As mentioned earlier, you can use a virtual network adapter port profile to capture a set of specific settings for a VM network adapter and store those settings for future deployment usage. Every time you create a new VM, you’ll be able to select a particular virtual network adapter port profile, and System Center Virtual Machine Manager will automatically apply your chosen settings to the vNIC of that VM. This automation will save you time and ensure a standardized approach to vNIC deployment.
In this procedure, you will create a new default virtual network adapter port profile. You’ll use it as the standard vNIC configuration for your tenant workloads going forward.
1. In the Fabric workspace, in the Networking view, in the System Center Virtual Machine Manager console, right-click Port Profiles, and select Create Hyper-V Port Profile.
2. On the General page, in the Name text box, enter Tenant_LN_vNIC, select Virtual Network Adapter Port Profile, and then click Next.
3. On the Offload Settings page, there are three options. These options relate to features and functionality that require specific hardware capabilities within the underlying physical network adapter. These capabilities are as follows:
• Virtual Machine Queue (VMQ) Packets that are destined for a virtual network adapter are delivered directly to a queue for that adapter, the VMQ. They do not have to be copied from the management operating system to the VM.
• IPsec Task Offload With IPsec Task Offload, some or all of the computational work that IPsec requires for encryption and decryption is shifted from the computer’s CPU to a dedicated processor on the network adapter.
• Single-Root I/O Virtualization (SR-IOV) With SR-IOV, a network adapter can be assigned directly to a VM. The use of SR-IOV maximizes network throughput while minimizing network latency and minimizing the CPU overhead that is required to process network traffic. To function, SR-IOV requires support from the host hardware and firmware, the physical network adapter, and drivers in the management
operating system and the guest operating system. To function correctly, SR-IOV must be enabled in multiple places—in particular, as part of the virtual network adapter port profile creation process, the logical switch creation process, and finally during logical switch deployment. For this POC configuration, you will not be using SR-IOV. 92 CHAPTER 3 Configuring network infrastructure
4. On the Offload Settings page, select Enable Virtual Machine Queue, and then click Next.
5. On the Security Settings page, a number of options can be enabled. Ensure that the Allow Guest Specified IP Addresses option (only available for VMs on Windows Server 2012 R2) is selected because this will be important for later VM deployments. You can leave the other boxes clear; however, for reference, following is an explanation of the remaining options:
• Allow Media Access Control (MAC) Spoofing With MAC spoofing, a VM can change the source MAC address in outgoing packets to an address that is not assigned to that VM. For example, a load-balancer virtual appliance might require this setting to be enabled.
• Enable DHCP Guard With DHCP guard, you can protect against a malicious VM that represents itself as a DHCP server for man-in-the-middle attacks.
• Allow Router Guard With router guard, you can protect against advertisement and redirection messages that are sent by an unauthorized VM that represents itself as a router.
• Allow Guest Teaming With guest teaming, you can team the virtual network adapter with other network adapters that are connected to the same switch.
• Allow Electrical and Electronics Engineers (IEEE) Priority Tagging With IEEE priority tagging, outgoing packets from the virtual network adapter can be tagged with IEEE 802.1p priority. These priority tags can be used by QoS to prioritize traffic. If IEEE priority tagging is not allowed, the priority value in the packet is reset to 0.
6. On the Security Settings page, click Next.
7. On the Bandwidth Settings page, you have three options that are all associated with defining QoS. You can specify the minimum and maximum bandwidth available to the virtual network adapter. The minimum bandwidth, which can be expressed as megabits per second (Mbps) or as a weighted value (from 0 to 100), controls how much bandwidth the virtual network adapter can use in relation to other virtual network adapters.
For this POC configuration, you can leave the minimum as 0 Mbps. For maximum, enter 1024 Mbps. This will ensure that very noisy VMs don’t consume all of the bandwidth available across the tenant network. For a POC, this value is fine; however you may choose to adjust this figure for your specific environment. The setting that's right for you will take into consideration how many VMs you allow to share the channel and what measure of bandwidth must be made available to each VM to ensure a consistent QoS is met. Click Next.
8. On the Summary page, review all the settings and selections you made, and then click Finish.
9. The Jobs window opens. Monitor the job through its completion, and then close the Jobs window.