In a nutshell:
You can virtualize any network and run them all on a single physical network fabric.
How is that even possible? We`ll get to that after we`ve gone through some information and explained the scenarios behind this new capability in Microsoft`s virtualization stack.
I`ve been working a lot with hosters in my career and a common challenge is a secure and scalable solution for multi-tenancy. First thing that you might think of in relation to network is to use VLAN`s. Fair enough, that`s a wide adopted technology to separate networks, but it is also complex and not suited to scale. When I say scale, I am thinking of big time scale, for those major hosters.
In these days when cloud computing is all over the place, we are expecting our service providers to provision infrastructure, platform and software as a Service quite rapidly, working together with anything else and without making any changes to our environment. Unfortunately this is very challenging and not practically realistic.
One additional challenge to VLAN`s is that when you need to scale your Fabric with new virtualization hosts, storage and networking, you are in some ways limited to one physical location.
VLAN can’t span multiple logical subnets and will therefore restrict the placement of virtual machines. So how can you get a solution that works for your customers – even when they have already existing solutions that they want to move to the cloud?
Note: When cloud is mentioned in this blog post, we are thinking of private clouds, public clouds and service provider clouds – which is related to hosters.
By using traditional networking and VLAN`s you will have to reassign IP addresses when moving to the cloud, since mostly of the configuration is relying on the IP configuration on those machines. This will include policies, applications, services and everything else that is used for layer 3 network communications. With the limitations of VLAN`s, the physical location will determine the virtual machine`s IP addresses.
This is where Network Virtualization in Windows Server 2012 – Hyper-V comes to the rescue.
It removes the challenges related to IaaS adoption for customers, and will provide the datacenter administrator an easy an effective way to scale their network fabric for virtual machines.
Network Virtualization will let you run several virtual machines – even with the same identical IP assigned, without letting them see each other, which sounds like the solution for multi-tenancy.
How does it work?
Network Virtualization is policy-based and will use a CA – Customer Address (for the virtual machines, this is the IP that each VM can see and know of) and a PA – Provider Address (this is the IP that the hypervisor will see, letting the VM be visible on the physical network only)
You have two options when it comes to Network Virtualization.
IP rewrite will modify the customer IP address of the packets on the virtual machine before they are transferred on the physical network fabric. One of the pros with IP rewrite is that it will provide better performance since VMQ (Virtual Machine Queue) will continue to operate.
IP encapsulation will encapsulate all the VM packets with a new header before they are sent on the physical network. If we are thinking of scalability, IP encapsulation is the best option since this will allow all of the VMs on a host to share the same provider IP address. The different tenants will be identified by checking the header of the encapsulated packet that will contain a tenant network ID. So since all of the VMs are sharing the provider IP address, the switches in the infrastructure will be smiling since they only need to know the IP address and MAC address for the provider address.
With Network Virtualization in Windows Server 2012 – Hyper-V, any VM can run with any IP configuration and be reachable by the customer, without altering the existing IP configuration. This will ease the transformation to the cloud.
If you want to play around with Network Virtualization in Windows Server 2012 – Hyper-V, you have to brush of your Powershell skills, as there is no GUI to apply, manage or tweak around the settings.
This work quite well, in small environments, and I would recommend you to follow a fellow MVP blog posts on this subject. Brian Ehlert has just started a series of blog posts about Network Virtualization and it`s Powershell all the way: http://itproctology.blogspot.com
Management with System Center 2012 SP1 – Virtual Machine Manager
But to manage this in large environments, you would appreciate a world class premium cloud management solution as Virtual Machine Manager.
With the upcoming release of Service Pack 1 for System Center 2012 – Virtual Machine Manager, you will be able to take this a step further and almost do everything without touching Powershell.
First thing first, you`ll have to prepare the Network Fabric in VMM prior to implement Network Virtualization.
If you are not familiar with Network Fabric in VMM, I`ll suggest that you read this blog post http://kristiannese.blogspot.no/2011/05/create-networks-with-vmm-2012.html for a guidance on how to setup Logical Networks, Virtual Networks, IP Pools and more. This is related to PA – Provider Addresses – which is the IP addresses that the Hyper-V hosts will be able to see and use.
Once this is done, we can move further and configure Network Virtualization.
You`ll find ‘VM Networks’ in the VMs and Services workspace in VMM. VMM uses the IP pools associated with a VM network to assign CA – Customer Addresses to virtual machines that use network virtualization. Remember that the CA is only visible to the VMs and is used by customers to communicate with those VMs.
Default when you configure Network Virtualization in VMM, VMM uses IP rewrite, but you will be able to use IP encapsulation (with Generic Routing Encapsulation (NVGRE) by using Powershell.
We will create two VM Networks in the following procedure, and using both IP rewrite and IP encapsulation.
If you followed the blog post explaining how to set up the Network Fabric, you should at least have a single logical network containing IP pools, subnets and maybe VLAN`s. In addition, it`s important that you have associated the logical network with your Hyper-V hosts or/and clusters. If using a cluster, make sure that the virtual networks are associated with the correct interface on each node, and the logical network.
We will create two VM networks (Blue_VMNet and Red_VMNet). Both associated with the logical network (PA) in Network Fabric.
We will create two VM subnets (IP rewrite) for Blue_VMNet, and one VM subnet (IP encapsulation) for Red_VMNet.
Last, we will create IP address pools for each VM subnet in each VM network (Blue VMSubnet1 IPPool, Blue VMSubnet2 IPPool and Red VMSubnet1 IPPool).
To create a VM network and VM subnets with IP rewrite
1. Open the VMs and Services workspace.
2. Click Create VM Network. Name the VM network as Blue_VMNet, type a description and click the logical network you created earlier for PA.
4. On the VM Subnets page, click Add, and add a VM subnet for Blue_VMSubnet1 (192.168.1.0/24). Repeat the process and create a VM subnet for Blue_VMSubnet2 (192.168.2.0/24)
To create a VM network and VM subnet with IP encapsulation
1. Open the VMs and Services workspace
2. Click Create VM Network. Name the VM network as Red_VMNet, type a description and click the logical network you created earlier for PA.
3. Instead of creating a VM subnet here, we will finish the wizard and start the Powershell module within VMM.
Tye the following Powershell cmdlets:
PS C:\> $SubNetVLan = New-SCSubnetVLan -Subnet "192.168.1.0/24"
PS C:\> $VMNetwork = Get-SCVMNetwork -Name "Red_VMNet"
PS C:\> New-SCVMSubnet -Name "Red_VMSubnet1" -SubnetVLan $SubnetVLan -VMNetwork $VMNetwork -VMSubNetType "IPEncapsulationWindowsNetworkVirtualization"
Verify that the subnets are created in the console afterwards.
The last thing to do before you are done is to create IP address pool for each subnet in each VM network.
1. Open the VMs and Services workspace.
2. Click VM Networks.
3. In the VM Networks and IP Pools pane, right-click the VM network where you want to create the IP address pool, and then click Create IP Pool.
4. Enter a name (Blue VMSubnet1 IPPool), and configure the IP range and settings.
Repeat this process for each VM subnet.
Congratulations! You have now enabled Network Virtualization with VMM.
During VM creation, you`ll have a couple of new options for the vNIC, connecting to a logical network and VM network.