- \n
- Connectivity: multi-tenancy, isolation, mobility, bring-your-own-IP. Result: VM Networks. <\/li>\n
- Capability: QoS, security, optimizations, monitors, extensibility. Result: Logical Switch <\/li>\n<\/ul>\n
Also worked on a partner ecosystem. Moving on \u2026<\/p>\n
Step 1: Plan<\/u><\/strong><\/p>\n
- \n
- Design: draw your network. Ask questions up front to get answers <\/li>\n
- Hardware: use hardware that supports your design. Iterate back on your design. Configure the hardware. <\/li>\n
- VMM configuration: Create logical objects. Configure hosts. Add tenants. Deploy workloads <\/li>\n<\/ol>\n
Network Design<\/u><\/strong><\/p>\n
![\"picture013\"](\"https:\/\/aidanfinn.com\/wp-content\/uploads\/2013\/06\/picture013_thumb.jpg\" "\\"picture013\\"")
<\/a><\/p>\nQuestions: How do I provide isolation?<\/p>\n
- \n
- Data center isolation: separation of infrastructure traffic as security boundary and for QoS <\/li>\n
- Tenant islotion <\/li>\n<\/ul>\n
Can do this via:<\/p>\n
- \n
- Physical separation: physical switches and adapters for each type of traffic <\/li>\n
- Layer 2: VLAN: Tag is applied to packets to control forwarding. Very mature and well understood. Limited number (4096) and very complex after a while. <\/li>\n
- Layer 2: PVLAN: Primary and secondary tags are used to isolate cliens while still giving access to shared services. Limited support in VMM 2012 SP1. <\/li>\n
- HNV: Use NVGRE encapsulation to isolate tenants <\/li>\n<\/ul>\n
![\"picture014\"](\"https:\/\/aidanfinn.com\/wp-content\/uploads\/2013\/06\/picture014_thumb.jpg\" "\\"picture014\\"")
<\/a><\/p>\nYou can simulate community in VMM by using network virtualization on the back end of your isolated PVLANs \u2013 a common VM Network. <\/p>\n
Network Virtualization: you can create networks on the fly that are abstracted from the physical VLAN that they are connected to.<\/p>\n
![\"picture015\"](\"https:\/\/aidanfinn.com\/wp-content\/uploads\/2013\/06\/picture015_thumb.jpg\" "\\"picture015\\"")
<\/a><\/p>\nNo Isolation<\/u><\/strong><\/p>\n
- \n
- Why: provides direct access to the logical network. VMM picks the right VLAN based on placement. <\/li>\n
- Upgrade to SP1: Pre-SP1 VMs have direct connectivity to the logical network by default <\/li>\n
- Direct access to infrastructure: Think of the system center in a VM scenario <\/li>\n<\/ul>\n
Where should you use what?<\/u><\/strong><\/p>\n
![\"picture016\"](\"https:\/\/aidanfinn.com\/wp-content\/uploads\/2013\/06\/picture016_thumb.jpg\" "\\"picture016\\"")
<\/a><\/p>\nAddress spaces<\/u><\/strong><\/p>\n
- \n
- Size based on broadcasts and address utilization <\/li>\n
- Can be DHCP and static <\/li>\n
- IPv4 and IPv6: You have to choose between them when using HNV <\/li>\n<\/ul>\n
SR-IOV<\/u><\/strong><\/p>\n
Great performance and scalability. The trade off is that you lose vSwitch management features. Limited support for Intelligent Placement.<\/p>\n
RDMA<\/u><\/strong><\/p>\n
Great fast storage. Can\u2019t be used on Virtual Switch NICs.<\/p>\n
Teamed Adapters<\/u><\/strong><\/p>\n
3 models:<\/p>\n
- \n
- Non converged. Physical NICs for every task\/role\/network. Cabling nightmare. <\/li>\n
- Converged: Use fewer NICs and QoS to converge roles. <\/li>\n
- Converged with RDMA: See my recent design <\/li>\n<\/ul>\n
Networks in VMM<\/u><\/strong><\/p>\n
- \n
- Logical network: models the physical network. Separates like subnets and VLANs into named objects that can be scoped to a site. Container for fabric static IP address pools. VM networks are created on logical switch. <\/li>\n
- Logical switch: central container for vSwitch settings. Consistent port profiles across data centre. Consistent extensions. Compliance enforcement. <\/li>\n<\/ul>\n
Demo<\/u><\/strong><\/p>\n
It\u2019s VMM 2012 R2. First, create a management network in Fabric \u2013 Logical Networks. Calls it management. He chhoses \u201cOne connected network\u201d. Adds a Network Site that is scoped to a host group, and uses a DHCP subnet (and VLAN ID). Creates a clustering \u201cOne connected network\u201d logical network with a network site\/subnet with static IP (and VLAN ID). Creates a second network site with a static IP subnet (and VLAN ID).<\/p>\n
Then creates IP pools for the 2 clustering network sites.<\/p>\n
Now creates and External (name\/purpose) logical network. Sets the Network site and IP subnet\/VLAN. Then creates an IP pool for External.<\/p>\n
For VLAN tenant isolation, he can create a logical network with lots of VLANs\/subnets in a network site. Each subnet would require an IP pool. <\/p>\n
VM Networks are required for connecting virtual NICs. For the tenant network (using VLANs) the VM Network will be assigned to a specific VLAN\/subnet in the tenant logical network.<\/p>\n
No HNV in this demo. That\u2019s in part 2.<\/p>\n
What\u2019s New in VMM 2012 R2?<\/u><\/strong><\/p>\n
All network devices (except load balancers) and services are now \u201cnetwork services\u201d (Virtual switch extension, network manager, network virtualization policy, gateway, physical switch):. New interfaces:<\/p>\n
- \n
- Network manage: separation of virtual switch and network management <\/li>\n
- Physical switch <\/li>\n<\/ul>\n
IPAM as a network manager:<\/p>\n
- \n
- Inbox plugin for Microsoft IPAM <\/li>\n
- Exchange logical networks, sites, and subnets. Doesn\u2019t use the manual\/scheduled script of 2012 SP1. Plugin is shipped in VMM 2012 R2. <\/li>\n<\/ul>\n
Can track utilization and expand as required.<\/p>\n
![\"picture017\"](\"https:\/\/aidanfinn.com\/wp-content\/uploads\/2013\/06\/picture017_thumb.jpg\" "\\"picture017\\"")
<\/a><\/p>\nIn-box plugin for the standards based (CIM) network switch profile. Implemented and shipping with Arista EOS 4.12 \u2013 common across Arista switching platforms.<\/p>\n
Logical Switch<\/u><\/strong><\/p>\n
Why: <\/p>\n
- \n
- Automatic team creation <\/li>\n
- Configuration for data centre on a single object <\/li>\n
- Live Migration limited within a logical switch \u2013 remember that this is an abstraction so it doesn\u2019t limit LM across a data center, etc. <\/li>\n<\/ul>\n
![\"picture019\"](\"https:\/\/aidanfinn.com\/wp-content\/uploads\/2013\/06\/picture019_thumb.jpg\" "\\"picture019\\"")
<\/a><\/p>\n![\"picture020\"](\"https:\/\/aidanfinn.com\/wp-content\/uploads\/2013\/06\/picture020_thumb.jpg\" "\\"picture020\\"")
<\/a><\/p>\nVM Configuration<\/u><\/strong><\/p>\n
- \n
- VM Networks: All vNICs now only connect to VM Networks <\/li>\n
- Port Classifications: Container for port profile settings. For Hyper-V switch port settings and extions port profiles. Reusable. Exposed to tenants through cloud (a classification) <\/li>\n<\/ul>\n
Demo (Logical Switch)<\/u><\/strong><\/p>\n
Everything is now called a port profile (they can be virtual or uplink, depending on what you choose in the wizard). Creates an uplink port profile and configure the NIC teaming configuration. You see the new Dynamic Mode there (only supports WS2012 R2). There is a new option: Host Default. Chooses the default for that particular OS (that is Dynamic on WS2012 R2). Then configures the Network Sites that can use this uplink port profile. You do not need to Enable Hyper-V Network Virtualization in this wizard if your hosts will be WS2012 R2. Doesn\u2019t do any harm if you do.<\/p>\n
Now creates a logical switch. Adds the new uplink port profile (meaning the switch will use that NIC team config). Configures the available QoS policies (virtual ports) for the virtual switches that will be created. <\/p>\n
Now he creates a virtual switch on a host. New Logical switch, select the NIC, join it to the uplink port profile. Then add a second NIC and repeat. This teams the NICs. Can also use virtual network adapters here if you want to create converged networks \u2013 make sure one of them is marked for VMM management if using your default physical management NIC for the NIC team.<\/p>\n
External Isolation<\/u><\/strong><\/p>\n
This is a feature you can do with a forwarding extension to the virtual switch.<\/p>\n
![\"picture021\"](\"https:\/\/aidanfinn.com\/wp-content\/uploads\/2013\/06\/picture021_thumb.jpg\" "\\"picture021\\"")
<\/a><\/p>\nDoes a demo of the NEC PF1000 Programmable Flow OpenFlow forwarding extension, creating the above bits, after creating a VLAN.<\/p>\n
Then a demo of the Cisco Nexus 1000V \u2013 which is now available for download\/sale depending on the edition.<\/p>\n
Forwarding Extensions in VMM 2012 R2<\/u><\/strong><\/p>\n
HNV and forwarding extensions can co-exist in WS2012 R2. Can enable network virtualization in the extension.<\/p>\n
And that\u2019s the end of part 1. You can find part 2 here<\/a>.<\/p>\n
Technorati Tags: System Center<\/a>,VMM<\/a>,Networking<\/a>,Hyper-V<\/a>,Virtualisation<\/a>,Cloud<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"Speakers: Greg Cusanza, Serior PM, Microsoft. Part 1 is getting things going from scratch. Part 2 will be about Hybrid Networking (configuring network fabric for HNV, network virtualization gateways, tenant self-service). Recap on VMM 2012 SP1 Connectivity: multi-tenancy, isolation, mobility, bring-your-own-IP. Result: VM Networks. Capability: QoS, security, optimizations, monitors, extensibility. Result: Logical Switch Also worked … Continue reading “TechEd 2013: How To Design & Configure Networking In VMM (Part 1)”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[14],"tags":[172,181,80,193,195,196],"class_list":["post-14694","post","type-post","status-publish","format-standard","hentry","category-eventnotes","tag-cloud","tag-hyper-v","tag-networking","tag-system-center","tag-virtualisation","tag-vmm"],"aioseo_notices":[],"jetpack_featured_media_url":"","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/14694","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14694"}],"version-history":[{"count":0,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/14694\/revisions"}],"wp:attachment":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14694"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14694"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14694"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"picture013\"](\"https:\/\/aidanfinn.com\/wp-content\/uploads\/2013\/06\/picture013.jpg\" "\\"picture013\\"")
<\/a><\/p>\n