Transcript How do I ensure network multi-tenancy? IP Address Management is a pain. What if VMs are competing for bandwidth? Fully Leverage Network Fabric How do I integrate with existing fabric? Network.

How do I ensure network
multi-tenancy?
IP Address Management
is a pain.
What if VMs are
competing for
bandwidth?
Fully Leverage Network
Fabric
How do I integrate with
existing fabric?
Network Metering?
Can I dedicate a NIC to a
workload?
Tenant 1: Multiple VM Workloads
Tenant 2: Multiple VM Workloads
Data Center
Tenant 1: Multiple VM Workloads
Tenant 2: Multiple VM Workloads
Data Center
LEARN
MORE
Woodgrove Bank
Blue 10.1.0.0/16
Cloud Data Center
Contoso Bank
Red 10.1.0.0/16
Green
10.1.1.31
Blue
Red1
10.1.1.21
10.1.1.11
Red2
10.1.1.12
Hyper-V Switch
Isolated
4, 7
Isolated
4, 7
u
Community
4, 9
Community
4, 9
Win 8 Host
To Internet (10.1.1.1)
Woodgrove VM
Woodgrove network
Contoso VM
Physical
network
Physical
server
Hyper-V Machine Virtualization
Hyper-V Network Virtualization
•
•
•
•
Run multiple virtual servers on a
physical server
Each VM has illusion it is running
as a physical server
Contoso network
Run multiple virtual networks on a physical network
Each virtual network has illusion it is running as a physical
fabric
LEARN
MORE
Tenant 1: Multiple VM Workloads
Tenant 2: Multiple VM Workloads
Data Center
LEARN
MORE
TEAMING
Tenant 1: Multiple VM Workloads
Tenant 2: Multiple VM Workloads
Data Center
15
25
$$
$$$$
Tenant 1: Multiple VM Workloads
Tenant 2: Multiple VM Workloads
Data Center
Tenant 1: Multiple VM Workloads
Tenant 2: Multiple VM Workloads
Data Center
LEARN
MORE
VM1
Root Partition
VM2
VM NIC
Host NIC
VM NIC
BFE Service
Firewall
Callout
Extensible Switch
Filtering Engine
Extension Protocol
Capture Extensions

Forwarding
Windows
Filtering
extensions
Filter
extensions
Platform
candirect
also
(WFP)
be
traffic,
Extensions
implemented
defining
canthe
using
inspect,
Capture
extensions
can
inspect
traffic
and
drop,
NDIS
destination(s)
filtering
modify,new
and
APIs
of each
insert
packet
packets
using WFP
APIs
generate
traffic
for report
purposes

Forwarding
Windows
extensions
andcan
Firewall
capture
software
and
uses
traffic
WFP for
Example:Antivirus
VM
DoS
Prevention
byfilter
Broadcom
traffic
filtering
Capture
extensions do not modify existing

Example:
sflow by inMon
–
NEC ProgrammableFlow's
vPFS OpenFlow

Extensible Switch traffic
 Examples:
 Example: Virtual Firewall by 5NINE Software
– Cisco Nexus 1000V and UCS
WFP Extensions
Filtering Extensions
Forwarding Extensions
Extension Miniport
Physical NIC
LEARN
MORE
Dynamic Virtual Machine Queue
(VMQ) is a feature available to
computers running Windows Server
2008 R2 with the Hyper-V server role
installed, that have VMQ-capable
network hardware. VMQ uses
hardware packet filtering to deliver
packet data from an external virtual
machine network directly to virtual
machines, which reduces the overhead
of routing packets and copying them
from the management operating
system to the virtual machine.
Open, Extensible Virtual
Switch
Nexus 1000 Support
Openflow Support
Network Introspection
Much more…
Advanced Networking
ACLs
PVLAN
…much more…
Windows NIC Teaming
Network QoS
Per VNIC bandwidth reservation &
limits
Network Metering
DVMQ
SR-IOV Network Support
Reduce Latency & CPU Utilization
Supports Live Migration
Reduces latency of network
path
Reduces CPU utilization for
processing network traffic
Increases throughput
Root Partition
Hyper-V Switch
Routing
VLAN Filtering
Data Copy
Virtual Machine
Virtual NIC
Virtual Function
Supports Live Migration
Physical SR-IOV
NIC
Physical NIC
Network
SR-IOV
NetworkI/O
I/Opath
pathwithout
with SR-IOV
SR-IOV Enabling & Live Migration
Turn On IOV




Live Migration
Enable IOV (VM NIC Property)
Virtual Function is “Assigned”
Team automatically created
Traffic flows through VF




Break Team
Remove VF from VM
Migrate as normal
Post Migration

Reassign Virtual Function
 Assuming resources are available
Software path is not used
Virtual Machine
Network Stack
Software NIC“TEAM”
“TEAM”
VM has connectivity even if
Software Switch
(IOV Mode)
Virtual Function
Physical
SR-IOV
NIC Physical NIC




Switch not in IOV mode
IOV physical NIC not present
Different NIC vendor
Different NIC firmware
Software Switch
(IOV Mode)
Virtual Function
SR-IOV Physical NIC
Dynamic Virtual Machine Queue
(VMQ) is a feature available to
computers running Windows Server
2008 R2 with the Hyper-V server role
installed, that have VMQ-capable
network hardware. VMQ uses
hardware packet filtering to deliver
packet data from an external virtual
machine network directly to virtual
machines, which reduces the overhead
of routing packets and copying them
from the management operating
system to the virtual machine.
IPsec Task Offload: Microsoft expects
deployment of Internet Protocol security
(IPsec) to increase significantly in the coming
years. The large demands placed on the CPU
by the IPsec integrity and encryption
algorithms can reduce the performance of
your network connections. IPsec Task Offload
is a technology built into the Windows
operating system that moves this workload
from the main computer's CPU to a
dedicated processor on the network adapter.
SR-IOV is a specification that allows a PCIe
device to appear to be multiple separate
physical PCIe devices. The SR-IOV
specification was created and is maintained
by the PCI SIG, with the idea that a standard
specification will help promote
interoperability. SR-IOV works by introducing
the idea of physical functions (PFs) and virtual
functions (VFs). Physical functions (PFs) are
full-featured PCIe functions; virtual functions
(VFs) are “lightweight” functions that lack
configuration resources.
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Yes, via partners
Yes, via partners
Windows NIC Teaming in box.
VLAN Tagging
Yes
Yes
Yes
MAC Spoofing Protection
No
Yes, with R2 SP1
Yes
ARP Spoofing Protection
No
Yes, with R2 SP1
Yes
SR-IOV Networking
No
No
Yes
Network QoS
No
No
Yes
Network Metering
No
No
Yes
Network Monitor Modes
No
No
Yes
IPsec Task Offload
No
No
Yes
VM Trunk Mode
No
No
Yes
NIC Teaming
Don’t provide new
features that preclude
Live Migration.
I want to be able to
securely move any part
of a VM anywhere at
anytime. No Limits.
No Downtime Servicing
SAN Upgrades/Migrations
When VMs migrate,
move the historical data
with the VM
Fully Leverage hardware
to speed migrations
Hyper-V
Virtual Machine
1
VHD Stack
3
2
5
VHD
Source Device
VHD
4
Destination Device
LEARN
MORE
34
Disaster Recovery Challenges
Cost
Complexity
Inflexibility
Initial Replication
Distance Requirements
35
LEARN
MORE
Replication
Provider
Hyper-V
Replica
Storage Based
Replication
Microsoft
Cost
•
•
NetApp, HP, Fujitsu,
IBM, Hitachi, FalconStor,
3Par, EMC, LSI,
Compellent, EqualLogic
and more…
•
•
Management
Flexible Storage
Options Available
Unlimited VM
Replication included
•
•
High end replicating
storage
Additional replication
software
•
•
LEARN
MORE
Performance
VM Granularity
Open APIs provide
extensibility,
interoperability
and prevent
vendor lock-in
•
•
LUN-VM Layout
Coordination with
storage team
•
•
•
5 minutes RPOs
Application Level
Consistency
File Level
Consistency
Synchronous
Replication
High Data
Volumes
Most Feature Rich, All Server
Editions include:
1.
2.
3.
4.
5.
6.
Hyper-V Extensible Virtual
Switch
Hyper-V Replica
Live Storage Migration
Network I/O Control
Storage I/O Control
SR-IOV
More…
Hyper-V Resource Pools
Hyper-V Offloaded Data
Transfer
9. GPU Accelerated VM Video
10. ….And…
7.
8.
Hyper-V Network
Virtualization
#TE(sessioncode)
DOWNLOAD
Windows Server
2012 Release
Candidate
Hands-On Labs
microsoft.com/windowsserver
DOWNLOAD
Windows Azure
Windowsazure.com/
teched
http://northamerica.msteched.com
www.microsoft.com/learning
http://microsoft.com/technet
http://microsoft.com/msdn