Microsoft Virtual Academy

Module 4

Creating and Configuring Virtual Machine Networks

Module Overview

•Creating and Using Hyper-V Virtual Switches

•Advanced Hyper-V Networking Features

•Configuring and Using Hyper-V Network Virtualization

Lesson 1: Creating and Using Hyper-V Virtual Switches

•Overview of the Hyper-V Virtual Switch

• Types of Virtual Switches

•What Is VLAN Tagging?

Overview of the Hyper-V Virtual Switch

• Software implemented layer two switch

• Connects virtual machines to virtual and physical

networks

• Parent partition is also A virtual machine

• Extensible, has advanced features, can be replaced

• Policy enforcement, isolation, traffic shaping, protection

• Managed by Hyper-V Manager and Windows

PowerShell • Get-VMSwitch

• Parent partition can have multiple virtual NICs

• Can be connected to different virtual switches

• Can have different bandwidth limitations

Overview of the Hyper-V Virtual Switch

Overview of the Hyper-V Virtual Switch

Overview of the Hyper-V Virtual Switch

Types of Virtual Switches

• Parent has physical network adapter(s)

• Each virtual machine (and parent) has virtual network

adapter(s)

• Each virtual network adapter is connected to a virtual

switch

• Type of virtual switch is:

• External – connects to a physical or wireless adapter

• Internal – parent and virtual machine connections only

• Private – virtual machine connections only

•Configuration

• Use Virtual Switch Manager to create virtual switches

• Use virtual machine settings to connect a virtual network

adapter to a switch

Types of Virtual Switches

- Physical network adapter

- Virtual network adapter

- Virtual switch

Parent

App

Virtual machine

App Virtual machine

App

Parent

App

Virtual machine

App Virtual machine

App

Private

Parent

App

Virtual machine

App Virtual

machine

App

Internal

External

Parent

App

Virtual machine

App Virtual machine

App

No IP

IP IP

IP

NAT

Types of Virtual Switches

Types of Virtual Switches

Types of Virtual Switches

Types of Virtual Switches

Types of Virtual Switches

Types of Virtual Switches

Types of Virtual Switches

What Is VLAN Tagging?

• Used to isolate network traffic for nodes that are

connected to the same physical network

• VLANs are used by Hyper-V to

• Isolate Hyper-V server management networks

• Isolate virtual machines that are connected to external virtual

switches

• Isolate virtual machines on a single Hyper-V server

• VLAN ID can be configured on

• Virtual machine network adapter

• External and Internal virtual switch

• VLAN is limited to a single physical subnet

• VLAN ID has 12 bits (up to 4,094 VLAN IDs)

Lesson 2: Advanced Hyper-V Networking Features

•Virtual Switch Expanded Functionality

•Virtual Switch Extensibility

•What Is SR-IOV?

•What Is Dynamic Virtual Machine Queue?

•Network Adapter Advanced Features

•NIC Teaming in Virtual Machines

Virtual Switch Expanded Functionality

•ARP/Neighbor Discovery Poisoning protection

• Protects against ARP and Neighbor Discovery spoofing

•DHCP Guard protection

• Protects against rogue DHCP server in virtual machine

• Port ACLs

• Enables isolation by allowing/denying traffic

• Trunk mode to a virtual machine

• Trunk mode forwards traffic from multiple VLANs

•Network traffic monitoring

• Bandwidth limit and burst support

Virtual Switch Extensibility

• Extensible

• NDIS filter drivers

• WFP callout drivers

• Extensions

• Ingress

• Forwarding

• Egress

• Monitoring

•Virtual switch can

be replaced

Parent partition

Extension miniport

Extension protocol

Hyper-V virtual switch

Physical NIC

Virtual machine

Host NIC

Virtual machine NIC

Virtual machine

Virtual machine NIC

Filtering extensions

Forwarding extension

WFP extensions

Capture extensions

What Is SR-IOV?

• Requires support in network adapter

• Provides Direct Memory Access to virtual machines

• Increases network throughput

• Reduces network latency

• Reduces CPU overhead on the Hyper-V server

• Virtual machine bypasses virtual switch

• Supports Live Migration

Network I/O with SR-IOV Network I/O without SR-IOV

Physical NIC

Parent partition

Virtual switch

Routing VLAN Filtering

Virtual machine

Virtual NIC

SR-IOV Physical NIC

Virtual Function

VMBUS

• Even when different SR-

IOV adapters are used

What Is Dynamic Virtual Machine Queue?

•Network adapter uses receive queues to route

traffic to the appropriate virtual machine

• Physical network adapter must support VMQ

• Dynamically use multiple CPUs when processing

virtual machine network traffic

• DMA reduces CPU overhead on Hyper-V server

• Beneficial when virtual machines receive lot of network

traffic

•VMQ is automatically configured and tuned

• Based on processor networking and CPU load

• VMQ is enabled by default on a virtual network adapter

• Used only if the physical network adapter supports VMQ

Network Adapter Advanced Features

• Same features

available for all

virtual network

adapters

• Features are

implemented in

Hyper-V virtual

switch

NIC Teaming in Virtual Machines

• Provides redundancy and aggregates bandwidth

• Can be used at the operating system and virtual machine

level

• Multiple physical network adapters in an NIC team

• If a physical adapter fails, virtual switch has connectivity

• Multiple virtual network adapters in an NIC team

• If a virtual switch fails, virtual machine has connectivity

• Particularly important when SR-IOV is used

• SR-IOV traffic bypasses the virtual switch

• Intended and optimized to support teaming of SR-IOV

• May be used with any virtual network interface

• Virtual machine must have multiple network adapters

• Connected to different virtual switches

• MAC address spoofing must be enabled

Lesson 3: Configuring & Using Hyper-V Network Virtualization

• Providing Multitenant Network Isolation

•What Is Network Virtualization?

• Benefits of Network Virtualization

•What Is Network Virtualization Generic Routing Encapsulation?

•What Are Network Virtualization Policies?

Providing Multitenant Network Isolation

• Multiple isolated networks on the same infrastructure

• VLANs are often used

• Limited scalability (maximum of 4094 VLANs)

• VLANs cannot span multiple subnets

• Challenging to reconfigure when adding or moving

virtual machine

VLAN ID

Switch

Virtual machines

Switch

Providing Multitenant Network Isolation

• Private VLANs

• Addresses some VLAN scalability issues

• Reduces number of IP subnets and VLANs

• Virtual switch can limit virtual machines to the same

VLAN

• Port ACLs

• Challenging to manage and update ACLs

Hyper-V virtual switch supports private VLANs and port ACLs

• The solution is Software Defined Networking

Network virtualization is an implementation of Software

Defined Networking

• Hyper-V enables network virtualization

What Is Network Virtualization?

Server virtualization

• Multiple virtual machines on

a same physical server

• Each virtual machine is

isolated from others

Physical

server

Blue virtual

machine Red virtual

machine Blue network Red network

Physical

network

Network virtualization

• Multiple virtual networks

on a same physical network

• Each virtual network is

isolated from others

Benefits of Network Virtualization

• Flexible virtual machine placement

•Multitenant network isolation without VLANs

• IP address reuse

• Live migration across subnets

• Is compatible with existing network infrastructure

• Transparent moving of virtual machines to shared

IaaS cloud

•Can be configured using Windows PowerShell

• Can also use System Center 2012 R2 Virtual Machine

Manager

What Is Network Virtualization Generic Routing Encapsulation?

10.1.1.11 10.1.1.11 10.1.1.12 10.1.1.12

192.168.5.55

192.168.2.22 192.168.5.55

10.1.1.11 10.1.1.12

10.1.1.11 10.1.1.12

GRE Key=5001

GRE Key=6001

MAC

MAC 192.168.2.22

192.168.5.55

10.1.1.11 10.1.1.12

10.1.1.11 10.1.1.12

10.1.1.11 10.1.1.12

10.1.1.11 10.1.1.12

192.168.2.22 (Provider address

)

192.168.5.55 (Provider address)

10.1.1.11 (Customer address)

10.1.1.11 (Customer address)

10.1.1.12 (Customer address)

10.1.1.12 (Customer address )

• Customer address space based on virtual machine configuration

• Provider address space based on physical network

• Not visible to the virtual machines

What Are Network Virtualization Policies?

SQL 10.1.1.1

WEB 10.1.1.2

SQL 10.1.1.1

WEB 10.1.1.2

Blue Yonder Airlines

Customer

Address

Provider

Address

10.1.1.1 192.168.1.10

10.1.1.2 198.168.1.12

Woodgrove Bank

Customer

Address

Provider

Address

10.1.1.1 192.168.1.10

10.1.1.2 192.168.1.12

Policy Settings Provider Address Space

Data Center

Network

Hyper-V Host 1 Hyper-V Host 2

192.168.1.10 192.168.1.12

SQL SQL WEB WEB

10.1.1.1 10.1.1.1 10.1.1.2 10.1.1.2

Customer Address Spaces

Blue Yonder Airlines

Woodgrove Bank

• Define customer address-provider address mappings

• Specify on which Hyper-V server virtual machines are running

• Hyper-V implements policies by translating incoming and

outgoing packets

• If a virtual machine is moved, policies are modified

• Virtual machine configuration stays the same