Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hyper-V Network Virtualization Motivation & Packet Flows.

Similar presentations


Presentation on theme: "Hyper-V Network Virtualization Motivation & Packet Flows."— Presentation transcript:

1 Hyper-V Network Virtualization Motivation & Packet Flows

2 CloudPublicPrivateHybrid Flexibility Flexibility

3

4 Sales Finance R&D

5

6 Contoso Bank Woodgrove Bank Multiple customers on shared infrastructure Finance Sales Multiple business units on shared infrastructure Multi-Tenant Datacenter

7 Physical location determines network address IP address topology limits VM placement Limited workload mobility Consolidate workloads to efficiently use CPU, storage, network Limited VM placement leads to infrastructure overprovisioning Resource utilization Deploying VMs requires tight cooperation of server/network admins Coordinating teams increases complexity and reduces agility Operational inefficiency VLANs not suited for dynamic cloud topologies Reconfiguration of production switches increases risk Scalable multi-tenancy VM IP addresses are entangled with security and access policies Need to change IP addresses reduces cloud adoption Onboarding

8 Ideal: ConsolidatedTypical: Fragmented

9 Ideal: Workloads placed anywhere and can dynamically grow and shrink without being constrained by the network

10 VLAN tags ToR AggregationSwitches VMs ToR Topology limits VM placement and requires reconfiguration of production switches

11 To improve resource utilization on servers we virtualized them Therefore… Virtualize the Network!

12 Blue VMRed VM Virtualization Physical Server Blue NetworkRed Network Physical Network

13 To Workload Owners Seamless migration to the cloud Move n-tier topology to the cloud Preserve policies, VM settings, IP addresses To Enterprises Private Cloud datacenter consolidation and efficiencies Extension of datacenter into hybrid cloud Incremental integration of acquired company network infrastructure To Hosters Bring Your own IP Bring Your network topology Scalable multi- tenancy To Private/Public Cloud Datacenter Admins Flexible VM placement without reconfiguration Decoupling of server and network admin roles increases agility

14 Virtualization Policy System Center Customer Address Space (CA) Red 2 Blue Red 1 Blue Blue Blue Blue Corp Red Corp Red Red Datacenter Network Host 1 Host 2 Provider Address Space (PA) CAPA

15 Blue CorpRed Corp Blue Subnet1 Blue Subnet3Blue Subnet2 Blue Subnet5 Blue Subnet4 Red Subnet2 Red Subnet1 Blue R&D Net Blue Sales Net Red HR Net Hoster Datacenter Customer VM Network Virtual Subnet

16 Different subnets   GRE Key Blue Subnet MAC  GRE Key Red Subnet MACMAC  

17 PA Y CA Y Datacenter Host 1 VM 2 VM Y Host 2 CA 2 PA 2 CA 1 AA 1 PA 1 VM 1 CA X AA X PA X VM X System Center Blue VM 1 : MAC 1, CA 1, PA 1 VM 2 : MAC 2, CA 2, PA 3 VM 3 : MAC 3, CA 3, PA 5 … Red VM 1 : MAC X, CA 1, PA 2 VM 2 : MAC Y, CA 2, PA 4 VM 3 : MAC Z, CA 3, PA 6 … Data Center Policy NIC ManagementManagement ClusterCluster StorageStorage Live Migration NIC Hyper-V Switch VSID ACL Isolation Switch Extensions VSID ACL Isolation Switch Extensions Host Network Stack PA 1 Network Virtualization VM 1 System Center Host Agent Windows Server 2012 CA 1 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing

18

19 NIC IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing VSID ACL Enforcement Network Virtualization MAC PA1 Blue VSID 5001 Red VSID 6001 where is ? ARP for Blue VSID 5001 Red VSID 6001 Hyper-V Switch broadcasts ARP to: 1.All local VMs on VSID Network Virtualization filter Hyper-V Switch Same VSID :: Same Host Use MAC B2 for Blue 1 learns MAC of Blue 2 Blue2 responds to ARP for IP on VSID 5001 with Blue 2 MAC

20 NIC IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing VSID ACL Enforcement Network Virtualization MAC PA1 Blue VSID 5001 Red VSID 6001 Blue VSID 5001 Red VSID 6001 Hyper-V Switch Same VSID :: Same Host sent from Blue 1 MAC B1  MAC B  OOB: VSID:5001 in Hyper-V switch MAC B1  MAC B 

21 NIC IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing VSID ACL Enforcement Network Virtualization MAC PA1 Blue VSID 5001 Red VSID 6001 Blue VSID 5001 Red VSID 6001 Hyper-V Switch Same VSID :: Same Host OOB: VSID:5001 in Hyper-V switch received by Blue 2 MAC B1  MAC B 

22

23 where is ? ARP for Hyper-V Switch broadcasts ARP to: 1.All local VMs on VSID Network Virtualization filter OOB: VSID:5001 Network Virtualization filter responds to ARP for IP on VSID 5001 with Blue 2 MAC ARP for ARP is NOT broadcast to the network NIC Hyper-V Switch VSID ACL Enforcement Blue 1 Red 1 Network Virtualization MAC PA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing NIC Network Virtualization MAC PA2 Hyper-V Switch VSID ACL Enforcement Blue 2 Red VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing Same VSID :: Different Host

24 MAC PA1 ARP is NOT broadcast to the network OOB: VSID:5001 Use MAC B2 for Blue 1 learns MAC of Blue NIC Hyper-V Switch VSID ACL Enforcement Blue 1 Red 1 Network Virtualization MAC PA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing NIC Network Virtualization MAC PA2 Hyper-V Switch VSID ACL Enforcement Blue 2 Red VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing Same VSID :: Different Host

25 sent from Blue 1 MAC B1  MAC B  OOB: VSID:5001 in Hyper-V switch MAC B1  MAC B  in Network Virtualization filter OOB: VSID:5001 MAC B1  MAC B  NVGRE on the wire MAC PA1  MAC PA  MAC B1  MAC B  NIC Hyper-V Switch VSID ACL Enforcement Blue 1 Red 1 Network Virtualization MAC PA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing NIC Network Virtualization MAC PA2 Hyper-V Switch VSID ACL Enforcement Blue 2 Red VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing Same VSID :: Different Host

26 received by Blue 2 MAC B1  MAC B  OOB: VSID:5001 in Hyper-V switch MAC B1  MAC B  NVGRE on the wire in Network Virtualization filter OOB: VSID:5001 MAC B1  MAC B  MAC PA1  MAC PA  MAC B1  MAC B  NIC Hyper-V Switch VSID ACL Enforcement Blue 1 Red 1 Network Virtualization MAC PA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing NIC Network Virtualization MAC PA2 Hyper-V Switch VSID ACL Enforcement Blue 2 Red VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing Same VSID :: Different Host

27

28 NIC IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing VSID ACL Enforcement Network Virtualization MAC PA1 Blue VSID 5001 Red VSID 6001 where is default gateway ? ARP for (default gateway) Blue VSID 5222 Red VSID 6001 Hyper-V Switch broadcasts ARP to: 1.All local VMs on VSID Network Virtualization filter Hyper-V Switch Different VSID :: Same Host OOB: VSID:5001 Network Virtualization filter responds to ARP with MAC DGW ARP for MAC DGW

29 NIC IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing VSID ACL Enforcement Network Virtualization MAC PA1 Blue VSID 5001 Red VSID 6001 Blue VSID 5222 Red VSID 6001 Hyper-V Switch Different VSID :: Same Host OOB: VSID:5001 Use MAC DGW for Default Gateway at MAC DGW Blue 1 learns MAC of Default Gateway MAC DGW

30 NIC IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing VSID ACL Enforcement Network Virtualization MAC PA1 Blue VSID 5001 Red VSID 6001 Blue VSID 5222 Red VSID 6001 Hyper-V Switch Different VSID :: Same Host MAC DGW sent from Blue 1 MAC B1  MAC DGW  OOB: VSID:5001 in Hyper-V switch MAC B1  MAC DGW  in Network Virtualization filter OOB: VSID:5001 MAC B1  MAC DGW  Network Virtualization filter verifies Blue1 and Blue2 are in same routing domain, otherwise packet is dropped

31 NIC IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing VSID ACL Enforcement Network Virtualization MAC PA1 Blue VSID 5001 Red VSID 6001 Blue VSID 5222 Red VSID 6001 Hyper-V Switch Different VSID :: Same Host MAC DGW received by Blue 2 MAC B1  MAC B  OOB: VSID:5222 in Hyper-V switch MAC B1  MAC B  in Network Virtualization filter OOB: VSID:5222 MAC B1  MAC B  Network Virtualization filter uses VSID and dest MAC of Blue 2 retains source MAC of Blue 1

32

33 where is default gateway ? ARP for (default gateway) Hyper-V Switch broadcasts ARP to: 1.All local VMs on VSID Network Virtualization filter OOB: VSID:5001 Network Virtualization filter responds to ARP with MAC DGW ARP for ARP is NOT broadcast to the network NIC Hyper-V Switch VSID ACL Enforcement Blue 1 Red 1 Network Virtualization MAC PA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing NIC Network Virtualization MAC PA2 Hyper-V Switch VSID ACL Enforcement Blue 2 Red VSID 5222 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing Different VSID :: Different Host MAC DGW

34 MAC PA1 OOB: VSID:5001 Use MAC DGW for Default Gateway at MAC DGW Blue 1 learns MAC of Default Gateway NIC Hyper-V Switch VSID ACL Enforcement Blue 1 Red 1 Network Virtualization MAC PA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing NIC Network Virtualization MAC PA2 Hyper-V Switch VSID ACL Enforcement Blue 2 Red VSID 5222 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing MAC DGW Different VSID :: Different Host

35 sent from Blue 1 MAC B1  MAC DGW  OOB: VSID:5001 in Hyper-V switch MAC B1  MAC DGW  in Network Virtualization filter OOB: VSID:5001 MAC B1  MAC DGW  NVGRE on the wire MAC PA1  MAC PA  MAC B1  MAC B  NIC Hyper-V Switch VSID ACL Enforcement Blue 1 Red 1 Network Virtualization MAC PA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing NIC Network Virtualization MAC PA2 Hyper-V Switch VSID ACL Enforcement Blue 2 Red VSID 5222 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing MAC DGW Different VSID :: Different Host 5222

36 received by Blue 2 MAC B1  MAC B  OOB: VSID:5222 in Hyper-V switch MAC B1  MAC B  NVGRE on the wire in Network Virtualization filter OOB: VSID:5222 MAC B1  MAC B  MAC PA1  MAC PA  MAC B1  MAC B  NIC Hyper-V Switch VSID ACL Enforcement Blue 1 Red 1 Network Virtualization MAC PA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing NIC Network Virtualization MAC PA2 Hyper-V Switch VSID ACL Enforcement Blue 2 Red VSID 5222 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing MAC DGW Different VSID :: Different Host

37

38 Hyper-V Network Virtualization Gateway DCSQLDNS CorpNetCorpNet subnet x subnet x subnet x subnet x R1R2B1 B2 B3R3R4 Y1Y1Y1Y1 Y2Y2Y2Y x Consolidated Datacenter Hyper-V Network Virtualization Host1Host2Host3

39

40 Blue Corp S2S VPN HostHostHostHost Hoster Datacenter Network Virtualization Fabric Hoster Datacenter Network Virtualization Fabric Web2R2 R1 Web3 Web1 Hyper-V Network Virtualization Gateway DCSQLDNS Red Corp S2S VPN Internet Blue Private Cloud

41

42


Download ppt "Hyper-V Network Virtualization Motivation & Packet Flows."

Similar presentations


Ads by Google