TechEd: Hyper-V 2012 R2 Networking Deep Dive (MDC-B380)

June 6, 2013
in Hyper-V, Microsoft, TechEd 2013
Tags:

Hyper-V in Windows Server 2012 R2 brings a lot of new networking features to the table. This was a deep dive session on what’s new in R2, how MS’s network virtualization works, and how it benefits customers. While Server 2012 brought huge gains to the network stack, R2 rounds out the feature set and makes it ready for large enterprise deployments.

Introduction

  • Three primary goals: Cloud scale performance and diagnostics; Comprehensive SDN, core infrastructure enhancements
  • Requirements to transform networking:
  • 1)  Deliver networking as part of a pooled resource, automated infrastructure
  • 2) Ensure multi-tenant isolation, scale and performance is what you expect
  • 3) Expand datacenter capacity seamlessly as per business needs
  • 4) Reduce operation complexity
  • What is Software Defined Networking (SDN)? Enables software to dynamically manage the network
  • 1) Abstract virtual networks away from physical networks (allow flexibility)
  • 2) Spanning policies across physical and virtual networks
  • 3) Controlling datacenter traffic flow

Hyper-V Network Virtualization (HNV)

  • Multiple virtual networks on a physical network
  • Each virtual network has an illusion it is running as a physical network
  • Overlays physical network
  • Encapsulating using NVGRE protocol
  • Workload owner Benefits: Seamless migration to the cloud, move n-tier topology to the cloud, preserve policies VM settings, IP addresses
  • Enterprise benefits: Private cloud datacenter consolidation and efficiencies, extension of datacenter into hybrid cloud, incremental integration of acquired company network infrastructure
  • Hoster benefits: Bring your own IP, bring your own network topology, scalable multi-tenancy

Windows Server 2012 R2 Enhancements

  • HVN is part of the Hyper-V switch (prior to 2012 R2 it was a NDIS filter)
  • Dynamically learn customer addresses
  • Support Hyper-V clustering
  • Enhanced performance and diagnostics
  • Able to ping the default gateway (if allowed)

Hyper-V Networking Virtualization Concepts

  • VM Network: Network isolation boundary; routing between VM networks must be explicit; comprised of one or more subnets
  • Virtual Subnet (VSID): Broadcast boundary
  • Routing between VM networks is via gateways (now built-in to WS2012 R2, or use third party)
  • Able to re-use IP addresses in different VM networks (bring your own IP)
  • Two kinds of gateways:
  • 1) Default gateway (.1), routes between VMs on different virtual subnets. Built into the HNV filter running on each host
  • 2) HVN gateway: Required to communicate outside a virtual network. Comes in different forms (VPN for site-to-site; load balancing and NAT for internet access; forwarding gateway for in datacenter physical machine access).
  • Partners can also provide gateway (F5 Big-IP software gateway, Iron Networks, and others)
  • Encapsulation: Network virtualization using Generic Routing encapsulation (NVGRE). Provider packet/IP is what the physical networks see, customer packet is encapsulated inside the provider packet and is what the VM see. Provider IPs must be routable on the physical network.

HVN Architecture

  • HVN is automatically enabled for all adaptors
  • New hybrid forwarding in Hyper-V switch
  • New in R2 is the ability of switch extensions (e.g. Nexus 1000v) can see provider and customer packets, not just customer packets like in WS2012
  • Combination of SR-IOV and HVN is not currently supported (since packets bypass the virtual switch). SR-IOV is designed for only extremely high traffic and trusted VMs.

Learning IP Addresses in Virtual Networks

  • New to WS2012 R2 is the ability to learn IP addresses in the customer space, vice explicit addresses set in 2012
  • Broadcast/Multicast support is new in R2
  • Enables new scenarios (DHCP in the virtual network, host and guest clustering)
  • Efficient implementation (uses hardware for Provider Address multicast if configured)
  • if no HW multicast is configured it falls back to intelligent provider address unicast replication – Only one unicast packet not matter how many VMs are on the host
  • Supports many address resolution protocols: DAD, NUD, ARP for IPv4 and IPv6
  • Reliable ARP proxy

Enhanced Performance and Diags

  • HNV + NIC Teaming is now allowed (new in R2)
  • Inbound and outbound spread on virtualized traffic
  • NVGRE Encapsulated Task Offload – Most offloads break when using NVGRE (LSO, RSS, VMQ)
  • Emulex and Mellanox announced NVGRE task offload in hardware
  • Showed a graph where Emulex shows line speed throughput with offload, with big decrease in CPU utilization
  • Look for the Message Analyzer (new netmon) is in beta – Can decode NVGRE packets. Can filter on CA or PA packets
  • Ping -p allows you to ping provider IPs
  • In CA address space you can use test-vmnetworkadapter
  • HVN responds to ICP request to the default gateway – Allows pinging the IP address of the CA default gateway
Print Friendly, PDF & Email
Buy me a coffee

Related Posts

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments