Virtual Networking in VMM 2012 SP1 and 2012 R2

Architecture

In Brad Anderson’s Why Architecture Really Matters blog series, he talks about the Mobile First, Cloud First world that we live in today, and are going to live in for the foreseeable future and that the architecture of the solutions you use to support your organization are going to be critical to your success.

For those of you building out on premise, hybrid and service provider cloud solutions, networking is a key component of that architecture and in the blog series below and the Building a Virtualized Network Solution eBook, we discuss how to define, configure and manage Virtual Networks in VMM 2012 SP1 and R2.

 

Topic

Description

Getting Started with Network Virtualization

Walk through the basic steps required to create an isolated network in VMM 2012 SP1. We will refer back to this initial posting, expanding specific topics and the implications behind certain decisions

[this post]

Logical Networks

Review considerations for the design of logical networks, network sites and use of vLAN and pvLANS

Part 1 – Logical Networks

Part 2 – How many networks do you need?

Part 3 – Isolation using VLANs

Part 4 – Isolation using PVLANS

Part 5 – Network Virtualization

Port Profiles and Port Classifications

The different types of port profiles, how and when to use them, how port profiles work in converged networks and what part port classifications play

Included in Building a Virtualized Network Solution 2nd Edition

Logical Switches

Review differences between logical switch vs a virtual switch, how and why you would or would not use each of them in your environment, implications for converged networks

Included in Building a Virtualized Network Solution 2nd Edition

HyperV Gateway

Outlines key design choices and considerations for providing cross-premises connectivity

Included in Building a Virtualized Network Solution 2nd Edition

Networking in Microsoft Cloud Platform System (CPS)

A look at the design and key decision points for the network architecture and virtualized network solution within the Microsoft Cloud Platform System

Included in Building a Virtualized Network Solution 2nd Edition

In summary, this blog series and the Building a Virtualized Network Solution book has been created specifically for architects and cloud fabric administrators who want to understand what decisions they need to make when designing a virtualized network infrastructure and the implications of those decisions, what constitutes best practice, and, ultimately, what they need to do in order to build out a virtualized network solution that that meets today's business requirements while also providing a platform for future growth and expansion.

We highly recommend that prior to working through the material, you familiarize yourself with network virtualization and some of the key concepts and terms. The below link provides a good basis from which to start: http://technet.microsoft.com/en-us/library/jj134230.aspx

 

Introductions

As the primary authors and editors of the blog series, Damian Flynn (LionBridge Architect and Microsoft MVP) and Nigel Cain (Senior Program Manager, Windows Server and System Center) have presented a number of sessions on creating and managing Private/Hosted Clouds with System Center 2012 at TechEd and MMS have had many detailed discussions with the engineering team on virtualized networking, how to migrate from pre-existing (pre-VMM 2012 SP1) networking and architecture best practices . We hope this blog and the ebook will help answer some of the key questions you have on virtual networking and help you get the most of your investment in System Center – Virtual Machine Manager.

 

Getting Started with Virtual Networking

In this first blog of the series, we will walk through the basic steps you need to follow in order to create an isolated network on Windows Server 2012 Hyper-V servers using System Center 2012 SP1- Virtual Machine Manager . The steps are similar for the R2 edition but the screens and experience are slightly different (for details, please see Chapter 1 in the book. Thanks to Alvin Morales from CSS Beta Support for helping build out this initial posting.

Note that in the following sections we are assuming you are working in a new environment and will use VMM to configure all elements of virtual networking. In reality, you may have existing Hyper-V hosts with some or all components of networking already pre-configured. We will discuss how to work with these environments in later blog posts.

 

Network Virtualization

The documentation for SC 2012 SP1 – VMM states that network virtualization provides the “ability to run multiple virtual network infrastructures, potentially with overlapping IP addresses, on the same physical network. With network virtualization, each virtual network infrastructure operates as if it is the only one that is running on the shared network infrastructure. This enables two different business groups that are using VMM to use the same IP addressing scheme without conflict. In addition, network virtualization provides isolation so that only virtual machines on a specific virtual network infrastructure can communicate with each other.”

The rest of this document will walk you through the steps required to configure network virtualization “so that only virtual machines on a specific virtual network infrastructure can communicate with each other”. In later blog postings, we’ll talk about how you would use this concept as a basis for a service in which your customers will “bring their own network”.

 

1 Create a Logical Network

A logical network is used to organize and simplify network assignments for hosts, virtual machines and services. As part of logical network creation, you can create network sites to define the VLANs, IP subnets, and IP subnet/VLAN pairs that are associated with the logical network in each physical location.

http://technet.microsoft.com/library/gg610588.aspx

Note that if you are planning to create an isolated network, you must check the option to “Allow new VM networks created on this logical network to use network virtualization”. As later stages of this process build on this logical network concept, if the option is not checked, it may be necessary for you to delete and recreate your logical network to get the desired behavior.

image

When you create a logical network, you can create one or more associated network sites. A network site associates one or more subnets, VLANs, and subnet/VLAN pairs with a logical network. It also enables you to define the host groups to which the network site is available.

image

 

2 Create an IP pool for the logical network

To ensure that each virtual machine has an IP address which can be used on the host network, network virtualization requires that you create an IP pool. IP addresses from this pool are otherwise known as Provider Address (or PA). The IP addresses you provide here will be routable between your Hyper-V hosts.  We’ll cover more about this in later blogs, but you can find more information on IP address pools here: http://technet.microsoft.com/en-us/library/gg610590.aspx

image

 

3 Define a Logical Switch

You can consistently configure identical capabilities for network adapters across multiple hosts by using port profiles and logical switches. Port profiles and logical switches act as containers for the properties or capabilities that you want your network adapters to have across multiple hosts. Instead of configuring individual properties or capabilities for each network adapter on each host, you specify the capabilities in port profiles and logical switches, which you can then apply to the appropriate adapters. You can find more information on logical switches and port profiles at the following location:

http://technet.microsoft.com/en-us/library/jj721570.aspx

The following walks through the steps necessary to create a logical switch. The terms may be slightly confusing, but later blogs will add more details.  Please note that the order of tasks is important and you will need to create an uplink port profile and virtual network adaptor port profile(s) before you can create the logical switch itself.

 

3.1 Create an Uplink Port Profile

The Uplink port profile defines the load balancing algorithms for teaming as well as linking the switch with the network site(s) that you defined in a logical network.

image

As we will talk about in the blog on virtual switches, be sure that the hosts you want to deploy this virtual switch to have been configured to support the logical network(s) you select below.  Otherwise, you will be unable to assign the switch to that host.

image

 

3.2 Define Virtual network adapter port profiles

A number of network adapter port profiles have been created by default for your convenience.   These profiles allow you to configure settings such as Virtual Machine Queue (VMQ), IPsec task offloading and Single-root I/O virtualization (SR-IOV) that can be applied to a given virtual network adaptor. You can also configure security to prevent MAC address spoofing, DHCP guard, router guard, guest teaming, IEEE priority tagging as well as the minimum and maximum bandwidth.  For more information, see the following article: http://technet.microsoft.com/en-us/library/jj628155.aspx.

In terms of getting started, just accept the default list of port profiles for now.  We’ll come back to these and how and why you should configure them in a future blog posting.  For now, just remember that you can use virtual adaptor port profiles to define quality of service and to take advantage of some of the features provided by your host hardware.

 

3.3 Define Port Classifications

A port classification is essentially a label used to group profiles together, it is used in a similar manner to storage classifications in VMM in the sense they are used to hide complexity from users working with a cloud. As with port profiles before, we will accept the default list of classifications for now and discuss these in a later blog.  If interested, you can find more details on port classifications and how they are used in the following article: http://technet.microsoft.com/en-us/library/jj628153.aspx.

 

3.4 Create the Switch

At this point, you can link the different port profiles and classifications in the form of a logical switch which can then be assigned to one or more Hyper-V hosts. Future blog posts will cover logical switch configuration and design choices in much more depth.  For now, just enter a name for the new logical switch and accept the default setting (unchecked) for SR-IOV as shown below.

You can find more information on logical switches in VMM 2012 SP1 at the following location: http://technet.microsoft.com/en-us/library/jj628154.aspx

image

 

On the Uplink settings page of the Create Logical Switch Wizard, you need to indicate whether the logical switch will be connected using either a teamed or a stand-alone physical network adapter and, by specifying one or more uplink port profiles, the list of logical networks that it will be connected to.

 

image

 

The remaining task is to specify which port classifications will be available on this switch. These classifications control the properties such as the security settings and restrictions on network bandwidth that will be applied to the virtual network adapters that are connected to this switch.

 

image

In this example above, the switch will include only a medium bandwidth profile, which essentially means that all virtual machines that connect to the network (using this switch) will have their maximum bandwidth limited to a range defined by the VMM administrator.

 

4 Assign the logical switch to a host

The next step is will assign the logical switch we created to a host. You will need to go to the host properties and select the virtual switch section. In the new Virtual Switch button you will select “New logical switch” and assign the physical network adaptors which will be linked to the switch as shown.

image

 

Note: If the physical network adapter you selected will also be used to pass management traffic back to VMM, you will need to create a (new) Virtual Network Adapter and assign it to a VM network that has no isolation.  See the later section on VM networks and http://technet.microsoft.com/en-us/library/jj628156.aspx for more details.

 

image

Once you apply the logical switch to the host in SC 2012 SP1 – VMM, it will create a virtual switch on the Windows Server 2012 Hyper-V host.

 

5 Create a VM (Virtual Machine) Network

New to SC 2012 SP1 – VMM is the fact that all virtual machines need to be connected to a Virtual Machine (VM) Network to be able to use and access network resources. You can find and define these networks through the VMs and Services section of the console.  Please note that VM networks are not fabric components and hence are located in a different part of the console. The Create VM Network Wizard will introduce the key steps required to set up an isolated network. We will return to this topic in future blog posts – you can find more information on Virtual Machine Networks here: http://technet.microsoft.com/en-us/library/jj628157.aspx

image

 

The Isolation screen allows you to enable Isolation and the IP version you want the isolated network want to use.  You can also select No Isolation if you want to have the VM network provide virtual machines with direct access to the logical network.  This configuration essentially replicates the behavior you would find in SC 2012 – VMM.

 

image

 

Using isolation, you need to define the subnet which the virtual machines will be using. This will allow the virtual switch to create the network virtual routing tables. This will also help define the IP range used in the IP pool for the virtual machine network.

 

image

 

By default, the Virtual Network has no external connectivity, meaning that virtual machines connected to it will only be able to communicate with other virtual machines on that network as the dialog below suggests. In short, you need a VPN Gateway Device to provide a VPN link to an external network or a Gateway Device which allows machines on the virtual network to communicate with other local networks supported by that Hyper-V host in the local datacenter. For now, you can accept the default of no external connectivity.

Note that the remote and local networks options (highlighted) are greyed out in the dialog below as no gateway “provider” has been defined in VMM. We will discuss this and the different types of Gateways and why you would use them in much more detail in the blog posts on Hosting scheduled for later in the year.

 

image

 

6 Create an IP pool in the VM Network

Next, you need to define the IP range that can be assigned to virtual machines connected to this network.  These addresses are referred to as customer addresses (CA). Be aware that when you create the range the first IP will be assigned to the switch.  This means you will also have one less usable address in the range. You can create multiple IP ranges within the same customer address space. More information can be found here: http://technet.microsoft.com/en-us/library/jj721574.aspx

image

 

As an example, based on the subnet defined for your Virtual Machine (VM) Network, you will then create the IP pool. Assuming the subnet is 10.10.10.0 and the addresses for the pool start at 10.10.10.2 through 10.10.10.254 based on the mask, VMM will automatically reserve the first IP of the range (10.10.10.1) for assignment to the virtual switch. The reserved IP address is utilized by the network virtualization filter as a gateway between additional subnets in the same customer address space. You can also reserve IP addresses for other uses.

 

image

 

7 Assign the VM Network to a Virtual Machine

Once the virtual network has been created, virtual machines (VM) can be connected to it using the network adapter configuration settings – see example screenshot below. In the connectivity section of the dialog, simply assign the virtual machine to your new VM Network.

NOTE: Be aware that the MAC address assigned to the interface will be static rather than dynamic to allow the virtual machine to retain its MAC address as it migrates between hosts in your environment. As you are utilizing virtual networking, hosts require an additional update to the network virtualization (MS_NETWNV) lookup tables to ensure the MSNETWNV filter maintains connectivity and the MAC address is essentially used as part of the unique identifier for your virtual machines’ network traffic.

The assigned static MAC address will be taken from a MAC address pool. You can find more information about the use of MAC addresses pools from the following location: http://technet.microsoft.com/en-us/library/gg610632.aspx.

image

 

Summary

We hope these overview steps gave you an idea of how to configure virtual networks. In the upcoming blogs, we will talk about each of the components in turn, providing more detail around key design decisions and the implications of those decisions.

 

-Nigel Cain & Damian Flynn