Microsoft Virtual Academy
Module 4
Creating and Configuring Virtual Machine
Networks
Module Overview
• Creating and Using Hyper-V Virtual Switches
• Advanced Hyper-V Networking Features
• Configuring and Using Hyper-V Network Virtualization
Lesson 1: Creating and Using Hyper-V Virtual Switches
• Overview of the Hyper-V Virtual Switch
• Types of Virtual Switches
• What Is VLAN Tagging?
Overview of the Hyper-V Virtual Switch
• Software implemented layer two switch
• Connects virtual machines to virtual and physical
networks
• Parent partition is also A virtual machine
• Extensible, has advanced features, can be replaced
• Policy enforcement, isolation, traffic shaping, protection
• Managed by Hyper-V Manager and Windows
PowerShell
• Get-VMSwitch
• Parent partition can have multiple virtual NICs
• Can be connected to different virtual switches
• Can have different bandwidth limitations
Overview of the Hyper-V Virtual Switch
Overview of the Hyper-V Virtual Switch
Overview of the Hyper-V Virtual Switch
Types of Virtual Switches
• Parent has physical network adapter(s)
• Each virtual machine (and parent) has virtual network
adapter(s)
• Each virtual network adapter is connected to a virtual
switch
• Type of virtual switch is:
• External – connects to a physical or wireless adapter
• Internal – parent and virtual machine connections only
• Private – virtual machine connections only
• Configuration
• Use Virtual Switch Manager to create virtual switches
• Use virtual machine settings to connect a virtual network
adapter to a switch
Types of Virtual Switches
Private
Virtual
machine
Parent
App
App
Virtual
machine
App
Parent
App
Internal
Virtual
machine
App
Virtual
machine
Parent
App
NAT
Virtual
machine
Virtual
App
machine
App
App
External
Virtual
machine
Parent
- Physical network adapter
- Virtual network adapter
- Virtual switch
App
IP
App
IP
Virtual
machine
IP
No IP
App
Types of Virtual Switches
Types of Virtual Switches
Types of Virtual Switches
Types of Virtual Switches
Types of Virtual Switches
Types of Virtual Switches
Types of Virtual Switches
What Is VLAN Tagging?
• Used to isolate network traffic for nodes that are
connected to the same physical network
• VLANs are used by Hyper-V to
Isolate Hyper-V server management networks
• Isolate virtual machines that are connected to external virtual
switches
• Isolate virtual machines on a single Hyper-V server
•
• VLAN ID can be configured on
Virtual machine network adapter
• External and Internal virtual switch
•
• VLAN is limited to a single physical subnet
•
VLAN ID has 12 bits (up to 4,094 VLAN IDs)
Lesson 2: Advanced Hyper-V Networking Features
• Virtual Switch Expanded Functionality
• Virtual Switch Extensibility
• What Is SR-IOV?
• What Is Dynamic Virtual Machine Queue?
• Network Adapter Advanced Features
• NIC Teaming in Virtual Machines
Virtual Switch Expanded Functionality
• ARP/Neighbor Discovery Poisoning protection
• Protects against ARP and Neighbor Discovery spoofing
• DHCP Guard protection
• Protects against rogue DHCP server in virtual machine
• Port ACLs
• Enables isolation by allowing/denying traffic
• Trunk mode to a virtual machine
• Trunk mode forwards traffic from multiple VLANs
• Network traffic monitoring
• Bandwidth limit and burst support
Virtual Switch Extensibility
• Extensible
• NDIS filter drivers
• WFP callout drivers
• Extensions
• Ingress
• Forwarding
• Egress
• Monitoring
• Virtual switch can
be replaced
Virtual machine
Virtual machine NIC
Parent partition
Host NIC
Virtual machine
Virtual machine NIC
Hyper-V virtual switch
Extension protocol
Capture extensions
WFP extensions
Filtering extensions
Forwarding extension
Extension miniport
Physical NIC
What Is SR-IOV?
• Requires support in network adapter
• Provides Direct Memory Access to virtual machines
•
•
•
•
Increases network throughput
Reduces network latency
Reduces CPU overhead on the Hyper-V server
Virtual machine bypasses virtual switch
• Supports Live Migration
• Even when different SRIOV adapters are used
Parent partition
Virtual switch
Routing
VLAN Filtering
Virtual machine
Virtual NIC
VMBUS
Virtual Function
Physical
SR-IOV Physical NIC
NIC
Network
with SR-IOV
Network
I/OI/O
without
SR-IOV
What Is Dynamic Virtual Machine Queue?
• Network adapter uses receive queues to route
traffic to the appropriate virtual machine
Physical network adapter must support VMQ
• Dynamically use multiple CPUs when processing
virtual machine network traffic
• DMA reduces CPU overhead on Hyper-V server
• Beneficial when virtual machines receive lot of network
traffic
•
• VMQ is automatically configured and tuned
• Based on processor networking and CPU load
• VMQ is enabled by default on a virtual network adapter
•
Used only if the physical network adapter supports VMQ
Network Adapter Advanced Features
• Same features
available for all
virtual network
adapters
• Features are
implemented in
Hyper-V virtual
switch
NIC Teaming in Virtual Machines
• Provides redundancy and aggregates bandwidth
• Can be used at the operating system and virtual machine
level
•
Multiple physical network adapters in an NIC team
•
•
If a physical adapter fails, virtual switch has connectivity
Multiple virtual network adapters in an NIC team
•
If a virtual switch fails, virtual machine has connectivity
• Particularly important when SR-IOV is used
SR-IOV traffic bypasses the virtual switch
• Intended and optimized to support teaming of SR-IOV
•
•
May be used with any virtual network interface
• Virtual machine must have multiple network adapters
Connected to different virtual switches
• MAC address spoofing must be enabled
•
Lesson 3: Configuring & Using Hyper-V Network Virtualization
• Providing Multitenant Network Isolation
• What Is Network Virtualization?
• Benefits of Network Virtualization
• What Is Network Virtualization Generic Routing Encapsulation?
• What Are Network Virtualization Policies?
Providing Multitenant Network Isolation
•
Multiple isolated networks on the same infrastructure
• VLANs are often used
• Limited scalability (maximum of 4094 VLANs)
• VLANs cannot span multiple subnets
• Challenging to reconfigure when adding or moving
virtual machine
Switch
VLAN ID
Virtual machines
Switch
Providing Multitenant Network Isolation
Private VLANs
• Addresses some VLAN scalability issues
• Reduces number of IP subnets and VLANs
• Virtual switch can limit virtual machines to the same
VLAN
• Port ACLs
• Challenging to manage and update ACLs
Hyper-V virtual switch supports private VLANs and port ACLs
• The solution is Software Defined Networking
Network virtualization is an implementation of Software
Defined Networking
• Hyper-V enables network virtualization
•
What Is Network Virtualization?
Blue virtual
machine
Red virtual
machine
Physical
server
Server virtualization
•
•
Multiple virtual machines on
a same physical server
Each virtual machine is
isolated from others
Blue network
Red network
Physical
network
Network virtualization
•
•
Multiple virtual networks
on a same physical network
Each virtual network is
isolated from others
Benefits of Network Virtualization
• Flexible virtual machine placement
• Multitenant network isolation without VLANs
• IP address reuse
• Live migration across subnets
• Is compatible with existing network infrastructure
• Transparent moving of virtual machines to shared
IaaS cloud
• Can be configured using Windows PowerShell
•
Can also use System Center 2012 R2 Virtual Machine
Manager
What Is Network Virtualization Generic Routing
Encapsulation?
192.168.2.22
10.1.1.11
GRE
MAC
192.168.5.55 Key=5001
10.1.1.12
192.168.2.22
10.1.1.11
GRE
MAC
192.168.5.55 Key=6001
10.1.1.12
192.168.2.22
(Provider address
)
10.1.1.11 (Customer
address)
10.1.1.11
10.1.1.11
10.1.1.12
•
•
10.1.1.11
(Customer address)
10.1.1.11
10.1.1.11
10.1.1.12
192.168.5.55
192.168.5.55
(Provider
address)
10.1.1.12
(Customer
address)
10.1.1.12
10.1.1.11
10.1.1.12
10.1.1.12
(Customer
address )
10.1.1.12
10.1.1.11
10.1.1.12
Customer address space based on virtual machine configuration
Provider address space based on physical network
• Not visible to the virtual machines
What Are Network Virtualization Policies?
• Define customer address-provider address mappings
Specify on which Hyper-V server virtual machines are running
• Hyper-V implements policies by translating incoming and
outgoing packets
• If a virtual machine is moved, policies are modified
•
•
Virtual machine configuration stays the same
Policy Settings
Blue Yonder Airlines
SQL
10.1.1.1
WEB
10.1.1.2
Woodgrove Bank
SQL
10.1.1.1
WEB
10.1.1.2
Provider Address Space
Blue Yonder Airlines
Customer
Address
Provider
Address
10.1.1.1
192.168.1.10
10.1.1.2
198.168.1.12
Data Center
Network
192.168.1.10
Hyper-V Host 1
192.168.1.12
Hyper-V Host 2
Woodgrove Bank
Customer
Address
Provider
Address
10.1.1.1
192.168.1.10
10.1.1.2
192.168.1.12
SQL
SQL
WEB
WEB
10.1.1.1
10.1.1.1
10.1.1.2
10.1.1.2
Customer Address Spaces