A router's thoughts

There have been some questions regarding the correct configuration for Virtual Networks and clusters in SCVMM 2008. So here is how the networks should be set in a cluster and how this helps migrating VMs within the cluster.

To be able to use a Virtual Network in a node that belongs to a cluster, the configuration must meet these 3 conditions:

1. The Name of the Virtual Network must be the same in all the nodes of the cluster
2. The Tag of the Virtual Network must be the same in all the nodes of the cluster
3. Just for external Virtual Networks:
1. The location of the NIC attached to the Virtual Network must be the same in all the nodes of the cluster

If your configuration meet these 3 conditions you will be able to use your Virtual Network for your HA VMs.

If you have your VM connected to a Virtual Network in one node that does not meet these conditions your VM will go into unsupported cluster configuration and you need to either disconnect the VM from that Virtual Network by choosing the option 'Repair'. OR you can fix the configuration issue with your Virtual Network and then refresh the cluster to make sure the changes have been applied

Q. What happens when I migrate a VM within the cluster? (Quick migration or Live Migration for Win2k8 R2)

A. Each NIC of the VM will be connected to the equivalent Virtual Network on the destination node. This is the Virtual Network with the same Name, location and tag on the destination Host.

Q. What If I'm moving the VM to another cluster or a standalone host outside of the cluster?

A. When moving a VM in or out a cluster the the normal conditions are applied. This is: Network location and tag are used to deterine the right Virtual Network in the destination host to use.

Let's talk a little bit about Private Virtual Networks in Hyper-V

Private virtual Networks are the easiest VNs to understand. A Private VN can be used to offer communication between Virtual Machines within the same Host. In other words, a VM connected to a private VN, can only communicate with VMs connected to that VN. (Using the Private VN)

Let's take quick look at them

Note that the VIrtual Network does not have any copmmunication with the Host or with Physical Network Cards (The ones plugged in the Physical Machine)

You can as well configure VLANs in this private networks to separate VMs traffic. In the image below we can see 3 VMs connected to the same Virtual Network using different VLANs to isolate traffic.

The ‘preferred location’ and ‘preferred tag’ configured under a Virtual Netowrk Adapter in a VM, template or harware profile, are used during placement to choose hosts with the desired connection requirements and during deployment to choose the Virtual Network in the elected host that best fits your network connections requirements.

This way you can have you deployed VM in a host that fits your connections requirements and the VM is connected to the Virtual Netowrk that offers you the connection requirements.

The location is a VMHostNetworkAdapter property detected from the DHCP server related to the Active Directory tree. It's empty if this property cannot be autodetected.

• The Location property is inherited by Virtual Networks when these are attached to a physical NIC.
• When the Virtual Network does not have any physical NIC attached, the special 'Internal Network' is associated with them. 
• The location can be overriden to any non-empty value of your choice if you don't like or you don't have the autodetected location

The tag is a Virtual Network property that helps you differentiate between Virtual Networks connected to the same location. This way you have one more level of granularity when electing the best Virtual Network.

A couple of notes:

• When using static IP addresses for the hosts, the location is not detected as it is detected from the DHCP response.
• When denying the host access to an External Virtual Network, the location cannot be detected since there is no IP stack on the Host partition.

 A code example where we get the Locations of the virtual Networks that have a NIC attached and the locations of those Network cards:

The Virtual Network:

PS > get-virtualnetwork | where {$_.VMHostNetworkAdapters} | select Locations

Locations
---------
{}
{mylocation}

A lot of people keep asking me why the lose Network communication with their host, what's a VLAN, and many more things. So I'm going to try to show how things work internally from the Networking point of view. I'll try to explain what all Virtual Networks, VN from now on, really are and in coming post I'll try to explain each of these VNs.

For those people a little bit familiar with physical switches: A Virtual Network is pretty much the same as a Physical Switch. It has ports where you connect your machines, configure ports with trunk mode, access mode, native VLANs and connect them with other switches.

But, I don't understand, what's a Hyper-V Virtual Network?

A Virtual Network is a software logic, part of Hyper-V that sends and receives packets in the layer 2 of the OSI model to the desired destination (switching). This can be a Virtual Machine (a Hyper-V Guest), the Host (Hyper-V Server) or the outter world.

What does that mean? Does Hyper-V Virtual Networks do packet routing?

What it means is that Hyper-V Virtual Networks do not understand the layer 3 of the OSI model. In other words, VNs don't perform IP routing because VNs do not deal with IP addresses.

Can Virtual Networks connect to each other?

No, well, at least not using Hyper-V. You need an external device to do such a thing

What are VLANs?

VLAN stands for Virtual LAN. VLANs is an extension to the layer 2 that adds a tag to the Ethernet Packet indicating a VLAN ID. With these tags, Physical Switches and VNs can differentiate the LAN segment to which a packet belongs.

What are the advantages of VLANs?

With VLANs you can have separate traffic within the same physical switch (and within the same VN). For each VLAN, the VN keeps a separate forwarding table (Content Addressable Memory, CAM table) with the MAC addresses and the ports associated.

Switch Ports and VN ports can work in two modes:

• Access Mode:  When configured in this mode, the fraffic flowing through the port is not tagged and all traffic belongs to the same VLAN (VLAN ID). The packets are plain Ethernet packets, but the VN (and the physical switch) knows that the packets on that port belongs to the confrigured VLAN
• Trunk Mode: When configured in this mode, the traffic flowing through the port is tagged. The VLAN ID indicated on the tag tells the switch to what VLAN the packet belongs to.
  

Let's see a couple of pictures. In the first one we can see the physical connections (Layer 1) where a router, a web server a firewall and a database server with the port configuration showed in the picture:

In the picture above you can see that all network devices are connected to the switches what can make you think all of them can connect to each other. However, we can take a closer look to the VLAN mode and VLAN ID configured in each port.

• Only devices within the same VLAN can connect to each other.
• All ports where a server, router or firewall is connected have access mode configured, this means that there is no need to configure any VLAN information in such devices. They are unaware of the VLANs.
• The cable connecting both Switches is connected to one port of each switch with analog configuration, trunk mode and VLANs 12 and 32 are transferred through the same link.

Finally the next picture shows the layer communications between the devices. I left the physical switch on the back to make it easier to identify where the VLANs reside

• VLAN 12 connects the router and the web server through the trunk link
• VLAN 22 connects the web server and firewall within the same switch
• VLAN 32 connects the firewall and the database through the trunk link as VLAN 12. Both of them travel on the same cable but traffic is kept separated. The router and the web server  cannot communicate  the database directly but through the firewall

I hope this post helps understanding what a VLAN is and how they are used to provide communications between different devices.

In upcoming posts I'll talk about the Hyper-V approach to implement Virtual Networks (virtual objects analog to Physical Switches)

Using BACS version 11.6.10 you can create NIC teams in you Hyper-V Server to ensure Virtual Machines connectivity and manage your BASP NICs from Virtual Machine Manager. Just follow these easy steps

1. Remove any existing External Virtual Networks connected to the NICs that are part of the team
2. Use BACS to create your team, configure the desired team Type, add the NICs involved in the team and add the VLANs you want
3. Refresh the Host in VMM. Now you should see your BASP Virtual Adapters in the hardware of your host like this:
   

4. Once these adapters show up in your Host in VMM you can create one external Virtual Network for each Virtual BASP Network Adapter
1. Do not configure any VLANs on these Virtual Networks since the BACS software is in charge of this
2. When selecting the BASP Virtual Adapter, you must check in the BACS software the Name of the BASP adapter to select the correct one in VMM:
   

5. Connect a VM to the desired Virtual Network adapter.
6. Now your VM is connected to a VN that provides the Failover and High availability provided by BACS