Network Management in System Center 2012 SP1 - VMM

Network Management in System Center 2012 SP1 Virtual Machine Manager

Greg CusanzaSenior Program Manager, Microsoft

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

Networking from scratch• How do I offer networking to my virtualization workloads?• How do I make my network resilient to failure?• How do I provide tenant self service?• How can I provide isolation?• How do I maintain consistency in large datacenters?


1. Design your network2. Build and configure hardware to support your design3. Configure VMM to implement design:

Create logical concepts Configure hosts Configure tenants Deploy workloads

Steps to a successful deployment


Installed VMM serverBasic VMM conceptsBasic networking concepts Teaming Switch Router/Gateway

Assumptions for this session


Network Design

Windows Azure services

on Windows server

NVGRE

Logical view of the network

1st question: how do I provide isolation?

Datacenter isolation – separation of infrastructure traffic for isolation and QOS

Tenant isolation – keeping tenants from each other and protect the infrastructure

“Internet”Corp

Admin

Tenants

Provider Network

Man

agem

ent

VMM

Other managementservers

Tena

nt 1

Net

wor

k 1

Tenant 1VM 1

Tenant 1VM 2

Tena

nt 2

Net

wor

k 1

Tenant 2VM 1

Tenant 2VM 2

Katal

Clus

ter/

LM/S

tora

ge

Gateway

Compute


Isolation

Physical separation

Physical switches and adapters for each type of traffic

Layer 2:VLANPVLAN

Tag is applied to packets which is used to control the forwarding

Network Virtualization

Isolation through encapsulation. Independence from address space.

Layer 3:IP routing

Switches provide access control and path isolation


Limited capacity on each switch and port (4095 max) High maintenance Easy to make mistakes Limits broadcasts

The limitations of VLANs


J Infrastructure networks

L Tenant networks are too dynamic

The solution for tenants is network virtualization

Where should you use VLANs


Ability to create networks on the fly as needed

Ability do define capabilities as needed

Software defined networking (SDN)


SP1 :Software Defined Networking

Software Defined Networking (management, configuration, data) Hyper-V Network Virtualization Extensible Virtual Switch

Network Policy/Offloads SR-IOV DHCP Guard IPSec Task Offload Bandwidth Control Trunk Mode

VM Network

Logical NW

Virtual Machine

Physical Network

VLAN 25Subnet 10.0.0.0/26

Fab

ric

Vir

tual

Virtual Machine

Extension

Extension

Extension

VM Network

Logical NW


Address spaces

Can be DHCP and StaticIPv4 and IPv6

Logical network Address space defined by

Example

Corp Corp IT 172.30.0.0/16

Internet ICANN 65.55.57.0/24

Management Datacenter Admin 10.0.0.0/24

Provider Datacenter Admin 10.0.1.0/24

Cluster/Storage/etc… Datacenter Admin 10.0.2.0/24

Tenant N Tenant 192.168.1.0/24

WhoDefinesWhat?


Host Configuration


Host configurationThree options

Converged Option1

10GbE each

VMNVM1

10GbE each

Sto

rage

Live M

igra

tion

Clu

ster

Man

ag

e

Converged Option1+

10GbE each

VMNVM1

10GbE each

Sto

rage

LM Clu

ster

Man

ag

e

Non-converged

1GbE 1GbE 1GbE 10GbEHBA/

10GbE

Sto

rage

Live M

igra

tion

Clu

ster

Man

ag

eVM1 VMN

Converged Option2

VMNVM1

Sto

rage Live M

igra

tion

Clu

ster

Man

ag

e

CSV/RDMA Traffic 10GbE each


Two ways to get there:

Host configuration… with teaming

Manual configuration in host properties

• Already deployed hosts• Updating an existing configuration

Bare metal deployment

• Consistent deployment• Use host profile• Can re-deploy


VMM configuration


Merging physical and logicalIn VMM

Logical Network

Models the physical network

Separates like subnets and VLANs into named objects that can be scoped to a site

Container for fabric static IP address pools

VM networks are created on logical network

Logical Switch

Central container for virtual switch settings

Consistent port profiles across data center

Consistent extensions

Compliance enforcement


Creating logical networks for infrastructure demo


Creating logical switch

Why?

• Automatic team creation• Configuration for DC on a single object• Compliance• Access to hyper-v port settings• 3rd party extension management• Updates get applied to all hosts

Why not?

• More up-front configuration• Limits live migration


Single root IO virtualization (SR-IOV)Why?

• Virtual switch bypass for high performance workloads

Why not?

• You need bandwidth controls• If your physical adapters don’t support it• Limited number of VMs that can use it

per host

• Must be enabled when virtual switch is created

• Must be enabled as needed on port profile

• Limited support for intelligent placement


Plan for the future with a logical switch demo


Using network virtualization for isolation

NVGRE gateway gives tenants access to outside world

Tenant configuration

Without gateway

Use a VM with two NICs

One on isolated network, one on “Internet”

With gateway

• Private cloud: route to local networks • Hybrid cloud: create site to site tunnel

ETA: 2nd quarter 2013

Fabri

kam

Data

cente

r netw

ork

– 1

0.0

.0.0

/16

VPN Gateway – “Hybrid Cloud”

VMNetwork 1“Contoso Finance”

VM1IP: 172.16.1.2GW: 172.16.1.1DNS:172.16.3.99

VM2IP: 172.16.2.2GW: 172.16.2.1DNS:172.16.3.99

NVGRE VPN Gateway

“Fabrikam”

DNS1IP:172.16.3.99

CORP-RED172.16.3.0/

24

CORP-KIRK172.16.4.0/

24

Subnet G(hidden)

w.x.y.z/30

Subnet 1172.16.1.0/2

4

Subnet 2172.16.2.0/2

4

Any VPN Gateway

“Contoso”

Inte

rnet

Conto

so C

orp

Netw

ork

Netw

ork

Vir

tualiz

ati

on R

oute

r

172

.16.1

.1,

17

2.1

6.2

.1 a

nd 1

0.2

54.2

54.1

IP: 10.254.254.2IP: 1.2.3.4

IP: 4.3.2.1

IP: 172.16.0.2

NVGRE


“Internet”Corp

Admin

Tenants

Provider Network

Man

agem

ent

VMM


Tena

nt 1

Net

wor

k 1

Tenant 1VM 1

Tenant 1VM 2

Tena

nt 2

Net

wor

k 1

Tenant 2VM 1

Tenant 2VM 2

Katal

Clus

ter/

LM/S

tora

ge

Gateway

Compute


Container for port profile settings For Hyper-V switch port settings and extension port profiles

Reusable

Exposed to tenants through cloud

Tenant configuration - Port classifications


Tenant configuration,Deploying VM workloadDemos


Load Balancing

Front End

Network that clients use to access the service.

Faces the Internet or Corp

Each service is assigned a Virtual IP (VIP) address

Back End

Faces the tier instancesEach instance gets one Dynamic IP

Back end is usuall on a network with non-routable IPs

NVGRE


“Internet”Corp

Admin

Tenants

Provider Network

Man

agem

ent

VMM


Tena

nt 1

Net

wor

k 1

Tenant 1VM 1

Tenant 1VM 2

Tena

nt 2

Net

wor

k 1

Tenant 2VM 1

Tenant 2VM 2

Katal

Clus

ter/

LM/S

tora

ge

Gateway

Compute

NVGRE


“Internet”Corp

Admin

Tenants

Provider Network

Man

agem

ent

VMM


Tena

nt 1

Net

wor

k 1

Tenant 1VM 1

Tenant 1VM 2

Tena

nt 2

Net

wor

k 1

Tenant 2VM 1

Tenant 2VM 2

Katal

Clus

ter/

LM/S

tora

ge

Gateway

Compute

“Internet”Corp

Admin

Tenants

Provider Network

Man

agem

ent

VMM


Tena

nt 1

Net

wor

k 1

Tenant 1VM 1

Tenant 1VM 2

Tena

nt 2

Net

wor

k 1

Tenant 2VM 1

Tenant 2VM 2

Katal

Clus

ter/

LM/S

tora

ge

Gateway

Compute

Load Balancer

Load Balancer


Why? Add functionality not native to Hyper-V switch Able to tie virtual to physical network together

ExamplesCisco Nexus 1000v – Public Beta now available!!!InMon sflowNEC OpenFlow 5nine

Using Virtual Switch Extensions


Virtual Switch Extensibility demo

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Session Goals

Prepare you for the era of software defined networking

Discuss fabric networking in Virtual Machine Manager for System Center 2012

Preview upcoming networking improvements in Virtual Machine manager for System Center 2012 SP1

Virtual Machine Manager 2012Scenarios

“I want this VM to connect to the Corp network” Answer: Logical Networks

“I want to create a template that I can deploy anywhere” Answer: Logical Network Definitions

“I want IP addresses assigned automatically” Answer: IP Pools

“I want to scale out applications” Answer: Load Balancers

Network ManagementVMM 2012

LOGICAL NETWORKS

Classify network for VMs to access

Map to network topology

Allocate to hosts and clouds

ADDRESS POOLS LOAD BALANCERS

• Allocate a static IP address to VMs from a preconfigured pool

• Create IP pool as a managed range of IP address assignments

• Create MAC address pool as a managed range of MAC address assignments

• Apply settings for load balancer capability in service deployment

• Control load balancer through vendor provider based on PowerShell

• Create virtual IP templates consisting of load balancer configuration settings

Logical Network

A logical abstraction for the type or class of network a VM connects to

InternetData

VM to VM

Examples:PRODBackupFront-endBuildEtc…

Network objects

Logical Network

“Corp”

Logical network definition

“Building 42”

1 - M

Host

group

“Productio

n”

M - M

IP Pool

“StaticSrv”

“10.0.0.1-10.0.0.99”

1 - M

Physical network adapter

M -

MM - M

M -

M

1 -

M

Virtual switch

Virtual network adapter

1 - 1

1 - M

Subnet-VLAN

“10.0.0.0/24”

“VLAN 5”

Address Pools

IP POOLS

Assigned to VMs, vNICs, hosts, and virtual IPs (VIP’s)

Specified use in VM template creation

Checked out at VM creation—assigns static IP in VM

Returned on VM deletion

MAC POOLS VIRTUAL IP POOLS

Assigned to VMs

Specified use in VM template creation

Checked out at VM creation—assigned before VM boot

Returned on VM deletion

Assigned to service tiers that use a load balancer

Reserved within IP Pools

Assigned to clouds

Checked out at service deployment

Returned on service deletion

Load Balancer Support

AUTOMATION

Connect to load balancer through hardware provider

Assign to clouds, host groups, and logical networks

Configure load balancing method and add virtual IP on service deployment

SUPPORTED BALANCERS VIRTUAL IP TEMPLATES

F5 BIG-IP

Brocade ServerIron ADX

Citrix NetScaler

Microsoft Network Load Balancer

Specifies preconfigured properties for configuring a load balancer at service deployment

Specifies load balancing methods—round robin, least connections, fastest response


Fabric Configuration

Demo

PowerShell - Creating a Logical Network#Create a Logical Network$logicalNetwork = New-SCLogicalNetwork -Name "My Logical Network"

#Create a network site$allHostGroups = @()$allHostGroups += Get-SCVMHostGroup “Hosts”$allHostGroups += Get-SCVMHostGroup “Infra”$allSubnetVlan = @()$allSubnetVlan += New-SCSubnetVLan -Subnet "10.0.2.0/24" -VLanID 4$allSubnetVlan += New-SCSubnetVLan -Subnet "10.0.1.0/24" -VLanID 3

New-SCLogicalNetworkDefinition -Name "Building 44" -LogicalNetwork $logicalNetwork -VMHostGroup $allHostGroups -SubnetVLan $allSubnetVlan

PowerShell – IP Pools

#Assume $logicalNetwork and $logicalNetworkDefinition are set$allGateways = @()$allGateways += New-SCDefaultGateway -IPAddress "10.0.0.1" -Automatic

$allDnsServer = @("10.0.0.3")$allDnsSuffixes = @(“contoso.com”)$allWinsServers = @(“10.0.0.3”)

New-SCStaticIPAddressPool -Name "MyIPPool" -LogicalNetworkDefinition $logicalNetworkDefinition -Subnet "10.0.0.0/16" -IPAddressRangeStart "10.0.0.1" -IPAddressRangeEnd "10.0.255.254" -DefaultGateway $allGateways -DNSServer $allDnsServer -DNSSuffix "" -DNSSearchSuffix $allDnsSuffixes

PowerShell – IP Pool Queries

$ippool = Get-SCStaticIPAddressPool "VMTraffic"

#Show allocated IP AddressesGet-SCIPAddress -StaticIPAddressPool $ippool | ft -property Address,AssignedToType,State

Address AssignedToType State------- -------------- -----192.168.1.1 VirtualNetworkAdapter Assigned192.168.1.2 VirtualNetworkAdapter Assigned192.168.1.7 VirtualNetworkAdapter UnAssigned192.168.1.11 VirtualMachine UnAssigned192.168.1.12 VirtualMachine UnAssigned

What’s new in Service Pack 1Networking Scenarios

Connectivity CapabilityMulti-tenancy

IsolationMobility

Bring your own IP

Quality of service (QOS)Security

OptimizationsMonitors

Answer: VM Networks Answer: Logical Switch


ConnectivityVM Networks

Multi-tenancy

OwnerSharable - Access listSelf service creation by Tenant Admin user role

Isolation

No isolationNetwork virtualizationVLANExternal

Bring your own IP

Enabled by network virtualization

Tenant/Customer IP address space separate from Provider IP address space

Mobility

vNICs only connect to VM NetworksVM Networks are built on logical networksVM Networks span cloudsWith NV, IP follows VM migration

VM NetworksNo IsolationPass-through to Logical NetworkMaximum of one per Logical network

Logical Network

“Corp”


“Building 42”

1 - M

IP Pool

“StaticSrv”

“10.0.0.1-10.0.0.99”

1 - M1 - M

Subnet-VLAN

“10.0.0.0/24”

“VLAN 5”

Scenarios:UpgradeManagement tools in a VMVM

NetworkNo

Isolation“mgmt”

1 - 1

Hyper-V Network Virtualization

Server Virtualization Run multiple virtual servers

on a physical server Each VM has illusion it is running

as a physical server

Hyper-V Network Virtualization

Run multiple virtual networks on a physical network

Each virtual network has illusion it is running as a physical network

Blue VM Red VMVirtualization

PhysicalServer

Blue Network Red Network

PhysicalNetwork


Virtualization Policy

System Center

Virtualize Customer Addresses

Customer Address Space (CA)

Red2

Blue2

10.0.0.5

Red1

Blue1

10.0.0.5 10.0.0.7 10.0.0.7

Blue

10.0.0.5 192.168.4.11

10.0.0.7 192.168.4.22Red

10.0.0.5 192.168.4.11

10.0.0.7 192.168.4.22

Blue10.0.0.510.0.0.7

BlueCorp

RedCorp Red

10.0.0.510.0.0.7

Datacenter Network

Host 1 Host 2

Provider Address Space (PA)

192.168.4.22192.168.4.11

Blue

10.0.0.5192.168.4.

11

10.0.0.7192.168.4.

22Red

10.0.0.5192.168.4.

11

10.0.0.7192.168.4.

22

Blue

10.0.0.5192.168.4.

11

10.0.0.7192.168.4.

22Red

10.1.1.1192.168.4.

11

10.1.1.2192.168.4.

22

CA PA

VM NetworksHyper-V Network Virtualization

Default method is to encapsulate packets using NVGREA VM Network defines a routing domain A routing domain can contain multiple virtual subnets

Logical Network

“Corp”


“Building 42”

1 - M

IP Pool (PA)

“StaticSrv”

“10.0.0.1-10.0.0.99”

1 - M1 - M

Subnet-VLAN

“10.0.0.0/24”

“VLAN 5”

VM NetworkNet. Virt.“Finance”M

- 1

VM Subnet192.168.0.

0/16

IP Pool (CA)192.168.0.

2192.168.0.

99

1 - M 1 - M

VM NetworksHyper-V Network Virtualization GatewaysVMM will manage and configure gateways for NV Routing gateway VPN gateway

VM Subnet“99.0.0.0/

24”44

1 - 2

1 - M1 - 1

VM NetworksVLAN

One VLAN per VM NetworkUses VLANs from Logical Network Definitions Introducing new Logical Network property for “Not Connected”

Logical Network

Not Connected“TenantVLAN

s”


“B42Tenants”

1 - M

IP Pool

“StaticSrv”

“99.0.0.1-99.0.0.99”

1 - M1 - M

Subnet-VLAN

“99.0.0.0/24”

“VLAN 44”

VM Network

VLAN“Finance”M

- 1

VM Subnet

1 - 2

1 - 1

IP Pool

“StaticSrv”

“99.0.0.1-99.0.0.99”

1 - M

VM NetworksExternal

Isolation is managed by switch extensionVM Networks are imported from extension manager

VM Network

External“Finance”M

- 1

Logical Network

Not Connected“TenantNets

”


“B27Tenants”

1 - M


VM Networks

Demo

VM Network Powershell

#Create Hyper-V NV VMNetwork$logicalNetwork = Get-SCLogicalNetwork “MyLN”$vmNetwork = New-SCVMNetwork -Name "MyVMNetwork" -LogicalNetwork $logicalNetwork#Add VMSubnet$subnet = New-SCSubnetVLan -Subnet "10.0.1.0/24"$vmSubnet = New-SCVMSubnet -Name "My_10.0.1.0_24" -VMNetwork $vmNetwork -SubnetVLan $subnet#...etc…#Add IP Pool is same cmdlet as with Logical NetworkNew-SCStaticIPAddressPool -Name "MyIPPool" -VMSubnet $vmSubnet -Subnet “10.0.1.0/24" -IPAddressRangeStart “10.0.1.2" -IPAddressRangeEnd "192.168.0.254" -DefaultGateway $allGateways -DNSServer $allDnsServer -DNSSuffix "" -DNSSearchSuffix $allDnsSuffixes

What’s new in Service Pack 1Networking Scenarios

CapabilityQuality of service (QOS)

SecurityOptimizations

Monitors

ConnectivityMulti-tenancy

IsolationMobility

Bring your own IP

Answer: VM Networks Answer: Logical Switch

Capability

Defines how a network adapter is able to use its connection Quality of service Security Monitoring

Capabilities are provided by Hyper-V Extensible Virtual Switch and extensions


Key Tenets for Hyper-V Extensible Switch

Key Tenets BenefitExtensible, not replaceable Added features don’t remove other

featuresPluggable switch Extensions process all network

traffic, including VM-to-VM1st class citizen of system Live Migration and offloads just

work; Extensions work togetherOpen & public API model Large ecosystem of extensions

Logo certification and rich OS framework

High quality extensions

Unified Tracing thru virtual switch Shorter down times


Extensions are Filters or Windows Filtering Platform Providers

Extension state/configuration is unique to each instance of an Extensible Switch on a machine

Hyper-V Extensible Switch

Extension

Extension

Extension


VMM Management of Switch Extensions

Virtualization

CA1CA1

VM1 VMU

CA2

VM2

Root Partition

3rd Party components

Physical NIC (Non SRIOV)

Physical NIC(SRIOV)

Hardware

Top of rack switch

Vendor network mgmt console

Policy database

VMM Agent

VMM Server

SCVMM

VendorSCVMMPlugin

Capture Extension

Filtering Extension

Forwarding Extension

Extension Manager Integration

Supplies network objects and policy to VMM

VMMVirtual Switch Extension Manager (VSEM)Provider Interface

3rd PartyExtensionManagerProvider

1. Import:Logical

NetworksIP Pools

VM NetworksPort Profiles

Hyper-V Host

Vendor network management console

2. Set VM NetworkPort Profile

3. Retrieve port Profile policies

Policy database


…on Host1 …on Host2 …on Host3 …etc

VM1 vNIC1

VM2vNIC1

VM3vNIC1

VM5vNIC1

VM4vNIC1

VM6vNIC1

Vir

tual S

wit

ch

Inst

an

ces

VM

vN

ICs

Native Switch

Settings

Extension1

Extension2

Extension3

Native Switch

Settings

Extension1

Extension2

Extension3

Native Switch

Settings

Extension1

Extension2

Extension3

Native Switch

Settings

Extension1

Extension2

Extension3

Uplink

pNIC1

Uplink

pNIC2

Uplink

pNIC1

Uplink

pNIC2

Uplink

pNIC1

Uplink

pNIC2

Uplink

pNIC1

Uplink

pNIC2P

hysi

cal

Host

NIC

s

Host1vNIC2

Host1vNIC1

Host2vNIC2

Host2vNIC1

Host3vNIC2

Host3vNIC1

Host4

vNIC2

Host4vNIC1H

ost

vN

ICsMultiple Windows Server 2012 hosts


…on Host1 …on Host2 …on Host3 …on Host4

VM1 vNIC1

VM2vNIC1

VM3vNIC1

VM5vNIC1

VM4vNIC1

VM6vNIC1

VS

Inst

an

ces

VM

vN

ICs

Uplink

pNIC1

Uplink

pNIC2

Uplink

pNIC1

Uplink

pNIC2

Uplink

pNIC1

Uplink

pNIC2

Uplink

pNIC1

Uplink

pNIC2P

hysi

cal

Host

NIC

sVMM Switch Infrastructure

Host1vNIC2

Host1vNIC1

Host2vNIC2

Host2vNIC1

Host3vNIC2

Host3vNIC1

Host4

vNIC2

Host4vNIC1

Logical SwitchNative Switch

SettingsExtension1 Extension2 Extension3

Host

vN

ICs

Logical Switch

A single logical representation of the virtual switch instances which exist in a group of hosts

1 - M

Uplink Port Profile Set

Extension Uplink Port Profile

M - M

Native Uplink Port Profile

M - 1

Logical switchobjects

Logical Switch

“B42Switch”

Switch Extensions“Cisco Nexus 1000v”“InMon sFlow”

M - M

1 - 1 Virtual Port Profile Set

Extension Virtual Port Profile

M - M

Native Virtual Port Profile

M - 1

1 - M Port Classification“Fast DB”

“Web”“Restricted

”

Cloud vNIC

1 - M

1 -

M

1 -

M

Physical NIC

1 -

M

Self Service User

1 - M

Uplink Port Profile Set Native

Uplink Port Profile

M - 1

Logical switchobjects

Logical Switch

“B42Switch”

1 - 1 Virtual Port Profile Set Native

Virtual Port Profile

M - 1

1 - M Port Classification“Fast DB”

“Web”“Restricted

”

Cloud vNIC

1 - M

1 -

M

1 -

M

Physical NIC

1 -

M


Logical Switch

Demo

Windows Server IP Address ManagementIntegration ScriptReports IP Pool utilization from VMM into IPAMCan run on demand or configure as a periodic task

Included in the “cd layout” of VMM \scripts\IPAMIntegration.ps1


IPAM Script

Demo


In Review: Session Objectives And TakeawaysLogical Networks define physical network

VM Networks define VM connectivity

Logical Switches define port capability

Date post:	08-May-2015
Category:	Documents
Upload:	microsoft-technet-belgium-and-luxembourg
View:	1,423 times
Download:	3 times

Network Management in System Center 2012 SP1 - VMM

Documents