3.3.1 implement Hyper-V Network Virtualization
Network Virtualization is a layer 2 process in which the inside virtual network is independent of the outside physical network, and can be configured to communicate with other hypervisors as one network, regardless of the physical network.
2 possible ways that Hyper-V can accomplish this:
NVGRE: Network Virtual Generic Routing Encapsulation. This builds encapsulated tunnels between hyper-v virtual hosts.
IP Rewrite: this is a NAT approach at each host, which translate the virtual addresses to physical ones.
Provider Addresses(PA) : Unique IP addresses assigned to each host. physical addresses
Customer Addresses(CA): virtual IP addresses assigned to VM's.
Virtual subnet ID(VSID): a GRE key that signifies which virtual network the packet is on.
Routing Domain ID(RDID): a GUID id that signifies a "customer" network which is made up of one or more
VSID's
Network virtualization can be setup using Powershell.
3.3.2 configure Hyper-V virtual switches
Creating a new external switch will appear in the host's network connections. When bound to one of the host's network adapters, the host will communicate directly with the switch, not the physical network. The switch communicates with the physical network.
right-click the hyper-v server, and select Virtual Network Switch Manager
Click New Virtual Network Switch
Give it a name
Select switch type: External, Internal, or Private
External: VM's need access to physical network
Internal: VM's can only communicate internally on the host and with the host. The switch is not bound to a
network adapter
Private: VM's can only communicate with each other on this switch. Not the host or physical. switch is not
bound to a network adapter.
If external, select a network adapter to bind too. Check or uncheck "allow management operating system
to share this adapter". Check to enable SR-IOV
Select a Vlan ID if for the management network.
You can also set global mac addresses for this host in the Virtual Switch Manager(see 3.3.4)
A virtual switch can have up to 512 VM's assigned to it.
Powershell:
new-vmswitch -name "New External Switch" -netadaptername "Broadcom NetXtreme Gigabit Ethernet"
other VM switch commands:
get-vmswitch, set-vmswitch, rename-vmswitch, remove-vmswitch
3.3.3 optimize network performance
1. Use network adapter type(synthetic) instead of legacy for best performance
2. Configure bandwith management under each virtual network adapter in a VM
3. Configure hardware acceleration under virtual network adapter:
a. Virtual Machine Queue(VMQ): uses hardware packet filtering for VM to external VM networking.
enabled by default
b. IPsec task offloading: performs IPsec processing on the network adapter. Enabled by default
c. SR-IOV: maximmizes network throughput
4. Configure advanced settings under each virtual network adapter:
a. Mac Address static or dynamic
b. DHCP guard
c. Router guard
d. Port mirroring
e. NIC Teaming(LBFO)
You can also use GRE offloading for network virtualization if an adapter supports it.
Powershell:
Most of the options above can be set using the following command:
set-vmnetworkadapter http://technet.microsoft.com/en-us/library/hh848457.aspx
3.3.4 configure MAC addresses
In the virtual network switch manager, you can set a range of Mac addresses that will be assigned to guests. This is to prevent multiple hosts from accidently assigning the same mac addresses to VM's.
You can also set an adapter with a static mac address in the VM's network adapter settings
dynamic pool:
set-vmhost -macaddressminimum 00155d08e600 -macaddressmaximum 00155d08ffff
static mac:
set-vmnetworkadapter -vmname 'VMServer' -vmnetworkadaptername 'NIC 1'
-staticmacaddress 00155d08e601
3.3.5 configure network
isolation
Setup standard vlans,
Use a private virtual switch, or
Port Virtual LAN (private VLAN): Can isolate a set of vm's from being able to see each other's traffic, using only 2 vlans: a primary and secondary vlan. This can be setup instead of hyper-v network virtualization if each customer needs to be isolated and only has one VM each.
Powershell examples:
PVLAN
set-vmnetworkadaptervlan -isolated -primaryvlanid 10 -secondaryvlandid 200
Standard VLANS
place all adapters on a VM in vlan 30
set-vmnetworkadaptervlan -vmname 'VMServer' -access 30
create a trunk on a specific adapter
set-vmnetworkadaptervlan -vmname 'VMserver' -vmnetworkadaptername 'NIC 1' -trunk
-nativevlanid 2 -allowedvlanidlist 1-36
Extra note: To remove vlan tagging on an adapter, you can use:
set-vmnetworkadaptervlan -vmname 'VMServer' -untagged
3.3.6 configure synthetic and legacy virtual network adapters
Each VM can have up to 12 virtual network adapters. up to 8 can be network adapter type(synthetic) and up to 4 can be legacy.
Network adapter type(synthetic): Relies on the guest integration components installed on the VM.
Legacy network adapter: supports OS's that do not support guest integration components. Also can be
used for PXE boot if needed.
Powershell
use the -IsLegacy $true parameter on the add-vmnetworkadapter cmdlet to setup a legacy adapter.
No comments:
Post a Comment