Embed Size (px)
Citation preview
Deep dive on Hyper-V Network VirtualizationCJ WilliamsProgram ManagerWindows Core Networking
MDC-B380
Agenda
What is Hyper-V Network Virtualization?
Hyper-V Network Virtualization Concepts
Learning IP Addresses in Virtual Networks
Enhanced Hyper-V Network Virtualization Performance & Diagnostics
Networking in Windows Server 2012 R2
Cloud Scale Performance & Diagnosability
Comprehensive SDN
Core Infrastructure Enhancements
vRSSRemote Live Monitoring
NIC Teaming
Hyper-V Network Virtualization
Hyper-V Switch Hybrid Forwarding
Standards based Switch
Management
Cloud Gateways
IPAM for Virtualized
Datacenters
DNS Enhancements for Service Providers
Extended ACLsTest-
NetConnectionEnhanced HNV
Diagnostics
What is Hyper-V Network Virtualization?
Requirements to transform networking
Deliver networking as part of pooled, automated infrastructure
Ensure multitenant isolation, scale and performance
Expand datacenter capacity seamlessly as per business needs
Reduce operational complexity
What is Software-defined Networking (SDN)?
Abstracting the physical network with virtual networks
Spanning policies across physical and virtual networks
Controlling datacenter traffic flow
Enables software to dynamically manage the network
Multiple virtual networks on a physical network
Each virtual network has illusion it is running as a physical network
How network virtualization works
Overlays physical network
Encapsulation using NVGRE protocol
Abstracting the network with Hyper-V Network Virtualization (HNV)
Physical server Physical network
VIRTUALIZATION
Contoso virtual machine
Fabrikam virtual machine Contoso
networkFabrikam network
Hyper-V Network Virtualization Benefits
Workload Owners
•Seamless migration to the cloud•Move n-tier topology to the cloud•Preserve policies, VM settings, IP addresses
Enterprises
•Private Cloud datacenter consolidation and efficiencies•Extension of datacenter into hybrid cloud•Incremental integration of acquired company network infrastructure
Hosters
•Bring Your own IP•Bring Your network topology•Scalable multi-tenancy
Private/Public Cloud Datacenter
Admins
•Flexible VM placement without reconfiguration•Decoupling of server and network admin roles increases agility
Windows Server 2012 R2
HNV is part of the Hyper-V Switch
Dynamically learn Customer Addresses
Support Hyper-V Clustering
Enhanced performance + diagnostics
Hyper-V Network Virtualization Enhancements
Physical network
VIRTUALIZATION
Contoso network Fabrikam networkWindows Server 2012
HNV is a NDIS LWF
Scalable network virtualization solution
Centralized policy + distributed router
Works across physical subnets
Hyper-V Network Virtualization Concepts
Hyper-V Network Virtualization ConceptsVM Network (called a routing domain in PowerShell)
Network isolation boundaryRouting between VM networks must be explicit Comprised of one or more Virtual Subnets
Virtual Subnet (VSID)Broadcast boundary
Contoso Corp. Fabrikam Corp.
Contoso Subnet1
Contoso Subnet3Contoso Subnet2
Fabrikam Subnet2
Fabrikam Subnet1
Contoso R&D Net Fabrikam HR Net
Multi-Tenant DatacenterVM Network
VirtualSubnet
Hyper-V Network Virtualization Concepts cont.
Default GatewayRoutes between VMs on different Virtual Subnets
Built into the HNV Filter running on each host
HNV GatewayRequired to communicate outside a virtual network
Comes in different forms:VPN for Site-to-Site connectivity
Load Balancing & NAT for Internet access
Forwarding gateway for in datacenter physical machine access
SPS VPN
SPS VPN
Host Datacenter Network Virtualization Fabric
HostHost
Internet
Fabrikam Corp.Contoso Corp.
DNSSQL DC
Multi-tenant VPN Gateway
Hyper-V Network Virtualization Concepts cont.
Different subnets
10.0.0.5 10.0.0.5 10.0.0.7 10.0.0.7
192.168.2.22 192.168.5.55
192.168.2.22192.168.5.55
10.0.0.5 10.0.0.7
GRE Key 5001 MACCA
10.0.0.5 10.0.0.7
GRE Key 6001 MACCA192.168.2.22
192.168.5.55
10.0.0.510.0.0.7
10.0.0.510.0.0.7
10.0.0.5 10.0.0.7
10.0.0.510.0.0.7
EncapsulationNetwork Virtualization using Generic Routing Encapsulation (NVGRE)
Customer Address
Provider Address
Customer AddressProvider Address
NVGRE Packet
VSID
SQL Server Web
Fabrikam seesContoso sees
SQL Server Web
SQL Server SQL Server Web Web
Hyper-V Host 2Hyper-V 1
192.168.2.12192.168.1.10
10.1.1.2
192.168.1.10
10.1.1.3
192.168.2.12
192.168.n.n
PROVIDER ADDRESS SPACE (PA)
10.1.1.2 192.168.1.10
10.1.1.3 192.168.2.12
10.1.1.210.1.1.1
10.1.1.2 10.1.1.3
CUSTOMER ADDRESS SPACE
10.1.1.2
192.168.1.10
10.1.1.3
192.168.2.12
10.1.1.2
192.168.1.10
10.1.1.3
192.168.2.12
10.1.1.2 192.168.1.10
10.1.1.3 192.168.2.12
10.1.1.2 192.168.1.10
10.1.1.3 192.168.2.12
10.1.1.1 10.1.1.2
10.1.1.2 10.1.1.3
Hyper-V Network Virtualization: What’s really happening?
HNV Architecture Update
HNV is automatically enabled for all adaptors
New hybrid forwarding in Hyper-V SwitchHNV forwards HNV traffic Forwarding Extension forwards non-HNV traffic
Richer switch extensionsExtensions can view CA and PA packets
Enables 3rd party network virtualizationForwarding extensions can modify packet headers on both ingress and egress
Windows Server 2012 R2
pNIC
NIC Team
vSwitch
Extension
Extension
Extension
Ingre
ss
Egre
ss
NativePolicies
EgressACL
MSForwardingHNV
3rd PartyFwd Ext
Ingre
ss
Egre
ss
Windows Server 2012
HNV
pNIC
NIC Team
vSwitch
Extension
Extension
Extension
Ingre
ss
Egre
ss
NativePolicies
EgressACL
MS Forwarding
3rd PartyFwd ExtIn
gre
ss
Egre
ss
From External HNV Traffic Flow (NEW in R2)
pNIC
NIC Team
vSwitch
NativePolicies
EgressACL
HNVMS
Forwarding
3rd PartyFwd Ext
VM NIC
Virtual Machine
ExtensionExtensionExtension
Ingre
ssIn
gre
ss
Egre
ssEgre
ss
From VM HNV Traffic Flow (NEW in R2)
pNIC
NIC Team
vSwitch
NativePolicies
EgressACL
HNVMS
Forwarding
3rd PartyFwd Ext
VM NIC
Virtual Machine
ExtensionExtensionExtension
Ingress
Ingress
Egress
Egress
Learning IP Addresses in Virtual Networks
Broadcast/Multicast support (NEW in R2)Enables new scenarios
DHCP in the Virtual NetworkHost and Guest Clustering
Efficient ImplementationUses hardware for PA multicast if configured
Administrator don’t generally like to configure PA multicast
Falls back to intelligent PA unicast replication Sends only one unicast packet per host no matter how many relevant VMs are on the host
Compliant address resolution semanticsCA space DAD, NUD and ARP fully supported for IPv4 and IPv6Reliable ARP proxy
Notifies the central policy store of learned IP addressesNew CA’s, deletion of CA’s, CA movement Rapid dissemination of HNV routing policyLimited network overhead for disseminating HNV routing policy
Dynamic Learning of Customer Addresses
Datacenter Network
Host 1 Host 2
Provider Address Space (PA)
192.168.4.22192.168.4.11
Contoso
10.0.0.5192.168.4.
11
10.0.0.7192.168.4.
22
Contoso
10.0.0.5192.168.4.
11
10.0.0.7192.168.4.
22
The CAs for Contoso’s VMs
are centrally managed with their policies automatically
pushed out.
Customer Address Space (CA)
10.0.0.5 10.0.0.7
Contoso2
SQL Server
Contoso1 Web Server
Dynamic Learning of Customer Addresses
Datacenter Network
Host 1 Host 2
Provider Address Space (PA)
192.168.4.22192.168.4.11
Contoso
10.0.0.5192.168.4.
11
10.0.0.7192.168.4.
22Fabrikam
10.0.0.5192.168.4.
11
Contoso
10.0.0.5192.168.4.
11
10.0.0.7192.168.4.
22
Fabrikam1 starts and is configured with a static IP. Its routing policy is configured in HNV
Customer Address Space (CA)
10.0.0.5 10.0.0.7
Contoso2
SQL Server
Contoso1 Web Server
Fabrikam1
DHCP Server
10.0.0.5
Dynamic Learning of Customer Addresses
Customer Address Space (CA)
Datacenter Network
Host 1 Host 2
Provider Address Space (PA)
192.168.4.22192.168.4.11
Fabrikam
10.0.0.5192.168.4.
11 Fabrikam2 sends out a request for a
dynamic IPFabrikam2 starts
configured for dynamic IP
DHCP server running on Fabrikam1
receives request for a dynamic IP
HNV sends out a unicast replicated
packet of the request to Host 1
HNV receives unicast replicated packet and delivers to
Fabrikam1 Contoso
10.0.0.5192.168.4.
11
10.0.0.7192.168.4.
22
Contoso
10.0.0.5192.168.4.
11
10.0.0.7192.168.4.
22
FabrikamDHCP Server
10.0.0.510.0.0.5 10.0.0.7
ContosoSQL Server
Contoso Web Server
Fabrikam
10.0.0.5192.168.4.
11
10.0.0.7
FabrikamWeb Server
Dynamic Learning of Customer Addresses
Customer Address Space (CA)
Datacenter Network
Host 1 Host 2
Provider Address Space (PA)
192.168.4.22192.168.4.11
10.0.0.8 192.168.4.22Fabrikam2 receives IP assignment and
configures itself and HNV policy is set
HNV sends out a unicast replicated
packet of the response to Host 2
DHCP server running on Fabrikam1
responds assigning 10.0.0.8 to Fabrikam2
HNV receives unicast replicated packet and delivers to
Fabrikam2
Contoso
10.0.0.5192.168.4.
11
10.0.0.7192.168.4.
22
Contoso
10.0.0.5192.168.4.
11
10.0.0.7192.168.4.
22
10.0.0.5 10.0.0.7
ContosoSQL Server
Contoso Web Server
FabrikamDHCP Server
10.0.0.5 10.0.0.7
FabrikamWeb Server
Fabrikam
10.0.0.5192.168.4.
11
Fabrikam
10.0.0.5192.168.4.
11
10.0.0.7192.168.4.
22
Dynamic Learning of Customer Addresses
Customer Address Space (CA)
Datacenter Network
Host 1 Host 2
Provider Address Space (PA)
192.168.4.22192.168.4.11
10.0.0.8 192.168.4.22 10.0.0.8 192.168.4.22
Host 1 then either learns of
Fabrikam2‘s dynamic IP address or is configured by the central policy
store
Contoso
10.0.0.5192.168.4.
11
10.0.0.7192.168.4.
22
Contoso
10.0.0.5192.168.4.
11
10.0.0.7192.168.4.
22
10.0.0.5 10.0.0.7
ContosoSQL Server
Contoso Web Server
FabrikamDHCP Server
10.0.0.5 10.0.0.7
FabrikamWeb Server
Fabrikam
10.0.0.5192.168.4.
11
10.0.0.7192.168.4.
22
Fabrikam
10.0.0.5192.168.4.
11
10.0.0.7192.168.4.
22
Demo :Bring your own DHCP Server and Guest Clustering
Enhanced Hyper-V Network Virtualization Performance & Diagnostics
HNV + NIC Teaming (NEW in R2)Inbound and outbound spread on virtualized traffic
Higher performance with teamed NICsUtilizes LBFO’s new Dynamic Mode
Provider Addresses configured with a MAC address *-NetVirtualizationProviderAddress cmdlets updated to take a MAC address
Optimal performance when you have 1 (or more) PAs per NIC in the team
Ex. A NIC team of 2 NICs should have 2 or more PAs and the CAs spread between them
Demo :HNV and NIC Teaming
NVGRE Encapsulated Task OffloadTypically NIC offloads work on the CA packet
Most offloads break when using GRE & NVGRELarge Send Offload (LSO)Receive Side Scaling (RSS)Virtual Machine Queue (VMQ)
NVGRE Encapsulated Task Offload was introduced in Windows Server 2012 to ensure no performance loss
Emulex and Mellanox have announced products supporting NVGRE Task Offload
Working with additional NIC Vendors to enable NVGRE Task Offload
Emulex NVGRE optimized VNeX
No NVGRE Offloads Optimizied NVGRE Offloads0
1
2
3
4
5
6
7
8
9
10
NIC Performance with and without NVGRE Optimized Offloads Enabled
Norm
alized
NIC
Th
rou
gh
pu
t
Mellanox ConnectX-3 Pro 10 GBe 10GbE Performance
NVGRE with ConnectX-3 Pro Offloads NVGRE Without Offloads0
1
2
3
4
5
6
7
8
9
10
Throughput (Gb/s)
Higher Is Better
65%
NVGRE with ConnectX-3 Pro Offloads NVGRE Without Offloads0
2
4
6
8
10
12
CPU Overhead (CPU Cycles per Byte)
LowerIs Better
80%
Enhanced Diagnostics with HNV (NEW in R2)Message Analyzer
Decodes the NVGRE packet formatFilter either on the CA or PA Packet data
Ping –pAllows pinging PAs
Test-VMNetworkAdapter Allows an admin without access to the VM to validate the CA space configuration
HNV responds to ICMP request to the default gateway
Allows pinging the IP address of the CA default gateway (distributed router)
Demo :Diagnostics with HNV
Key TakeawaysHyper-V Network Virtualization provides virtual network abstraction on top of the physical network
HNV uses a industry standard encapsulation (NVGRE) to provide the virtual network
In Windows Server 2012, HNV was enhanced withDynamic IP learning in the virtual networkHyper-V Clustering and Failover support in the virtual networkPerformance and diagnostics enhancements
When combined with the built-in software gateways, HNV is ready for deployment in your datacenters!!
Related contentBreakout Sessions (session codes and titles)
MDC-B210 Everything You Need to Know about the Software Defined Networking Solution from MicrosoftMDC-B350 How to Design and Configure Networking in Microsoft System Center - Virtual Machine Manager and HyperV Part 1MDC-B351 How to Design and Configure Networking in Microsoft System Center - Virtual Machine Manager and HyperV Part 2
Track resourcesLearn more about Windows Server 2012 R2 Preview, download the datasheet and evaluation bits on http://aka.ms/WS2012R2
Learn more about System Center 2012 R2 Preview, download the datasheet and evaluation bits on http://aka.ms/SC2012R2
msdn
Resources for Developers
http://microsoft.com/msdn
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
TechNet
Resources
Sessions on Demand
http://channel9.msdn.com/Events/TechEd
Resources for IT Professionals
http://microsoft.com/technet
Complete an evaluation on CommNet and enter to win!
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
