A virtual network could either be Private,
Internal or External.
The Private network would not bind to a physical
NIC on the parent partition, and only let the virtual machines connected to
this network communicate. Since there was no binding to a physical NIC, the
virtual machines was unable to communicate with other virtual machines on other
hosts.
The Internal network did not bind to a physical
NIC either, but created virtual NIC in
the parent partition so that the virtual machines and the host itself was able
to communicate.
The External network was the only type of network
that would bind to a physical NIC in the parent, meaning that this was the
proper type of virtual network if you wanted your virtual machines to be able
to communicate over the physical network and have LAN/WAN access.
The three different types still exists in Windows
Server 2012, but have been renamed to virtual switches.
There’s been done a lot with the extensible switch
in Hyper-V and the switch itself is now extensible for third parties to
integrate and develop tools and solutions that interacts with this switch.
A Hyper-V virtual switch is a virtual layer-2
network switch that provides programmatically managed and extensible
capabilities to connect virtual machines to the physical network. This will led
to better solutions related to security, isolation, SLA’s and policy enforcements
in a virtual environment, and is much better suited for cloud computing
scenarios.
Normally when we think of cloud computing
scenarios, we would also think of tenant isolation, protection of malicious
virtual machines and traffic control. The Hyper-V Extensible switch will cover
it all.
There’s built-in support for NDIS (Network Device
Interface Specification) filter drivers and WFP (Windows Filtering Platform)
callout drivers. This makes it possible for ISV’s to create plug-ins to provide
enhanced networking and security capabilities. This will give organizations
more options to secure their tenants, traffic and measure networking for
virtual machines.
Functionality in Hyper-V Extensible Switch
DHCP Guard protection: Will help you to protect against
malicious virtual machines that presents themselves as DHCP servers. Often
referred to man-in-the-middle attachs.
Network traffic monitoring: let the cloud
administrators have control and review the traffic over the network switch.
Port ACLs: Traffic filtering based on MAC (Media
Access Control) or IP (Internet Protocol) addresses/ranges so that the cloud
administrator can set up virtual network isolation.
ARP/ND Spoofing protection: Gives protection
against malicious VMs using ARP spoofing to steal other VMs IP addresses, and
provides protection against attacks that can be launched for IPv6 using ND
spoofing.
Trunk mode to a VM: Let the cloud administrator
set up a specific VM as a virtual appliance to direct traffic from various
VLANs to that VM.
Isolated VLAN (PVLAN): Let the cloud administrator
segregate traffic on multiple VLANs so that they can easily establish isolated
tenant communities.
Bandwidth limit and burst support:
Reserve guaranteed amount of bandwidth. Bandwidth maximum
caps the amount of bandwidth a VM can consume.
ENC marking support: Explicit
Congestion Notification (ECN) marking—also known as Data CenterTCP
(DCTCP)—enables the physical switch and operating system to regulate traffic
flow such that the buffer resources of the switch are not flooded, which
results in increased traffic throughput.
Diagnostics: Let the cloud administrator easily
trace and monitor events and packets through the virtual switch.This will for sure ensure that you can meet the demand of cloud computing in the networking space as well, in conjunction with network virtualization.
There will be more blogging about switch extensions and network virtualization when SC VMM 2012 SP1 is available.
No comments:
Post a Comment