Microsoft
Virtual
Academy
First Half
Second Half
(01) Introduction to Microsoft Virtualization
(05) Hyper-V Management
(02) Hyper-V Infrastructure
(06) Hyper-V High Availability
and Live Migration
(03) Hyper-V Networking
(07) Integration with System Center 2012
Virtual Machine Manager
(04) Hyper-V Storage
(08) Integration with Other
System Center 2012 Components
** MEAL BREAK **
Microsoft
Virtual
Academy
Microsoft
Virtual
Academy
Synthetic Adapters
Windows Server 2003 SP2
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Linux (SLES 10, 11)
RHEL 5.x/6.x
CentOS 5.x/6.x
Windows XP
Windows Vista
Windows 7
Windows 8
OpenSUSE
Etc.
Legacy (Emulated) Adapters
• How do I ensure network
multi-tenancy?
• IP Address Management
is a pain.
• What if VMs are
competing for
bandwidth?
• Fully Leverage Network
Fabric
• How do I integrate with
existing fabric?
• Network Metering?
• Can I dedicate a NIC to a
workload?
Tenant 1: Multiple VM Workloads
Tenant 2: Multiple VM Workloads
Data Center
Tenant 1: Multiple VM Workloads
Tenant 2: Multiple VM Workloads
Data Center
TEAMING
Tenant 1: Multiple VM Workloads
15
$$
Tenant 2: Multiple VM Workloads
Data Center
25
$$$$
Tenant 1: Multiple VM Workloads
Tenant 2: Multiple VM Workloads
Data Center
Woodgrove Bank
Blue 10.1.0.0/16
Cloud Data Center
Contoso Bank
Red 10.1.0.0/16
Green
10.1.1.31
Blue
Red1
10.1.1.21
10.1.1.11
Red2
10.1.1.12
Hyper-V Switch
Isolated
4, 7
Isolated
4, 7
u
Community
4, 9
Community
4, 9
Win 8 Host
To Internet (10.1.1.1)
Woodgrove VM
Woodgrove network
Contoso VM
Physical
network
Physical
server
Hyper-V Machine Virtualization
Hyper-V Network Virtualization
•
•
•
•
Run multiple virtual servers on a physical server
Each VM has illusion it is running as a physical
server
Contoso network
Run multiple virtual networks on a physical network
Each virtual network has illusion it is running as a physical fabric
Tenant 1: Multiple VM Workloads
Tenant 2: Multiple VM Workloads
Data Center
Hyper-V Extensible Switch
PVLANS
ARP/ND
Poisoning
Protection
DHCP Guard
Protection
Virtual Port ACLs
Trunk Mode
to Virtual
Machines
Monitoring &
Port Mirroring
Windows PowerShell & WMI Management
The Hyper-V
Extensible Switch
allows a deeper
integration with
customers’
existing network
infrastructure,
monitoring, and
security tools
VM1
Root Partition
VM2
VM NIC
Host NIC
VM NIC
BFE Service
Firewall
 Windows
Forwarding
extensions
Platformdirect
(WFP)
Extensions
defining
canthe
inspect,
CaptureFilter
extensions
cantraffic,
inspect
traffic
and
drop,
destination(s)
modify, new
and
of each
insert
packet
packets
using WFP
APIs
generate
traffic
for report
purposes

Forwarding
Windows
Antivirus
extensions
andcan
Firewall
capture
software
and filter
usestraffic
WFP for
traffic
filtering
Capture
extensions do not modify existing
Extension Protocol

Extensible Switch traffic
 Examples:
Capture Extensions
(NDIS)

Callout
Extensible Switch
Filtering Engine
Windows Filter
Platform (WFP)
Forwarding Extensions
Extensions
Forwarding
(NDIS)
Extension Miniport
Physical NIC
 Example:
Virtual Firewall by 5NINE Software
– Cisco Nexus 1000V and UCS
sflow by inMon
–Example:
NEC ProgrammableFlow's
vPFS OpenFlow
• Open, Extensible Virtual Switch
•
•
•
•
Nexus 1000 Support
Openflow Support
Network Introspection
Much more…
• Advanced Networking
• ACLs
• PVLAN
• …much more…
• Windows NIC Teaming
• Network QoS
• Per VNIC bandwidth reservation &
limits
• Network Metering
• DVMQ
• SR-IOV Network Support
• Reduce Latency & CPU Utilization
• Supports Live Migration
• Reduces latency of network
path
• Reduces CPU utilization for
processing network traffic
• Increases throughput
• Supports Live Migration
Root Partition
Hyper-V Switch
Routing
VLAN Filtering
Data Copy
Virtual Machine
Virtual NIC
Virtual Function
Physical SR-IOV
NIC
Physical NIC
Network
NetworkI/O
I/Opath
pathwithout
with SR-IOV
SR-IOV
SR-IOV Enabling & Live Migration
Turn On IOV




Live Migration
Enable IOV (VM NIC Property)
Virtual Function is “Assigned”
Team automatically created
Traffic flows through VF




Break Team
Remove VF from VM
Migrate as normal
Post Migration

Reassign Virtual Function
 Assuming resources are available
Software path is not used
Virtual Machine
Network Stack
Software NIC“TEAM”
“TEAM”
VM has connectivity even if
Software Switch
(IOV Mode)
Virtual Function
Physical
SR-IOV
NIC Physical NIC




Switch not in IOV mode
IOV physical NIC not present
Different NIC vendor
Different NIC firmware
Software Switch
(IOV Mode)
Virtual Function
SR-IOV Physical NIC
Dynamic Virtual Machine Queue
(VMQ) dVMQ uses hardware packet
filtering to deliver packet data from an
external virtual machine network
directly to virtual machines, which
reduces the overhead of routing
packets and copying them from the
management operating system to the
virtual machine.
IPsec Task Offload: Microsoft expects
deployment of Internet Protocol security
(IPsec) to increase significantly in the coming
years. The large demands placed on the CPU
by the IPsec integrity and encryption
algorithms can reduce the performance of
your network connections. IPsec Task Offload
is a technology built into the Windows
operating system that moves this workload
from the main computer's CPU to a
dedicated processor on the network adapter.
SR-IOV is a specification that allows a PCIe
device to appear to be multiple separate
physical PCIe devices. The SR-IOV
specification was created and is maintained
by the PCI SIG, with the idea that a standard
specification will help promote
interoperability. SR-IOV works by introducing
the idea of physical functions (PFs) and virtual
functions (VFs). Physical functions (PFs) are
full-featured PCIe functions; virtual functions
(VFs) are “lightweight” functions that lack
configuration resources.
Set-VMNetworkAdapter –VMName MyVM –PortMirroring Source
Add-VMNetworkAdapterAcl
Set-VMNetworkAdapterVlan
Set-VMNetworkAdapterVlan
Networking Performance
Dynamic
VMq
Dynamically span multiple CPUs when processing
virtual machine network traffic
IPsec Task
Offload
Offload IPsec processing from within virtual machine,
to physical network adaptor, enhancing performance
SR-IOV Support
Map virtual function of an SR-IOV-capable physical
network adaptor, directly to a virtual machine
The Hyper-V
Extensible Switch
takes advantage
of hardware
innovation to drive
the highest levels
of networking
performance
within virtual
machines
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Yes, via partners
Yes, via partners
Windows NIC Teaming in box.
VLAN Tagging
Yes
Yes
Yes
MAC Spoofing Protection
No
Yes, with R2 SP1
Yes
ARP Spoofing Protection
No
Yes, with R2 SP1
Yes
SR-IOV Networking
No
No
Yes
Network QoS
No
No
Yes
Network Metering
No
No
Yes
Network Monitor Modes
No
No
Yes
IPsec Task Offload
No
No
Yes
VM Trunk Mode
No
No
Yes
NIC Teaming
Hyper-V is fully integrated in the Windows network stack
Use the synthetic network adapter
Use VLAN tagging & firewall rules for security
Windows Server 2012 includes inbox NIC Teaming for load
balancing and failover
VMQ provides great performance for most workloads
SR-IOV for low latency, high throughput workloads
©2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the
U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft
must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided
after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.