• No results found

Hyper-V Networking. Aidan Finn

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Hyper-V Networking. Aidan Finn"

Copied!
36
0
0

Loading.... (view fulltext now)

Download now ( 36 Page )

Full text

(1)

Hyper-V Networking

(2)

About Aidan Finn

• Technical Sales Lead at MicroWarehouse (Dublin) • Working in IT since 1996

• MVP (Virtual Machine)

• Experienced with Windows Server/Desktop, System Center, virtualisation, and IT infrastructure

• @joe_elway

• http://www.aidanfinn.com

• http://www.petri.co.il/author/aidan-finn

(3)

Books

System Center

(4)
(5)
(6)

Hyper-V Networking Basics

6

Management OS Virtual Machines

VLAN Trunk

(7)

Virtual NICs

• Generation 1 VMs can have: – (Synthetic) network adapter

• Requires drivers (Hyper-V integration components/services)

• Does not do PXE boot • Best performance

– Legacy network adapter

• Emulated - does not require Hyper-V drivers • Does offer PXE

• Bad performance

• Generation 2 VMs have synthetic network adapters with PXE

(8)

Hyper-V Extensible

Switch

Replaces Virtual

Network

Handles network traffic

between:

–Virtual machines

–The physical network

–The management OS

Layer-2 virtual interface

Programmatically

managed

Extensible

8

NIC = network adapter

(9)

Virtual Switch Types

• External:

– Allow VMs to talk to each other physical network and host – Normally used

• Internal

– Allow VMs to talk to each other and host

– VMs cannot communicate to VMs on another host – Normally only ever seen in a lab

• Private

– Allow VMs to talk to each other

– VMs cannot communicate to VMs on another host – Sometimes seen but replaced by Hyper-V network

virtualization or VLANs

(10)

Extension Types

Capturing

• Monitoring

• Example: InMon sFlow

Filtering

• Packet monitoring/security

• Example: 5nine Security

Forwarding

• Does all the above & more

• Example: Cisco Nexus 1000V

(11)
(12)

• Provides load balancing and failover (LBFO)

• Load balancing:

– Spread traffic across multiple physical NICs.

– This provides link aggregation – not necessarily a

single virtual “pipe”.

• Failover:

– If one physical path (NIC or top-of-rack switch) fails

then traffic automatically moved to another NIC in the

team.

• Built-in and fully supported for Hyper-V and

Failover Clustering since WS2012

(13)

• Microsoft supported – no more calls to NIC

vendors for teaming support or getting told to turn

off teaming

• Vendor agnostic – can mix NIC manufacturers in

a single team

• Up to:

– 32 NICs

at same speed

in physical machines

– 2 virtual NICs

at same speed

in a VM

• Configure teams to meet server needs

• Team management is easy!

– Server Manger, LBFOADMIN.EXE, VMM, or

PowerShell

(14)

Team members --or--Network Adapters Team Team Interfaces, Team NICs, or tNICs

Terminology

(15)

• Switch Independent mode

– Doesn’t require any configuration of a switch

– Protects against adjacent switch failures

– Allows Standby NIC

• Switch dependent modes

1. Static Teaming

• Configured on switch

2. LACP Teaming

• Also known as IEEE 802.1ax or 802.3ad

– Requires configuration of the adjacent switch Switch dependent team Switch independent team

Connection Modes

(16)

1. Address Hash – comes in 3 flavors

– 4-tuple hash: (Default distribution mode) uses the RSS hash if available, otherwise hashes the TCP/UDP ports and the IP addresses. If ports not available, uses 2-tuple instead.

– 2-tuple hash: hashes the IP addresses. If not IP traffic uses MAC-address hash instead.

– MAC address hash: hashes the MAC addresses.

2. Hyper-V port

– Hashes the port number on the Hyper-V switch that the traffic is coming from. Normally this equates to per-VM traffic. Best if using DVMQ.

3. Dynamic (Added in WS2012 R2)

– Spread a single stream of data across team members using “flowlets”. The default option in WS2012 R2.

(17)

• Choose the team connection

mode that is required by your

switches

• Choose either Hyper-V Port or

Dynamic (WS2012 R2) load

distribution

– Hyper-V Port provides

predictable incoming paths and

DVMQ acceleration.

– Dynamic enables a single virtual

NIC to spread traffic across

multiple team members at once.

NIC Teaming – Virtual Switch

(18)

• Choose the team connection

mode that is required by your

switches

• Choose either Address Hash

or Dynamic load distribution

– Address Hash will isolate a

single stream of traffic on one

physical NIC.

– Dynamic enables a since virtual

NIC to spread traffic across

multiple team members at once.

NIC Teaming – Physical NICs

NIC Team N et w o rk in g S ta ck

(19)

• Can be configured in guest

OS of a WS2012 or later VM.

• Teams the VM’s virtual NICs.

• Configuration is locked.

• You must allow NIC teaming

in the advanced properties of

the virtual NIC in the VM

settings.

• Set-VMNetworkAdapter

VM01

–AllowTeaming

On/Off

NIC Teaming – Virtual Machines

Virtual Machine NIC Team

(20)
(21)
(22)

Core 2 Core 3 Core 4 Core 5 Core 6 Core 1 Management OS Virtual Machine NIC Team Management Liv e M ig ra tio n C lu ster SM B 3 .0 B ac ku p rNIC1 rNIC2 0 1 2 3 4 5 6 7 8 9 10 11 CPU 0

Core 8 Core 9 Core 10 Core 11 Core 12 Core 7 12 13 14 15 16 17 18 19 20 21 22 23 CPU 1 Processors (Hyperthreading) { Cores { Logical Processors {

RSS

100% utilized

(23)

Core 2 Core 3 Core 4 Core 5 Core 6 Core 1 Management OS Virtual Machine NIC Team Management Liv e M ig ra tio n C lu ster SM B 3 .0 B ac ku p rNIC1 rNIC2 0 1 2 3 4 5 6 7 8 9 10 11 CPU 0

Core 8 Core 9 Core 10 Core 11 Core 12 Core 7 12 13 14 15 16 17 18 19 20 21 22 23 CPU 1 Processors (Hyperthreading) { Cores { Logical Processors {

DVMQ

100% utilized

(24)

RSS and DVMQ

• Consult your network card/server manufacturer

• Can use Get-

Set-NetAdapterRSS to configure. • Don’t change anything unless

you need to

• RSS and DVMQ are

incompatible on the same NIC so design hosts accordingly

(25)

vRSS

• Added in WS2012 R2

• RSS provides extra processing capacity for inbound traffic to a physical server

– Using cores beyond Core 0.

• vRSS does the same thing in the guest OS of a VMM – Using additional virtual processors.

• Allows inbound networking to VMM to scale out.

• Obviously requires VMs with additional virtual processors.

• The physical NICs used by the virtual switch must support DVMQ. • Enable RSS in the advanced NIC properties in the VM’s guest OS

(26)

Management OS

Virtual Machine NIC Team Management Li ve M igr at ion C lu st er SM B 3 .0 B ack up rNIC1 rNIC2

CPU 0 CPU 1 CPU 2 CPU 3 CPU 4 CPU 5 CPU 6 CPU 7

vRSS

100% utilized

(27)
(28)

Single-Root I/O (SR-IOV)

• Virtual function on capable NIC presented directly to VM • Bypasses user mode in Management OS

– Network stack

– Virtual Switch (logical connection present)

– Cannot team NICs in Management OS – can team NICs in VM • Super low latency virtual networking, less h/w usage

• Requires SR-IOV ready: – Motherboard

– BIOS – NIC

– Windows Server 2012/Hyper-V Server 2012 (or later) host • Can Live Migrate to/from capable/incapable hosts

(29)

Host

Network I/O path without SRIOV Network I/O path with SRIOV

Root Partition Hyper-V Switch Physical NIC Virtual Machine Virtual NIC Routing VLAN Filtering Data Copy Host Root Partition Hyper-V Switch

SR-IOV Physical NIC

Virtual Machine Virtual Function Routing VLAN Filtering Data Copy

SR-IOV Illustrated

(30)

Implementing SR-IOV

• All management OS

networking features are

bypassed

• You must create SR-IOV

virtual switches to begin with:

– New-VMSwitch IOVSwitch1 -NetAdapterName pNIC1 – EnableIOV $True

• Install Virtual Function driver

in guest OS

• To get teaming:

– Create 2 virtual switches

– Enable guest OS teaming in vNIC advanced settings

– Team in the guest OS

NIC Team

SR-IOV Enabled Virtual Switch 1

SR-IOV Enabled Virtual Switch 2 Virtual NIC 1 Virtual NIC 2

(31)

The Real World: SR-IOV

• Not cloud or admin friendly:

– Requires customization in the guest OS

– How many hosting or end users can you trust with admin rights over in-guest NIC teams?

• In reality:

– SR-IOV is intended for huge hosts or few VMs with low latency requirements

(32)

IPsec Task Offload (IPSecTO)

• IPsec encrypts/decrypts traffic between a client and server. • Done automatically based on some rule.

• Can be implemented by a tenant independently of the cloud administrators

• It uses processor resources – in a cloud this could have a significant impact.

• Using IPSecOffloadV2 enabled NICs, Hyper-V can offload IPsec processing from VMs to the host’s NIC(s).

(33)

Consistent Device Naming (CDN)

• Every Windows admin hates “Local Area Connection, “Local Area Connection 2”, etc.

– Network devices randomly named based on order of PNP discovery

• Modern servers (Dell 12th gen, HP Gen8) can store network port

device names

• WS2012 and later can detect these names

• Uses device name to name network connections: – Port 1

– Port 2 – Slot 1 1 – Slot 1 1

(34)

Converging Networks

• Not a new concept from hardware vendors • Introduces as a software solution in WS2012

(35)

SMB 3.0

• No longer just a file & print protocol

(36)

Thank You!

Aidan Finn

@joe_elway

www.aidanfinn.com

References

Download now ( PDF - 36 Page - 1.20 MB )

Related documents

Best Practices for Running Linux on Hyper-V

If your backup software is VSS-enabled, Hyper-V forwards a request to each virtual machine when you request a backup of a virtual machine on the Hyper-V host server; if the

Independence Chamber of Commerce 2010 Santa-Cali-Gon Days Festival Awards for Communication Excellence Category 5: Campaigns & Programs

To stay within budget yet still increase our communication exposure, we created all print material designs, electronic media, commercial, press releases and advertisements in

Notes for Ethereal Crystals 1 and 2 Attunements

SINGLE TERMINATED CLEAR QUARTZ CRYSTAL EMERALD HEMATITE RED JASPER MALACHITE ROSE QUARTZ RUBY SODALITE

Ancient Monuments Laboratory Report 47/95 HOLLY HOUSE FARM, SCAFTWORTH, NOTTS. REPORT ON GEOPHYSICAL SURVEY, OCTOBER 1995

Geophysical survey was undertaken over a square triple-ditched enclosure (Scheduled Ancient Monument Nottinghamshire 56) at Holly House Farm, Scaftworth, near Bawtry, Notts

School-based Medicaid Claiming: IEP and MAC

Because Indiana uses one statewide claiming methodology and one system to support its statewide random moment time study, IDOE’s contractor, PCG, retains all the

User's Guide - Beta 1 Draft

Virtual Memory Virtual Machine Name Local Hyper-V Dashboard Microsoft Hyper-V Server Enterprise Dashboard Enterprise Hyper-V Details Local Hyper-V Dashboard Node Name Local

Release Notes: NovaBACKUP v16.0

In order to back up Microsoft Hyper-V virtual machines, you will need to have NovaBACKUP Business Essentials installed on the Hyper-V Host Operating System.. Backing up

Avoiding Performance Bottlenecks in Hyper-V

This initial placement is more important in Hyper-V than in VMware since there is no Distributed Resource Scheduling in Hyper-V that will move virtual machines to another host if