This month, my team of fellow IT Pro Technical Evangelists are publishing a series of articles on Why Windows Server 2012 R2? that highlights the key enhancements and new capabilities that we're seeing driving particular interest in this latest release of our Windows Server operating system in the field. This article has been updated now that Window Server 2012 R2 is generally available. After reading this article, be sure to catch the full series at:
Hyper-V Network Virtualization (HNV) is part of our Software Defined Networking (SDN) portfolio that is included inbox with Windows Server 2012 and Windows Server 2012 R2. HNV provides the ability to present virtualized network architectures and IP routing domains to virtual machines (VM’s) in a manner that is abstracted from the existing underlying physical network architecture. By virtualizing the network layer with HNV, several important benefits can be realized around reduced networking complexity, improved configuration agility, enhanced routing performance in highly virtualized datacenters, cross-site Live Migration of VM’s, IP address space portability, and network layer isolation.
Hyper-V Network Virtualization (HNV) – Virtualizing the Network Layer
Windows Server 2012 R2 and System Center 2012 R2 Virtual Machine Manager (VMM) also enhance the inbox HNV capabilities through a number of important additions. In this article, we’ll discuss the benefits of HNV that organizations are leveraging today, the new features present in the “R2” product releases and Step-by-Step resources that you can leverage to begin implementing HNV in your own lab environment.
Much more than simply creating virtual network switches (vSwitches) to connect VM’s to various physical subnets within a datacenter, HNV provides the ability to virtualize entire network address spaces and routing domains, independent of the underlying physical network architecture. Virtualizing the network layer with HNV can provide some very real benefits, including:
Let’s look at each of these areas in greater detail …
HNV doesn’t require the use of Virtual LAN’s (VLANs) in the physical network layer to segment traffic onto separate subnets. As any network engineer will admit, managing dozens of VLANs in modern enterprises can be quite challenging – VLAN adds and changes often requiring touching many different physical network devices and, as a result, can require significant time investments from network administrators. Instead of leveraging VLANs for traffic segmentation and isolation, HNV uses Network Virtualization over GRE (NVGRE) to securely isolate virtualized Layer-3 IP networks and then segment these virtualized networks into one or more IP subnets. Since physical network devices widely support the GRE transport for the NVGRE overlay protocol today, virtualized networks can be easily deployed incrementally without disrupting the existing physical network configuration.
Many organizations that are managing highly virtualized datacenters have seen a huge increase in East-to-West network traffic between IP subnets, that is, the traffic moving “horizontally” between virtualization hosts and virtual machines running in the datacenter. This is in contrast to traditional North-to-South hierarchical network architectures, where routing between subnets had been handled by dedicated core routers. In fact, as organizations increase virtualization densities per-host by moving to larger “scaled-up” virtualization hosts, they have seen East-to-West traffic between IP subnets further flatten out and have experienced higher volumes of cross-subnet traffic between VMs on the same virtualization host. Some organizations using high VM densities and scaled-up host server architectures have reported as much as 75% to 80% of their cross-subnet traffic within the datacenter being between VMs located on the same virtualization host!
With this increasing trend towards routing between VM’s on the same virtualization host or virtualization hosts co-located in the same datacenter racks, it makes sense to look for new ways to bring Layer-3 network routing intelligence into the hypervisor itself. In doing so, this allows virtual switches running locally on each hypervisor host to act as distributed Layer-3 routers so that cross-subnet traffic between VM’s never needs to leave the virtualization host and can occur at system bus speeds instead of physical wire speeds.
HNV addresses distributed Layer-3 routing between virtualized subnets by including a network virtualization routing extension natively inside Hyper-V Virtual Switches running on each Hyper-V host. This distributed router can make cross-subnet routing decisions locally within the vSwitch to directly forward traffic between VM’s on different virtualized subnets within the same virtual network, or routing domain. To manage and distribute the appropriate routing policies to each Hyper-V host, System Center 2012 R2 VMM performs as the routing policy server, enabling the configuration of distributed routers across many Hyper-V hosts to be easily coordinated from a single centralized point of administration.
HNV provides the ability, via the NVGRE overlay protocol, to easily extend consistent virtualized networks and their associated IP address spaces across multiple Hyper-V hosts, physical subnets and physical network locations. As a result, these virtualized networks can be transparently “stretched” across typical physical network boundaries. Since VM’s in this configuration receive their IP addressing based on the address spaces associated with these virtualized networks, and not the underlying physical network, this makes it super-easy to move VM’s across multiple physical subnets while preserving their virtualized IP addresses. As a result, VM’s running on virtualized networks can be easily Live Migrated to new Hyper-V hosts, regardless of the physical subnet to which the destination Hyper-V is attached.
The abstraction of virtualized network IP address spaces from the underlying physical network architecture provides a higher level of portability that is important as organizations consider hybrid cloud strategies. In many cases, virtualized applications can be complex multi-tier applications that stretch across multiple virtual machines. Being able to extend the perimeter of portability beyond a single VM to include an entire virtualized network of several VM’s gives organizations the ability to easily relocate where these more complex applications are physically hosted, without the need for changing the IP address scheme that the application is using to communicate between VM’s. Just pick up that entire virtualized network and move it to a new physical location – HNV provides the agility to extend the virtualized network across the physical network on-demand.
HNV securely isolates each virtualized network in their own routing domain at a physical network layer by dynamically tagging the NVGRE packets that are used to encapsulate the virtualized network traffic. Because virtualized networks are separated by routing domain, they are each independent and cannot communicate with one another without going through an intermediary network virtualization gateway. Because they are completely isolated, each virtualized network can use whatever virtualized IP address space is needed – separate virtual networks can even be configured with the same or overlapping virtualized IP address spaces!
This level of network-layer isolation can be a real benefit when organizations are preparing isolated lab networks, internal network security perimeters or performing a business merger / acquisition. In these cases, the ability to consolidate multiple overlapping IP address spaces on a common physical network architecture while keep them completely isolated from one another can help to accelerate configuration processes and reduce overall infrastructure complexity. Organizations that are hosting shared infrastructure across several customer organizations, such as hosting partners, can also benefit from this network layer isolation, which ensures that each customer tenant is operating in their own secure virtualized network even if all customers are ultimately using the same physical network fabric.
As mentioned earlier in this article, HNV was originally introduced as an inbox Hyper-V capability in Windows Server 2012. In the new “R2” release, several important enhancements have been made to HNV to improve performance and configuration flexibility. Some of the noteworthy enhancements that I’ve seen positively impact customer organizations using HNV include:
HNV, Network Virtualization, and Software Defined Networking are ushering in a new, more agile era of network architectures that can provide real-world benefits today, as well as prepare datacenters for an easier transition towards leveraging hybrid cloud scenarios. Learn more about evaluating and implementing HNV with these great additional resources:
Note: Special thanks to the MVP Authors and Technical Reviewers of the great Step-by-Step guide listed above! Be sure to follow them all on Twitter …
Be sure to check out these additional resources:
Keith Mayer is a Principal Technical Architect at Microsoft, focused on helping ISV partners leverage the Azure cloud platform. Keith has over 20 years of experience as a technical leader of complex IT projects, in diverse roles, such as Network Engineer, IT Manager, Technical Instructor and Consultant. He has consulted and trained thousands of customers and partners worldwide on design of enterprise technology solutions.
Keith is currently certified on several Microsoft technologies, including Azure, Private Cloud, System Center, Hyper-V, Windows, Windows Server, SharePoint, SQL Server and Exchange. He also holds other industry certifications from VMware, Amazon AWS, IBM, Cisco, Citrix, HP, CheckPoint, CompTIA and Interwoven.
You can contact Keith online at http://aka.ms/AskKeith.