~ Karthikeyan Ravichandran | SDE
In data center deployments, a highly popular form of deployment is to use virtual network adapters (vNICs) for host management. In this scenario, multiple physical network adapters on a Hyper-V host are bound to a virtual switch through a NIC team and virtual network adapters are created for the host partition for management/storage traffic/live migration traffic etc. This post addresses common deployment scenarios and known issues/workarounds around host management vNics pertaining to System Center 2012 Virtual Machine Manager (VMM 2012) Service Pack 1 (SP1). Some of these issues have been fixed in VMM 2012 R2 and they have been noted below as appropriate.
Scenario # 1 – Host Management traffic is untagged on the host
In this scenario, host management traffic is not tagged with any VLANs on the host. In terms of physical network configuration, this actually means one of two things
· Host management traffic is never tagged with VLANs on the access switches of the network
· Host management traffic is actually on a VLAN, but the management VLAN is set to be the native VLAN on the trunk port of the connected physical switch. Since the management VLAN is set as the native VLAN, all untagged traffic from the host is treated as the management VLAN traffic by the switch and hence there is no explicit VLAN requirement on the host.
In the above scenario we need to ensure that a vmnetwork is created and its parent network site be part of the uplink port profile that will be used for the management VM network. Please note that the VLAN ID is mentioned as zero even though in reality the VLAN ID may be non-zero in the native VLAN case. We mark it as zero so that packets corresponding to the native VLAN that come in or go out of the host are untagged.
For example, here is what my Management Logical Network looks like:
Next we create a native uplink port profile that will include the Management Network and a tenant network which will have VM workloads.
Now we proceed by creating a logical switch that includes this uplink port profile and a port classification for the host management virtual NIC.
Now we will deploy the logical switch on the selected host. For our test purposes, the host has two network adapters, both of which we will add to the logical switch.
Before creating the switch, we need to create a management virtual Network Adapter and assign it to the Mgmt VMNetwork that we previously created.
Please note that the management virtual Network Adapter has to be created at the same time as the logical switch on the host. If the management vNic is not created, VMM may lose connectivity to the host during the logical switch creation on the host.
After the host vNIC is created, we then click OK on the properties page and that will initiate logical switch creation on the host. Once the logical switch is created on the host, the host is ready to provide networking to virtual machine workloads.
Scenario # 2 – Host Management traffic is on a tagged VLAN on the host
In this scenario, host management traffic enters the host on a particular VLAN tag. The corresponding physical switch port is configured in trunk mode and host management traffic is on a particular VLAN. In this case, the physical NICs on the host are already tagged with a VLAN at the driver level using NIC vendor specific VLAN tagging methods. The exact mechanism differs greatly from vendor to vendor and hence is not discussed here. For demonstration purposes, let’s assume that the management VLAN is VLAN 6 and is already tagged on the physical NICs.
The Network Site that has VLAN 6 defined is shown below.
Also, the network site has to be added to the uplink profile.
Thus we are ready to create a logical switch on a host with the management network on a tagged VLAN. Before we proceed though, we need to understand a subtle difference in the tagged VLAN scenario. In the case of untagged VLANs on the host, there is no requirement to configure the host management vNic with a particular VLAN ID for it to retain connectivity. In the tagged VLAN case, VMM 2012 needs to configure the VLAN ID on the management vNic with the VLAN ID in order for host management traffic to flow through the management vNic. In VMM 2012 SP1, VLAN configuration happens on the vNic at the end of virtual switch configuration. As a result, VMM requires host connectivity through another management interface until it can complete the VLAN configuration on the host vNic.
As a result, we will use the following workflow when creating the logical switch on the host:
· Create the logical switch with one physical NIC as uplink, keeping the other uplink for management connectivity.
· Once logical switch creation is successful, add the other physical NIC to the logical switch.
The above workflow will ensure that VMM does not lose connectivity to the host during logical switch creation.
Before we proceed, we must ensure that there are at least two adapters that marked as “Used For Management” on the hardware properties. VMM automatically marks this property based on whether the IP address reported on the adapter is resolvable by DNS.
Now we create a logical switch for one of the physical NICs.
Once the logical switch is successfully created, we will add the second physical NIC to the logical switch, thus achieving redundancy and load balancing for the uplinks of the logical switch.
NOTE: In VMM 2012 R2, the above step to add physical network adapters one by one to the logical switch has been removed. You can add all the uplink NICs when creating the logical switch on the host.
Here is the final state of the logical switch, complete with all the uplinks that we ever wanted to add.
Once the logical switch is successfully created, we will add the second physical NIC to the logical switch, thus achieving redundancy and load balancing for the uplinks of the logical switch. Here is the final state of the logical switch, complete with all the uplinks that we ever wanted to add.
Karthikeyan Ravichandran | SDE | Microsoft
System Center All Up: http://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/
System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm
The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/