7/28/2019 Hyper-V - 4 - Networking

1/16

Hyper-V

Networking

Microsoft IT Camps - Virtualization

7/28/2019 Hyper-V - 4 - Networking

2/16

Virtual Switch Architectur

Implemented as an NDIS 6.0 MUX Driver Binds To Network Adapters as a Protocol Driver

Can Enumerate A Single Host Interface

Basic Layer-2 Switch Functionality Dynamically Learns Port to MAC Mappings

Implements VLANs Does Not Implement Spanning Tree

Does Not Implement SPAN/Monitor Mode

Does Not Implement Layer 3

7/28/2019 Hyper-V - 4 - Networking

3/16

Configuring Virtual Networ

Configured from Virtual Network Manager

External Networks

VMs can communicate with other computers on the network

Only 1 per physical NIC

Internal Networks

VMs can communicate with only other VMs on the same host,and with the host computer

Private Networks

VMs can communicate only with other VMs on the same host

7/28/2019 Hyper-V - 4 - Networking

4/16

Virtual Network Adapters

Synthetic Adapters No Physical Device

Communicates via VMBus to vmswitch.sys

Does Not Support PXE Boot

Significantly higher performance vs.Emulated

Drivers Exist Only For Supported OSs Windows Server 2003 SP2

Windows Server 2008 Windows Server 2008 R2

Windows XP

Windows Vista

Windows 7

Linux (SLES 10, 11). RHEL 5.x

Legacy (Emulated) A

Emulates a physicaDEC21140 chipset

Communicates viaInterrupts to vmw

then to vmswitch. Supports PXE Boot

Drivers Exist For M

7/28/2019 Hyper-V - 4 - Networking

5/16

Network Teaming Failover Teaming

Typically Two Interfaces Typically Connected To Different Switches

Provides Redundancy For NIC Card, Cable or Switch Failure

Aggregation/Load Balancing Teams

Two or More Interfaces

Divides Network Traffic Between Active Interfaces By MAC/or Protocol

Redundancy for NIC Card or Cable Failure

Support provided by hardware vendors

7/28/2019 Hyper-V - 4 - Networking

6/16

Virtual Machine Queue (VM Overview

NIC can DMA packets directly into VM memory VM Device buffer gets assigned to one of the queues

Avoids packet copies in the VSP

Avoids route lookup in the virtual switch (VMQ Queue ID)

Allows the NIC to essentially appear as multiple NICs on the phys(queues)

Benefits Host no longer has device DMA data in its own buffer resulting in

path length for I/O (performance gain)

Recommended to use VMQ instead of VM Chimney (TCP Offlowhich is complex with limited benefits

7/28/2019 Hyper-V - 4 - Networking

7/16

MAC Addresses

Pool of MAC addresses automatically assigned

VMs automatically assigned dynamic MAC add

Use static MAC addresses for DHCP

Use MAC address spoofing for NLB

7/28/2019 Hyper-V - 4 - Networking

8/16

Configuring (MAC) Address P

Hyper-V Microsoft reserved first 3 octets

00-15-5d-**-**-**

Each host has a random pool 00-15-5D-**-**-00

Sysprepping after installing Hyper-Vwill cause both hosts to have thesame pool

Default range of 256 addresses 00-15-5D-**-**-00

00-15-5D-**-**-FF

Will avoid conflicts on the same host Use SCVMM to avoid conflicts across

hosts

SCVMM

Uses broader range tha

First three octets standchangeable 00-1D-D8-**-**-**

Default range of 3,998,addresses 00-1D-D8-B7-1C-00

00-1D-D8-F4-1F-FF

If changing the first thrnot used reserved rangMicrosoft, VMware or

7/28/2019 Hyper-V - 4 - Networking

9/16

Virtual LAN (VLAN)

IEEE 802.1Q - Layer 2 Extension Of EtheAllow Multiple Bridged Networks to ShaCommon Physical Link

Egress (outbound) Network Frames Are

tagged With a VLAN Identifier (tag) Ingress (inbound) Network Frames Are

Stripped of there VLAN Identifier (tag)

7/28/2019 Hyper-V - 4 - Networking

10/16

VLAN Tagging Methods Virtual NIC Tagging

VLAN Specified Per Virtual NIC Configured In Hyper-V/SCVMM UI/APIs

Static Switch Port Tags VLAN Specified Per Physical Switch Port

Configured On Physical Network Switch

MAC Address Tagging MAC Address to VLAN Mapping Created

Configured On Physical Network Switch

Physical NIC Tagging VLAN Specified On The Physical NIC

7/28/2019 Hyper-V - 4 - Networking

11/16

VLAN Tags

VLANs are used to isolate network traffic fnodes that are connected to the same phynetwork

Use VLANs to Isolate Hyper-V host management networks

Isolate virtual machines connected to externanetworks

Isolate virtual machines on a single host com

7/28/2019 Hyper-V - 4 - Networking

12/16

Configuring VLAN Tags Configure VLAN identifiers

On internal and external virtual networks On the network adapters attached to virtual machines

Virtual Network VM Proper

7/28/2019 Hyper-V - 4 - Networking

13/16

VLAN Security

Isolate host and VM networks

Use a dedicated network adapter for host manage Physical network security

Use VLAN tagging for VMs Connects the VMs to a different network from the ho

Can avoid host DOS attacks from network flooding

7/28/2019 Hyper-V - 4 - Networking

14/16

Configuring Firewall Rule

Automatically configured during Hyper-V role installation

Check Windows Firewall with Advanced Security

On Server Core use SConfig tool

Automatically configured when adding a host via VMM

Failover Clustering with a File Server or VMM Library requires

Volume Management to be unblocked

7/28/2019 Hyper-V - 4 - Networking

15/16

VMs Using Network Load Bala To configure VMs in a Network Load Balancing cluster, enable M

address spoofing This ensures the virtual switch will not learn MAC addresses, a

requirement for NLB to function correctly

VMQ does not work with NLB NLB changes the Virtual MAC Addresses which prevents Hyper-V

dispatching the packets directly to the guests queue

7/28/2019 Hyper-V - 4 - Networking

16/16

Takeaways

Hyper-V fully integrated in the Windows Nstack

Choose a synthetic or legacy (emulated) nadapter based on its intended use

Use VLAN tagging & firewall rules for secu Consider using Network Teaming & VMQ f

higher-availability and faster performance