Download presentation
Presentation is loading. Please wait.
1
Hyper-V Network Virtualization
Motivation & Packet Flows
2
Evolution of Clouds Cloud Infrastructure Optimization Traditional
Public Private Hybrid Traditional Datacenters with Dedicated Servers Server Virtualization in Datacenters Servers Infrastructure Optimization Cost Flexibility
3
Any Service Any Server Any Cloud
4
Private Cloud Datacenter Consolidation
Distinct Datacenters Business Units Multi-Tenant Datacenter Sales Sales Finance Finance R&D R&D
5
Hybrid Cloud: Seamless Datacenter Extension
Private Cloud / Enterprise Datacenter Public Cloud
6
Multi-Tenant Cloud Requirements
Private Cloud Public Cloud Secure isolation Dynamic service placement QoS & resource metering Multiple business units on shared infrastructure Multiple customers on shared infrastructure Multi-Tenant Datacenter Finance Sales Contoso Bank Woodgrove Bank
7
Challenges in Building Clouds
Physical location determines network address IP address topology limits VM placement Limited workload mobility Consolidate workloads to efficiently use CPU, storage, network Limited VM placement leads to infrastructure overprovisioning Resource utilization Deploying VMs requires tight cooperation of server/network admins Coordinating teams increases complexity and reduces agility Operational inefficiency VLANs not suited for dynamic cloud topologies Reconfiguration of production switches increases risk Scalable multi-tenancy VM IP addresses are entangled with security and access policies Need to change IP addresses reduces cloud adoption Onboarding
8
Datacenter Resource Utilization: Consolidation
Typical: Fragmented Ideal: Consolidated
9
Resource Utilization: Flexibility and Growth
Ideal: Workloads placed anywhere and can dynamically grow and shrink without being constrained by the network
10
Dynamic VLAN Reconfiguration is Cumbersome
Aggregation Switches VLAN tags ToR ToR VMs Topology limits VM placement and requires reconfiguration of production switches
11
To improve resource utilization on servers we virtualized them
Therefore… Virtualize Network message animated to automatically follow Therefore…. Virtualize the Network!
12
Hyper-V Network Virtualization
Blue VM Red VM Blue Network Red Network Virtualization Physical Server Physical Network Server Virtualization Run multiple virtual servers on a physical server Each VM has illusion it is running as a physical server Hyper-V Network Virtualization Run multiple virtual networks on a physical network Each virtual network has illusion it is running as a physical network
13
Hyper-V Network Virtualization Benefits
To Workload Owners Seamless migration to the cloud Move n-tier topology to the cloud Preserve policies, VM settings, IP addresses To Enterprises Private Cloud datacenter consolidation and efficiencies Extension of datacenter into hybrid cloud Incremental integration of acquired company network infrastructure To Hosters Bring Your own IP Bring Your network topology Scalable multi-tenancy To Private/Public Cloud Datacenter Admins Flexible VM placement without reconfiguration Decoupling of server and network admin roles increases agility Think about 3 audience Workload owner (missing) Enterprise cloud Hoster
14
Virtualize Customer Addresses
Provider Address Space (PA) Virtualization Policy System Center Datacenter Network Host 1 Host 2 Blue Corp Blue Blue Blue Blue Red Corp Red Red Red Red Customer Address Space (CA) Red2 Blue2 Red1 Blue1 CA PA
15
Hyper-V Network Virtualization Concepts
Customer VM Network One or more virtual subnets forming an isolation boundary A customer may have multiple Customer VM Networks e.g. Blue R&D and Blue Sales are isolated from each other Virtual Subnet Broadcast boundary Blue Corp Red Corp Blue Subnet1 Blue Subnet3 Blue Subnet2 Blue Subnet5 Blue Subnet4 Red Subnet2 Red Subnet1 Blue R&D Net Blue Sales Net Red HR Net Hoster Datacenter Customer VM Network Virtual Subnet
16
Standards-Based Encapsulation - NVGRE
Better network scalability by sharing PA among VMs Explicit Virtual Subnet ID for better multi-tenancy support GRE Key Blue Subnet MAC GRE Key Red Subnet MAC Different subnets
17
Hyper-V Network Virtualization Architecture
Network Virtualization is transparent to VMs Management OS traffic is NOT virtualized; only VM traffic Hyper-V Switch and Extensions operate in CA space VM1 VM1 Windows Server 2012 Management Live Migration CA1 CA1 Blue VM1: MAC1, CA1, PA1 VM2: MAC2, CA2, PA3 VM3: MAC3, CA3, PA5 … Red VM1: MACX, CA1, PA2 VM2: MACY, CA2, PA4 VM3: MACZ, CA3, PA6 Data Center Policy Hyper-V Switch System Center Host Agent Cluster Storage System Center VSID ACL Isolation Switch Extensions Network Virtualization Datacenter IP Virtualization Policy Enforcement Routing Host Network Stack PA1 PAX PA2 PA Y Host 1 Host 2 PA1 CA1 CAX CA2 CA Y VM1 AA1 VMX AAX VM2 VMY NIC NIC
18
Packet Flow: Same Virtual Subnet Same Host
19
Packet Flow: Blue1 Sending to Blue2
Same VSID :: Same Host Packet Flow: Blue1 Sending to Blue2 Use MACB2 for Blue1 learns MAC of Blue2 Blue1 Red1 Blue2 Red2 where is ? ARP for VSID 5001 VSID 6001 VSID 5001 VSID 6001 Blue2 responds to ARP for IP on VSID 5001 with Blue2 MAC Hyper-V Switch VSID ACL Enforcement Hyper-V Switch broadcasts ARP to: All local VMs on VSID 5001 Network Virtualization filter Network Virtualization IP Virtualization Policy Enforcement Routing Packet flow animated NIC MACPA1
20
Packet Flow: Blue1 Sending to Blue2
Same VSID :: Same Host Packet Flow: Blue1 Sending to Blue2 Blue1 Red1 Blue2 Red2 sent from Blue1 MACB1MACB VSID 5001 VSID 6001 VSID 5001 VSID 6001 OOB: VSID:5001 in Hyper-V switch MACB1MACB Hyper-V Switch VSID ACL Enforcement Network Virtualization IP Virtualization Policy Enforcement Routing Packet flow animated NIC MACPA1
21
Packet Flow: Blue2 Receiving
Same VSID :: Same Host Packet Flow: Blue2 Receiving Blue1 Red1 Blue2 Red2 received by Blue2 MACB1MACB VSID 5001 VSID 6001 VSID 5001 VSID 6001 Hyper-V Switch in Hyper-V switch VSID ACL Enforcement OOB: VSID:5001 MACB1MACB Network Virtualization IP Virtualization Policy Enforcement Routing Packet flow animated NIC MACPA1
22
Packet Flow: Same Virtual Subnet Different Hosts
23
Packet Flow: Blue1 Blue2
Same VSID :: Different Host Packet Flow: Blue1 Blue2 where is ? ARP for NIC Hyper-V Switch VSID ACL Enforcement Blue1 Red1 Network Virtualization MACPA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing NIC Network Virtualization MACPA2 Hyper-V Switch VSID ACL Enforcement Blue2 Red2 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing Hyper-V Switch broadcasts ARP to: All local VMs on VSID 5001 Network Virtualization filter OOB: VSID:5001 Network Virtualization filter responds to ARP for IP on VSID 5001 with Blue2 MAC ARP for Packet flow animated ARP is NOT broadcast to the network
24
Packet Flow: Blue1 Blue2
Same VSID :: Different Host Packet Flow: Blue1 Blue2 Use MACB2 for Blue1 learns MAC of Blue2 NIC Hyper-V Switch VSID ACL Enforcement Blue1 Red1 Network Virtualization MACPA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing NIC Network Virtualization MACPA2 Hyper-V Switch VSID ACL Enforcement Blue2 Red2 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing OOB: VSID:5001 Use MACB2 for Packet flow animated MACPA1 ARP is NOT broadcast to the network
25
Packet Flow: Blue1 Blue2
Same VSID :: Different Host Packet Flow: Blue1 Blue2 NIC Hyper-V Switch VSID ACL Enforcement Blue1 Red1 Network Virtualization MACPA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing NIC Network Virtualization MACPA2 Hyper-V Switch VSID ACL Enforcement Blue2 Red2 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing sent from Blue1 MACB1MACB OOB: VSID:5001 in Hyper-V switch MACB1MACB in Network Virtualization filter OOB: VSID:5001 MACB1MACB Packet flow animated NVGRE on the wire MACPA1 MACPA MACB1MACB
26
Packet Flow: Blue2 Receiving
Same VSID :: Different Host Packet Flow: Blue2 Receiving NIC Hyper-V Switch VSID ACL Enforcement Blue1 Red1 Network Virtualization MACPA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing NIC Network Virtualization MACPA2 Hyper-V Switch VSID ACL Enforcement Blue2 Red2 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing received by Blue2 MACB1MACB OOB: VSID:5001 in Hyper-V switch MACB1MACB in Network Virtualization filter OOB: VSID:5001 MACB1MACB Packet flow animated NVGRE on the wire MACPA1 MACPA MACB1MACB
27
Packet Flow:. Different Virtual Subnet. Same Host
Packet Flow: Different Virtual Subnet Same Host VSID 5001,5222 in same routing domain
28
Packet Flow: Blue1 Blue2
Different VSID :: Same Host Packet Flow: Blue1 Blue2 where is default gateway ? ARP for (default gateway) Blue1 Red1 Blue2 Red2 Hyper-V Switch broadcasts ARP to: All local VMs on VSID 5001 Network Virtualization filter VSID 5001 VSID 6001 VSID 5222 VSID 6001 Hyper-V Switch VSID ACL Enforcement OOB: VSID:5001 Network Virtualization filter responds to ARP with MACDGW ARP for Network Virtualization Packet flow animated IP Virtualization Policy Enforcement Routing MACDGW NIC MACPA1
29
Packet Flow: Blue1 Blue2
Different VSID :: Same Host Packet Flow: Blue1 Blue2 Default Gateway at MACDGW Blue1 learns MAC of Default Gateway Blue1 Red1 Blue2 Red2 VSID 5001 VSID 6001 VSID 5222 VSID 6001 Hyper-V Switch VSID ACL Enforcement OOB: VSID:5001 Use MACDGW for Network Virtualization Packet flow animated IP Virtualization Policy Enforcement Routing MACDGW NIC MACPA1
30
Packet Flow: Blue1 Blue2
Different VSID :: Same Host Packet Flow: Blue1 Blue2 sent from Blue1 MACB1MACDGW Blue1 Red1 Blue2 Red2 VSID 5001 VSID 6001 VSID 5222 VSID 6001 OOB: VSID:5001 in Hyper-V switch MACB1MACDGW Hyper-V Switch VSID ACL Enforcement in Network Virtualization filter OOB: VSID:5001 MACB1MACDGW Network Virtualization Packet flow animated IP Virtualization Policy Enforcement Routing MACDGW NIC MACPA1 Network Virtualization filter verifies Blue1 and Blue2 are in same routing domain, otherwise packet is dropped
31
Packet Flow: Blue1 Blue2
Different VSID :: Same Host Packet Flow: Blue1 Blue2 received by Blue2 MACB1MACB Blue1 Red1 Blue2 Red2 VSID 5001 VSID 6001 VSID 5222 VSID 6001 OOB: VSID:5222 in Hyper-V switch MACB1MACB Hyper-V Switch VSID ACL Enforcement in Network Virtualization filter OOB: VSID:5222 MACB1MACB Network Virtualization Packet flow animated IP Virtualization Policy Enforcement Routing MACDGW NIC MACPA1 Network Virtualization filter uses VSID and dest MAC of Blue2 retains source MAC of Blue1
32
Packet Flow:. Different Virtual Subnet. Different Hosts
Packet Flow: Different Virtual Subnet Different Hosts VSID 5001, 5222 in same routing domain
33
Packet Flow: Blue1 Blue2
Different VSID :: Different Host Packet Flow: Blue1 Blue2 where is default gateway ? ARP for (default gateway) NIC Hyper-V Switch VSID ACL Enforcement Blue1 Red1 Network Virtualization MACPA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing NIC Network Virtualization MACPA2 Hyper-V Switch VSID ACL Enforcement Blue2 Red2 VSID 5222 VSID 6001 IP Virtualization Policy Enforcement Routing Hyper-V Switch broadcasts ARP to: All local VMs on VSID 5001 Network Virtualization filter OOB: VSID:5001 Network Virtualization filter responds to ARP with MACDGW ARP for Packet flow animated MACDGW ARP is NOT broadcast to the network
34
Packet Flow: Blue1 Blue2
Different VSID :: Different Host Packet Flow: Blue1 Blue2 Default Gateway at MACDGW Blue1 learns MAC of Default Gateway NIC Hyper-V Switch VSID ACL Enforcement Blue1 Red1 Network Virtualization MACPA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing NIC Network Virtualization MACPA2 Hyper-V Switch VSID ACL Enforcement Blue2 Red2 VSID 5222 VSID 6001 IP Virtualization Policy Enforcement Routing OOB: VSID:5001 Use MACDGW for Packet flow animated MACDGW MACPA1
35
Packet Flow: Blue1 Blue2
Different VSID :: Different Host Packet Flow: Blue1 Blue2 NIC Hyper-V Switch VSID ACL Enforcement Blue1 Red1 Network Virtualization MACPA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing NIC Network Virtualization MACPA2 Hyper-V Switch VSID ACL Enforcement Blue2 Red2 VSID 5222 VSID 6001 IP Virtualization Policy Enforcement Routing sent from Blue1 MACB1MACDGW OOB: VSID:5001 in Hyper-V switch MACB1MACDGW in Network Virtualization filter OOB: VSID:5001 MACB1MACDGW Packet flow animated MACDGW NVGRE on the wire MACPA1 MACPA MACB1MACB 5222
36
Packet Flow: Blue2 Receiving
Different VSID :: Different Host Packet Flow: Blue2 Receiving NIC Hyper-V Switch VSID ACL Enforcement Blue1 Red1 Network Virtualization MACPA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing NIC Network Virtualization MACPA2 Hyper-V Switch VSID ACL Enforcement Blue2 Red2 VSID 5222 VSID 6001 IP Virtualization Policy Enforcement Routing received by Blue2 MACB1MACB OOB: VSID:5222 in Hyper-V switch MACB1MACB in Network Virtualization filter OOB: VSID:5222 MACB1MACB Packet flow animated MACDGW NVGRE on the wire MACPA1 MACPA MACB1MACB
37
Private Cloud
38
Consolidated Datacenter Hyper-V Network Virtualization
Private Cloud IP addresses VMs and CorpNet running x Datacenter has x PA addresses Hyper-V Network Virtualization Gateway bridges network virtualized environment with non-network virtualized environment subnet x subnet x subnet x subnet x Hyper-V Network Virtualization Gateway R1 R2 B1 B2 B3 R3 R4 Y1 Y2 10.60.x Consolidated Datacenter Hyper-V Network Virtualization Host1 Host2 Host3 DC SQL DNS CorpNet
39
Hybrid Cloud
40
Network Virtualization Fabric
Hybrid Cloud With Hyper-V Network Virtualization and on-premises Site-to-Site VPN on-premise resources seamlessly extended to the cloud Internet S2S VPN Blue Corp Host Hoster Datacenter Network Virtualization Fabric Web2 R2 R1 Web3 Web1 Hyper-V Network Virtualization Gateway Blue Private Cloud DC SQL DNS Red Corp S2S VPN
41
Additional Resources Hyper-V Network Virtualization Whitepaper
Hyper-V Network Virtualization Blog Entry Hyper-V Network Virtualization Survival Guide PowerShell Scripts Simple deployment Simple gateway
42
4/6/ :37 AM © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Similar presentations
