SCVMM Networking: From Zero to Hero Part 2 Network Extensions

Similar documents
Cisco Nexus 1000V Switch for Microsoft Hyper-V

How To Create A Network Environment For Cisco One (Cisco 1000V)

Windows Server 2012 R2 Networking

Windows Server 2012 R2 Networking

Feature Comparison. Windows Server 2008 R2 Hyper-V and Windows Server 2012 Hyper-V

Microsoft System Center

Windows Server 2008 R2 Hyper-V Server and Windows Server 8 Beta Hyper-V

Quantum Hyper- V plugin

Hybrid Cloud with NVGRE (Cloud OS)

Windows Server 2012 Hyper-V Extensible Switch and Cisco Nexus 1000V Series Switches

Server Virtualization

Hyper-V Network Virtualization Gateways - Fundamental Building Blocks of the Private Cloud

Part 1 - What s New in Hyper-V 2012 R2. Clive.Watson@Microsoft.com Datacenter Specialist

Hyper-V Networking. Aidan Finn

Cisco Virtual Security Gateway for Nexus 1000V Series Switch

Microsoft System Center

Cisco and Canonical: Cisco Network Virtualization Solution for Ubuntu OpenStack

ConnectX -3 Pro: Solving the NVGRE Performance Challenge

Installing Intercloud Fabric Firewall

Analysis of Network Segmentation Techniques in Cloud Data Centers

Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心

Microsoft System Center

Business Benefits. Cisco Virtual Networking solutions offer the following benefits:

Achieving a High-Performance Virtual Network Infrastructure with PLUMgrid IO Visor & Mellanox ConnectX -3 Pro

SDN v praxi overlay sítí pro OpenStack Daniel Prchal daniel.prchal@hpe.com

Virtual Networking Features of the VMware vnetwork Distributed Switch and Cisco Nexus 1000V Series Switches

Deliver the Next Generation Intelligent Datacenter Fabric with the Cisco Nexus 1000V, Citrix NetScaler Application Delivery Controller and Cisco vpath

Using LISP for Secure Hybrid Cloud Extension

Network Virtualization

Cisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems

Printed and bound in the United States of America. First Printing

SDN in the Public Cloud: Windows Azure. Albert Greenberg Partner Development Manager Windows Azure Networking

State of the Art Cloud Infrastructure

NVGRE Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure

Virtual Network Exceleration OCe14000 Ethernet Network Adapters

Virtual Machine Manager Domains

VXLAN: Scaling Data Center Capacity. White Paper

SINGLE-TOUCH ORCHESTRATION FOR PROVISIONING, END-TO-END VISIBILITY AND MORE CONTROL IN THE DATA CENTER

Windows Server 2008 R2 Hyper V. Public FAQ

Windows Server 2012 Hyper-V: Deploying Hyper-V Enterprise Server Virtualization Platform Zahir Hussain Shah

Cisco Nexus 1000V Series Switches

Running a VSM and VEM on the Same Host

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

Windows Server 2008 R2 Hyper-V Live Migration

Expert Reference Series of White Papers. VMware vsphere Distributed Switches

Networking with Windows Server vb. Day(s): 5. Version: Overview

Evolution of Software Defined Networking within Cisco s VMDC

Enhancing Cisco Networks with Gigamon // White Paper

Accelerating Network Virtualization Overlays with QLogic Intelligent Ethernet Adapters

Microsoft System Center

Windows Server 2012 Hyper-V Virtual Switch Extension Software UNIVERGE PF1000 Overview. IT Network Global Solutions Division UNIVERGE Support Center

Outline. Why Neutron? What is Neutron? API Abstractions Plugin Architecture

How To Extend Security Policies To Public Clouds

VMware. NSX Network Virtualization Design Guide

Cisco Intercloud Fabric for Business

Cloud Networking Disruption with Software Defined Network Virtualization. Ali Khayam

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

Overlay networking with OpenStack Neutron in Public Cloud environment. Trex Workshop 2015

CERN Cloud Infrastructure. Cloud Networking

Windows Server 2008 R2 Hyper-V Live Migration

Vyatta Network OS for Network Virtualization

Configuring Oracle SDN Virtual Network Services on Netra Modular System ORACLE WHITE PAPER SEPTEMBER 2015

How To Make A Vpc More Secure With A Cloud Network Overlay (Network) On A Vlan) On An Openstack Vlan On A Server On A Network On A 2D (Vlan) (Vpn) On Your Vlan

Network Virtualization and Software-defined Networking. Chris Wright and Thomas Graf Red Hat June 14, 2013

Virtualization, SDN and NFV

Installing the Cisco Nexus 1000V for Microsoft Hyper-V

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

Broadcom Ethernet Network Controller Enhanced Virtualization Functionality

VMware

Impact of Virtualization on Cloud Networking Arista Networks Whitepaper

VMware vcloud Networking and Security

VXLAN Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure

Data Center Network Virtualisation Standards. Matthew Bocci, Director of Technology & Standards, IP Division IETF NVO3 Co-chair

Expert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts

Software-Defined Networking for the Data Center. Dr. Peer Hasselmeyer NEC Laboratories Europe

Roman Hochuli - nexellent ag / Mathias Seiler - MiroNet AG

How Network Virtualization can improve your Data Center Security

Network Virtualization

Scalability & Performance

基 於 SDN 與 可 程 式 化 硬 體 架 構 之 雲 端 網 路 系 統 交 換 器

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

What s new in Hyper-V 2012 R2

HP VSR1000 Virtual Services Router Series

Microsoft SQL Server 2012 on Cisco UCS with iscsi-based Storage Access in VMware ESX Virtualization Environment: Performance Study

VMware vcloud Air Networking Guide

Palo Alto Networks. Security Models in the Software Defined Data Center

Cool New Hyper-V Features in Windows Server 2012 R2. Aidan Finn

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

Software Defined Network (SDN)

Network Virtualization Network Admission Control Deployment Guide

VMware vcloud Networking and Security Overview

NSX Installation and Upgrade Guide

Multi-Hypervisor Networking - Compare and Contrast

Cisco Unified Computing System with Microsoft Hyper-V Recommended Practices

Cisco Nexus 1000V Series Switches

Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop

What is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates

Cross-vCenter NSX Installation Guide

High Performance OpenStack Cloud. Eli Karpilovski Cloud Advisory Council Chairman

Transcription:

SCVMM Networking: From Zero to Hero Part 2 Network Extensions Thomas Maurer, MVP Damian Flynn, MVP

Objectives Break for Oxygen and Lunch Part 2 Extensible Switch 3 rd Party Cisco Nexus 1000v Network Virtualization Gateways Microsoft 3 rd Party F5

Advancing Software Defined Networking Open, Extensible and Standards based Hyper-V Extensible Switch Inbox Gateway & 3 rd Party Gateway Built-in and production ready Innovation in software and hardware Hyper-V Network Virtualization Management with System Center Virtual Machine Manager 4

Extensible Switch

Storage Storage Cluster Live Migration Manage Hyper-V Extensible Switch Hyper-V Server VM 1 VM n Hyper-V Extensible Switch Team 10GbE 10GbE Network

Hyper-V Extensible Switch Architecture Virtual Machine Virtual Machine Extends virtual switch functionality by adding switch extensions Parent Partition Provides open platform supporting third-party plug-ins to add functionality VM NIC Host NIC VM NIC Lets customers manage virtual network the same way they would manage a physical network Virtual Switch Extension Protocol Helps monitor the security of virtual machine to virtual machine traffic Provides unified management and enforcement of plug-ins with Virtual Machine Manager across entire datacenter Includes NDIS filter drivers, WFP callout drivers, Ingress filtering, Destination lookup and forwarding and Egress filtering extensions Capture Extension Extensions A Filtering Extension Extensions C Forwarding Extension Extension D Extension Miniport Physical NIC 7

Extending the Extensible Switch Virtual Machine Virtual Machine Build Extensions for Capturing, Filtering & Forwarding Parent Partition Key Features VM NIC Host NIC VM NIC Extension monitoring & uniqueness Extensions that learn VM life cycle Extensions that can veto state changes Multiple extensions on same switch Several Partner Solutions Available Virtual Switch Extension Protocol Capture Extension Extensions A Filtering Extension Extensions C Cisco Nexus 1000V & UCS-VMFEX Forwarding Extension Extension D NEC ProgrammableFlow PF1000 5nine Security Manager Extension Miniport InMon - SFlow Physical NIC 8

3 rd Party SDN Gateway appliances OMI-based top-of-rack switch Hyper-V switch extensions Chipset extensions

Ingress Egress Ingress Egress Traffic Flow in R2 (To VM) Virtual Machine vswitch VM NIC Native Policies Extension Extension Extension Egress ACL NIC Team pnic HNV MS Forwarding

Traffic Flow in R2 (From VM) Virtual Machine vswitch VM NIC Ingress Ingress Native Policies Extension Extension Extension Egress Egress Egress ACL NIC Team pnic HNV MS Forwarding

Managing with Virtual Machine Manager R2 Challenges Manage a large number of physical and virtual switches Integrate management of physical and virtual networks Solution Logical Network Organizes and simplifies network assignments for hosts, virtual machines and services Integrated physical and virtual switch VLAN policy VM Network Creation/deletion of isolated virtual network overlay (HNV) on physical network

Managing with Virtual Machine Manager R2 Challenges Allow seamless migration of VM while maintaining network policy Solution Logical Switch Single logical entity spanning hosts Consistent policy and configuration Management of Hyper-V Extensible Switch Installation and configuration of switch extensions Configuration of network policies Network policies automatically move with the VM Includes 3 rd party extensions

5Nine

Cisco Nexus 1000v

Nexus 1000V - What is it? VM VM VM VM VNICs Nexus 1000V VEM Nexus 1000V VSM Advanced NX-OS featureset SCVMM Integration Extensible vswitch vpath Services architecture PNICs Consistent operational model

Back Plane Nexus 1000V Scale Network Admin Virtual Appliance VSM-1 (active) VSM-2 (standby) NX-OS Control Plane Supervisor-1 (Active) Supervisor-2 (StandBy) Linecard-1 Linecard-2 Linecard-N NX-OS Data Plane Modular Switch VEM-1 VEM-2 VEM-N WS 2012 Hyper-V WS 2012 Hyper-V WS 2012 Hyper-V Server Admin VSM: Virtual Supervisor Module VEM: Virtual Ethernet Module

Deployment Example VM VM VM VM Cisco Nexus 1000V VEM VM VM VM Cisco Nexus 1000V VEM WS 2012 Hyper-V Server VM VM VM VM VM Cisco Nexus 1000V VEM WS 2012 Hyper-V Server WS 2012 Hyper-V Server Virtual Supervisor Module (VSM) Virtual Ethernet Module (VEM) Virtual or Physical appliance running Cisco NXOS (supports Hi-availability) Enables advanced networking capability on the hypervisor Performs management, monitoring, and configuration Provides each virtual machine with dedicated switch port Tight integration with management platforms Collection of VEMs : 1 virtual network Distributed Switch Cisco Nexus 1000V VSM System Center Virtual Machine Manager

Nexus 1000v Features Switching Security Services Provisioning Visibility Management L2 Switching, 802.1Q Tagging, Rate Limiting (TX) IGMP Snooping, QoS Marking (COS & DSCP) Policy Mobility, Private VLANs w/ local PVLAN Enforcement Access Control Lists (L2 4 w/ Redirect), Port Security Dynamic ARP inspection*, IP Source Guard*, DHCP Snooping* Virtual Services Datapath (vpath) support for traffic steering & fast-path off-load Full integration with System Center VM Manager (SCVMM) Faster network policy provisioning through port profiles VM-Level Interface Statistics, NetFlow, CDP SPAN & ERSPAN (policy-based) VM Network Provisioning (port-profiles), CiscoWorks, Cisco DCNM Cisco CLI, Radius, TACACs, Syslog, SNMP (v.1, 2, 3)

Nexus 1000V Management Flow Network Administrators Create Logical Networks, Sites and VM Networks in Native NX-OS environment Sync NX-OS and VMM Sync Configuration Data Fabric Administrators Deploys N1KV to the hosts, and Connects VM NICs to the VM Network SCVMM Manages VM Placement and Migration, adhering to Network Policies and Restrictions Virtual Ethernet Module Syncs Configuration policies from the Supervisor Modules VM VM VM VM Nexus 1000V VEM Win 2012 Hyper-V Server SCVMM Nexus 1000V VSM Fabric Administrator Network Administrator

Nexus 1000v Installer Provide SCVMM Credentials Provide Host info for Primary & Secondary VSM

Experience Pros and Cons Traps Benefits Network team opinions Recommendations?

Hyper-V Network Virtualization

Requirements to transform networking Deliver networking as part of pooled, automated infrastructure Ensure multitenant isolation, scale and performance Expand datacenter capacity seamlessly as per business needs Reduce operational complexity

Abstracting the network with Hyper-V Network Virtualization (HNV) Multiple virtual networks on a physical network Contoso virtual machine Fabrikam virtual machine Contoso network Fabrikam network Each virtual network has illusion it is running as a physical network VIRTUALIZATION How network virtualization works Overlays physical network Encapsulation using NVGRE protocol Physical server Physical network

Hyper-V Network Virtualization Benefits Workload Owners Enterprises Hosters Private/Public Cloud Datacenter Admins Seamless migration to the cloud Move n-tier topology to the cloud Preserve policies, VM settings, IP addresses Private Cloud datacenter consolidation and efficiencies Extension of datacenter into hybrid cloud Incremental integration of acquired company network infrastructure Bring Your own IP Bring Your network topology Scalable multitenancy Flexible VM placement without reconfiguration Decoupling of server and network admin roles increases agility

Hyper-V Network Virtualization Enhancements Windows Server 2012 HNV is a NDIS LWF Scalable network virtualization solution Centralized policy + distributed router Works across physical subnets Contoso network Fabrikam network Windows Server 2012 R2 VIRTUALIZATION Physical network HNV is part of the Hyper-V Switch Dynamically learn Customer Addresses Support Hyper-V Clustering Enhanced performance + diagnostics

Hyper-V Network Virtualization Concepts

Hyper-V Network Virtualization Concepts VM Network (called a routing domain in PowerShell) Network isolation boundary Routing between VM networks must be explicit Comprised of one or more Virtual Subnets Virtual Subnet (VSID) Broadcast boundary VM Network Contoso Corp. Contoso R&D Net Contoso Subnet1 Multi-Tenant Datacenter Fabrikam Corp. Fabrikam HR Net Fabrikam Subnet2 Virtual Subnet Contoso Subnet2 Contoso Subnet3 Fabrikam Subnet1

Provider Address 192.168.2.22 192.168.5.55 192.168.2.22 192.168.5.55 VSID 10.0.0.5 GRE Key 5001 MAC CA 10.0.0.5 GRE Key 6001 MAC CA Customer Address 10.0.0.7 10.0.0.7 192.168.2.22 192.168.5.55 NVGRE Packet 10.0.0.5 10.0.0.5 10.0.0.7 10.0.0.7 10.0.0.5 10.0.0.5 10.0.0.5 10.0.0.5 10.0.0.7 10.0.0.7 10.0.0.7 10.0.0.7 Encapsulation Network Virtualization using Generic Routing Encapsulation (NVGRE) Customer Address Provider Address

What s new in R2 Architecture change. HNV now in the Virtual Switch Extensions and ACLs work now Broadcast/Multicast support Dynamic Guest IPs DHCP inside VM Networks Guest Clustering

Hyper-V Network Virtualization Performance

NVGRE Encapsulated Task Offload Typically NIC offloads work on the CA packet Most offloads break when using GRE & NVGRE Large Send Offload (LSO) Receive Side Scaling (RSS) Virtual Machine Queue (VMQ) NVGRE Encapsulated Task Offload was introduced in Windows Server 2012 to ensure no performance loss Emulex and Mellanox have announced products supporting NVGRE Task Offload

Mellanox ConnectX-3 Pro 10GbE Performance Throughput (Gb/s) CPU Overhead (CPU Cycles per Byte) 10 12 9 8 65% 10 80% 7 6 8 5 6 4 Higher Is Better 3 2 1 4 2 Lower Is Better 0 NVGRE with ConnectX-3 Pro Offloads NVGRE Without Offloads 0 NVGRE with ConnectX-3 Pro Offloads NVGRE Without Offloads

HNV + NIC Teaming (NEW in R2) Inbound and outbound spread on virtualized traffic Higher performance with teamed NICs Utilizes LBFO s new Dynamic Mode Provider Addresses configured with a MAC address *-NetVirtualizationProviderAddress cmdlets updated to take a MAC address Optimal performance when you have 1 (or more) PAs per NIC in the team Ex. A NIC team of 2 NICs should have 2 or more PAs and the CAs spread between them

Hyper-V Network Virtualization Gateways

DNSSQL DC Contoso Corp. Fabrikam Corp. Default Gateway Routes between VMs on different Virtual Subnets Built into the HNV Filter running on each host SPS VPN Internet SPS VPN HNV Gateway Required to communicate outside a virtual network Multi-tenant VPN Gateway Host Datacenter Network Virtualization Fabric Comes in different forms: VPN for Site-to-Site connectivity Load Balancing & NAT for Internet access Forwarding gateway for in datacenter physical machine access Host Host

Network Virtualization Gateway Layout Multi-tenant VPN Gateway VM01 Multi-tenant VPN Gateway VM03 Multi-tenant VPN Gateway VM05 GW Cluster01 - Active-Passive GW Cluster02 - Active-Passive GW Cluster03 - Active-Passive Multi-tenant VPN Gateway VM02 Multi-tenant VPN Gateway VM04 Multi-tenant VPN Gateway VM06 Host Datacenter Network Virtualization Fabric HV Cluster Host Datacenter Network Virtualization Fabric PA / Tenant Network Management External Management PA / Tenant Network

Microsoft Gateway

Multi-Tenant Network Stack Default Networking Default ServiceNetworking Multi-tenant Service Networking Service IP Interface IP Interface Default Tenant IP 1 Interface IP Tenant Interface 2 Default Compartment Compartment Compartment Compartment VM NIC Virtual Machine Hyper-V Switch

Cross-premises connectivity VPN site-to-site functionality in remote access: Provides cross-premises connectivity between enterprises and hosting service providers Connects to private subnets in hosted cloud networks Provides connectivity among geographically separate enterprises Contoso private cloud Woodgrove private cloud Subnet1 Subnet2 Subnet1 Subnet2 Hosted Cloud VPN site-to-site tunnel IKEv2-IPsec VPN site-to-site tunnel IKEv2-IPsec VPN site-to-site tunnel IKEv2-IPsec Industry standard IKEv2- IPsec router Contoso London branch Contoso New York branch Woodgrove Brazilian branch Subnet3 Subnet4 Subnet3 Subnet4 Windows Server 2012 R2 Preview remote access siteto-site VPN server 4

Hybrid Networking in WS 2012 S2S Tunnel Orange Corp site1 Orange Corp site2 S2S Tunnel S2S Tunnel S2S Tunnel S2S Tunnel Blue GW Green GW Orange GW Orange Virtual Network Includes Site-to-site (S2S) VPN as part of Remote Access Server Requires Windows Network Virtualization Needs one VM per tenant for the gateway

Hybrid Networking in WS 2012 R2 BGP Orange Corp site1 Orange Corp site2 S2S Tunnel Active-Standby Provides multitenant S2S gateway Includes guest clustering for HA Uses BGP for dynamic routes update Provides multitenant-aware NAT for Internet access Orange Virtual Network

Connecting Private Cloud with Azure Extend your datacenter to Azure by creating VMs in private networks Connect individual computers to Azure VMs and virtual networks using Point to Site connectivity without VPN device Windows inbox gateway to connect virtual networks in private cloud and Azure On premises Your datacenter Individual computers behind corporate firewall VPN Device Site-to-Site VPN VPN Gateway Virtual Network Subnet 1 Subnet 2 Subnet 3 DNS Server Remote workers 4

F5 Gateway

F5 NVGRE Gateway Orange Corp site1 S2S Tunnel vnic Provides multitenant gateway Supports 6 Tenants Supports F5 HA Technologies No NATIVE NVGRE Implementation Places vnic in the Tenant Network Virtual Appliance ONLY Depends on F5 Routing Domain Orange Corp site2 Orange Virtual Network

Connecting a Virtual Network Attach Virtual Network Interface to VMNetwork Assign IP from VMNetwork to F5 Assign the Interface as new F5 Routing Domain Remainder of configuration based on F5 Routing VMM Integration

Experience Not scalable: Maximum 6 concurrent Networks Does not actually implement the NVGRE protocol Depends on existing F5 Routing Domain Technologies Available currently Only on Virtual Application Useful only as a proof of concept

Summary

We need your feedback! Thank you! Session Feedback https://de.surveymonkey.com/s/scu2013dachsessionfeedback Overall Conference Feedback https://de.surveymonkey.com/s/scu2013dachoverallfeedback

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information