Cloud Optimized Networking in Windows Server 2012 R2Bob CombsGreg Cusanza

DCIM-B315

Customer challenges and opportunitiesFlat or shrinking IT budgets even as business expectations increase.

Efficient datacenter operations across entire customer base.

Challenges:

Opportunities:

Enterprise-class

Simple and cost-effective

User centric

“Keeping the lights on” mandate reduces agility to address app owners’ needs.

Need to offer differentiated services to customers.

Complexities due to diverse datacenter infrastructure.

End user pressure to enable access to corporate information from a variety of devices.

Application focused

Delivering Continuously

Available Applications

Scenario summary

Networking in the Hybrid

Cloud

Improving Network

Performance

Simplifying Datacenter

Network management

Advancing Software Defined

Networking

Just the facts

Delivering Continuously Available Applications

Advancing Software Defined Networking

Hyper-V Extensible Switch

Hyper-V Network Virtualization

DHCP FailoverSMB Multichannel

Quality of Service

Simplifying Datacenter Network

Management

IP Address Management (IPAM)

Remote Live capture

Network Management using

Virtual Machine Manager

Network Monitoring using

Operations Manager

Microsoft Windows PowerShell

Networking in the Hybrid Cloud

Extending to Azure

Extending to Service Providers

Cross premise connectivity

Improving Network Performance

vRSS

Single Root I/O Virtualization (SR-

IOV)

NIC Teaming

SMB Direct (RDMA)

Dynamic VMQ

Inbox HNV GatewayVirtual Machine

Manager Enhancements

Host NIC

Hyper-V extensible switch as the policy edge

Hyper-V Extensible Switch architecture

Parent Partition

Extension C

Extension D

Extension A

Extension Miniport

Extension Protocol

Virtual Switch

Capture Extensions

Filtering Extensions

Forwarding Extension

VM NIC VM NIC

Virtual Machine Virtual Machine

Physical NIC

Key Features

• Rich policies with ACLs, QoS, SLAs, isolation, DHCP guard, router guard

• Management framework for extensions

• Live migration support for extensions

• Extensions can veto state changes

• Multiple extensions on same switch

Several Partner Solutions Available

• Cisco – Nexus 1000V & UCS-VMFEX

• NEC – ProgrammableFlow PF1000

• 5nine – Security Manager

• InMon - SFlow

Extensions for Capturing, Filtering & Forwarding

Hyper-V switchextensions

• Helps guarantee predictable network performance and fair sharing during congestion

• Supports bandwidth floors and bandwidth caps

• Helps enforce customer SLAs and maximum pricing caps

• Sets QoS for virtual machine or traffic type

• Uses software built into Windows Server 2012 R2 or hardware capable of Data Center Bridging (DCB) to assign minimum QoS settings

• Supports dynamic change of QoS settings through PowerShell without any downtime

Predictable performance with Quality of Service

Runtime bandwidth demand (gigabits per second)

ServiceReservation

T1 T2 T3

Virtual machine

30% 4 4 2

Storage 40% 5 5 6

Live migration

20% 0 3 2

Cluster Shared Volume

10% 0.5 1 0

T2

3

4

1

T3

2

6

2

T1

4

5

0.5

Actual bandwidth usage by service

When bandwidth is available, each service takes as much as it can

When the link is congested, each service takes its fair share

When bandwidth becomes available, each service takes as much as it wants

2

Security - Extended ACLs

Enforce network security at the virtual NIC level for three main use cases:

Protect hoster’s own infrastructureEliminate the need for VLAN to isolate tenants Control over network communication within a tenant’s own virtual network

Filter inbound/outbound traffic based on network address, application port and protocol type

Provide stateful packet inspection that keeps track of the state of network connections

8

Improving Network Performance

Virtual RSS (vRSS)• vRSS provides near line

rate to a VM on existing hardware, making it possible to virtualize traditionally network intensive physical workloads

• Maximizes resource utilization by spreading VM traffic across multiple host and guest processors

Dynamic VMQ (DVMQ)• Standard VMQ spreads VMs

to different cores statically• DVMQ adds or removes

cores as the processing requirements change

• Results in better processor use for adaptive network workloads

Dynamic NIC teaming• TCP streams or "flows” are

generally not continuous• Groups of packets sent

between flows are called “flowlets”

• Dynamic load balancing detects breaks in a flow

• Flows can be moved to other team members on flowlet boundaries to rebalance traffic

• Dynamic LBFO maximizes utilization of teamed NICs

Improving Network Performance - 2RDMA• Higher throughput with low latency

through offload• Take advantage of high-speed

networks such as InfiniBand and iWARP

• Remote storage at the speed of direct storage

• Compatible with SMB Multichannel for load balancing and failover

SR-IOV• VM traffic bypasses virtual switch and

performs I/O directly to NIC• Ideal for high I/O workloads that do

not require port policies, QoS, or network virtualization enforced at the end host virtual switch

• Reduce CPU overhead, network latency, and increase throughput

How network virtualization works• Overlays multiple virtual networks

on shared physical network

• Uses industry standard General Routing Encapsulation (NVGRE) protocol

Problems solved• Creates VM mobility across

datacenter, hoster cloud or Azure without network constraints

• Provides ability to import customer IP addresses and network topology

• Helps remove VLAN constraints

• Helps eliminate hierarchical IP address assignment for virtual machines

Abstracting workloads with Hyper-V Network Virtualization

Physical server Physical network

VIRTUALIZATION

Blue virtual machine

Yellow virtual machine Blue network Yellow network

Multi-tenant GatewayChallenges• Hoster wants to provide isolated networks for

tenant VMs with integral S2S VPN and NAT• Enterprises have virtualized networks split

across different datacenters or virtualized networks (NVGRE aware) communicating to physical networks (NVGRE unaware)

Solution• Multi-tenant VPN gateway in Windows Server

2012 R2 • Integral multitenant edge gateway for

seamless connectivity • Guest clustering for high availability• BGP for dynamic routes update• Encaps/Decaps NVGRE packets• Multitenant aware NAT for Internet access

SPS VPN

SPS VPN

Host Datacenter Network Virtualization Fabric

HostHost

Internet

FabrikamContoso

DNSSQL DC

Multi-tenant VPN Gateway

Bridge Between VM Networks & Physical Networks

Forwarding Gateway

Challenges• Datacenters need to efficiently pack hosts in

different physical subnets• Enterprises have virtualized networks that

need to communicate with physical networks (NVGRE unaware)

Solution• L3 gateway in Windows Server 2012 R2 • Guest clustering for high availability• Encaps/Decaps NVGRE packets• High performance with hardware offloads

Host Datacenter Network Virtualization Fabric

HostHost

Contoso

DNSSQL DC

Bridge Between VM Networks & Physical Networks

L3 Gateway

SDN partner ecosystem

OMI-basedtop-of-rack switch

Hyper-V switchextensions

Chipsetextensions

Gateway appliances

Datacenter network management configuration

Greg Cusanza

My “Datacenter”

GW-H02GW-H01HV-H03HV-H02HV-H01

INET

Demo Environment

FW/NATAD

DNSDHCP

WAP+SPF

NVGREGatewa

y

Internet - 131.107.156.0/24 VLAN 666Datacenter – 172.16.0.0/16 Untagged

Top-of-rack Switch

GW-HV-CL01CC-HV-CL01

VMM SQLSOFS

NVGREGatewa

y

GW-VM-CL01

iSCSI TargetTenant

VM

SMB-CL01

NIC NIC

VS VSNIC NIC

NICNIC NIC

VS NIC

NICNIC

VS NIC

NIC NIC

VS NIC

NIC

Hyper-V Host DetailHyper-V Host

NIC

VS NIC

VM1 VM2 …

NIC

LBFO

Recommended teaming modes: Switch independent or LACPLoad balancing mode: Hyper-V Port (Hyper-V 2012)

Dynamic (Hyper-V 2012 R2)

NIC NIC

RDMA

Clustering

Live Migration

Replica

Storage

Management

HBA HBA

SAN

• Different functions require different qualities of service (QOS)

• QOS defined by adapter and assigned to function

• Teaming must be configured to handle all traffic types

Mgmt NIC

Cluster NIC

LM NIC

SMB1 SMB2

SMB3 SMB4

Replica NIC

Hyper-V Host

NIC NIC

Clustering

Live Migration

Replica

Storage

Management

Configuring host networking in VMM

Logical Switch

Virtual switch settings

Physical adapterSettings (Uplink)

Port ProfilesVM1 VM2 …

LBFO

VS

Mgmt NIC

Cluster NIC

LM NIC

SMB1 SMB2

SMB3 SMB4

Replica NIC

Physical adapterSettings (Uplink)

Virtual switch settings

MgmtClusterSMBReplicaHigh Performance

VM2Live Migration

Virtual adapterSettings

GW-H02GW-H01HV-H03HV-H02HV-H01

INET

Demo Environment

FW/NATAD

DNSDHCP

WAP

Internet - 131.107.156.0/24 VLAN 666Datacenter – 172.16.0.0/16 Untagged

Top-of-rack Switch

GW-HV-CL01CC-HV-CL01

VMM SQLSOFS iSCSI Target

Tenant VM

SMB-CL01

NIC NIC

VS VSNIC NIC

NICNIC NIC

VS NIC

NICNIC

VS NIC

NIC NIC

VS NIC

NIC

NVGREGatewa

y

NVGREGatewa

y

GW-VM-CL01

Active Multi-tenant Gateway Detail

Active Gateway

VSID trunkBack-end vNIC

Compartment 1VSID 5001

10.254.254.2

Compartment 2VSID 5002

10.254.254.2

Compartment NVSID 5003

10.254.254.2

Default compartment

2.2.2.2

2.2.2.100

S2

SN

AT

Front-end vNIC

Fire

wall

2.2.2.2 UDP 5002.2.2.2 UDP 45002.2.2.2 ESP *

2.2.2.2 UDP 5002.2.2.2 UDP 45002.2.2.2 ESP *

2.2.2.100 All

HNV Router

Virtual Network CA space w/ MT GW

Red subnet192.168.0.0/24VSID 5002

“Red network”

External2.2.2.0/24R

Internet

VM 1192.168.0.

2

VM 2192.168.0

.3

VM N192.168.0

.4

192.168.0.1

Routing subnet10.254.254.0/29VSID 5001

R10.254.254.1

2.2.2.1

10.254.254.2GW1 (active)2.2.2.2 - VPN2.2.2.100 -

NAT

GW2 (standby)HA

Gateway

Active Forwarding Gateway Detail

Active GatewayBack-end vNIC

Default compartment

VSID 5001 “MyNetwork” Untagged

10.254.254.2 172.16.0.2

Front-end vNIC

Physical Router172.16.0.1172.16.0.0/28

Virtual Network“MyNetwork”VSID 5001: 10.254.254.0/29VSID 5002: 172.16.1.0/24

Virtual Network CA space w/ Forwarding

“MyNetwork” subnet157.16.1.0/24

Frontend 157.16.0.0/28

R

VM 1157.16.1.

2

VM 2157.16.1.

3

VM N157.16.0.

4

Routing subnet10.254.254.0/29

157.16.0.1

Physical Router Route 157.16.1.0/24 157.16.0.4

10.254.254.2GW1 (active)157.16.0.4

DG: 157.16.0.1

GW2 (standby)HA

Gateway

HNV Router

157.16.1.1

R10.254.254.1

GW-H02GW-H01HV-H03HV-H02HV-H01

INET

Demo Environment

FW/NATAD

DNSDHCP

WAP

Internet - 131.107.156.0/24 VLAN 666Datacenter – 172.16.0.0/16 Untagged

Top-of-rack Switch

GW-HV-CL01CC-HV-CL01

VMM SQLSOFS iSCSI Target

Tenant VM

SMB-CL01

NIC NIC

VS VSNIC NIC

NICNIC NIC

VS NIC

NICNIC

VS NIC

NIC NIC

VS NIC

NIC

NVGREGatewa

y

NVGREGatewa

y

GW-VM-CL01

Virtual Network

Your datacenter

On premises

Connecting Private Cloud with Azure

Subnet 1 Subnet 2 Subnet 3 DNS Server

Individual computersbehind corporate

firewall

VPN Gateway

VPN Device

Site-to-SiteVPN

Remote workers

VPN Device

Extend your datacenter to Azure by creating VMs in private networks

Connect individual computers to Azure VMs and virtual networks using Point to Site connectivity without VPN device

Windows inbox gateway to connect virtual networks in private cloud and Azure

Networking in the Hybrid Cloud

INET

With better practicesHV-H01 GW-H01

NIC NIC

INET

VS VSNIC NIC

FW/NATAD

DNSDHCP

WAP1NVGREGatewa

y

Internet - 131.107.156.0/24 VLAN 100Datacenter – 172.16.0.0/16 VLAN 200DMZ – 10.0.0.0/24 VLAN 300

NICNIC

GW-H02

NIC

VS NIC

NIC

HV-H02

NIC

VS NIC

WAP2

NIC

VLAN Trunks

GW-HV-CL01

SOFS

Cluster

HV-H03

NIC

VS NIC

Tenant VM

NIC

HV-CL01

ADDNS

DHCP

VMM1 SQL1

ADDNS

DHCP

VMM2 SQL2

NVGREGatewa

y

Infra for untrusted

ADDNS

ADDNS

ADDNS

SOFS

Cluster

GW-VM-CL01

Advancing Software Defined

Networking

Simplifying Datacenter

Network management

Improving Network

Performance

Delivering Continuously

Available Applications

Scenario summary

Networking in the Hybrid

Cloud

DCIM-B314 Extend Datacenter Networking with Partner Solutions

Related content

DCIM-B378 Converged Networking for Windows Server 2012 R2 Hyper-V

DCIM-B344 Network Tuning for Specific Workloads

Find us at the TechExpo hall

Download and evaluate System Center 2012 R22 http://www.microsoft.com/en-us/server-cloud/evaluate/trial-software.aspx

Refer to additional System Center 2012 R2 resourceshttp://www.microsoft.com/systemcenter

System Center marketplacehttp://systemcenter.pinpoint.microsoft.com

Check out our blogshttp://blogs.technet.com/server-cloud

Track resources

Come Visit Us in the Microsoft Solutions Experience!

Look for Datacenter and Infrastructure ManagementTechExpo Level 1 Hall CD

For More InformationWindows Server 2012 R2http://technet.microsoft.com/en-US/evalcenter/dn205286

Windows Server

Microsoft Azure

Microsoft Azurehttp://azure.microsoft.com/en-us/

System Center

System Center 2012 R2http://technet.microsoft.com/en-US/evalcenter/dn205295

Azure PackAzure Packhttp://www.microsoft.com/en-us/server-cloud/products/windows-azure-pack

Resources

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

msdn

Resources for Developers

http://microsoft.com/msdn

TechNet

Resources for IT Professionals

http://microsoft.com/technet

Sessions on Demand

http://channel9.msdn.com/Events/TechEd

Complete an evaluation and enter to win!

Evaluate this session

Scan this QR code to evaluate this session.

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.