You
can virtualize any network and run them all on a single physical network
fabric.
How is
that even possible? We`ll get to that after we`ve gone through some information
and explained the scenarios behind this new capability in Microsoft`s
virtualization stack.
I`ve been working a lot with hosters in my career and a common challenge is a secure and scalable solution for multi-tenancy. First thing that you might think of in relation to network is to use VLAN`s. Fair enough, that`s a wide adopted technology to separate networks, but it is also complex and not suited to scale. When I say scale, I am thinking of big time scale, for those major hosters.
In these days when cloud computing is all over the place, we are expecting our service providers to provision infrastructure, platform and software as a Service quite rapidly, working together with anything else and without making any changes to our environment. Unfortunately this is very challenging and not practically realistic.
One additional challenge to VLAN`s is that when you need to scale your Fabric with new virtualization hosts, storage and networking, you are in some ways limited to one physical location.
VLAN can’t span multiple logical subnets and will therefore restrict the placement of virtual machines. So how can you get a solution that works for your customers – even when they have already existing solutions that they want to move to the cloud?
Note: When cloud is mentioned in this blog
post, we are thinking of private clouds, public clouds and service provider clouds – which is related to hosters.
By using
traditional networking and VLAN`s you will have to reassign IP addresses when
moving to the cloud, since mostly of the configuration is relying on the IP
configuration on those machines. This will include policies, applications,
services and everything else that is used for layer 3 network communications. With
the limitations of VLAN`s, the physical location will determine the virtual
machine`s IP addresses.
This is
where Network Virtualization in Windows Server 2012 – Hyper-V comes to the
rescue.
It removes
the challenges related to IaaS adoption for customers, and will provide the
datacenter administrator an easy an effective way to scale their network fabric
for virtual machines.
Network
Virtualization will let you run several virtual machines – even with the same
identical IP assigned, without letting them see each other, which sounds like
the solution for multi-tenancy.
How does it work?
Network
Virtualization is policy-based and will use a CA – Customer Address (for the
virtual machines, this is the IP that each VM can see and know of) and a PA –
Provider Address (this is the IP that the hypervisor will see, letting the VM
be visible on the physical network only)
You have
two options when it comes to Network Virtualization.
IP rewrite will modify the customer IP address of the
packets on the virtual machine before they are transferred on the physical
network fabric. One of the pros with IP rewrite is that it will provide better
performance since VMQ (Virtual Machine Queue) will continue to operate.
IP encapsulation will encapsulate all the VM packets with a new
header before they are sent on the physical network. If we are thinking of
scalability, IP encapsulation is the best option since this will allow all of
the VMs on a host to share the same provider IP address. The different tenants
will be identified by checking the header of the encapsulated packet that will
contain a tenant network ID. So since all of the VMs are sharing the provider
IP address, the switches in the infrastructure will be smiling since they only
need to know the IP address and MAC address for the provider address.
With
Network Virtualization in Windows Server 2012 – Hyper-V, any VM can run with
any IP configuration and be reachable by the customer, without altering the
existing IP configuration. This will ease the transformation to the cloud.
If you
want to play around with Network Virtualization in Windows Server 2012 – Hyper-V,
you have to brush of your Powershell skills, as there is no GUI to apply,
manage or tweak around the settings.
This work
quite well, in small environments, and I would recommend you to follow a fellow
MVP blog posts on this subject. Brian Ehlert has just started a series of blog
posts about Network Virtualization and it`s Powershell all the way: http://itproctology.blogspot.com
Management with System Center 2012 SP1 –
Virtual Machine Manager
But to
manage this in large environments, you would appreciate a world class premium
cloud management solution as Virtual Machine Manager.
With the
upcoming release of Service Pack 1 for System Center 2012 – Virtual Machine
Manager, you will be able to take this a step further and almost do everything without touching Powershell.
First
thing first, you`ll have to prepare the Network Fabric in VMM prior to
implement Network Virtualization.
If you
are not familiar with Network Fabric in VMM, I`ll suggest that you read this
blog post http://kristiannese.blogspot.no/2011/05/create-networks-with-vmm-2012.html
for a guidance on how to setup Logical Networks, Virtual Networks, IP Pools and
more. This is related to PA – Provider Addresses – which is the IP addresses
that the Hyper-V hosts will be able to see and use.
Once
this is done, we can move further and configure Network Virtualization.
You`ll
find ‘VM Networks’ in the VMs and Services workspace in VMM. VMM uses the IP
pools associated with a VM network to assign CA – Customer Addresses to virtual
machines that use network virtualization. Remember that the CA is only visible
to the VMs and is used by customers to communicate with those VMs.
Default
when you configure Network Virtualization in VMM, VMM uses IP rewrite, but you
will be able to use IP encapsulation (with Generic Routing Encapsulation
(NVGRE) by using Powershell.
We will
create two VM Networks in the following procedure, and using both IP rewrite
and IP encapsulation.
If you
followed the blog post explaining how to set up the Network Fabric, you should
at least have a single logical network containing IP pools, subnets and maybe
VLAN`s. In addition, it`s important that you have associated the logical network
with your Hyper-V hosts or/and clusters. If using a cluster, make sure that the
virtual networks are associated with the correct interface on each node, and
the logical network.
Overview
We will
create two VM networks (Blue_VMNet and Red_VMNet). Both associated with the
logical network (PA) in Network Fabric.
We will
create two VM subnets (IP rewrite) for Blue_VMNet, and one VM subnet (IP encapsulation)
for Red_VMNet.
Last, we
will create IP address pools for each VM subnet in each VM network (Blue
VMSubnet1 IPPool, Blue VMSubnet2 IPPool and Red VMSubnet1 IPPool).
1. Open
the VMs and Services
workspace.
2. Click
Create VM Network.
Name the VM network as Blue_VMNet, type a description and click the logical
network you created earlier for PA.
4. On
the VM Subnets
page, click Add,
and add a VM subnet for Blue_VMSubnet1 (192.168.1.0/24). Repeat the process
and create a VM subnet for Blue_VMSubnet2 (192.168.2.0/24)
1. Open the VMs and Services workspace
2. Click Create VM Network. Name the VM network as Red_VMNet, type a
description and click the logical network you created earlier for PA.
3. Instead of creating a VM subnet
here, we will finish the wizard and start the Powershell module within VMM.
Tye the following Powershell cmdlets:
PS C:\> $SubNetVLan = New-SCSubnetVLan -Subnet
"192.168.1.0/24"
PS C:\> $VMNetwork = Get-SCVMNetwork -Name "Red_VMNet"
PS C:\> New-SCVMSubnet -Name "Red_VMSubnet1"
-SubnetVLan $SubnetVLan -VMNetwork $VMNetwork -VMSubNetType "IPEncapsulationWindowsNetworkVirtualization"
Verify
that the subnets are created in the console afterwards.
|
The last thing to do before you are done is to
create IP address pool for each subnet in each VM network.
1. Open
the VMs and Services
workspace.
2. Click
VM Networks.
3. In
the VM Networks and IP
Pools pane, right-click the VM network where you want to create
the IP address pool, and then click Create IP Pool.
4. Enter
a name (Blue VMSubnet1 IPPool), and configure the IP range and settings.
Repeat this process for each VM
subnet.
|
Congratulations!
You have now enabled Network Virtualization with VMM.
During
VM creation, you`ll have a couple of new options for the vNIC, connecting to a
logical network and VM network.
1 comment:
I have bookmarked this website and I will keep visiting you for further such interesting posts.
Queue Management
Virtual Queue
Post a Comment