Microsoft Virtual Academy

Module 4

Creating and Configuring Virtual Machine Networks

Module Overview
Creating and Using Hyper-V Virtual Switches Advanced Hyper-V Networking Features Configuring and Using Hyper-V Network Virtualization

Lesson 1: Creating and Using Hyper-V Virtual Switches

Overview of the Hyper-V Virtual Switch Types of Virtual Switches What Is VLAN Tagging?

Overview of the Hyper-V Virtual Switch

Software implemented layer two switch
Connects virtual machines to virtual and physical networks
Parent partition is also A virtual machine

Extensible, has advanced features, can be replaced

Policy enforcement, isolation, traffic shaping, protection

Managed by Hyper-V Manager and Windows PowerShell

Get-VMSwitch

Parent partition can have multiple virtual NICs

Can be connected to different virtual switches Can have different bandwidth limitations

Overview of the Hyper-V Virtual Switch

Overview of the Hyper-V Virtual Switch

Overview of the Hyper-V Virtual Switch

Types of Virtual Switches

Parent has physical network adapter(s) Each virtual machine (and parent) has virtual network adapter(s) Each virtual network adapter is connected to a virtual switch
Type of virtual switch is: External connects to a physical or wireless adapter Internal parent and virtual machine connections only Private virtual machine connections only Configuration Use Virtual Switch Manager to create virtual switches Use virtual machine settings to connect a virtual network adapter to a switch

Types of Virtual Switches

Private Parent
App

Virtual machine
App

Virtual machine
App

Parent
App

Virtual machine
App

Internal Parent
App NAT

Virtual machine
App

Virtual machine Virtual App machine

App

External Parent
- Physical network adapter - Virtual network adapter - Virtual switch
App
IP IP

Virtual machine
App

Virtual machine
IP

App

No IP

Types of Virtual Switches

Types of Virtual Switches

Types of Virtual Switches

Types of Virtual Switches

Types of Virtual Switches

Types of Virtual Switches

Types of Virtual Switches

What Is VLAN Tagging?

Used to isolate network traffic for nodes that are

connected to the same physical network VLANs are used by Hyper-V to

Isolate Hyper-V server management networks Isolate virtual machines that are connected to external virtual switches Isolate virtual machines on a single Hyper-V server
VLAN ID can be configured on

Virtual machine network adapter External and Internal virtual switch

VLAN is limited to a single physical subnet

VLAN ID has 12 bits (up to 4,094 VLAN IDs)

Lesson 2: Advanced Hyper-V Networking Features

Virtual Switch Expanded Functionality Virtual Switch Extensibility What Is SR-IOV? What Is Dynamic Virtual Machine Queue? Network Adapter Advanced Features NIC Teaming in Virtual Machines

Virtual Switch Expanded Functionality

ARP/Neighbor Discovery Poisoning protection Protects against ARP and Neighbor Discovery spoofing DHCP Guard protection Protects against rogue DHCP server in virtual machine

Port ACLs Enables isolation by allowing/denying traffic

Trunk mode to a virtual machine Trunk mode forwards traffic from multiple VLANs Network traffic monitoring Bandwidth limit and burst support

Virtual Switch Extensibility

Extensible NDIS filter drivers WFP callout drivers Extensions Ingress Forwarding Egress Monitoring Virtual switch can
Virtual machine
Virtual machine NIC

Parent partition
Host NIC

Virtual machine
Virtual machine NIC

Hyper-V virtual switch

Extension protocol Capture extensions WFP extensions Filtering extensions Forwarding extension Extension miniport

be replaced

Physical NIC

What Is SR-IOV?
Requires support in network adapter Provides Direct Memory Access to virtual machines
Increases network throughput Reduces network latency Reduces CPU overhead on the Hyper-V server Virtual machine bypasses virtual switch
Parent partition Virtual switch Routing VLAN Filtering

Supports Live Migration

Even when different SRIOV adapters are used

Virtual machine
Virtual NIC

VMBUS

Virtual Function
Physical SR-IOV Physical NIC NIC

Network I/O with SR-IOV Network I/O without SR-IOV

What Is Dynamic Virtual Machine Queue?

Network adapter uses receive queues to route

traffic to the appropriate virtual machine

Physical network adapter must support VMQ Dynamically use multiple CPUs when processing virtual machine network traffic DMA reduces CPU overhead on Hyper-V server Beneficial when virtual machines receive lot of network traffic

VMQ is automatically configured and tuned Based on processor networking and CPU load VMQ is enabled by default on a virtual network adapter

Used only if the physical network adapter supports VMQ

Network Adapter Advanced Features

Same features available for all virtual network adapters
Features are implemented in Hyper-V virtual switch

NIC Teaming in Virtual Machines

Provides redundancy and aggregates bandwidth

Can be used at the operating system and virtual machine

level

Multiple physical network adapters in an NIC team

If a physical adapter fails, virtual switch has connectivity If a virtual switch fails, virtual machine has connectivity

Multiple virtual network adapters in an NIC team

Particularly important when SR-IOV is used

SR-IOV traffic bypasses the virtual switch Intended and optimized to support teaming of SR-IOV

May be used with any virtual network interface

Virtual machine must have multiple network adapters

Connected to different virtual switches MAC address spoofing must be enabled

Lesson 3: Configuring & Using Hyper-V Network Virtualization

Providing Multitenant Network Isolation What Is Network Virtualization? Benefits of Network Virtualization What Is Network Virtualization Generic Routing Encapsulation? What Are Network Virtualization Policies?

Providing Multitenant Network Isolation

Multiple isolated networks on the same infrastructure
Limited scalability (maximum of 4094 VLANs) VLANs cannot span multiple subnets Challenging to reconfigure when adding or moving virtual machine
Switch Switch
VLAN ID

VLANs are often used

Virtual machines

Providing Multitenant Network Isolation

Private VLANs Addresses some VLAN scalability issues Reduces number of IP subnets and VLANs Virtual switch can limit virtual machines to the same VLAN Port ACLs Challenging to manage and update ACLs Hyper-V virtual switch supports private VLANs and port ACLs The solution is Software Defined Networking Network virtualization is an implementation of Software Defined Networking Hyper-V enables network virtualization

What Is Network Virtualization?

Blue virtual machine

Red virtual machine

Blue network

Red network

Physical server

Physical network

Server virtualization

Network virtualization

Multiple virtual machines on a same physical server Each virtual machine is isolated from others

Multiple virtual networks on a same physical network Each virtual network is isolated from others

Benefits of Network Virtualization

Flexible virtual machine placement

Multitenant network isolation without VLANs

IP address reuse Live migration across subnets Is compatible with existing network infrastructure Transparent moving of virtual machines to shared

IaaS cloud Can be configured using Windows PowerShell

Can also use System Center 2012 R2 Virtual Machine Manager

What Is Network Virtualization Generic Routing Encapsulation?

192.168.2.22 10.1.1.11 GRE MAC 192.168.5.55 Key=5001 10.1.1.12 192.168.2.22 10.1.1.11 GRE MAC 192.168.5.55 Key=6001 10.1.1.12
192.168.2.22 (Provider address )
10.1.1.11 (Customer address) 10.1.1.11 (Customer address)

192.168.5.55 192.168.5.55 (Provider address)

10.1.1.12 (Customer address) 10.1.1.12 (Customer address )

10.1.1.11 10.1.1.11 10.1.1.12

10.1.1.11 10.1.1.11 10.1.1.12

10.1.1.12 10.1.1.11 10.1.1.12

10.1.1.12 10.1.1.11 10.1.1.12

Customer address space based on virtual machine configuration Provider address space based on physical network
Not visible to the virtual machines

What Are Network Virtualization Policies?

Define customer address-provider address mappings

Specify on which Hyper-V server virtual machines are running Hyper-V implements policies by translating incoming and outgoing packets If a virtual machine is moved, policies are modified

Virtual machine configuration stays the same

Policy Settings Provider Address Space
Data Center Network 192.168.1.10 Hyper-V Host 1
SQL SQL

Blue Yonder Airlines

SQL WEB 10.1.1.1 10.1.1.2

Blue Yonder Airlines

Customer Address 10.1.1.1 10.1.1.2 Provider Address 192.168.1.10 198.168.1.12

192.168.1.12 Hyper-V Host 2

WEB WEB

Woodgrove Bank
SQL WEB 10.1.1.1 10.1.1.2

Woodgrove Bank
Customer Address
10.1.1.1 10.1.1.2

Provider Address
192.168.1.10 192.168.1.12

10.1.1.1

10.1.1.1

10.1.1.2

10.1.1.2

Customer Address Spaces