Advancing Software Defined Networking Simplifying Datacenter Network management Improving Network Performance Delivering Continuously Available Applications Networking in the Hybrid Cloud

Delivering Continuously Available Applications Advancing Software Defined Networking Hyper-V Extensible Switch Hyper-V Network Virtualization DHCP FailoverSMB Multichannel Quality of Service Simplifying Datacenter Network Management IP Address Management (IPAM) Remote Live capture Network Management using Virtual Machine Manager Network Monitoring using Operations Manager Microsoft Windows PowerShell Networking in the Hybrid Cloud Extending to Azure Extending to Service Providers Cross premise connectivity Improving Network Performance vRSS Single Root I/O Virtualization (SR-IOV) NIC Teaming SMB Direct (RDMA) Dynamic VMQ Inbox HNV Gateway Virtual Machine Manager Enhancements

IT demands Windows Server 2012 R2 delivers Simplified use of network resources in a multi-tenant, cross-premises environment Continuously available and resilient network infrastructure Greater control and more extensibility Software-defined network infrastructure. High-performance networking. Improved manageability and diagnostics. Hybrid networking with breakthrough levels of flexibility and performance

Open, Extensible and Standards based Built-in and production ready Innovation in software and hardware Hyper-V Network Virtualization Hyper-V Extensible Switch Inbox Gateway Management with System Center Virtual Machine Manager

BACKGROUND Network virtualization lags behind compute and storage Administration within the data center may be soiled THE CHALLENGES Physical network configuration is not flexible Workloads tied to underlying hardware configurations Configuration changes are manual and cumbersome Diverse network infrastructure requires vendor-specific management and control Greater VM mobility and density difficult to achieve VMs

Enables software to dynamically manage the network by: Enabling integrated policies that span physical and virtual networks Abstracting workloads from the physical network Controlling datacenter traffic flow

What the Hyper-V Switch does: Provides L2 layer connectivity for VMsExtends the network edge to the host Features Isolation Traffic Shaping Security Diagnostics Switch Extensibility Physical Network Hyper-V Host Virtual Switch VM NIC Virtual Machine Physical NIC

Host NIC Extends virtual switch functionality by addingswitch extensions Provides open platform supporting third-partyplug-ins to add functionality Lets customers manage virtual network thesame way they would manage a physicalnetwork Helps monitor the security of virtual machineto virtual machine traffic Provides unified management andenforcement of plug-ins with Virtual MachineManager across entire datacenter Includes NDIS filter drivers, WFP calloutdrivers, Ingress filtering, Destination lookupand forwarding and Egress filtering extensions Extension C Extension D Extension A Extension Miniport Extension Protocol Virtual Switch Capture Extensions Filtering Extensions Forwarding Extension VM NIC Physical NIC

Host NIC Extension C Extension D Extension A Extension Miniport Extension Protocol Virtual Switch Capture Extensions Filtering Extensions Forwarding Extension VM NIC Physical NIC Key Features Extension monitoring & uniqueness Extensions that learn VM life cycle Extensions that can veto state changes Multiple extensions on same switch VMM for Unified Management Several Partner Solutions Available Cisco – Nexus 1000V & UCS-VMFEX NEC – ProgrammableFlow PF1000 5nine – Security Manager InMon - SFlow Build Extensions for Capturing, Filtering & Forwarding

How network virtualization works Overlays multiple virtual networks onshared physical network Uses industry standard General RoutingEncapsulation (NVGRE) protocol Problems solved Creates VM mobility across datacenter, hoster cloud or Azure without network constraints Provides ability to import customer IP addresses and network topology Helps remove VLAN constraints Helps eliminate hierarchical IP address assignment for virtual machines

Tenants with overlapping IP Address range share same physical network Policies enforced at host level using PowerShell or System Center Virtual Machine Manager DHCP servers can be part of virtualized network to enable locally assigned IP addresses Supports guest clustering

 Supports richer switch extensions  Extensions can view CA and PA addressesinside the switch  Requires extension upgrade to NDIS 6.40  Changes forwarding logic  HNV packets are flagged for native forwarding  Other packets forwarded by forwardingextension, if present  Enables packet header modification  Forwarding extensions can modify packetheaders on both ingress and egress Extension vSwitch IngressEgress Native Policies Egress ACL pNIC LBFO IM MS Forwarding IngressEgress WNV Extension vSwitch IngressEgress Native Policies Egress ACL pNIC LBFO IM MS Forwarding WNV Ingress Egress

IP Virtualization Policy Enforcement Routing VSID ACL Enforcement Network Virtualization Packet Flow Blue 1 sending to Blue 2 Network Virtualization ARP TABLE 34:29:af:c7:d9: :29:af:c7:d9:12 IP Virtualization Policy Enforcement Routing VSID ACL Enforcement Network Virtualization

IP Virtualization Policy Enforcement Routing VSID ACL Enforcement Network Virtualization IP Virtualization Policy Enforcement Routing VSID ACL Enforcement Network Virtualization Network Virtualization Packet Flow Blue 1 sending to Blue 2

Challenges Hoster wants to provide isolated networks for tenant VMs with integral S2S VPN and NAT Enterprises have virtualized networks split across different datacenters or virtualized networks (NVGRE aware) communicating to physical networks (NVGRE unaware) Solution Multi-tenant VPN gateway in Windows Server 2012 R2 Integral multitenant edge gateway for seamless connectivity Guest clustering for high availability BGP for dynamic routes update Encaps/Decaps NVGRE packets Multitenant aware NAT for Internet access Internet FabrikamContoso Bridge Between VM Networks & Physical Networks

What it means: Provides ability to control physical network hardware directly from applications Enforces routing policies on the fly Requires programmable hardware that uses a standard protocol like OpenFlow, Cisco OnePK and so on. Challenges: Adds complexity to the application Creates challenges in heterogeneous environment Is it production ready? Applicable to certain classes of applications like Microsoft Lync, Network diagnostic tools, high fidelity video games Most Line of Business applications and workloads may not need this level of control

Challenges Manage a large number of physical and virtual switches Integrate management of physical and virtual networks Solution Logical Network Organizes and simplifies network assignments for hosts, virtual machines and services Integrated physical and virtual switch VLAN policy VM Network Creation/deletion of isolated virtual network overlay (HNV) on physical network VM Network Logical NW Physical Network VLAN 25 Subnet /26 Fabric Virtual Extensio n VM Network Logical NW

Challenges Allow seamless migration of VM while maintaining network policy Solution Logical Switch Single logical entity spanning hosts Consistent policy and configuration Management of Hyper-V Extensible Switch Installation and configuration of switch extensions Configuration of network policies Network policies automatically move with the VM Includes 3 rd party extensions VM Network Logical NW Physical Network VLAN 25 Subnet /26 Fabric Virtual Extensio n VM Network Logical NW

Communicating using WS-MAN OMI How switch management works Standards-based CIM modelSwitches running Open ManagementInfrastructure (OMI)Switch Management PowerShellCmdlets Problems solved Common management interface across multiple network vendors A utomate common network management tasks Logo Program enables customers to find/buy switches that “just work”

OMI-based top-of-rack switch Hyper-V switch extensions Chipset extensions Gateway appliances

To Workload Owners To EnterprisesTo Hosters To Private/Public Cloud Datacenter Admins

DHCP failover Quality of Service SMB Multichannel Embrace a multi- vendor ecosystem Provide consistent bandwidth for services Run services without interruption Automatically remediate issues with no human intervention NIC Teaming

Automatic detection and use of multiple networkconnections between SMB client and server Helps server applications be resilient to networkfailure Transparent Failover with recovery of networkfailure if another connection is unavailable Improved throughput Bandwidth aggregation through NICTeaming Multiple nodes/CPUs for networkprocessing with RSS-capable networkadapters Automatic configuration with very littleadministrative overhead

Automatic DHCP failover based on DHCPfailover IETF spec Provides multi-site IP address continuity toclients by helping eliminate single points offailure Provides in-box support for failover,without the need for clustering Uses a failover setup consisting of twoservers located across different geographiclocations Includes active/active or active/passivebehavior Simple provisioning and configuration ofDHCP server using PowerShell Hot standby DHCP failover in a hub-and-spoke deployment Load-sharing DHCP failover in a single site with a single subnet

Helps guarantee predictable networkperformance and fair sharing during congestion Supports bandwidth floors and bandwidth caps Helps enforce customer SLAs and maximumpricing caps Sets QoS for virtual machine or traffic type Uses software built into Windows Server 2012 R2or hardware capable of Data Center Bridging(DCB) to assign minimum QoS settings Supports dynamic change of QoS settingsthrough PowerShell without any downtime Runtime bandwidth demand (gigabits per second) ServiceReservation T1T2T3 Virtual machine 30%442 Storage40%556 Live migration 20%032 Cluster Shared Volume 10%0.510 T T T When bandwidth is available, each service takes as much as it can When the link is congested, each service takes its fair share When bandwidth becomes available, each service takes as much as it wants 2

Virtual adapters Team network adapter Provides network fault tolerance andcontinuous availability when networkadapters fail by teaming multiple networkinterfaces Supports all vendors in-box Facilitates local or remote managementthrough Windows PowerShell or UI Enables teams of up to 32 network adapters Aggregates bandwidth from multiple networkadapters Includes multiple nodes: switch dependentand independent

Virtual adapters Team network adapter  TCP streams or "flows” are generally not continuous  Groups of packets sent between flows are called “flowlets”  Dynamic load balancing detects breaks in a flow of sufficient length to minimize possibility of packet reordering  Flows can be moved to other team members on flowlet boundaries to rebalance traffic  Dynamic LBFO maximizes resource utilization in teamed NICs by balancing loads across all NIC team members  Ideal when there are fewer VMs per team

File Client SMB Buffer File Server With RDMAWithout RDMA App Buffer SMB Buffer OS Buffer Driver Buffer SMB Buffer OS Buffer Driver Buffer App Buffer SMB Buffer rNIC NIC Adapter Buffer NIC Adapter Buffer Adapter Buffer Adapter Buffer InfiniBand Higher performance through offloading of network I/O processing onto network adapter Higher throughput with low latency and ability to take advantage of high-speed networks (such as InfiniBand and iWARP) Remote storage at the speed of direct storage Transfer rate of around 50 Gbps on a single NIC port Compatible with SMB Multichannel for load balancing and failover

Without VMQ Hyper-V Virtual Switch is responsible forrouting & sorting packets for VMs This leads to increased CPU processing, allfocused on CPU0 With VMQ Physical NIC creates virtual networkqueues for each VM to reduce host CPU With Dynamic VMQ Processor cores dynamically allocated fora better spread of network trafficprocessing Increased efficiency of network processing on Hyper-V hosts Hyper ‑ V Host

vRSS provides near line rate to a VMon existing hardware, making itpossible to virtualize traditionallynetwork intensive physical workloads Extends the RSS functionality builtinto Windows Server 2012 Maximizes resource utilization byspreading VM traffic across multiplevirtual processors Helps virtualized systems reach higherspeeds with 40 Gbps and 100 GbpsNICs Requires no hardware upgrade andworks with any NICs that support RSS Node 0Node 1 Node 2 Node Incoming packets vNIC

VM traffic bypasses virtual switch and performs I/Odirectly to NIC Ideal for high I/O workloads that do not require portpolicies, QoS, or network virtualization enforced at theend host virtual switch Most 10Gbps and in-box NICs SR-IOV capable Benefits Maximizes use of host system processors and memory Reduces host CPU overhead for processing networktraffic (by up to 50%) Reduces network latency (by up to 50%) Provides higher network throughput (by up to 30%) Full support for Live Migration Host Virtual Machine VM Network Stack Synthetic NIC Hyper ‑ V Extensible Switch Virtual Function

Provide an easy-to-use, robust automation framework Monitor resource usage Manage IP address space and consolidate external tools Simplify management in multisite environments Management with Virtual Machine Manager IP Address Management Windows PowerShell Resource Metering Monitoring with Operations Manager

Domain europe.corp.woodbridge.com IPAM Server (UK) DHCP, DNS, DC, and NPS servers IPAM Server (Bangalore) DHCP, DNS, DC, and NPS servers Domain fareast.corp.woodbridge.com IPAM Server (Hyderabad) DHCP, DNS, DC, and NPS servers IPAM server (Redmond) DHCP, DNS, DC, and NPS servers Inbox feature for integrated management of IPaddresses, domain names, and device identities Tightly integrates with Microsoft DNS andDHCP servers Provides custom IP address space display,reporting, and management Audits server configuration changes and tracksIP address use Migrates IP address data from spreadsheets orother tools Monitors and manages specific scenario-basedDHCP and DNS services

Manages virtual address space in addition tophysical address space Imports and exports network configurationsautomatically through plugin for System CenterVirtual Machine Manager Enables synchronization of Active DirectorySites and subnets information with IPAM Supports large scale enterprise deployments Uses SQL Server to store IP address information Lets admins define user roles, access scope andaccess policy through role-based access control Network Administrator Fabric Administrator System Administrator Forensics Investigator

Comprehensive coverage with more than 400 cmdlets related to networking Remote machine management support Integrated object model

Metrics A two-tenant environment built with Hyper-V in Windows Server 2012 R2 Average CPU use Average memory use Minimum memory use Maximum memory use Maximum disk allocation Incoming network traffic Outgoing network traffic Storage IOPS Virtual Machine Resource Metering 2010 Resource Pool Internet Resource Metering Resource pool Internet Customer Resource pool Internet Customer Benefits Tracks and meters resource usage and provides infrastructure to build chargeback solutions Tracks resource usage of individual virtual machines or virtual machine pools Metering not affected by virtual machine movement Uses active control lists (ACLs) from network metering port Provides complete Windows PowerShell support

Server or client with Microsoft Message Analyzer Windows Server 2012 R2 WMI to configure the filters and truncation WMI starts/stops the session Truncated network traffic redirected ETW events Remote monitoring of network traffic on ain Windows Server 2012 is not simple Windows Server 2012 R2 makes it easy tomirror and capture network traffic forremote and local viewing Provides integrated GUI experiencewith Message Analyzer Collects offline traffic captures fromremote computers Provides filters to select packets by IPaddresses and VMs Captures ETW events for remote andlocal viewing

Load balancers Switch extension managers Network virtualization gateway Examples: F5 BIG-IP, Brocade Server, Iron ADX, Citrix NetScaler, Microsoft network load balancer Examples: Cisco Nexus 1000v, inMon sFlow, 5nine, NEC Examples: Windows Server Inbox Gateway, IronNetworks, F5, Huawei

Uses SNMP to discover network devices List of network devices with extended monitoring capability  Monitors physical network routers and switches  Interfaces and ports/virtual local area networks (VLANs)  Hot Standby Router Protocol (HSRP) groups  Firewalls and load balancers  Increases visibility into your network infrastructure  Identify failures in critical services and applications that were caused by the network  Show how the network connects to servers

Seamlessly extend Datacenter to Azure Inbox Gateway to extend beyond private cloud Extending your private cloud to hosters Extending your private cloud to Azure Cross-premises connectivity

Hosted Cloud Contoso private cloud Woodgrove private cloud Subnet1 Subnet2 Subnet1 Subnet2 Contoso London branch Subnet3 Contoso New York branch Subnet4 Woodgrove Brazilian branch Subnet3 Subnet4 Windows Server 2012 R2 remote access site-to- site VPN server Industry standard IKEv2-IPsec router VPN site-to-site functionality inremote access: Provides cross-premises connectivitybetween enterprises and hosting serviceproviders Connects to private subnets in hostedcloud networks Provides connectivity amonggeographically separate enterprises

Orange Corp site1 Orange Corp site2 S2S Tunnel Orange Virtual Network BGP Active-Standby  Provides multitenant S2S gateway for hybrid cloud connectivity  Includes guest clustering for HA  Uses BGP for dynamic routes update  Provides multitenant-aware NAT for Internet access  Multi-tenant VPN for access to cloud from internet

Virtual Network Your datacenter On premises Subnet 1 Subnet 2Subnet 3 DNS Server Individual computers behind corporate firewall VPN Gateway VPN Device Site-to-Site VPN Remote workers VPN Device  Extend your datacenter to Azure by creating VMs in private networks  Connect individual computers to Azure VMs and virtual networks using Point to Site connectivity without VPN device  Windows inbox gateway to connect virtual networks in private cloud and Azure

Advancing Software Defined Networking Simplifying Datacenter Network management Improving Network Performance Delivering Continuously Available Applications Networking in the Hybrid Cloud