Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks

Module Overview Creating and Using Hyper-V Virtual Switches Advanced Hyper-V Networking Features Configuring and Using Hyper-V Network Virtualization

Lesson 1: Creating and Using Hyper-V Virtual Switches Overview of the Hyper-V Virtual Switch Types of Virtual Switches What Is VLAN Tagging?

Overview of the Hyper-V Virtual Switch Software implemented layer two switch Connects virtual machines to virtual and physical networks Parent partition is also A virtual machine Extensible, has advanced features, can be replaced Policy enforcement, isolation, traffic shaping, protection Managed by Hyper-V Manager and Windows PowerShell Get-VMSwitch Parent partition can have multiple virtual NICs Can be connected to different virtual switches Can have different bandwidth limitations

Overview of the Hyper-V Virtual Switch

Types of Virtual Switches Parent has physical network adapter(s) Each virtual machine (and parent) has virtual network adapter(s) Each virtual network adapter is connected to a virtual switch Type of virtual switch is: External – connects to a physical or wireless adapter Internal – parent and virtual machine connections only Private – virtual machine connections only Configuration Use Virtual Switch Manager to create virtual switches Use virtual machine settings to connect a virtual network adapter to a switch

Types of Virtual Switches - Physical network adapter - Virtual network adapter - Virtual switch Parent App Virtual machine App Virtual machine App Parent App Virtual machine App Virtual machine App Private Parent App Virtual machine App Virtual machine App Internal External Parent App Virtual machine App Virtual machine App No IP IP NAT

Types of Virtual Switches

What Is VLAN Tagging? Used to isolate network traffic for nodes that are connected to the same physical network VLANs are used by Hyper-V to Isolate Hyper-V server management networks Isolate virtual machines that are connected to external virtual switches Isolate virtual machines on a single Hyper-V server VLAN ID can be configured on Virtual machine network adapter External and Internal virtual switch VLAN is limited to a single physical subnet VLAN ID has 12 bits (up to 4,094 VLAN IDs)

Lesson 2: Advanced Hyper-V Networking Features Virtual Switch Expanded Functionality Virtual Switch Extensibility What Is SR-IOV? What Is Dynamic Virtual Machine Queue? Network Adapter Advanced Features NIC Teaming in Virtual Machines

Virtual Switch Expanded Functionality ARP/Neighbor Discovery Poisoning protection Protects against ARP and Neighbor Discovery spoofing DHCP Guard protection Protects against rogue DHCP server in virtual machine Port ACLs Enables isolation by allowing/denying traffic Trunk mode to a virtual machine Trunk mode forwards traffic from multiple VLANs Network traffic monitoring Bandwidth limit and burst support

Virtual Switch Extensibility Extensible NDIS filter drivers WFP callout drivers Extensions Ingress Forwarding Egress Monitoring Virtual switch can be replaced Parent partition Extension miniport Extension protocol Hyper-V virtual switch Physical NIC Virtual machine Host NIC Virtual machine NIC Virtual machine Virtual machine NIC Filtering extensions Forwarding extension WFP extensions Capture extensions

What Is SR-IOV? Requires support in network adapter Provides Direct Memory Access to virtual machines Increases network throughput Reduces network latency Reduces CPU overhead on the Hyper-V server Virtual machine bypasses virtual switch Supports Live Migration Network I/O with SR-IOV Network I/O without SR-IOV Physical NIC Parent partition Virtual switch Routing VLAN Filtering Routing VLAN Filtering Virtual machine Virtual NIC SR-IOV Physical NIC Virtual Function VMBUS Even when different SR- IOV adapters are used

What Is Dynamic Virtual Machine Queue? Network adapter uses receive queues to route traffic to the appropriate virtual machine Physical network adapter must support VMQ Dynamically use multiple CPUs when processing virtual machine network traffic DMA reduces CPU overhead on Hyper-V server Beneficial when virtual machines receive lot of network traffic VMQ is automatically configured and tuned Based on processor networking and CPU load VMQ is enabled by default on a virtual network adapter Used only if the physical network adapter supports VMQ

Network Adapter Advanced Features Same features available for all virtual network adapters Features are implemented in Hyper-V virtual switch

NIC Teaming in Virtual Machines Provides redundancy and aggregates bandwidth Can be used at the operating system and virtual machine level Multiple physical network adapters in an NIC team If a physical adapter fails, virtual switch has connectivity Multiple virtual network adapters in an NIC team If a virtual switch fails, virtual machine has connectivity Particularly important when SR-IOV is used SR-IOV traffic bypasses the virtual switch Intended and optimized to support teaming of SR-IOV May be used with any virtual network interface Virtual machine must have multiple network adapters Connected to different virtual switches MAC address spoofing must be enabled

Lesson 3: Configuring & Using Hyper-V Network Virtualization Providing Multitenant Network Isolation What Is Network Virtualization? Benefits of Network Virtualization What Is Network Virtualization Generic Routing Encapsulation? What Are Network Virtualization Policies?

Providing Multitenant Network Isolation Multiple isolated networks on the same infrastructure VLANs are often used Limited scalability (maximum of 4094 VLANs) VLANs cannot span multiple subnets Challenging to reconfigure when adding or moving virtual machine VLAN ID Switch Virtual machines Switch

Providing Multitenant Network Isolation Private VLANs Addresses some VLAN scalability issues Reduces number of IP subnets and VLANs Virtual switch can limit virtual machines to the same VLAN Port ACLs Challenging to manage and update ACLs Hyper-V virtual switch supports private VLANs and port ACLs The solution is Software Defined Networking Network virtualization is an implementation of Software Defined Networking Hyper-V enables network virtualization

What Is Network Virtualization? Server virtualization Multiple virtual machines on a same physical server Each virtual machine is isolated from others Physical server Blue virtual machine Red virtual machine Blue networkRed network Physical network Network virtualization Multiple virtual networks on a same physical network Each virtual network is isolated from others

Benefits of Network Virtualization Flexible virtual machine placement Multitenant network isolation without VLANs IP address reuse Live migration across subnets Is compatible with existing network infrastructure Transparent moving of virtual machines to shared IaaS cloud Can be configured using Windows PowerShell Can also use System Center 2012 R2 Virtual Machine Manager

What Is Network Virtualization Generic Routing Encapsulation?    GRE Key=5001 GRE Key=6001 MAC      (Provider address ) (Provider address) (Customer address) (Customer address) Customer address space based on virtual machine configuration Provider address space based on physical network Not visible to the virtual machines

What Are Network Virtualization Policies? SQL WEB SQL WEB Blue Yonder Airlines Customer Address Provider Address Woodgrove Bank Customer Address Provider Address Policy Settings Provider Address Space Data Center Network Hyper-V Host 1Hyper-V Host SQL WEB Customer Address Spaces Blue Yonder Airlines Woodgrove Bank Define customer address-provider address mappings Specify on which Hyper-V server virtual machines are running Hyper-V implements policies by translating incoming and outgoing packets If a virtual machine is moved, policies are modified Virtual machine configuration stays the same