Windows Server 2012 R2: Networking
advertisement
Advancing Software Defined Networking Delivering Continuously Available Applications Improving Network Performance Simplifying Datacenter Network management Networking in the Hybrid Cloud Advancing Software Defined Networking Improving Network Performance Simplifying Datacenter Network Management Networking in the Hybrid Cloud Hyper-V Network Virtualization Hyper-V Extensible Switch SMB Direct (RDMA) IP Address Management (IPAM) Cross premise connectivity Inbox HNV Gateway Virtual Machine Manager Enhancements vRSS Microsoft Windows PowerShell Extending to Azure Single Root I/O Virtualization (SR-IOV) Remote Live capture Extending to Service Providers Dynamic VMQ Network Management using Virtual Machine Manager Delivering Continuously Available Applications SMB Multichannel Quality of Service DHCP Failover NIC Teaming Network Monitoring using Operations Manager Hybrid networking with breakthrough levels of flexibility and performance IT demands Simplified use of network resources in a multi-tenant, cross-premises environment Continuously available and resilient network infrastructure Greater control and more extensibility Windows Server 2012 R2 delivers Software-defined network infrastructure. High-performance networking. Improved manageability and diagnostics. Open, Extensible and Standards based Hyper-V Network Virtualization Inbox Gateway Hyper-V Extensible Switch Management with System Center Virtual Machine Manager Built-in and production ready Innovation in software and hardware BACKGROUND • Network virtualization lags behind compute and storage • Administration within the data center may be soiled THE CHALLENGES • Physical network configuration is not flexible • Workloads tied to underlying hardware configurations • Configuration changes are manual and cumbersome • Diverse network infrastructure requires vendor-specific management and control • Greater VM mobility and density difficult to achieve VMs Enables software to dynamically manage the network by: Enabling integrated policies that span physical and virtual networks Abstracting workloads from the physical network Controlling datacenter traffic flow Virtual Machine Hyper-V Host Virtual Machine What the Hyper-V Switch does: Provides L2 layer connectivity for VMs Extends the network edge to the host Features VM NIC VM NIC Virtual Switch Isolation Traffic Shaping Security Diagnostics Physical NIC Switch Extensibility Physical Network • Extends virtual switch functionality by adding switch extensions • Provides open platform supporting third-party plug-ins to add functionality • Lets customers manage virtual network the same way they would manage a physical network • Helps monitor the security of virtual machine to virtual machine traffic • Provides unified management and enforcement of plug-ins with Virtual Machine Manager across entire datacenter • Includes NDIS filter drivers, WFP callout drivers, Ingress filtering, Destination lookup and forwarding and Egress filtering extensions VM NIC Host NIC Virtual Switch Extension Protocol Capture Extensions Extension A Filtering Extensions Extension C Forwarding Extension Extension D Extension Miniport Physical NIC VM NIC Build Extensions for Capturing, Filtering & Forwarding Key Features VM NIC Host NIC • Extension monitoring & uniqueness • Extensions that learn VM life cycle • Extensions that can veto state changes • Multiple extensions on same switch Capture Extensions Extension A • VMM for Unified Management Filtering Extensions Extension C Several Partner Solutions Available Forwarding Extension Extension D • Cisco – Nexus 1000V & UCS-VMFEX • NEC – ProgrammableFlow PF1000 • 5nine – Security Manager • InMon - SFlow Virtual Switch Extension Protocol Extension Miniport Physical NIC VM NIC How network virtualization works • Overlays multiple virtual networks on shared physical network • Uses industry standard General Routing Encapsulation (NVGRE) protocol Problems solved • Creates VM mobility across datacenter, hoster cloud or Azure without network constraints • Provides ability to import customer IP addresses and network topology • Helps remove VLAN constraints • Helps eliminate hierarchical IP address assignment for virtual machines • Tenants with overlapping IP Address range share same physical network • Policies enforced at host level using PowerShell or System Center Virtual Machine Manager • DHCP servers can be part of virtualized network to enable locally assigned IP addresses • Supports guest clustering 10.1.1.1 192.168.1.10 10.1.1.1 192.168.1.10 10.1.1.2 192.168.2.12 10.1.1.2 192.168.2.12 vSwitch vSwitch HNV packets are flagged for native forwarding Other packets forwarded by forwarding MS Forwarding Enables packet header modification headers on both ingress and egress Native Policies Egress ACL MS Forwarding WNV WNV LBFO IM pNIC Egress Ingress Egress Egress ACL Native Policies extension, if present Forwarding extensions can modify packet Extension Egress Changes forwarding logic Extension Extension Ingress inside the switch Requires extension upgrade to NDIS 6.40 Extension Egress Extensions can view CA and PA addresses Extension Ingress Supports richer switch extensions Ingress Extension LBFO IM pNIC Network Virtualization Packet Flow Blue1 sending to Blue2 VSID ACL Enforcement VSID ACL Enforcement Network Virtualization Network Virtualization IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing ARP TABLE 10.10.10.11 34:29:af:c7:d9:12 Network Virtualization Packet Flow Blue1 sending to Blue2 VSID ACL Enforcement VSID ACL Enforcement Network Virtualization Network Virtualization IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing Contoso Fabrikam Challenges • • Internet Bridge Between VM Networks & Physical Networks Hoster wants to provide isolated networks for tenant VMs with integral S2S VPN and NAT Enterprises have virtualized networks split across different datacenters or virtualized networks (NVGRE aware) communicating to physical networks (NVGRE unaware) Solution • • • • • • Multi-tenant VPN gateway in Windows Server 2012 R2 Integral multitenant edge gateway for seamless connectivity Guest clustering for high availability BGP for dynamic routes update Encaps/Decaps NVGRE packets Multitenant aware NAT for Internet access What it means: • Provides ability to control physical network hardware directly from applications • Enforces routing policies on the fly • Requires programmable hardware that uses a standard protocol like OpenFlow, Cisco OnePK and so on. Challenges: • Adds complexity to the application • Creates challenges in heterogeneous environment Is it production ready? • Applicable to certain classes of applications like Microsoft Lync, Network diagnostic tools, high fidelity video games • Most Line of Business applications and workloads may not need this level of control Challenges Manage a large number of physical and virtual switches Integrate management of physical and virtual networks Solution Logical Network Organizes and simplifies network assignments for hosts, virtual machines and services Integrated physical and virtual switch VLAN policy VM Network Creation/deletion of isolated virtual network overlay (HNV) on physical network Challenges Allow seamless migration of VM while maintaining network policy Solution Logical Switch Single logical entity spanning hosts Consistent policy and configuration Management of Hyper-V Extensible Switch Installation and configuration of switch extensions Configuration of network policies Network policies automatically move with the VM Includes 3rd party extensions How switch management works Standards-based CIM model Switches running Open Management Infrastructure (OMI) Switch Management PowerShell Cmdlets Communicating using WS-MAN Problems solved Common management interface across multiple network vendors Automate common network management tasks Logo Program enables customers to find/buy switches that “just work” OMI OMI OMI Gateway appliances OMI-based top-of-rack switch Hyper-V switch extensions Chipset extensions To Workload Owners To Enterprises To Hosters To Private/Public Cloud Datacenter Admins Run services without interruption Automatically remediate issues with no human intervention Quality of Service NIC Teaming Provide consistent bandwidth for services Embrace a multivendor ecosystem DHCP failover SMB Multichannel • Automatic detection and use of multiple network connections between SMB client and server • Helps server applications be resilient to network failure • Transparent Failover with recovery of network failure if another connection is unavailable • Improved throughput • Bandwidth aggregation through NIC Teaming • Multiple nodes/CPUs for network processing with RSS-capable network adapters • Automatic configuration with very little administrative overhead • Automatic DHCP failover based on DHCP failover IETF spec • Provides multi-site IP address continuity to clients by helping eliminate single points of failure • Provides in-box support for failover, without the need for clustering • Uses a failover setup consisting of two servers located across different geographic locations • Includes active/active or active/passive behavior • Simple provisioning and configuration of DHCP server using PowerShell Hot standby DHCP failover in a huband-spoke deployment Load-sharing DHCP failover in a single site with a single subnet Runtime bandwidth demand (gigabits per second) • Helps guarantee predictable network performance and fair sharing during congestion • Supports bandwidth floors and bandwidth caps • Helps enforce customer SLAs and maximum pricing caps • Sets QoS for virtual machine or traffic type • Uses software built into Windows Server 2012 R2 or hardware capable of Data Center Bridging (DCB) to assign minimum QoS settings • Supports dynamic change of QoS settings through PowerShell without any downtime Service Virtual machine Reservation 30% T1 4 T2 4 T3 2 T1 4 T2 T3 3 2 4 Storage 40% 5 5 6 Live migration 20% 0 3 2 Cluster Shared Volume 10% 0.5 1 0 6 5 2 0.5 1 When bandwidth is available, each service takes as much as it can When the link is congested, each service takes its fair share 2 When bandwidth becomes available, each service takes as much as it wants • Provides network fault tolerance and continuous availability when network adapters fail by teaming multiple network interfaces • Supports all vendors in-box • Facilitates local or remote management through Windows PowerShell or UI • Enables teams of up to 32 network adapters • Aggregates bandwidth from multiple network adapters • Includes multiple nodes: switch dependent and independent Virtual adapters Team network adapter Team network adapter TCP streams or "flows” are generally not continuous Groups of packets sent between flows are called “flowlets” Dynamic load balancing detects breaks in a flow of sufficient length to minimize possibility of packet reordering Flows can be moved to other team members on flowlet boundaries to rebalance traffic Dynamic LBFO maximizes resource utilization in teamed NICs by balancing loads across all NIC team members Ideal when there are fewer VMs per team Virtual adapters Team network adapter Team network adapter Without With RDMA RDMA File Client File Server App Buffer • Higher performance through offloading of network I/O processing onto network adapter • Higher throughput with low latency and ability to take advantage of high-speed networks (such as InfiniBand and iWARP) • Remote storage at the speed of direct storage SMB Buffer SMB Buffer OS Buffer OS Buffer Driver Buffer Driver Buffer Adapter Buffer rNIC NIC InfiniBand rNIC NIC Adapter Buffer • Transfer rate of around 50 Gbps on a single NIC port • Compatible with SMB Multichannel for load balancing and failover Increased efficiency of network processing on Hyper-V hosts Without VMQ • Hyper-V Virtual Switch is responsible for routing & sorting packets for VMs • This leads to increased CPU processing, all focused on CPU0 With VMQ • Physical NIC creates virtual network queues for each VM to reduce host CPU With Dynamic VMQ • Processor cores dynamically allocated for a better spread of network traffic processing Hyper-V Host Hyper-V Host Hyper-V Host • vRSS provides near line rate to a VM on existing hardware, making it possible to virtualize traditionally network intensive physical workloads • Extends the RSS functionality built into Windows Server 2012 • Maximizes resource utilization by spreading VM traffic across multiple virtual processors • Helps virtualized systems reach higher speeds with 40 Gbps and 100 Gbps NICs • Requires no hardware upgrade and works with any NICs that support RSS vNIC Node 2 Node 0 Node 1 0 1 2 3 0 1 2 3 Incoming packets Node 3 Host Virtual Machine • VM traffic bypasses virtual switch and performs I/O directly to NIC • Ideal for high I/O workloads that do not require port policies, QoS, or network virtualization enforced at the end host virtual switch VM Network Stack Synthetic NIC • Most 10Gbps and in-box NICs SR-IOV capable Benefits • Maximizes use of host system processors and memory • Reduces host CPU overhead for processing network traffic (by up to 50%) • Reduces network latency (by up to 50%) • Provides higher network throughput (by up to 30%) • Full support for Live Migration Hyper-V Extensible Switch Virtual Function Provide an easy-to-use, robust automation framework Manage IP address space and consolidate external tools IP Address Management Resource Metering Monitoring with Operations Manager Simplify management in multisite environments Monitor resource usage Management with Virtual Machine Manager Windows PowerShell Domain • Inbox feature for integrated management of IP addresses, domain names, and device identities europe.corp.woodbridge.com • Tightly integrates with Microsoft DNS and DHCP servers • Provides custom IP address space display, reporting, and management IPAM Server (UK) IPAM server (Redmond) • Audits server configuration changes and tracks IP address use • Migrates IP address data from spreadsheets or other tools • Monitors and manages specific scenario-based DHCP and DNS services DHCP, DNS, DC, and NPS servers Domain DHCP, DNS, DC, and NPS servers fareast.corp.woodbridge.com IPAM Server (Hyderabad) DHCP, DNS, DC, and NPS servers IPAM Server (Bangalore) DHCP, DNS, DC, and NPS servers Network Administrator Fabric Administrator • Manages virtual address space in addition to physical address space • Imports and exports network configurations automatically through plugin for System Center Virtual Machine Manager • Enables synchronization of Active Directory Sites and subnets information with IPAM • Supports large scale enterprise deployments • Uses SQL Server to store IP address information • Lets admins define user roles, access scope and access policy through role-based access control System Administrator Forensics Investigator Comprehensive coverage with more than 400 cmdlets related to networking Remote machine management support Integrated object model 10 15 25 20 5 30 0 Benefits Resource Pool Internet Resource Metering 10 50 45 40 35 30 25 20 15 55 5 0 Resource pool Internet Customer 2 Resource pool Internet Customer 1 • Tracks and meters resource • Average CPU use usage and provides infrastructure to build chargeback solutions • Average memory use • Minimum memory use • Tracks resource usage of • Maximum memory use individual virtual machines or virtual machine pools • Maximum disk allocation • Incoming network traffic • Metering not affected by virtual machine movement • Uses active control lists (ACLs) from network metering port • Provides complete Windows PowerShell support Metrics • Outgoing network traffic 20 45 30 0 Virtual Machine Resource Metering 25 10 40 0 A two-tenant environment built with Hyper-V in Windows Server 2012 R2 • Storage IOPS • Remote monitoring of network traffic on a in Windows Server 2012 is not simple • Windows Server 2012 R2 makes it easy to mirror and capture network traffic for remote and local viewing • Provides integrated GUI experience with Message Analyzer • Collects offline traffic captures from remote computers • Provides filters to select packets by IP addresses and VMs • Captures ETW events for remote and local viewing WMI to configure the filters and truncation WMI starts/stops the session Truncated network traffic redirected ETW events Windows Server 2012 R2 Server or client with Microsoft Message Analyzer Switch extension managers Load balancers • • • • Network virtualization gateway • • • • Examples: F5 BIG-IP, Brocade Server, Iron ADX, Citrix NetScaler, Microsoft network load balancer Examples: Cisco Nexus 1000v, inMon sFlow, 5nine, NEC Examples: Windows Server Inbox Gateway, IronNetworks, F5, Huawei • Uses SNMP to discover network devices Monitors physical network routers and switches Interfaces and ports/virtual local area networks (VLANs) Hot Standby Router Protocol (HSRP) groups Firewalls and load balancers Increases visibility into your network infrastructure Identify failures in critical services and applications that were caused by the network Show how the network connects to servers List of network devices with extended monitoring capability Cross-premises connectivity Inbox Gateway to extend beyond private cloud Extending your private cloud to Azure Seamlessly extend Datacenter to Azure Extending your private cloud to hosters VPN site-to-site functionality in remote access: • Provides cross-premises connectivity between enterprises and hosting service providers • Connects to private subnets in hosted cloud networks • Provides connectivity among geographically separate enterprises Contoso London branch Contoso private cloud Woodgrove private cloud Subnet3 Subnet1 Contoso New York Subnet4 branch Subnet2 Subnet1 Subnet2 Woodgrove Brazilian branch Hosted Cloud Industry standard IKEv2-IPsec router Subnet3 Subnet4 Windows Server 2012 R2 remote access site-tosite VPN server BGP Provides multitenant S2S Active-Standby S2S Tunnel Orange Corp site1 Orange Virtual Network Orange Corp site2 gateway for hybrid cloud connectivity Includes guest clustering for HA Uses BGP for dynamic routes update Provides multitenant-aware NAT for Internet access Multi-tenant VPN for access to cloud from internet Virtual Network Extend your datacenter to Azure by creating VMs in private networks Connect individual computers to Azure VMs and virtual networks using Point to Site connectivity without VPN device Windows inbox gateway to connect virtual networks in private cloud and Azure Site-to-Site VPN Subnet 1 VPN Gateway On premises Your datacenter VPN Device Individual computers behind corporate firewall Remote workers Subnet 2 Subnet 3 DNS Server Advancing Software Defined Networking Delivering Continuously Available Applications Improving Network Performance Simplifying Datacenter Network management Networking in the Hybrid Cloud
