Uplink port profile for each set of hosts that have the same physical connectivity, Therefore you may need to create multiple uplink profile to a single location in the data center.

As a rough indication if you have multiple physical networks, or if you want to restrict Logical Network to specific host all ’ within a particular physical location then you will need to create multiple Uplink Port Profile.

Native Port Profile (for Virtual Network Adapter)

A Native port profile is a template that defines the following settings for virtual network adapters (even those seen from the physical host through a logical switch for converged networks):

  • Offload settings
    • Virtual Machine Queue (VMQ)
    • IPSec task offload
    • Single-root i/o virtualization (SR-IOV)
  • Security settings
    • Mac spoofing
    • DHCP guard
    • Router guard
    • Guest teaming
    • IEEE priority tagging
  • Employment bandwidth settings
    • Minimum bandwidth (Mbps)
    • Maximum bandwidth (Mbps) [from 0 Mbps MAX 100,000 Mbps]
    • Minimum bandwidth weight [from 0 to 100]

You will need to create a Native Virtual Adapter Port Profile for each logical network.

Logical Switch

A Logical Switch is a template that is used to create Virtual switches on Hyper-V Windows Server 2012 and brings together:

  • Uplink Port Profile
  • Native Port Profile
  • Port Classification-> "friendly" name for the Network Adapter Port Profile that appears when you connect the VM to your network
  • Switch Extension

In principle a logical switch is required for each physical network exists in your environment, But if you're going to limit some logical networks to a limited set of host or you have custom connectivity needs you may need to create additional Logical Switch. Normally there will be at least 1 logical switch for each logical network.

Virtual Machine Network

The VM Network provide l ’ interface (of network) through which a virtual machine connects to a specific Logical Network. In SCVMM 2012 SP1 all virtual machines must be connected to a Virtual Machine Network to be able to access network resources, It follows that it will require at least a VM Network for each Logical Network.

When creating VM Network isolation policies can be defined:

  • No Isolation -> the VM Network provides at VM direct access to the Logical Network (Virtual Machine Manager behavior 2012 not SP1);
  • Isolation -> You must define the subnet used by VM. This allows the virtual switch to create routing tables to virtual networks.

By default, the Virtual Machine does not have Network connectivity to the external ’, which means that the virtual machines associated with it will be able to communicate only with other virtual machines on that network. To provide connectivity, you must configure:

  • VPN Gateway Device: provides a VPN connection to an external network;
  • Gateway Device: enables VM on the Virtual Network to communicate with other networks in the local datacenter.

It is important to note that the relationship between a VM Network and the Logical Network is established when the VM Network is created and cannot be changed later. If you want to use a ’ other logical network you must delete the existing VM Network and create a new one.

Francis

[/auth]

Please follow and like us: