SVR306 Networking and Windows Server 2008 R2 Hyper-V ... - MSDN

slateobservantNetworking and Communications

Oct 26, 2013 (4 years and 2 months ago)

262 views

Jeff Alexander

IT Pro Evangelist

Microsoft Australia

http://blogs.technet.com/jeffa36

Networking and Windows
Server 2008 R2 Hyper
-
V:
Deployment Considerations

SESSION CODE: #SVR306

3

Windows Server 2008 R2 SP1

Microsoft
RemoteFX

leverages the power of
virtualized
graphics resources and advanced codecs

to recreate the
fidelity of hardware
-
assisted graphics acceleration, including
support for 3D content and Windows Aero, on a remote user’s
device. This allows for
a
local
-
like
,
remote experience.

Dynamic Memory allows the
allocation
of a
range of memory

(min
and max) to individual VMs, enabling the system to
dynamically
adjust

the VM’s memory usage based on demand. This provides
more
consistency in system performance
enabling
better
manageability
for administrators

Dynamic Memory

RemoteFX

4

Agenda

Session Objectives and Takeaways


Overview of Networking Architecture with
Hyper
-
V

Teaming Solutions from Partners

Tools and Best Practices

Flexible and robust networking options with
Hyper
-
V

6

Networking Architecture with Hyper
-
V

Windows Hypervisor

VMBUS

VSP

VMBUS

Network

VSC

Driver

IO Stack

App

App

App

VMWP

VMWP

VMWP

VMMS

Emulated
NIC

7

Virtual Interface Types

Synthetic Adapters

No Physical Device

Communicates via VMBus

to
vmswitch.sys

Does Not Support PXE Boot

Significantly higher
performance vs. Emulated

Drivers Exist Only For Supported
OS’s

Windows Server 2003 SP2

Windows Server 2008

Windows Server 2008 R2

Windows XP

Windows Vista

Windows 7

Linux (SLES 10, 11). RHEL 5.x


Emulated Adapters

Emulates a physical DEC21140
chipset

Communicates via Interrupts to
vmwp.exe then to vmswitch.sys

Supports PXE Boot

Drivers Exist For Most OS’s

8

Hyper
-
V Networking Architecture

Network

Physical NIC

(Intel/Broadcom etc…)

Virtual Switch

(vmswitch.sys)

Synthetic
Virtual NIC

(
netvscXXsys
)

TCP/IP

(tcpip.sys)

Application

(Ports/Sockets etc…)

Emulated
Virtual
NIC

(dc21x4vm.sys
)

TCP/IP

(tcpip.sys)

Application

(Ports/Sockets etc…)

Host

Virtual
NIC

(
vmswitch.sys)

TCP/IP

(tcpip.sys)

Application

(Ports/Sockets etc…)

9

Virtual Switch Architecture

Implemented as an NDIS 6.0 MUX Driver

Binds To Network Adapters as a Protocol Driver

Can Enumerate A Single Host Interface

Basic Layer
-
2 Switch Functionality

Dynamically “Learns” Port to MAC Mappings

Implements VLANs

Does Not Implement Spanning Tree

Does Not Implement SPAN/Monitor Mode

Does Not Implement Layer 3


Virtual Switch Types

11

Deployment Considerations

Minimize risk to the Parent Partition

Use Server Core

Don’t run arbitrary apps, no web surfing

Run your apps and services in guests

Moving VMs from Virtual Server to Hyper
-
V

FIRST:

Uninstall the VM Additions

Two
physical network adapters at
minimum

One for
management (use a VLAN too)

One (or more)
for vm
networking

Dedicated
NIC(s) for
iSCSI

Connect

parent

to back
-
end management network

Only expose guests to internet
traffic

12

Hyper
-
V Network Configuration

Example 1:

Physical Server has 4 network adapters

NIC 1: Assigned to parent partition for management

NICs 2/3/4: Assigned to virtual switches for virtual
machine networking

Storage is non
-
iSCSI such as:

Direct attach

SAS or Fibre Channel



13

Hyper
-
V Setup & Networking 1

14

Hyper
-
V Setup & Networking 2

15

Hyper
-
V Setup & Networking 3

16

Windows Server
2008

Each VM on its own Switch…

VM 2

VM 1



“Designed for Windows” Server Hardware

Windows hypervisor

VM 3

Parent Partition

Child Partitions

User
Mode

Kernel

Mode

Ring
-
1

Mgmt

NIC 1

VSwitch 1

NIC 2

VSP

VSP

VSP

VSwitch 2

NIC 3

VSwitch 3

NIC 4

Applications

Applications

Applications

VM Service

WMI Provider

VM Worker
Processes

Wi ndows
Kernel

VSC

Wi ndows
Kernel

VSC

Li nux
Kernel

VSC

VMBus

VMBus

VMBus

VMBus

17

Hyper
-
V Network Configuration

Example 2:

Server has 4 physical network adapters

NIC 1: Assigned to parent partition for management

NIC 2: Assigned to parent partition for
iSCSI

NICs 3/4: Assigned to virtual switches for virtual
machine networking


18

Hyper
-
V Setup, Networking &
iSCSI

19

Windows
Server 2008

Now with
iSCSI


VM 2

VM 1




“Designed for Windows” Server Hardware

Windows hypervisor

VM 3

Parent Partition

Child Partitions

User
Mode

Kernel

Mode

Ring
-
1

Mgmt

NIC 1

iSCSI

NIC 2

VSP

VSP

VSwitch 2

NIC 3

VSwitch 3

NIC 4

Applications

Applications

Applications

VM Service

WMI Provider

VM Worker
Processes

Wi ndows
Kernel

VSC

Wi ndows
Kernel

VSC

Li nux
Kernel

VSC

VMBus

VMBus

VMBus

VMBus


iSCSI

Clustering

21

Basic Hyper
-
V Networking

High
Performance

Easy To Setup

Secure

Virtual Switch

Physical Switch

Hyper
-
V Server

Virtual Machine

Virtual Machine

22

Public and Private Network

Multi
-
Tier Applications

Virtual Switch

Physical Switch

Hyper
-
V Server

Virtual Machine

IIS Frontend

Virtual Machine

SQL Backend

Virtual Switch

23

Guest Routed NAT

Performance Overhead For External
Traffic

External

Virtual Switch

Physical Switch

Hyper
-
V Server

Virtual Machine

Router

Virtual Machine

Private

Virtual Switch

24

Host Routed NAT

Not Recommended For Production

Great For Test Labs or Demos

Works With Wireless
NIC’s

Internal

Virtual Switch

Physical Switch

Hyper
-
V Server

Virtual Machine

Virtual Machine

25

MAC Spoofing

Windows Server 2008
Hyper
-

V virtual switch
susceptible to MAC
spoofing

Enhancement (default
setting) in the virtual
switch in Windows
Server 2008 R2

VM receives
unicast

packets with MAC
address

VM is allowed to send
only if MAC address
matches that of the VM

Management partition
can send and receive
using any MAC address

26

ARP Spoofing Prevention

(NEW in Windows Server 2008 R2 SP1)

Relevant to Multi
-
Tenant Environments

Mutually Untrusted VM’s (
hoster

or different customers)

New in Windows Server 2008 R2 SP1

Hyper
-
V Virtual Switch Exposes API to Associate MAC Address

Prevents VM from sending out ARP response if MAC/IP’s don’t
match

Supports one or many IP addresses per virtual network adapter

Supports IPv4 and IPv6


Prevent IP Spoofing

28

Virtual Networks (VLAN’s)

IEEE 802.1Q
-

Layer 2 Extension Of Ethernet To Allow
Multiple Bridged Networks to Share A Common
Physical Link


Egress (outbound) Network Frames Are “tagged” With
a VLAN Identifier (tag)


Ingress (inbound) Network Frames Are Stripped of
there VLAN Identifier (tag)


29

VLAN Illustration

Physical
NIC

Network

Virtual
NIC

VLAN 35

Virtual
NIC

VLAN 45

Virtual
NIC

VLAN 35

Virtual
NIC

VLAN 25

Virtual Switch


VLAN ID’s

31

Tagging Methods

Virtual NIC Tagging

VLAN Specified Per Virtual NIC

Configured In Hyper
-
V/SCVMM UI/API’s

Static Switch Port Tags

VLAN Specified Per Physical Switch Port

Configured On Physical Network Switch

MAC Address Tagging

MAC Address to VLAN Mapping Created

Configured On Physical Network Switch

Physical NIC Tagging

VLAN Specified On The Physical NIC

32

Network Teaming

Failover Teaming

Typically Two Interfaces

Typically Connected To Different Switches

Provides Redundancy For NIC Card, Cable or Switch
Failure

Aggregation/Load Balancing Teams

Two or More Interfaces

Divides Network Traffic Between Active Interfaces By
MAC/IP Address or Protocol

Redundancy for NIC Card or Cable Failure


33

Caveats To Teaming

Not Supported By Microsoft Support

KB968703: Microsoft Support Policy For NIC Teaming
with
Hyper
-
V

“Since Network Adapter Teaming is only provided by
Hardware Vendors, Microsoft does not provide any
support for this technology thru Microsoft Product
Support Services. “


Hardware Offload Features May Be Disabled

VMq
, Chimney,
IPSec

Offload


VLAN Configuration Is Different


35

Intel
Advanced Networking Services

Teaming Modes

Adapter Fault
Tolerance

Switch
Fault Tolerance

Adaptive
Load
Balancing/Receive
Load
Balancing

Static Link Aggregation

IEEE 802.3ad Dynamic Link Aggregation

Virtual Machine Load Balancing

Only Available For Hyper
-
V Virtual Machines

Provides Send/Receive Load Balancing Across All VM’s
Connected Through The Teamed Interface

Provides Fault Tolerance For Switch, Cable or Adapter
Failures

Resources

Intel
-

Teaming with Advanced Networking Services (ANS)




36

HP

ProLiant

Network Teaming Software

Teaming Modes

Network Fault Tolerance Only (NFT)

Transmit Load Balancing w/Fault Tolerance (TLB)

Switch
-
assisted Load Balancing

IEEE 803.3ad Dynamic Link Aggregation

Automatic


Selects
B
est
O
ption Based On
Hardware/Network Typology


Resources

Using
HP
ProLiant

Network Teaming Software with Microsoft® Windows®
Server 2008 Hyper
-
V or with Microsoft® Windows® Server 2008 R2
Hyper
-
V

HP
ProLiant

Network Adapter
Teaming
-

White
Paper

37

Dell
Broadcom Advanced Control Suite

Teaming Modes

Smart Load Balancing and Failover

IEEE 803.3ad Dynamic Link Aggregation

Generic
Trunking

(FEC/GEC)/802.3ad
-
Draft
Static

Smart Load
Balancing (Auto
-
Fallback Disabled)


Resources

Broadcom
NetXtreme

II™ Network Adapter User Guide

Best Practices for Installation of Microsoft Windows on Dell Servers with
Broadcom
NetXtreme

Devices

38

NIC Teaming On Server Core


Usage
:


PROSETCL.exe <
Team_Create

AdapterList



TeamName

TeamMode
> [/HELP |
/?]

Intel
-

PROSetCL.exe

Broadcom


BACSCli.exe


Usage:


BACScli

-
t team "add o:
\
temp
\
asdf1.bcg“


File Contains Team Configuration and Can Be Created By
Hand Or Saved/Restored

39

Teaming With VLAN’s

40

Networking

Virtual Machine Queue (VMQ) Support

Overview

NIC can DMA Packets Directly Into VM Memory

VM Device buffer gets assigned to one of the queues

Avoids packet copies in the VSP

Avoids route lookup in the virtual switch (VMQ Queue ID)

NIC Presents Multiple Queues To The Physical Host


VM’s Assigned A Queue

Benefits

Host No Longer Has Device DMA Data In Its Own Buffer
Resulting In A Shorter Path Length For I/O (performance
gain)

41

Virtualized Network I/O Data Path

Without VMQ

VM1

VM2

Ethernet

VMBUS

TCP/IP

TCP/IP

VM NIC 1

VM NIC 2

Parent Partition

Virtual Machine Switch


Miniport

Driver

Routing

VLAN filtering

Data Copy

Port 1

Port 2

Parent Partition

Virtual Machine Switch (VSP)

Miniport

Driver

Port 1

Port 2

Routing,

VLAN Filtering, Data Copy

NIC

42

Network I/O Data Path

With VMQ

Parent Partition

VM1

VM2

Ethernet

VMBUS

TCP/IP

TCP/IP

VM NIC 1

VM NIC 2

Virtual Machine Switch


Miniport

Driver

Switch/Routing unit

Default

Queue

Routing

VLAN filtering

Data Copy

Port 1

Port 2

NIC

Parent Partition

Virtual Machine Switch (VSP)

Miniport

Driver

Routing,

VLAN Filtering, Data Copy

Port 1

Port 2

Q2

Q1

43

Go Native!


Accelerate OS Protocols across CPU cores

Integrated Microsoft iSCSI Initiator

Optimized to Maximize I/O Performance

IT Customer

Near Native Virtualization Performance

Intel & Microsoft products ship integrated with iSCSI & 10GbE support


44

Intel® Xeon® Processor 5580 Platform, Windows Server 2008 R2 and Intel® 82599 10GbE Adapter


1,030,000
IOPs


Single Port


10GbE line

rate


10k

IOPs per CPU point


Performance for real world apps


Future ready: Performance Scales



552k IOPs at 4k represents


3,100 Hard Disk Drives


400x a demanding database workload


1.7m Exchange mailboxes


9x transactions of large eTailers


Jumbo frames: >30% CPU decrease is
common for larger IO size
(jumbo frames not used
here)

Read/Write IOPs and CPU Test

Read/Write IOPs and Throughput Test

Breakthrough
Perf

at 10 Gb/E

45

VMQ Partner Support

Intel

Gigabit ET/EF

Dual Port ~$230

Alacritech

Broadcom

Neterion

ServerEngines

Solarflare

…and many more…

46

Enabling VMQ

Resources

Intel FAQ: VLANs and
VMDq

on Intel® Ethernet
Adapters in Hyper
-
V

Advanced Virtualization
I/O Queuing
Technologies/An Intel
-
Microsoft Perspective


47

Jumbo Frames

Jumbo Frame Support

Ethernet Frames >1,500 bytes

Ad Hoc Standard is ~9k

Overview

Enables 6x Larger Payload Per Packet

Benefits

Improves Throughput

Reduces CPU Utilization Of Large File
Transfers

Ensure All Network Segments Have Jumbo Frames Enabled!

C:
\
>Ping.exe

l 9000 <
src
>

48

Networking and High Availability

Ensure Layer 2 Configuration Is Identical On All Cluster
Nodes (VLAN’s/Team’s/Virtual Switches)

Understand and Mitigate Upstream Failure Points

All Nodes Connected To The Same Switch

Switches With Non
-
Redundant or Single Uplinks

Single DHCP Server

Resources

TechNet
-

Hyper
-
V: Live Migration Network
Configuration
Guide


49

Network Performance Monitoring

Hyper
-
V Virtual
Switch

Bytes/sec, Packets/sec, Broadcast’s/sec, Multicast's/sec,
Directed Packets/sec, Learned MAC Addresses, Purged
MAC Addresses…

Hyper
-
V Virtual Switch
Port

Bytes/sec, Packets/sec, Broadcast’s/sec, Multicast's/sec,
Directed
Packets/sec…

Hyper
-
V Virtual Network
Adapter

Bytes/sec, Packets/sec, Broadcast’s/sec, Multicast's/sec,
Directed Packets/sec


Hyper
-
V Legacy Network
Adapter

Bytes/sec, Bytes Dropped, Frames/sec, Frames Dropped

50

Physical Network Adapter

Virtual Switch

Hyper
-
V
Server

Virtual
Machine

Network Interface Counters

51

Virtual Switch

Virtual Switch

Hyper
-
V
Server

Virtual
Machine

Hyper
-
V Virtual Switch

Counters

52

Virtual Network Adapter

Virtual Switch

Hyper
-
V

Server

Virtual
Machine

Hyper
-
V Virtual Switch

Counters

53

Virtual Switch Port

Virtual Switch

Hyper
-
V
Server

Virtual
Machine

Hyper
-
V Virtual Switch

Counters

54

Networking Tools

Network Monitor

Netsh

Trace

NVSPinfo.js

NVSPscrub.js

NVSPBind.EXE



55

Where To Capture

Virtual Switch

Physical Switch

Hyper
-
V Server

Virtual Machine

Virtual Machine

Virtual Machine


Network Diagnostics

62

www.msteched.com/Australia



Sessions On
-
Demand & Community

http
://

technet.microsoft.com/en
-
au



Resources for IT Professionals

http
://
msdn.microsoft.com/en
-
au




Resources for Developers

www.microsoft.com/australia/learning



Microsoft Certification & Training Resources

Resources

63

Infrastructure planning and design (
ipd
) guide

Windows Server Virtualization

What are IPD Guides?

Guidance & best practices for infrastructure
planning of Microsoft technologies

Windows Server Virtualization Guide
Benefits

Takes you through
the process of designing
components, layout, and connectivity in a
logical, sequential
order

Presents easy to follow steps for
i
dentification
of the
required Hyper
-
V

server hosts

Helps you design and plan virtual server
datacenters


It’s a free download!

Go to
www.microsoft.com/ipd
Question & Answer Session

65

Related Content

SVR302


Hyper
-
V and Dynamic Memory in Depth


SVR305


Virtualization Clustering Tips and Tricks


SVR311


Microsoft System Center Virtual Machine Manager 2008 R2:

Advanced Virtualization Management


SVR316


Performance and Resource Optimization for Virtual Machine
Manager and Hyper
-
V

©
2010 Microsoft
Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademar
ks
and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the
dat
e of this presentation. Because Microsoft must respond to changing market conditions, it should
not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any informatio
n p
rovided after the date of this presentation.
MICROSOFT
MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.