Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hyper-V Network Virtualization Motivation & Packet Flows.

Similar presentations


Presentation on theme: "Hyper-V Network Virtualization Motivation & Packet Flows."— Presentation transcript:

1 Hyper-V Network Virtualization Motivation & Packet Flows

2 CloudPublicPrivateHybrid Flexibility Flexibility

3

4 Sales Finance R&D

5

6 Contoso Bank Woodgrove Bank Multiple customers on shared infrastructure Finance Sales Multiple business units on shared infrastructure Multi-Tenant Datacenter

7 Physical location determines network address IP address topology limits VM placement Limited workload mobility Consolidate workloads to efficiently use CPU, storage, network Limited VM placement leads to infrastructure overprovisioning Resource utilization Deploying VMs requires tight cooperation of server/network admins Coordinating teams increases complexity and reduces agility Operational inefficiency VLANs not suited for dynamic cloud topologies Reconfiguration of production switches increases risk Scalable multi-tenancy VM IP addresses are entangled with security and access policies Need to change IP addresses reduces cloud adoption Onboarding

8 Ideal: ConsolidatedTypical: Fragmented

9 Ideal: Workloads placed anywhere and can dynamically grow and shrink without being constrained by the network

10 VLAN tags ToR AggregationSwitches VMs ToR Topology limits VM placement and requires reconfiguration of production switches

11 To improve resource utilization on servers we virtualized them Therefore… Virtualize the Network!

12 Blue VMRed VM Virtualization Physical Server Blue NetworkRed Network Physical Network

13 To Workload Owners Seamless migration to the cloud Move n-tier topology to the cloud Preserve policies, VM settings, IP addresses To Enterprises Private Cloud datacenter consolidation and efficiencies Extension of datacenter into hybrid cloud Incremental integration of acquired company network infrastructure To Hosters Bring Your own IP Bring Your network topology Scalable multi- tenancy To Private/Public Cloud Datacenter Admins Flexible VM placement without reconfiguration Decoupling of server and network admin roles increases agility

14 Virtualization Policy System Center Customer Address Space (CA) Red 2 Blue 2 10.0.0.5 Red 1 Blue 1 10.0.0.510.0.0.7 Blue10.0.0.510.0.0.7Blue10.0.0.510.0.0.7 Blue Corp Red Corp Red10.0.0.510.0.0.7Red10.0.0.510.0.0.7 Datacenter Network Host 1 Host 2 Provider Address Space (PA) 192.168.4.22 192.168.4.11 CAPA

15 Blue CorpRed Corp Blue Subnet1 Blue Subnet3Blue Subnet2 Blue Subnet5 Blue Subnet4 Red Subnet2 Red Subnet1 Blue R&D Net Blue Sales Net Red HR Net Hoster Datacenter Customer VM Network Virtual Subnet

16 Different subnets 10.0.0.5 10.0.0.7 192.168.2.22 192.168.5.55 192.168.2.22  192.168.5.55 10.0.0.5  10.0.0.7 GRE Key Blue Subnet MAC 10.0.0.5  10.0.0.7 10.0.0.7 GRE Key Red Subnet MACMAC 192.168.2.22  192.168.5.55 10.0.0.5  10.0.0.7 10.0.0.7 10.0.0.7 10.0.0.7 10.0.0.7 10.0.0.7 10.0.0.7 10.0.0.7

17 PA Y CA Y Datacenter Host 1 VM 2 VM Y Host 2 CA 2 PA 2 CA 1 AA 1 PA 1 VM 1 CA X AA X PA X VM X System Center Blue VM 1 : MAC 1, CA 1, PA 1 VM 2 : MAC 2, CA 2, PA 3 VM 3 : MAC 3, CA 3, PA 5 … Red VM 1 : MAC X, CA 1, PA 2 VM 2 : MAC Y, CA 2, PA 4 VM 3 : MAC Z, CA 3, PA 6 … Data Center Policy NIC ManagementManagement ClusterCluster StorageStorage Live Migration NIC Hyper-V Switch VSID ACL Isolation Switch Extensions VSID ACL Isolation Switch Extensions Host Network Stack PA 1 Network Virtualization VM 1 System Center Host Agent Windows Server 2012 CA 1 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing

18

19 192.168.4.11 NIC IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing VSID ACL Enforcement Network Virtualization MAC PA1 Blue 1 10.0.0.5 VSID 5001 Red 1 10.0.0.5 VSID 6001 where is 10.0.0.7 ? ARP for 10.0.0.7 Blue 2 10.0.0.7 VSID 5001 Red 2 10.0.0.7 VSID 6001 Hyper-V Switch broadcasts ARP to: 1.All local VMs on VSID 5001 2.Network Virtualization filter Hyper-V Switch Same VSID :: Same Host Use MAC B2 for 10.0.0.7 Blue 1 learns MAC of Blue 2 Blue2 responds to ARP for IP 10.0.0.7 on VSID 5001 with Blue 2 MAC

20 192.168.4.11 NIC IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing VSID ACL Enforcement Network Virtualization MAC PA1 Blue 1 10.0.0.5 VSID 5001 Red 1 10.0.0.5 VSID 6001 Blue 2 10.0.0.7 VSID 5001 Red 2 10.0.0.7 VSID 6001 Hyper-V Switch Same VSID :: Same Host sent from Blue 1 MAC B1  MAC B2 10.0.0.5  10.0.0.7 OOB: VSID:5001 in Hyper-V switch MAC B1  MAC B2 10.0.0.5  10.0.0.7

21 192.168.4.11 NIC IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing VSID ACL Enforcement Network Virtualization MAC PA1 Blue 1 10.0.0.5 VSID 5001 Red 1 10.0.0.5 VSID 6001 Blue 2 10.0.0.7 VSID 5001 Red 2 10.0.0.7 VSID 6001 Hyper-V Switch Same VSID :: Same Host OOB: VSID:5001 in Hyper-V switch received by Blue 2 MAC B1  MAC B2 10.0.0.5  10.0.0.7

22

23 where is 10.0.0.7 ? ARP for 10.0.0.7 Hyper-V Switch broadcasts ARP to: 1.All local VMs on VSID 5001 2.Network Virtualization filter OOB: VSID:5001 Network Virtualization filter responds to ARP for IP 10.0.0.7 on VSID 5001 with Blue 2 MAC ARP for 10.0.0.7 ARP is NOT broadcast to the network 192.168.4.11 NIC Hyper-V Switch VSID ACL Enforcement Blue 1 Red 1 Network Virtualization 10.0.0.5 MAC PA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing 192.168.4.22 NIC Network Virtualization MAC PA2 Hyper-V Switch VSID ACL Enforcement Blue 2 Red 2 10.0.0.7 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing Same VSID :: Different Host

24 MAC PA1 ARP is NOT broadcast to the network OOB: VSID:5001 Use MAC B2 for 10.0.0.7 Blue 1 learns MAC of Blue 2 192.168.4.11 NIC Hyper-V Switch VSID ACL Enforcement Blue 1 Red 1 Network Virtualization 10.0.0.5 MAC PA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing 192.168.4.22 NIC Network Virtualization MAC PA2 Hyper-V Switch VSID ACL Enforcement Blue 2 Red 2 10.0.0.7 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing Same VSID :: Different Host

25 sent from Blue 1 MAC B1  MAC B2 10.0.0.5  10.0.0.7 OOB: VSID:5001 in Hyper-V switch MAC B1  MAC B2 10.0.0.5  10.0.0.7 in Network Virtualization filter OOB: VSID:5001 MAC B1  MAC B2 10.0.0.5  10.0.0.7 NVGRE on the wire MAC PA1  MAC PA2 192.168.4.11  192.168.4.22 5001 MAC B1  MAC B2 10.0.0.5  10.0.0.7 192.168.4.11 NIC Hyper-V Switch VSID ACL Enforcement Blue 1 Red 1 Network Virtualization 10.0.0.5 MAC PA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing 192.168.4.22 NIC Network Virtualization MAC PA2 Hyper-V Switch VSID ACL Enforcement Blue 2 Red 2 10.0.0.7 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing Same VSID :: Different Host

26 received by Blue 2 MAC B1  MAC B2 10.0.0.5  10.0.0.7 OOB: VSID:5001 in Hyper-V switch MAC B1  MAC B2 10.0.0.5  10.0.0.7 NVGRE on the wire in Network Virtualization filter OOB: VSID:5001 MAC B1  MAC B2 10.0.0.5  10.0.0.7 MAC PA1  MAC PA2 192.168.4.11  192.168.4.22 5001 MAC B1  MAC B2 10.0.0.5  10.0.0.7 192.168.4.11 NIC Hyper-V Switch VSID ACL Enforcement Blue 1 Red 1 Network Virtualization 10.0.0.5 MAC PA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing 192.168.4.22 NIC Network Virtualization MAC PA2 Hyper-V Switch VSID ACL Enforcement Blue 2 Red 2 10.0.0.7 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing Same VSID :: Different Host

27

28 192.168.4.11 NIC IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing VSID ACL Enforcement Network Virtualization MAC PA1 Blue 1 10.0.0.5 VSID 5001 Red 1 10.0.0.5 VSID 6001 where is default gateway ? ARP for 10.0.0.1 (default gateway) Blue 2 10.0.1.7 VSID 5222 Red 2 10.0.0.7 VSID 6001 Hyper-V Switch broadcasts ARP to: 1.All local VMs on VSID 5001 2.Network Virtualization filter Hyper-V Switch Different VSID :: Same Host OOB: VSID:5001 Network Virtualization filter responds to ARP with MAC DGW ARP for 10.0.0.1 MAC DGW

29 192.168.4.11 NIC IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing VSID ACL Enforcement Network Virtualization MAC PA1 Blue 1 10.0.0.5 VSID 5001 Red 1 10.0.0.5 VSID 6001 Blue 2 10.0.1.7 VSID 5222 Red 2 10.0.0.7 VSID 6001 Hyper-V Switch Different VSID :: Same Host OOB: VSID:5001 Use MAC DGW for 10.0.0.1 Default Gateway at MAC DGW Blue 1 learns MAC of Default Gateway MAC DGW

30 192.168.4.11 NIC IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing VSID ACL Enforcement Network Virtualization MAC PA1 Blue 1 10.0.0.5 VSID 5001 Red 1 10.0.0.5 VSID 6001 Blue 2 10.0.1.7 VSID 5222 Red 2 10.0.0.7 VSID 6001 Hyper-V Switch Different VSID :: Same Host MAC DGW sent from Blue 1 MAC B1  MAC DGW 10.0.0.5  10.0.1.7 OOB: VSID:5001 in Hyper-V switch MAC B1  MAC DGW 10.0.0.5  10.0.1.7 in Network Virtualization filter OOB: VSID:5001 MAC B1  MAC DGW 10.0.0.5  10.0.1.7 Network Virtualization filter verifies Blue1 and Blue2 are in same routing domain, otherwise packet is dropped

31 192.168.4.11 NIC IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing VSID ACL Enforcement Network Virtualization MAC PA1 Blue 1 10.0.0.5 VSID 5001 Red 1 10.0.0.5 VSID 6001 Blue 2 10.0.1.7 VSID 5222 Red 2 10.0.0.7 VSID 6001 Hyper-V Switch Different VSID :: Same Host MAC DGW received by Blue 2 MAC B1  MAC B2 10.0.0.5  10.0.1.7 OOB: VSID:5222 in Hyper-V switch MAC B1  MAC B2 10.0.0.5  10.0.1.7 in Network Virtualization filter OOB: VSID:5222 MAC B1  MAC B2 10.0.0.5  10.0.1.7 Network Virtualization filter uses VSID and dest MAC of Blue 2 retains source MAC of Blue 1

32

33 where is default gateway ? ARP for 10.0.0.1 (default gateway) Hyper-V Switch broadcasts ARP to: 1.All local VMs on VSID 5001 2.Network Virtualization filter OOB: VSID:5001 Network Virtualization filter responds to ARP with MAC DGW ARP for 10.0.0.1 ARP is NOT broadcast to the network 192.168.4.11 NIC Hyper-V Switch VSID ACL Enforcement Blue 1 Red 1 Network Virtualization 10.0.0.5 MAC PA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing 192.168.4.22 NIC Network Virtualization MAC PA2 Hyper-V Switch VSID ACL Enforcement Blue 2 Red 2 10.0.0.710.0.1.7 VSID 5222 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing Different VSID :: Different Host MAC DGW

34 MAC PA1 OOB: VSID:5001 Use MAC DGW for 10.0.0.1 Default Gateway at MAC DGW Blue 1 learns MAC of Default Gateway 192.168.4.11 NIC Hyper-V Switch VSID ACL Enforcement Blue 1 Red 1 Network Virtualization 10.0.0.5 MAC PA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing 192.168.4.22 NIC Network Virtualization MAC PA2 Hyper-V Switch VSID ACL Enforcement Blue 2 Red 2 10.0.0.710.0.1.7 VSID 5222 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing MAC DGW Different VSID :: Different Host

35 sent from Blue 1 MAC B1  MAC DGW 10.0.0.5  10.0.1.7 OOB: VSID:5001 in Hyper-V switch MAC B1  MAC DGW 10.0.0.5  10.0.1.7 in Network Virtualization filter OOB: VSID:5001 MAC B1  MAC DGW 10.0.0.5  10.0.1.7 NVGRE on the wire MAC PA1  MAC PA2 192.168.4.11  192.168.4.22 5222 MAC B1  MAC B2 10.0.0.5  10.0.1.7 192.168.4.11 NIC Hyper-V Switch VSID ACL Enforcement Blue 1 Red 1 Network Virtualization 10.0.0.5 MAC PA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing 192.168.4.22 NIC Network Virtualization MAC PA2 Hyper-V Switch VSID ACL Enforcement Blue 2 Red 2 10.0.0.710.0.1.7 VSID 5222 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing MAC DGW Different VSID :: Different Host 5222

36 received by Blue 2 MAC B1  MAC B2 10.0.0.5  10.0.1.7 OOB: VSID:5222 in Hyper-V switch MAC B1  MAC B2 10.0.0.5  10.0.1.7 NVGRE on the wire in Network Virtualization filter OOB: VSID:5222 MAC B1  MAC B2 10.0.0.5  10.0.1.7 MAC PA1  MAC PA2 192.168.4.11  192.168.4.22 5222 MAC B1  MAC B2 10.0.0.5  10.0.1.7 192.168.4.11 NIC Hyper-V Switch VSID ACL Enforcement Blue 1 Red 1 Network Virtualization 10.0.0.5 MAC PA1 VSID 5001 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing 192.168.4.22 NIC Network Virtualization MAC PA2 Hyper-V Switch VSID ACL Enforcement Blue 2 Red 2 10.0.0.710.0.1.7 VSID 5222 VSID 6001 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing MAC DGW Different VSID :: Different Host

37

38 Hyper-V Network Virtualization Gateway DCSQLDNS CorpNetCorpNet subnet 10.229.203.x subnet 10.229.202.x subnet 10.229.201.x subnet 10.229.200.x R1R2B1 B2 B3R3R4 Y1Y1Y1Y1 Y2Y2Y2Y2 10.60.x Consolidated Datacenter Hyper-V Network Virtualization Host1Host2Host3

39

40 Blue Corp S2S VPN HostHostHostHost Hoster Datacenter Network Virtualization Fabric Hoster Datacenter Network Virtualization Fabric Web2R2 R1 Web3 Web1 Hyper-V Network Virtualization Gateway DCSQLDNS Red Corp S2S VPN Internet Blue Private Cloud

41

42


Download ppt "Hyper-V Network Virtualization Motivation & Packet Flows."

Similar presentations


Ads by Google