450 likes | 469 Views
Explore the latest networking improvements in Windows Server 2012 Hyper-V, covering VM mobility, disaster recovery, and Linux VMs support for optimized cloud solutions.
E N D
VIR315 What’s new in Hyper-V in Windows Server 2012 (Part 2) Stu Fox (@stufox) Technical Specialist, Microsoft NZ
Agenda • What’s new in Windows Server 2012 Hyper-V Part 1 • Scale-up Workloads • Storage • Clustering & Resiliency • Automation & Management • Virtual Machine Migration • What’s new in Windows Server 2012 Hyper-V Part 2 • Networking • VM Mobility • Disaster Recovery • Linux VM’s
Helping You Cloud Optimize Your Business Public Identity ▪ Virtualisation ▪ Management ▪ Development Commontechnologies Private The Microsoft Hybrid Cloud
Building your own cloud just got a lot easier with Windows Server 2012.
Network ConsiderationsCustomers • How do I ensure network multi-tenancy? • IP Address Management is a pain. • What if VMs are competing for bandwidth? • Fully Leverage Network Fabric • How do I integrate with existing fabric? • Network Metering? • Can I dedicate a NIC to a workload?
Windows Server 2012 is optimized for Hybrid Clouds to host multi-tenant workloads Hybrid Clouds Tenant 1: Multiple VM Workloads Tenant 2: Multiple VM Workloads Data Center
In a multi-tenant environment … … customers want security and isolation Security Tenant 1: Multiple VM Workloads Tenant 2: Multiple VM Workloads Data Center LEARN MORE [VIR323] Capabilities to enable Multi-Tenancy in WS2012
Multi-Tenant Network Requirements • Tenant wants to easily move VMs to/from the cloud • Hoster wants to place VMs anywhere in the data center • Both want: Easy Onboarding, Flexibility & Isolation Cloud Data Center Woodgrove Bank Blue 10.1.0.0/16 Contoso Bank Red 10.1.0.0/16
One Solution: PVLAN u Blue10.1.1.21 Green 10.1.1.31 Red1 10.1.1.11 Red2 10.1.1.12 • Isolation Scenario • Hoster wants to isolate all VMs from each other and allow internet connectivity • #1 Customer Ask from hosters • Community Scenario • Hoster wants tenant VMs to interact with each other but not with other tenant VMs • Requires a VLAN id for each “community” (limited scalability, only 4095 VLAN IDs) Hyper-V Switch Isolated 4, 7 Community 4, 9 Community 4, 9 Isolated 4, 7 Win 8 Host To Internet (10.1.1.1)
Hyper-V Network Virtualisation Woodgrove network Contoso network Woodgrove VM Contoso VM Physical server Physical network • Hyper-V Network Virtualisation • Run multiple virtual networks on a physical network • Each virtual network has illusion it is running as a physical fabric • Hyper-V Machine Virtualisation • Run multiple virtual servers on a physical server • Each VM has illusion it is running as a physical server
Even when hardware fails … … customers want continuous availability Reliability Tenant 1: Multiple VM Workloads TEAMING Tenant 2: Multiple VM Workloads Data Center LEARN MORE [WSV321] Windows Server 2012 NIC Teaming & MultiChannel Solutions
Even when multiple VMs are competing for bandwidth … … customers want predictability Predictability 25 15 Tenant 1: Multiple VM Workloads Tenant 2: Multiple VM Workloads Data Center $$ $$$$
Cloud admins want scalability … … and customers want performance Scalability Tenant 1: Multiple VM Workloads Tenant 2: Multiple VM Workloads Data Center
Customers want specialized functionality with lots of choice … … for firewalls, monitoring and physical fabric integration Extensibility Tenant 1: Multiple VM Workloads Tenant 2: Multiple VM Workloads Data Center
Hyper-V Extensible Switch VM1 VM2 Firewall BFE Service • Forwarding extensions direct traffic, defining the destination(s) of each packet • Forwarding extensions can capture and filter traffic • Examples: • Cisco Nexus 1000V and UCS • NEC ProgrammableFlow'svPFSOpenFlow • Filtering extensions can also be implemented using NDIS filtering APIs • Example: VM DoS Prevention by Broadcom • Windows Filter Platform (WFP) Extensions can inspect, drop, modify, and insert packets using WFP APIs • Windows Antivirus and Firewall software uses WFP for traffic filtering • Example: Virtual Firewall by 5NINE Software • Capture extensions can inspect traffic and generate new traffic for report purposes • Capture extensions do not modify existing Extensible Switch traffic • Example: sflow by inMon Root Partition Callout Filtering Engine Extensible Switch Extension Protocol Capture Extensions Capture Extensions VM NIC Physical NIC Host NIC VM NIC WFP Extensions WFP Extensions Filtering Extensions Filtering Extensions Forwarding Extensions Forwarding Extensions Extension Miniport
Feature Rich Networking in the Box • Open, Extensible Virtual Switch • Nexus 1000 Support • Openflow Support • Network Introspection • Much more… • Advanced Networking • ACLs • PVLAN • …much more… • Windows NIC Teaming • Network QoS • Per VNIC bandwidth reservation & limits • Network Metering • DVMQ • SR-IOV Network Support • Reduce Latency & CPU Utilization • Supports Live Migration
Single-Root I/O Virtualisation (SR-IOV) • Reduces latency of network path • Reduces CPU utilization for processing network traffic • Increases throughput • Direct device assignment to virtual machines without compromising flexibility • Supports Live Migration Root Partition Virtual Machine Hyper-V Switch Routing VLAN Filtering Data Copy VMBUS Virtual Function Physical NIC Virtual NIC SR-IOV Physical NIC Network I/O path without SR-IOV Network I/O path with SR-IOV
SR-IOV Enabling & Live Migration Turn On IOV Live Migration Post Migration • Enable IOV (VM NIC Property) • Break Team • Reassign Virtual Function • Assuming resources are available • Virtual Function is “Assigned” • Remove VF from VM • Team automatically created • Migrate as normal Virtual Machine • Traffic flows through VF Software Switch (IOV Mode) Software Switch (IOV Mode) Network Stack • Software path is not used “TEAM” “TEAM” SR-IOV Physical NIC Physical NIC SR-IOV Physical NIC Virtual Function Virtual Function Software NIC Software NIC VM has connectivity even if • Switch not in IOV mode • IOV physical NIC not present • Different NIC vendor • Different NIC firmware
DVMQ vs. SR-IOV Considerations • DVMQ Pros: • Improves VM Performance • Provides Receive Side Scaling benefits by spreading network load across multiple logical processors • Can use the Hyper-V Extensible Switch • DVMQ Cons: • If you need greater than 10 Gb/E for a workload, SR-IOV is likely the better choice • SR-IOV Pros: • Great performance • Great for low latency workloads • SR-IOV Cons: • Bypasses the virtual switch
Cloud Admins Want Scale, Customers PerfDVMQ, IPsec Task Offload, SR-IOV IPsec Task Offload: Microsoft expects deployment of Internet Protocol security (IPsec) to increase significantly in the coming years. The large demands placed on the CPU by the IPsec integrity and encryption algorithms can reduce the performance of your network connections. IPsec Task Offload is a technology built into the Windows operating system that moves this workload from the main computer's CPU to a dedicated processor on the network adapter. SR-IOV is a specification that allows a PCIe device to appear to be multiple separate physical PCIe devices. The SR-IOV specification was created and is maintained by the PCI SIG, with the idea that a standard specification will help promote interoperability. SR-IOV works by introducing the idea of physical functions (PFs) and virtual functions (VFs). Physical functions (PFs) are full-featured PCIe functions; virtual functions (VFs) are “lightweight” functions that lack configuration resources. Dynamic Virtual Machine Queue (VMQ) is a feature available to computers running Windows Server 2008 R2 with the Hyper-V server role installed, that have VMQ-capable network hardware. VMQ uses hardware packet filtering to deliver packet data from an external virtual machine network directly to virtual machines, which reduces the overhead of routing packets and copying them from the management operating system to the virtual machine.
Advanced Network SecurityDHCP Guard, Router Guard, Monitor Port • DHCP Guard is a security feature that drops DHCP server messages from unauthorized virtual machines pretending to be DHCP servers. • Router Guard is a security feature that drops Router Advertisement and Redirection messages from unauthorized virtual machines pretending to be routers. • Monitor Mode duplicates all egress and ingress traffic to/from one or more switch ports (being monitored) to another switch port (performing monitoring)
Manage to a Service Level AgreementNetwork Bandwidth & QoS • Bandwidth Management allows you to easily reserve minimum or set maximums to provide QoS controls to manage to a service level agreement
Windows Server 2012 Networking: It’s All ThereFeature rich, extensible, in the box, no compromises
Your Thoughts on VM Mobility • Don’t provide new features that preclude Live Migration. • I want to be able to securely move any part of a VM anywhere at anytime. No Limits. • No Downtime Servicing • SAN Upgrades/Migrations • When VMs migrate, move the historical data with the VM • Fully Leverage hardware to speed migrations
Virtual Machine Mobility • Live Migration with High Availability • SMB Live Migration • Live Storage Migration Concurrent Migration: Limited Only By Hardware Resources
Live Storage Migration Hyper-V • Enables Storage Load Balancing • No downtime servicing • Leverages Hyper-V Offloaded Data Transfer (ODX) Virtual Machine 1 VHD Stack 3 2 VHD VHD 4 5 Destination Device Source Device
Shared Nothing Live Migration • Migrate a VM Live between two hosts that only share a network connection
demo VM Mobility Name Title Group
VM MobilityComplete mobility. Simply the best. • Live Migration with High Availability • Live Migrate among servers in a failover cluster • SMB Live Migration • Live Migrate VMs among servers with SMB storage • Live Storage Migration • Live Migrate VM storage from one volume to another without downtime • Share Nothing (SNO) Live Migration • Live Migrate VMs among servers with nothing, but an Ethernet connection LEARN MORE [VIR314] Building Flexible Hyper-V Environments for LM & Storage Migration
Disaster Recovery Challenges • Cost • Complexity • Inflexibility • Initial Replication • Distance Requirements
Hyper-V ReplicaUnlimited Replication • Disaster Recovery Scenarios: • Planned, Unplanned and Test Failover • Pre-configuration for IP settings for primary/remote location • Key Features: • RPO/RTO in minutes • Seamless integration with Hyper-V and Clustering • Automatically handles all VM mobility scenarios (e.g. Live migration) • Supports heterogonous storage between primary and recovery • Integrates with Volume Shadow Services (VSS) LEARN MORE [SCIM329] Enabling Disaster Recovery for Hyper-V workloads using Hyper-V Replica
demo Hyper-V Replica
Hyper-V ReplicaComplementsArray Based Replication LEARN MORE [VIR321] Enabling Disaster Recovery for Hyper-V workloads using Hyper-V Replica
Key Hyper-V Replica Takeaways • Easy to Setup • Via wizard • Or, via PowerShell • Works with your current hardware • All you need is two connected servers running Windows Server 2012 • No Guest Dependencies
Microsoft Committed to Interoperability • July 2009 • Microsoft contributes Linux drivers under GPL v2 • March 2012 • “Microsoft appeared in the top-20 contributors for a kernel release” • Q2 2012 • All Hyper-V Drivers in mainline Linux Kernel • Storage, Networking, VMBus, Input, Utilities, etc • SUSE includes the Drivers • Ubuntu 12.04 and later include
Linux on Hyper-V • Linux workloads can be consolidated into VMs running on to a Microsoft hypervisor at no cost • Hyper-V hosted Linux VMs can leverage high-end enterprise features: • High Availability • Live Migration, Shared Nothing Live Migration • VM Replication with Hyper-V Replica • Linux VMs can be managed centrally from System Center VMM • VM scale improvements (CPU, memory, disk, etc.)
Supported Distros (As at Sept 2012) • Refer Here: http://technet.microsoft.com/library/hh831531.aspx • RedHat Enterprise Linux 5.7, 5.8, 6.0-6.3 (with LIS 3.4) • CentOS 5.7,5.8, 6.0-6.3(as for RHEL) • SUSE 11 SP2 (Drivers built in) • FreeBSD 8.2/8.3 https://github.com/FreeBSDonHyper-V/freebsd/wiki/Build-the-kernel-with-the-HyperV-drivers
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.