1 / 42

Hyper-V Network Virtualization Motivation & Packet Flows

Hyper-V Network Virtualization Motivation & Packet Flows. Evolution of Clouds. Cloud Public Private Hybrid. Traditional Datacenters with Dedicated Servers. Server Virtualization in Datacenters. Servers. Infrastructure Optimization. Cost. Flexibility. Any Service Any Server

clarimonde
Download Presentation

Hyper-V Network Virtualization Motivation & Packet Flows

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hyper-V Network Virtualization Motivation & Packet Flows

  2. Evolution of Clouds Cloud Public Private Hybrid Traditional Datacenters with Dedicated Servers Server Virtualization in Datacenters Servers Infrastructure Optimization Cost Flexibility

  3. Any Service Any Server Any Cloud

  4. Private Cloud Datacenter Consolidation DistinctDatacenters BusinessUnits Multi-Tenant Datacenter Sales Sales Finance Finance R&D R&D

  5. Hybrid Cloud: Seamless Datacenter Extension Private Cloud / EnterpriseDatacenter PublicCloud

  6. Multi-Tenant Cloud Requirements Woodgrove Bank Finance Private Cloud Public Cloud • Secure isolation • Dynamic serviceplacement • QoS & resource metering Multiple business unitson shared infrastructure Multiple customers on shared infrastructure Multi-Tenant Datacenter Contoso Bank Sales

  7. Challenges in Building Clouds

  8. Datacenter Resource Utilization: Consolidation Typical: Fragmented Ideal: Consolidated

  9. Resource Utilization: Flexibility and Growth Ideal: Workloads placed anywhere and can dynamically grow and shrink without being constrained by the network

  10. Dynamic VLAN Reconfiguration is Cumbersome Aggregation Switches VLAN tags ToR ToR VMs Topology limits VM placement and requires reconfiguration of production switches

  11. To improve resource utilization on servers we virtualized them Therefore… Virtualize the Network!

  12. Hyper-V Network Virtualization Server Virtualization • Run multiple virtual serverson a physical server • Each VM has illusion it is running as a physical server Hyper-V Network Virtualization • Run multiple virtual networks on a physical network • Each virtual network has illusion it is running as a physical network Blue Network Red Network Blue VM Red VM Virtualization Physical Server Physical Network

  13. Hyper-V Network Virtualization Benefits

  14. Virtualize Customer Addresses Provider Address Space (PA) Datacenter Network System Center BlueCorp Blue 10.0.0.5 10.0.0.7 Virtualization Policy 192.168.4.11 192.168.4.22 Host 1 Host 2 RedCorp Red 10.0.0.5 10.0.0.7 Blue1 Red1 Blue2 Red2 CA PA 10.0.0.5 10.0.0.5 10.0.0.7 10.0.0.7 Customer Address Space(CA)

  15. Hyper-V Network Virtualization Concepts • Customer VM Network • One or more virtual subnets forming an isolationboundary • A customer may have multiple Customer VM Networks • e.g. Blue R&D and Blue Sales are isolated from each other • Virtual Subnet • Broadcast boundary Hoster Datacenter Customer VM Network Red Corp Blue Corp Blue R&D Net Red HR Net Blue Sales Net Blue Subnet1 Blue Subnet5 Red Subnet2 Virtual Subnet Red Subnet1 Blue Subnet2 Blue Subnet3 Blue Subnet4

  16. Standards-Based Encapsulation - NVGRE • Better network scalability by sharing PA among VMs • Explicit Virtual Subnet ID for better multi-tenancy support 192.168.2.22 192.168.5.55 GRE Key Blue Subnet MAC 10.0.0.5 10.0.0.7 192.168.2.22 192.168.5.55 GRE Key Red Subnet MAC 10.0.0.5 10.0.0.7 192.168.2.22 Different subnets 192.168.5.55 10.0.0.5 10.0.0.5 10.0.0.7 10.0.0.7 10.0.0.5 10.0.0.7 10.0.0.5 10.0.0.7 10.0.0.5 10.0.0.7 10.0.0.5 10.0.0.7

  17. Hyper-V Network Virtualization Architecture Data Center Policy Blue • VM1: MAC1, CA1, PA1 • VM2: MAC2, CA2, PA3 • VM3: MAC3, CA3, PA5 • … • Network Virtualization is transparent to VMs • Management OS traffic is NOT virtualized; only VM traffic • Hyper-V Switch and Extensions operate in CA space Red • VM1: MACX, CA1, PA2 • VM2: MACY, CA2, PA4 • VM3: MACZ, CA3, PA6 • … VM1 VM1 CA1 Windows Server 2012 CA1 Management Live Migration Hyper-V Switch SystemCenterHost Agent Cluster Storage System Center VSID ACL Isolation Switch Extensions NIC NIC Network Virtualization Datacenter IP Virtualization Policy Enforcement Routing Host Network Stack PA1 PAX PA2 PA Y Host 1 Host 2 PA1 CA1 CAX CA2 CA Y AA1 AAX VM1 VMX VM2 VMY

  18. Packet Flow: Same Virtual Subnet Same Host

  19. Same VSID :: Same Host Packet Flow: Blue1 Sending to Blue2 where is 10.0.0.7 ? Blue1 learns MAC of Blue2 10.0.0.5 10.0.0.5 10.0.0.7 10.0.0.7 Use MACB2 for 10.0.0.7 ARP for 10.0.0.7 Blue1 Red1 Blue2 Red2 VSID5001 VSID5001 VSID6001 VSID6001 Blue2 responds to ARP forIP 10.0.0.7 on VSID 5001with Blue2MAC Hyper-V Switch • Hyper-V Switch broadcasts ARP to: • All local VMs on VSID 5001 • Network Virtualization filter VSID ACL Enforcement Network Virtualization IP Virtualization Policy Enforcement Routing NIC 192.168.4.11 MACPA1

  20. Same VSID :: Same Host Packet Flow: Blue1 Sending to Blue2 10.0.0.5 10.0.0.5 10.0.0.7 10.0.0.7 sent from Blue1 Blue1 Red1 Blue2 Red2 MACB1MACB2 10.0.0.5  10.0.0.7 MACB1MACB2 10.0.0.5  10.0.0.7 VSID5001 VSID5001 VSID6001 VSID6001 in Hyper-V switch Hyper-V Switch OOB: VSID:5001 VSID ACL Enforcement Network Virtualization IP Virtualization Policy Enforcement Routing NIC 192.168.4.11 MACPA1

  21. Same VSID :: Same Host Packet Flow: Blue2 Receiving 10.0.0.5 10.0.0.5 10.0.0.7 10.0.0.7 Blue1 Red1 Blue2 Red2 received by Blue2 MACB1MACB2 10.0.0.5  10.0.0.7 MACB1MACB2 10.0.0.5  10.0.0.7 VSID5001 VSID5001 VSID6001 VSID6001 in Hyper-V switch Hyper-V Switch VSID ACL Enforcement OOB: VSID:5001 Network Virtualization IP Virtualization Policy Enforcement Routing NIC 192.168.4.11 MACPA1

  22. Packet Flow: Same Virtual Subnet Different Hosts

  23. Same VSID :: Different Host Packet Flow: Blue1  Blue2 where is 10.0.0.7 ? 10.0.0.5 10.0.0.5 10.0.0.7 10.0.0.7 ARP for 10.0.0.7 Blue1 Red1 Blue2 Red2 • Hyper-V Switch broadcasts ARP to: • All local VMs on VSID 5001 • Network Virtualization filter VSID5001 VSID5001 VSID6001 VSID6001 Hyper-V Switch Hyper-V Switch OOB: VSID:5001 VSID ACL Enforcement VSID ACL Enforcement ARP for 10.0.0.7 Network Virtualization Network Virtualization Network Virtualization filter responds to ARPfor IP 10.0.0.7 on VSID 5001with Blue2 MAC IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing NIC NIC 192.168.4.22 192.168.4.11 MACPA2 MACPA1 ARP is NOT broadcast to the network

  24. Same VSID :: Different Host Packet Flow: Blue1  Blue2 Blue1 learns MAC of Blue2 10.0.0.5 10.0.0.5 10.0.0.7 10.0.0.7 Blue1 Red1 Blue2 Red2 Use MACB2 for 10.0.0.7 VSID5001 VSID5001 VSID6001 VSID6001 Hyper-V Switch Hyper-V Switch OOB: VSID:5001 VSID ACL Enforcement VSID ACL Enforcement Use MACB2 for 10.0.0.7 Network Virtualization Network Virtualization IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing NIC NIC 192.168.4.22 192.168.4.11 MACPA2 MACPA1 MACPA1 ARP is NOT broadcast to the network

  25. Same VSID :: Different Host Packet Flow: Blue1  Blue2 10.0.0.5 10.0.0.5 10.0.0.7 10.0.0.7 sent from Blue1 Blue1 Red1 Blue2 Red2 MACB1MACB2 10.0.0.5  10.0.0.7 MACB1MACB2 10.0.0.5  10.0.0.7 MACB1MACB2 10.0.0.5  10.0.0.7 VSID5001 VSID5001 VSID6001 VSID6001 in Hyper-V switch Hyper-V Switch Hyper-V Switch OOB: VSID:5001 VSID ACL Enforcement VSID ACL Enforcement Network Virtualization Network Virtualization in Network Virtualization filter IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing OOB: VSID:5001 NIC NIC 192.168.4.22 192.168.4.11 MACPA2 MACPA1 NVGRE on the wire MACB1MACB2 10.0.0.5  10.0.0.7 MACPA1 MACPA2 192.168.4.11  192.168.4.22 5001

  26. Same VSID :: Different Host Packet Flow: Blue2 Receiving 10.0.0.5 10.0.0.5 10.0.0.7 10.0.0.7 received by Blue2 Blue1 Red1 Blue2 Red2 MACB1MACB2 10.0.0.5  10.0.0.7 MACB1MACB2 10.0.0.5  10.0.0.7 MACB1MACB2 10.0.0.5  10.0.0.7 VSID5001 VSID5001 VSID6001 VSID6001 in Hyper-V switch Hyper-V Switch Hyper-V Switch OOB: VSID:5001 VSID ACL Enforcement VSID ACL Enforcement Network Virtualization Network Virtualization in Network Virtualization filter IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing OOB: VSID:5001 NIC NIC 192.168.4.22 192.168.4.11 MACPA2 MACPA1 NVGRE on the wire MACB1MACB2 10.0.0.5  10.0.0.7 MACPA1 MACPA2 192.168.4.11  192.168.4.22 5001

  27. Packet Flow: Different Virtual Subnet Same HostVSID 5001,5222 in same routing domain

  28. Different VSID :: Same Host Packet Flow: Blue1  Blue2 where is default gateway ? 10.0.0.5 10.0.0.5 10.0.1.7 10.0.0.7 ARP for 10.0.0.1 (default gateway) Blue1 Red1 Blue2 Red2 • Hyper-V Switch broadcasts ARP to: • All local VMs on VSID 5001 • Network Virtualization filter VSID5001 VSID5222 VSID6001 VSID6001 Hyper-V Switch OOB: VSID:5001 VSID ACL Enforcement ARP for 10.0.0.1 Network Virtualization Network Virtualization filter responds to ARPwith MACDGW IP Virtualization Policy Enforcement Routing MACDGW NIC 192.168.4.11 MACPA1

  29. Different VSID :: Same Host Packet Flow: Blue1  Blue2 Blue1 learns MAC of Default Gateway 10.0.0.5 10.0.0.5 10.0.1.7 10.0.0.7 Blue1 Red1 Blue2 Red2 Default Gateway at MACDGW VSID5001 VSID5222 VSID6001 VSID6001 Hyper-V Switch OOB: VSID:5001 VSID ACL Enforcement Use MACDGW for 10.0.0.1 Network Virtualization IP Virtualization Policy Enforcement Routing MACDGW NIC 192.168.4.11 MACPA1

  30. Different VSID :: Same Host Packet Flow: Blue1  Blue2 10.0.0.5 10.0.0.5 10.0.1.7 10.0.0.7 sent from Blue1 Blue1 Red1 Blue2 Red2 MACB1MACDGW 10.0.0.5  10.0.1.7 MACB1MACDGW 10.0.0.5  10.0.1.7 MACB1MACDGW 10.0.0.5  10.0.1.7 VSID5001 VSID5222 VSID6001 VSID6001 in Hyper-V switch Hyper-V Switch OOB: VSID:5001 VSID ACL Enforcement Network Virtualization in Network Virtualization filter IP Virtualization Policy Enforcement Routing MACDGW OOB: VSID:5001 NIC 192.168.4.11 Network Virtualization filter verifies Blue1 and Blue2 are in same routing domain, otherwise packet is dropped MACPA1

  31. Different VSID :: Same Host Packet Flow: Blue1  Blue2 10.0.0.5 10.0.0.5 10.0.1.7 10.0.0.7 received by Blue2 Blue1 Red1 Blue2 Red2 MACB1MACB2 10.0.0.5  10.0.1.7 MACB1MACB2 10.0.0.5  10.0.1.7 MACB1MACB2 10.0.0.5  10.0.1.7 VSID5001 VSID5222 VSID6001 VSID6001 in Hyper-V switch Hyper-V Switch OOB: VSID:5222 VSID ACL Enforcement Network Virtualization in Network Virtualization filter IP Virtualization Policy Enforcement Routing MACDGW OOB: VSID:5222 NIC 192.168.4.11 Network Virtualization filter usesVSID and dest MAC of Blue2 retains source MAC of Blue1 MACPA1

  32. Packet Flow: Different Virtual Subnet Different Hosts VSID 5001, 5222 in same routing domain

  33. Different VSID :: Different Host Packet Flow: Blue1  Blue2 where is default gateway ? 10.0.0.5 10.0.0.5 10.0.1.7 10.0.0.7 ARP for 10.0.0.1 (default gateway) Blue1 Red1 Blue2 Red2 • Hyper-V Switch broadcasts ARP to: • All local VMs on VSID 5001 • Network Virtualization filter VSID5001 VSID5222 VSID6001 VSID6001 Hyper-V Switch Hyper-V Switch OOB: VSID:5001 VSID ACL Enforcement VSID ACL Enforcement ARP for 10.0.0.1 Network Virtualization Network Virtualization Network Virtualization filter responds to ARPwith MACDGW IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing MACDGW NIC NIC 192.168.4.22 192.168.4.11 MACPA2 MACPA1 ARP is NOT broadcast to the network

  34. Different VSID :: Different Host Packet Flow: Blue1  Blue2 Blue1 learns MAC of Default Gateway 10.0.0.5 10.0.0.5 10.0.1.7 10.0.0.7 Blue1 Red1 Blue2 Red2 Default Gateway at MACDGW VSID5001 VSID5222 VSID6001 VSID6001 Hyper-V Switch Hyper-V Switch OOB: VSID:5001 VSID ACL Enforcement VSID ACL Enforcement Use MACDGW for 10.0.0.1 Network Virtualization Network Virtualization IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing MACDGW NIC NIC 192.168.4.22 192.168.4.11 MACPA2 MACPA1 MACPA1

  35. Different VSID :: Different Host Packet Flow: Blue1  Blue2 10.0.0.5 10.0.0.5 10.0.1.7 10.0.0.7 sent from Blue1 Blue1 Red1 Blue2 Red2 MACB1MACDGW 10.0.0.5  10.0.1.7 MACB1MACDGW 10.0.0.5  10.0.1.7 MACB1MACDGW 10.0.0.5  10.0.1.7 VSID5001 VSID5222 VSID6001 VSID6001 in Hyper-V switch Hyper-V Switch Hyper-V Switch OOB: VSID:5001 VSID ACL Enforcement VSID ACL Enforcement Network Virtualization Network Virtualization in Network Virtualization filter IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing OOB: VSID:5001 MACDGW NIC NIC 192.168.4.22 192.168.4.11 MACPA2 MACPA1 NVGRE on the wire 5222 MACB1MACB2 10.0.0.5  10.0.1.7 MACPA1 MACPA2 192.168.4.11  192.168.4.22 5222

  36. Different VSID :: Different Host Packet Flow: Blue2 Receiving 10.0.0.5 10.0.0.5 10.0.1.7 10.0.0.7 received by Blue2 Blue1 Red1 Blue2 Red2 MACB1MACB2 10.0.0.5  10.0.1.7 MACB1MACB2 10.0.0.5  10.0.1.7 MACB1MACB2 10.0.0.5  10.0.1.7 VSID5001 VSID5222 VSID6001 VSID6001 in Hyper-V switch Hyper-V Switch Hyper-V Switch OOB: VSID:5222 VSID ACL Enforcement VSID ACL Enforcement Network Virtualization Network Virtualization in Network Virtualization filter IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing OOB: VSID:5222 MACDGW NIC NIC 192.168.4.22 192.168.4.11 MACPA2 MACPA1 NVGRE on the wire MACB1MACB2 10.0.0.5  10.0.1.7 MACPA1 MACPA2 192.168.4.11  192.168.4.22 5222

  37. Private Cloud

  38. Private Cloud • IP addresses • VMs and CorpNet running 10.229.x • Datacenter has 10.60.x PA addresses • Hyper-V Network Virtualization Gateway bridges network virtualized environment with non-network virtualized environment subnet 10.229.203.x subnet 10.229.202.x subnet 10.229.201.x subnet 10.229.200.x Hyper-V Network VirtualizationGateway R3 R1 B1 B3 R2 R4 B2 Y1 Y2 DC SQL DNS Host1 Host2 Host3 CorpNet Consolidated DatacenterHyper-V Network Virtualization 10.60.x

  39. Hybrid Cloud

  40. Hybrid Cloud With Hyper-V Network Virtualization and on-premises Site-to-Site VPN on-premise resources seamlessly extended to the cloud Internet S2S VPN S2S VPN DC SQL DNS Hyper-V Network VirtualizationGateway BlueCorp Web2 Web3 R2 R1 Web1 Blue Private Cloud RedCorp Host Host HosterDatacenter Network Virtualization Fabric

  41. Additional Resources • Hyper-V Network Virtualization Whitepaper • http://technet.microsoft.com/en-us/library/jj134230.aspx • Hyper-V Network Virtualization Blog Entry • http://blogs.technet.com/b/windowsserver/archive/2012/04/16/introducing-windows-server-8-hyper-v-network-virtualization-enabling-rapid-migration-and-workload-isolation-in-the-cloud.aspx • Hyper-V Network Virtualization Survival Guide • http://social.technet.microsoft.com/wiki/contents/articles/11524.windows-server-2012-hyper-v-network-virtualization-survival-guide.aspx • PowerShell Scripts • Simple deployment • http://gallery.technet.microsoft.com/scriptcenter/Simple-Hyper-V-Network-d3efb3b8 • Simple gateway • http://gallery.technet.microsoft.com/scriptcenter/Simple-Hyper-V-Network-6928e91b

  42. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related