Insufficient data from Andrew Fryer

The place where I page to when my brain is full up of stuff about the Microsoft platform

February, 2014

  • Lab Ops 19 – Software Defined Networking - where’s my stuff

    Well done if you got through my last post, I bolted a lot of stuff together and it all looks a bit confusing particularly if you are moving from Hyper-V to System Center Virtual Machine Manager 2012 (VMM).  For a start where’s my network settings? When I was testing my rig I found I couldn’t swap out the network connectivity on a test VM from an internal virtual switch to my shiny new VM Network, and when I looked at the error it said I couldn’t change the MAC address of a running VM.  What was going on here was that Hyper-V had assigned a static MAC address at random to my VM and by assigning it to my new VMM infrastructure it wanted to assign a new one.  This got me to wondering about MAC address spoofing which can be important for legacy applications and in Hyper-V you can do this from the advanced features of the Network adapter on a VM. In VMM MAC address spoofing is part of a Virtual Port Profile which also allows us to set the other advance features of Networking in Hyper-V like bandwidth management guest NIC teaming as well as router and DHCP guard..

    Virtual Port Profiles are just logical groupings of these things which you can assign to a logical switch and there are off the shelf ones like Guest Dynamic IP and the Host Management profile we use last time.  This might seem an unnecessary extra step but now that we live in a world of NIC teaming we need to identify the different type of traffic flowing down a fat connection.  We can also see Uplink Port Profiles in this list..

    such as the RDS-FabricUplink I created in my last post, which allows us to connect a logical network and specify how that port gets teamed.  A logical switch has one or more uplink port profiles connected to it and has virtual ports to specify one or more port classifications to describe what traffic this switch can handle.  At this point we can assign the switch to as many hosts as we want and each one will inherit all these properties:

    • The logical switch appears as a Virtual Switch in Hyper-V and is bound to a NIC or team on that host.  When we do that we can see it’s the Uplink Port Profile that is passed to the NIC
    • Underneath that we have one or more Virtual Network adapters which are associated to a VM Network and a Virtual Port Profile.

    When we attach VM to a VM network many of the properties are now greyed out (like those MAC address settings ).

    Anyway I am now ready to create a couple of VM Networks for Dev and Test on which I can put identical VMs without them seeing in each other but also allow them to span hosts ..

       

    To do this I need to create the two VM Networks and integrate them into the networking fabric, by associating them with my logical network (RDS-FabricNet) I created in my last post, and here’s the PowerShell:

    Import-Module VirtualMachineManager
    $logicalNetwork = Get-SCLogicalNetwork -Name "RDS-FabricNet"

    # 2 x VMNetworks each with the same subnet
    $vmNetwork1 = New-SCVMNetwork -Name "DevVMNet" -LogicalNetwork $logicalNetwork -IsolationType "WindowsNetworkVirtualization" -Description "Developer Virtual Network" -CAIPAddressPoolType "IPV4" -PAIPAddressPoolType "IPV4"
    $subnet1 = New-SCSubnetVLan -Subnet "10.10.10.0/24"
    New-SCVMSubnet -Name "DevVMNet Subnet 10" -VMNetwork $vmNetwork1 -SubnetVLan $subnet
    $vmNetwork2 = New-SCVMNetwork -Name "ProductionVMNet" -LogicalNetwork $logicalNetwork -IsolationType "WindowsNetworkVirtualization" -Description "Developer Virtual Network" -CAIPAddressPoolType "IPV4" -PAIPAddressPoolType "IPV4"
    $subnet1 = New-SCSubnetVLan -Subnet "10.10.10.0/24"
    New-SCVMSubnet -Name "ProductionVMNet Subnet 10" -VMNetwork $vmNetwork2 -SubnetVLan $subnet

    At this point You might be wondering about what to do about DNS and AD in this situation as we would normally assign fixed ip addresses to these.  The answer is to start these VMs first and then they’ll get the lowest address by default where x.x.x.1 is reserved on the subnet for the switch. This is similar to Azure except that Azure hands out x.x.x.4 as the lowest address as there are three reserved addresses on a subnet. 

    Anyway the other thing we’ll want to do is specify the new traffic that will be carried on our virtual switch by these VM Networks and to do that we’ll add in another port profile.

    $portClassification = Get-SCPortClassification -Name "Guest Dynamic IP"
    $nativeProfile = Get-SCVirtualNetworkAdapterNativePortProfile -Name "Guest Dynamic IP"
    New-SCVirtualNetworkAdapterPortProfileSet -Name "Guest Dynamic IP" -PortClassification $portClassification -LogicalSwitch $logicalSwitch -RunAsynchronously -VirtualNetworkAdapterNativePortProfile $nativeProfile

    Our design now looks like this..

    We can then assign these VM network to new or existing VMs and it will be available on any hosts we manage in VMM provided we connect those host to our virtual switch. To do that we need a process to create VMs and to do that we need somewhere to put them so next up Storage in VMM.

  • Lab Ops 18 Getting started with Software Defined Networking

    In my last post I finished up where I had my host under management of Virtual Machine Manager (VMM) and that was about it. As with Hyper-V I can’t really use VMM until I have my fabric configured and after adding in hosts the first thing we need to do is look at Networking.  To recap my current setup now looks like this

    image

    Where RDS-Switch is an internal virtual switch, and my RDS-DC is my DC & DHCP server with one scope of 192.168.10.200-254.  VMM has a dynamic ip address and is also hosting SQL Server for its own database.

    If I go to VMM and go to VMs & Services | All Hosts | Contoso | Orange (which is my Dell Orange laptop) I can right click and select View Networking. If I look at the Host Networks all I can see are the physical NICs, If I look at VM Networks all I see is my VMs but no networks and the Network topology screen is entirely blank so what’s going on?  Basically things are very different in VMM than they are in Hyper-V, and frankly we don’t want to use Hyper-V for managing our networks anymore than a VMWare expert would configure networks on individual ESXi hosts.  In our case we use VMM to mange virtual switches centrally where in VMWare distributed switches are controlled in VCenter.  So my plan is to use VMM to create a network topology that reflects what my VMs above are for;  to manage my datacentre.  Later on I’ll add in more networking which will enable me to isolate my services and applications from this, in the same way that Cloud providers like Azure hide the underlying infrastructure from customers.

    If we look at the Fabric in VMM and expand Networking we have 8 different types of objects we can create and there is a ninth VM Networks that shows up under VMs and Services so where to begin?

    Your starter for ten (or nine in this case) is the TechNet guide Configuring Networking in VMM, and once you dig into that you realise that VMM wants to control not just the switching but ip management as well.  The core to all of this are the Logical Network and Virtual Networks which are just containers for various properties including sites and ip pools.   I am going to start simple and as I only have one host just create the first object we need, a Logical Network, that has one connected network.    For now I am going to ignore the sub options to get us started. 

    Logical network properties

    note this is a screen grab from the end of the process

    I can’t create a Logical Network without a Network Site which has a specific subnet and optionally VLAN set..

    network site

    The small print
    As per usual in this series I am going to share the PowerShell to do this.  VMM is very good at allowing you to see the equivalent script when doing something,  however I have modified what VMM spits out to make it easier to read, while ensuring it still worksSmile .  This is a good thing as it’s easy to cut and paste form this post and get exactly the same results and you can see how the variables are passed and related to each other. 
    Note the raw PowerShell from VMM often runs everything at the as a job which is a useful trick it has, and in all cases all our work gets logged in VMM whether using the UI or the VMM cmdlets

    Note the segments in this post are all using the same variables so you will need to turn them in the order shown

    The equivalent PowerShell is: 

    $logicalNetwork = New-SCLogicalNetwork -Name "RDS-FabricNet" -LogicalNetworkDefinitionIsolation $false -EnableNetworkVirtualization $true -UseGRE $true -IsPVLAN $false
    $allSubnetVlan = New-SCSubnetVLan -Subnet "192.168.10.0/24" -VLanID 0
    $allHostGroups = Get-SCVMHostGroup -Name "All Hosts"
    $logicalNetworkDefinition =New-SCLogicalNetworkDefinition -Name "RDS-FabricNet_Site192" -LogicalNetwork $logicalNetwork -VMHostGroup $allHostGroups -SubnetVLan $allSubnetVlan -RunAsynchronously

    Note that in the code above a network site is referred to as a Logical Network Definition.

    VMs are connected to virtual machine networks and we had the option  to create one of these when we created the logical network with the same name. In this case that would have been fine for what I am doing here, as my two VM’s are actually there to manage the hosts in much the same way as a VMWare appliance does.   so I am going to create a virtual network that is directly connected to the logical one..

    VM Network

    $vmNetwork = New-SCVMNetwork -Name "RDS-FabricVNet" -LogicalNetwork $logicalNetwork -IsolationType "NoIsolation"

    However this and the logical network and site are just a containers in which we put our settings as points of management.  We now need to create an uplink port profile from Fabric | Networking | Port Profiles.  This needs to be an Uplink Port profile, and when we select that option we can describe how the underlying NIC can be teamed directly from here rather than doing that it in Server Manager on each host.  We then simply select our Network site (RDS-FabricNet_Site192) and we are done..

    port profile network config

    The one line of PowerShell for this is..
    $nativeProfile = New-SCNativeUplinkPortProfile -Name "RDS-FabricUplink" -Description "" -LogicalNetworkDefinition $logicalNetworkDefinition -EnableNetworkVirtualization $false -LBFOLoadBalancingAlgorithm "HostDefault" -LBFOTeamMode "SwitchIndependent" -RunAsynchronously

    The next piece of the puzzle is to create a Logical Switch.  This is a logical container that emulates  a top of Rack switch in a real server room.  It can have a number of virtual ports but unlike VMWare these are limited by numbers but are there to manage traffic through the use of port classifications.  We’ll need at least one of these and I am going for Host management for the port classification as that is what all of this is for..

    Logical swith link to uplink prot profile

    The PowerShell is:

    $virtualSwitchExtensions = Get-SCVirtualSwitchExtension -Name "Microsoft Windows Filtering Platform"
    $logicalSwitch = New-SCLogicalSwitch -Name "RDS_FabricSwitch" -Description "" -EnableSriov $false -SwitchUplinkMode "NoTeam" -VirtualSwitchExtensions $virtualSwitchExtensions
    $UplinkPortProfileSet = New-SCUplinkPortProfileSet -Name "RDS-FabricUplink-Set" -LogicalSwitch $logicalSwitch -RunAsynchronously -NativeUplinkPortProfile $UplinkProfile

    We should also create a Virtual port with the  host management port classification:

    Logical switch virtual port

    The PowerShell is..

    $portClassification = Get-SCPortClassification -Name "Host management"
    $nativeProfile = Get-SCVirtualNetworkAdapterNativePortProfile -Name "Host management"
    New-SCVirtualNetworkAdapterPortProfileSet -Name "Host management" -PortClassification $portClassification -LogicalSwitch $logicalSwitch -RunAsynchronously -VirtualNetworkAdapterNativePortProfile $nativeProfile

    We can now apply this logical switch is then applied to our hosts by going to its properties and navigating to Hardware | Virtual Switches and adding a new Virtual Switch | New Logical Switch.  Immediately our RDS-FabricSwitch is selected and we can see that our adapter (physical NIC) is connected to the Uplink we have created through this switch.

    Host Virtual switch properties

    However that is just like using virtual switches in Hyper-V manager what we also need to do is to add in a Virtual Network Adapter as in the diagram above.  This picks up the VM Network we already created (RDS-FabricVNet). Notice I can have all kinds of fun with ip addresses here..

    host virtual switch virtual network adapter

    BTW I should have set the Port Profile to the only option available, Host Management, in the above screen shot. If I look at Hardware | Network adapters I can also see my logical network and site..

    host hardware logical network

    The equivalent PowerShell to connect the logical switch virtual network adapter to the host is ..

    #My Host is called Orange

    $vmHost = Get-SCVMHost -ComputerName Orange

    #Note you’ll need to at least change the Get-SCVMHostNetworkAadpter –Name to reflect the NIC in your host.

    $networkAdapter = Get-SCVMHostNetworkAdapter -Name "Broadcom NetXtreme 57xx Gigabit Controller" -VMHost $vmHost
    Set-SCVMHostNetworkAdapter -VMHostNetworkAdapter $networkAdapter -UplinkPortProfileSet $uplinkPortProfileSet
    New-SCVirtualNetwork -VMHost $vmHost -VMHostNetworkAdapters $networkAdapter -LogicalSwitch $logicalSwitch  -CreateManagementAdapter -ManagementAdapterName "RDS-FabricVNetAdatper" -ManagementAdapterVMNetwork $vmNetwork -ManagementAdapterPortClassification $portClassification

    Now we can finally see what on earth we have been doing as this Logical switch we have created is now visible in Hyper-V Manager..

    hyper-v virtual switch

    and if we look at it’s extensions we can see a new Microsoft VMM DHCPv4 Server Switch Extension in here which allows to control all the virtual switches from VMM.

    The tricky part now is to add the VMs to the virtual network. This isn’t tricky because it’s hard it’s tricky because if VMM and the DC loose sight of each other or VMM can’t see the host then we are in trouble so as we can’t easily change these settings in the UI or PowerShell plus we’ll need to flush DNS as DHCP will kick in and change things as well.  However what we are doing is moving VMs that are essentially part of the data centre fabric.  Other VMs would not be affected like this indeed that’s the point we should be able to move VMs together across hosts and datacentres without affecting their connectivity.  

    Here is a diagram of what we have created to contrast with what was above.

    image

    This has been quite a lot of work to achieve very little, but we now have the foundations in place to quickly add in more networks and more hosts and to isolate and manage our networking without needing to use VLANs.  However if there are already VLANs in existence then all of this will work just fine as well (for more on that check this post from the VMM engineering team).

    Now I have a basic network for VMM and the hosts I need to do some of this again for the VMs that will serve out applications.  Until next time have a go at this stuff read the stuff on TechNet and create a lab like this to get your head around it.