400 likes | 579 Views
25-27 May 2012 Vienna, Austria. Advanced Network Features What’s New & Improved In Windows Server 2012. Advanced Network Features What’s New & Improved In Windows Server 2012. Didier Van Hoye Technical Architect @ FGIA MVP – Virtual Machine Microsoft Extended Experts Team Member.
E N D
25-27 May 2012 Vienna, Austria Advanced Network Features What’s New & Improved In Windows Server 2012
Advanced Network FeaturesWhat’s New & Improved In Windows Server 2012 Didier Van Hoye Technical Architect @ FGIA MVP – Virtual Machine Microsoft Extended Experts Team Member didier.van.hoye@hotmail.com @workinghardinit http://workinghardinit.wordpress.com
Network Bottle NECKS In the host networking stack In the NICs In the switches & routers
Advanced Network Features (1) Receive Side Scaling (RSS) Receive Segment Coalescing (RSC) Dynamic Virtual Machine Queuing (DVMQ) Single Root I/O Virtualization (SR-IOV) NIC TEAMING RDMA/Multichannel support for virtual machines on SMB3.0 DHCP Guard/Router Guard/Port Mirroring
Receive Side Scaling (RSS) • RSS exists for many years. Windows Server 2012 takes RSS to the next generation of servers • Spreads interrupts across all available CPUs • Even for those very large scale hosts • RSS now works across k-groups • Even RSS is “Numa Aware” to optimize performance • Now load balances UDP traffic across CPUs
Receive Segment Coalescing (RSC) • Coalesces packets in the NIC so the stack processes fewer headers • Multiple packets belonging to connection that arrive within a single interrupt are coalesced to a larger packet (max of 64 K) by the NIC • 10 – 30% improvement in I/O overhead
Dynamic Virtual Machine Queue (D-VMQ) • VMQ is to virtualization what RSS is to native workloads • Dynamic VMQ reassigns available queues based on changing networking demands of the VMs
Dynamic Virtual Machine Queue (D-VMQ) Root Partition Root Partition Root Partition Root Partition Physical NIC Physical NIC Physical NIC Physical NIC CPU 0 CPU 1 CPU 3 CPU 0 CPU 1 CPU 3 CPU 0 CPU 1 CPU 3 CPU 0 CPU 1 CPU 3 CPU 2 CPU 2 CPU 2 CPU 2 Dynamic VMQ Static VMQ No VMQ Adaptive processing = optimal performance across changing workloads VMQ Reduces the overhead of routing packets for the HOST
SR-IOV Host Host Physical NIC Virtual Function Virtual NIC Root Partition Root Partition Virtual Machine Virtual Machine Hyper-V Switch Hyper-V Switch Routing VLAN Filtering Data Copy Routing VLAN Filtering Data Copy VMBUS SR-IOV Physical NIC Network I/O path without SRIOV Network I/O path with SRIOV Windows Server 2012 supports direct device assignment to virtual machines without compromising flexibility
Single-Root I/O Virtualization (SR-IOV) direct device assignment to virtual machines without compromising flexibility • Reduces CPU utilization for processing network traffic • Reduces latency of network path • Increases throughput • Supports Live Migration • Requires: • Chipset: Interrupt and DMA remapping • BIOS Support • CPU: Hardware virtualization, EPT or NPT Root Partition Virtual Machine Hyper-V Switch Routing VLAN Filtering Data Copy VMBUS Virtual Function Physical NIC Virtual NIC SR-IOV Physical NIC Network I/O path without SR-IOV Network I/O path with SR-IOV
SR-IOV Enabling & Live Migration Turn On IOV Live Migration Post Migration • Enable IOV (VM NIC Property) • Switch back to Software path • Reassign Virtual Function • Assuming resources are available • Virtual Function is “Assigned” • Remove VF from VM • “NIC” automatically created • Migrate as normal Virtual Machine • Traffic flows through VF Software Switch (IOV Mode) Software Switch (IOV Mode) Network Stack • Software path is not used “NIC” “NIC” SR-IOV Physical NIC Physical NIC SR-IOV Physical NIC Virtual Function Virtual Function Software NIC Software NIC VM has connectivity even if • Switch not in IOV mode • IOV physical NIC not present • Different NIC vendor • Different NIC firmware Windows Server 8 – Developer Preview
Reliability Even when hardware fails … … our customers want continuous availability Tenant 1: Multiple VM Workloads TEAMING Tenant 2: Multiple VM Workloads Data Center Windows Server 8 – Developer Preview
NIC TEAMING • Customers are dealing with way to many issues. • NIC vendors would like to get rid of supporting this. • Microsoft needs this to be competitive & complete the solution stack. No more 3rd party drivers & utilities
NIC Teaming Hyper-V Extensible Switch LBFO Admin GUI LBFO Provider Frame distribution/aggregation Failure detection Control protocol implementation WMI NIC 1 NIC 2 NIC 3 LBFO Configuration DLL IOCTL IM MUX Virtual miniport 1 Port 1 Port 2 Port 3 • Multiple modes: switch dependent and switch independent • Hashing modes: port and 4-tuple • Active -Active and Active - Standby Protocol edge User mode Kernel mode Network switch
NIC TEAMING (LBFO) VM (Guest Running Any OS) VM (Guest Running Windows Server 2012) LBFO Teamed NIC SR-IOV Not exposed LBFO Teamed NIC Hyper-V virtual switch Hyper-V virtual switch Hyper-V virtual switch SR-IOV NIC SR-IOV NIC SR-IOV NIC SR-IOV NIC Parent NIC Teaming Guest NIC Teaming
Remote DMA (Network Direct, SMB-Direct) • Addresses congestion in network stack by offloading the stack to the network adapter • Great for storage traffic: high throughput with low CPU utilization • SMB-Direct uses new RDMA capability if the NICs support this • Windows Server 2012 now supports RDMA low latency, high speed application-to-application data transfer
Advanced Network Features (2) DCTCP/DCB Consistent Device Naming Network virtualization Generic Routing Encapsulation (GRE) IPSEC Task Offload for Virtual Machines (IPsecTOv2) Wireless Network Support
DCTCP Requires LESS Buffer Memory 1Gbps flow controlled by DCTCP • Requires 30KB of memory • Smooth 1Gbps flow controlled by TCP • Requires 400 to 600KB of memory • TCP saw tooth visible
Datacenter TCP (DCTCP) • W2K12 deals with network congestion by reacting to the degree & not merely the presence of congestion. • DCTCP aims to achieve low latency, high burst tolerance, and high throughput, with small buffer switches. • Requires Explicit Congestion Notification (ECN, RFC 3168) capable switches • Algorithm enabled when it makes sense (low round trip times, i.e. in the data center)
Datacenter TCP (DCTCP) Running out of buffer in a switch gets you in to stop/go hell by getting a boatload of green, orange & red lights along your way Big buffers mitigate this but are very expensive
Datacenter TCP (DCTP) You want to be in a green wave Windows Server 2012 & ECN provides network traffic control
Data Center BRIDGING (DCB) • Prevents congestion in NIC & network by reserving bandwidth for particular traffic types • Windows 2012 provides support & control for DCB, tags packets by traffic type • Provides lossless transport for mission critical workloads
DCB Requirements • Enhanced Transmission Selection (IEEE 802.1Qaz) • Priority Flow Control (IEEE 802.1Qbb) • (Optional) Datacenter Bridging Exchange protocol • (Not required) Congestion Notification (IEEE 802.1Qau)
Generic Routing Encapsulation (GRE) • Multi-tenant scenarios: hide the tenant’s multi-premise networking from the datacenter’s networking. • GRE (RFCs 2784 & 2890) provides the mechanism to tunnel tenant networks over the datacenter network • GRE breaks today’s task offloads if the NIC vendors don’t support GRE offload
Generic Routing Encapsulation (GRE) • 1 Provider Address per HOST (shared by all VMs on the host) • Embed Tenant Network ID in the GRE header Key field GRE Key=20 MAC 10.1.1.1110.1.1.12 192.168.2.22192.168.5.55 GRE Key=30 10.1.1.1110.1.1.12 192.168.2.22192.168.5.55 MAC 192.168.2.22 192.168.5.55 1:N 10.1.1.11 10.1.1.11 10.1.1.12 10.1.1.12 10.1.1.1110.1.1.12 10.1.1.1110.1.1.12 10.1.1.1110.1.1.12 10.1.1.1110.1.1.12
IPsec Task Offload • IPsec is a CPU intensive workload => Offload to NIC • In demand due to compliance (SOX, HIPPA, etc.) • IPsec is required & needed for secured operations • Only available to host/parent workloads in W2K8R2 • Now extended to VMs • Managed by the Hyper-V switch
Bandwidth Network Management Manage the Network Bandwidth with a Maximum and a Minimumvalue SLAs for hosted Virtual Machines Control per VMs and not per HOST
Hyper-V Extensible Switch • Filtering extensions can also be implemented using NDIS filtering APIs Example: VM DoS Prevention by Broadcom • Windows Filter Platform (WFP) Extensions can inspect, drop, modify, and insert packets using WFP APIs • Windows Antivirus and Firewall software uses WFP for traffic filtering Example: Virtual Firewall by 5NINE Software • Capture extensions can inspect traffic and generate new traffic for report purposes • Capture extensions do not modify existing Extensible Switch traffic Example: sflow by inMon • Forwarding extensions direct traffic, defining the destination(s) of each packet • Forwarding extensions can capture and filter traffic Examples: Cisco Nexus 1000V and UCS NEC OpenFlow VM1 VM2 Root Partition Firewall BFE Service Callout Filtering Engine Extensible Switch Extension Protocol Capture Extensions Capture Extensions VM NIC Physical NIC Host NIC VM NIC WFP Extensions WFP Extensions Filtering Extensions Filtering Extensions Forwarding Extensions Forwarding Extensions Extension Miniport
Advanced Network FeaturesWhat’s New & Improved In Windows Server 2012 Question & Answers