Virtual Networking in VMM 2012 SP1 – Part 1

Virtual Networking in VMM 2012 SP1 – Part 1

  • Comments 28
  • Likes

Welcome to the New Year and to a series of blog postings that will cover how to define, configure and manage Virtual Networks in VMM 2012 SP1. Over the next few months, we plan to cover the following topics using the initial blog “getting started with network virtualization” below as a starting point.  Later posts in this series will go into more details and drill into specific settings and scenarios that may be of interest to you as you start to make use of this technology in your environment.

 

Topic

Description

Getting Started with Network Virtualization

Walk through the basic steps required to create an isolated network in VMM 2012 SP1. We will refer back to this initial posting, expanding specific topics and the implications behind certain decisions

[this post]

Logical Networks

Review considerations for the design of logical networks, network sites and use of vLAN and pvLANS

Part 1 – Logical Networks

Part 2 – How many networks do you need?

Part 3 – Isolation using VLANs

Part 4 – Isolation using PVLANS

Part 5 – Network Virtualization

Port Profiles and Port Classifications

The different types of port profiles, how and when to use them, how port profiles work in converged networks and what part port classifications play

Coming soon!

Logical Switches

Review differences between logical switch vs a virtual switch, how and why you would or would not use each of them in your environment, implications for converged networks

Coming soon!

 

We look forward to your feedback and comments.

 

Assumptions

The focus of the blog series will be virtual networks and the new features introduced in VMM 2012 SP1 and given that, we assume that you have already upgraded to VMM 2012 SP1 and are ready to start taking advantage of the new features and functionality.

We also highly recommend that prior to working through the blog, you familiarize yourself with network virtualization and some of the key concepts and terms. The below link provides a good basis from which to start: http://technet.microsoft.com/en-us/library/jj134230.aspx

 

Introductions

As the primary authors and editors of the series, Damian Flynn (LionBridge Architect and Microsoft MVP) and Nigel Cain (Senior Program Manager, Windows Server and System Center) have been working together as part of LionBridge’s participation on the System Center 2012 SP1 TAP for well over a year. Together, they have presented a number of sessions on creating and managing Private/Hosted Clouds with System Center 2012 at TechEd and MMS and, over the last year, have been discussing the benefits of virtualized networking, how to migrate from pre-existing (pre-VMM 2012 SP1) networking and architecture best practices with Greg Cusanza (Microsoft PM - VMM networking feature owner), Alvin Morales (Microsoft Beta Support Engineer) and a number of others with a view to sharing these findings more generally. We hope this blog will help answer some of the key questions you have on virtual networking and help you get the most of your investment in System Center – Virtual Machine Manager.

 

Getting Started with Virtual Networking

In this first blog of the series, we will walk through the basic steps you need to follow in order to create an isolated network on Windows Server 2012 Hyper-V servers using System Center 2012 SP1- Virtual Machine Manager . This blog will form the foundation of our future postings which will drill into more detail.  You’ll definitely want to bookmark this one as we will come back to it. Thanks to Alvin Morales from CSS Beta Support for helping build out this initial posting.

Note that in the following sections we are assuming you are working in a new environment and will use VMM to configure all elements of virtual networking. In reality, you may have existing Hyper-V hosts with some or all components of networking already pre-configured. We will discuss how to work with these environments in later blog posts.

 

Network Virtualization

The documentation for SC 2012 SP1 – VMM states that network virtualization provides the “ability to run multiple virtual network infrastructures, potentially with overlapping IP addresses, on the same physical network. With network virtualization, each virtual network infrastructure operates as if it is the only one that is running on the shared network infrastructure. This enables two different business groups that are using VMM to use the same IP addressing scheme without conflict. In addition, network virtualization provides isolation so that only virtual machines on a specific virtual network infrastructure can communicate with each other.”

The rest of this document will walk you through the steps required to configure network virtualization “so that only virtual machines on a specific virtual network infrastructure can communicate with each other”. In later blog postings, we’ll talk about how you would use this concept as a basis for a service in which your customers will “bring their own network”.

 

1 Create a Logical Network

A logical network is used to organize and simplify network assignments for hosts, virtual machines and services. As part of logical network creation, you can create network sites to define the VLANs, IP subnets, and IP subnet/VLAN pairs that are associated with the logical network in each physical location.

http://technet.microsoft.com/library/gg610588.aspx

Note that if you are planning to create an isolated network, you must check the option to “Allow new VM networks created on this logical network to use network virtualization”. As later stages of this process build on this logical network concept, if the option is not checked, it may be necessary for you to delete and recreate your logical network to get the desired behavior.

image

When you create a logical network, you can create one or more associated network sites. A network site associates one or more subnets, VLANs, and subnet/VLAN pairs with a logical network. It also enables you to define the host groups to which the network site is available.

image

 

2 Create an IP pool for the logical network

To ensure that each virtual machine has an IP address which can be used on the host network, network virtualization requires that you create an IP pool. IP addresses from this pool are otherwise known as Provider Address (or PA). The IP addresses you provide here will be routable between your Hyper-V hosts.  We’ll cover more about this in later blogs, but you can find more information on IP address pools here: http://technet.microsoft.com/en-us/library/gg610590.aspx

image

 

3 Define a Logical Switch

You can consistently configure identical capabilities for network adapters across multiple hosts by using port profiles and logical switches. Port profiles and logical switches act as containers for the properties or capabilities that you want your network adapters to have across multiple hosts. Instead of configuring individual properties or capabilities for each network adapter on each host, you specify the capabilities in port profiles and logical switches, which you can then apply to the appropriate adapters. You can find more information on logical switches and port profiles at the following location:

http://technet.microsoft.com/en-us/library/jj721570.aspx

The following walks through the steps necessary to create a logical switch. The terms may be slightly confusing, but later blogs will add more details.  Please note that the order of tasks is important and you will need to create an uplink port profile and virtual network adaptor port profile(s) before you can create the logical switch itself.

 

3.1 Create an Uplink Port Profile

The Uplink port profile defines the load balancing algorithms for teaming as well as linking the switch with the network site(s) that you defined in a logical network.

image

As we will talk about in the blog on virtual switches, be sure that the hosts you want to deploy this virtual switch to have been configured to support the logical network(s) you select below.  Otherwise, you will be unable to assign the switch to that host.

image

 

3.2 Define Virtual network adapter port profiles

A number of network adapter port profiles have been created by default for your convenience.   These profiles allow you to configure settings such as Virtual Machine Queue (VMQ), IPsec task offloading and Single-root I/O virtualization (SR-IOV) that can be applied to a given virtual network adaptor. You can also configure security to prevent MAC address spoofing, DHCP guard, router guard, guest teaming, IEEE priority tagging as well as the minimum and maximum bandwidth.  For more information, see the following article: http://technet.microsoft.com/en-us/library/jj628155.aspx.

In terms of getting started, just accept the default list of port profiles for now.  We’ll come back to these and how and why you should configure them in a future blog posting.  For now, just remember that you can use virtual adaptor port profiles to define quality of service and to take advantage of some of the features provided by your host hardware.

 

3.3 Define Port Classifications

A port classification is essentially a label used to group profiles together, it is used in a similar manner to storage classifications in VMM in the sense they are used to hide complexity from users working with a cloud. As with port profiles before, we will accept the default list of classifications for now and discuss these in a later blog.  If interested, you can find more details on port classifications and how they are used in the following article: http://technet.microsoft.com/en-us/library/jj628153.aspx.

 

3.4 Create the Switch

At this point, you can link the different port profiles and classifications in the form of a logical switch which can then be assigned to one or more Hyper-V hosts. Future blog posts will cover logical switch configuration and design choices in much more depth.  For now, just enter a name for the new logical switch and accept the default setting (unchecked) for SR-IOV as shown below.

You can find more information on logical switches in VMM 2012 SP1 at the following location: http://technet.microsoft.com/en-us/library/jj628154.aspx

image

 

On the Uplink settings page of the Create Logical Switch Wizard, you need to indicate whether the logical switch will be connected using either a teamed or a stand-alone physical network adapter and, by specifying one or more uplink port profiles, the list of logical networks that it will be connected to.

 

image

 

The remaining task is to specify which port classifications will be available on this switch. These classifications control the properties such as the security settings and restrictions on network bandwidth that will be applied to the virtual network adapters that are connected to this switch.

 

image

In this example above, the switch will include only a medium bandwidth profile, which essentially means that all virtual machines that connect to the network (using this switch) will have their maximum bandwidth limited to a range defined by the VMM administrator.

 

4 Assign the logical switch to a host

The next step is will assign the logical switch we created to a host. You will need to go to the host properties and select the virtual switch section. In the new Virtual Switch button you will select “New logical switch” and assign the physical network adaptors which will be linked to the switch as shown.

image

 

Note: If the physical network adapter you selected will also be used to pass management traffic back to VMM, you will need to create a (new) Virtual Network Adapter and assign it to a VM network that has no isolation.  See the later section on VM networks and http://technet.microsoft.com/en-us/library/jj628156.aspx for more details.

 

image

Once you apply the logical switch to the host in SC 2012 SP1 - VMM, it will create a virtual switch on the Windows Server 2012 Hyper-V host.

 

5 Create a VM (Virtual Machine) Network

New to SC 2012 SP1 - VMM is the fact that all virtual machines need to be connected to a Virtual Machine (VM) Network to be able to use and access network resources. You can find and define these networks through the VMs and Services section of the console.  Please note that VM networks are not fabric components and hence are located in a different part of the console. The Create VM Network Wizard will introduce the key steps required to set up an isolated network. We will return to this topic in future blog posts – you can find more information on Virtual Machine Networks here: http://technet.microsoft.com/en-us/library/jj628157.aspx

image

 

The Isolation screen allows you to enable Isolation and the IP version you want the isolated network want to use.  You can also select No Isolation if you want to have the VM network provide virtual machines with direct access to the logical network.  This configuration essentially replicates the behavior you would find in SC 2012 – VMM.

 

image

 

Using isolation, you need to define the subnet which the virtual machines will be using. This will allow the virtual switch to create the network virtual routing tables. This will also help define the IP range used in the IP pool for the virtual machine network.

 

image

 

By default, the Virtual Network has no external connectivity, meaning that virtual machines connected to it will only be able to communicate with other virtual machines on that network as the dialog below suggests. In short, you need a VPN Gateway Device to provide a VPN link to an external network or a Gateway Device which allows machines on the virtual network to communicate with other local networks supported by that Hyper-V host in the local datacenter. For now, you can accept the default of no external connectivity.

Note that the remote and local networks options (highlighted) are greyed out in the dialog below as no gateway “provider” has been defined in VMM. We will discuss this and the different types of Gateways and why you would use them in much more detail in the blog posts on Hosting scheduled for later in the year.

 

image

 

6 Create an IP pool in the VM Network

Next, you need to define the IP range that can be assigned to virtual machines connected to this network.  These addresses are referred to as customer addresses (CA). Be aware that when you create the range the first IP will be assigned to the switch.  This means you will also have one less usable address in the range. You can create multiple IP ranges within the same customer address space. More information can be found here: http://technet.microsoft.com/en-us/library/jj721574.aspx

image

 

As an example, based on the subnet defined for your Virtual Machine (VM) Network, you will then create the IP pool. Assuming the subnet is 10.10.10.0 and the addresses for the pool start at 10.10.10.2 through 10.10.10.254 based on the mask, VMM will automatically reserve the first IP of the range (10.10.10.1) for assignment to the virtual switch. The reserved IP address is utilized by the network virtualization filter as a gateway between additional subnets in the same customer address space. You can also reserve IP addresses for other uses.

 

image

 

7 Assign the VM Network to a Virtual Machine

Once the virtual network has been created, virtual machines (VM) can be connected to it using the network adapter configuration settings – see example screenshot below. In the connectivity section of the dialog, simply assign the virtual machine to your new VM Network.

NOTE: Be aware that the MAC address assigned to the interface will be static rather than dynamic to allow the virtual machine to retain its MAC address as it migrates between hosts in your environment. As you are utilizing virtual networking, hosts require an additional update to the network virtualization (MS_NETWNV) lookup tables to ensure the MSNETWNV filter maintains connectivity and the MAC address is essentially used as part of the unique identifier for your virtual machines’ network traffic.

The assigned static MAC address will be taken from a MAC address pool. You can find more information about the use of MAC addresses pools from the following location: http://technet.microsoft.com/en-us/library/gg610632.aspx.

image

 

Summary

We hope these overview steps gave you an idea of how to configure virtual networks. In the upcoming blogs, we will talk about each of the components in turn, providing more detail around key design decisions and the implications of those decisions.

 

-Nigel Cain & Damian Flynn

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • This is all great but when is the final version SP1 going to come out?  Will it require SCVMM 2012 to be run on server 2012?  

    I would love to upgrade my hosts to server 2012 but its my understanding that I cant until I am running SCVMM 2012 SP1?

  • 2 Larry

    SP1 RTM is released in December but available only for users with Technet / MSDN subscription so if you have one, you can download SP1

  • Larry / Alexx_B : If you have a VLSC account you can also download SC 2012 SP1. This was released on 1/1/2013

  • Great blog, been looking for something like this for ages.

    Just have a question. I have an issue where if the guest is on another host I cannot ping it from the other two guests on another host.

    I have two guests on one host using different network cards and they can ping each other without any issue.

    I have checked all the settings and all 3 guests have the correct PA and CA IP address.

    The network view diagram shows all 3 guests connected to the same VM Network.

    If their is anything I am missing could you please advise.

    Thanks

  • Thanks for this great blog, beside the content and capture screen, can you provide a logical network architiecture?

  • @Pat, might be worth checking the virtual switch extensions settings on the host (in Hyper-V manager) to see whether the Microsoft VMM DHCPv4 Server Switch Extension is enabled. If its not, enabling it should sort this problem out. Hope that helps.

  • Thanks for the response Nigel,

    I have checked the DHCP filter Extension on both hosts and they are all enabled.

    All the guests are getting the correct IP from the VM Network and Logical Network.

  • @Pat, experienced the same thing in my lab just recently - oddly able to ping host(s) and a number of VMs from a given VM but not able to ping others and/or have other VMs ping this one. Checked out the entire networking stack to see if something was wrong - in this particular case, turned out it wasn't networking that was the problem, rather the firewall rules were blocking inbound connections on certain VMs. You also might also want to check out the switch status on each of the hosts, click fabric, networking and select hosts (from the ribbon), select the switch on each host and hit remediate where an error or warning condition is shown.

  • Hi Nigel,

    I have disabled the firewall on all the guests in the same virtualized network. Still no luck.

    It seems a bit strange they all get the correct PA and CA ip address and if I migrate them to the same host using different NIC for each guest they can then ping each other.

    Do I need a gateway device to allow communication between Hosts on the same network.

    Their is no issue reported for any of the Hosts or guests with networking.

    Thanks

    Patrick

  • Pat - Just chatting with Nigel, and going to give this a shot.

    I am going to make an assumption that you are configuring network virtualization on a pair of hosts which were configured outside VMM. If that is the case you will need to go back to the PowerShell and turn on the network virtualization filter - this is a sample PS command that will do this for you. You will need to edit this to match your network names and repeat on each host:

    $vSwitch = Get-VMSwitch -Name "Microsoft Network Adapter Multiplexor Driver - Virtual Switch"

    Enable-NetAdapterBinding -InterfaceDescription $vSwitch.NetAdapterInterfaceDescription -ComponentID "ms_netwnv"

    Alternatively, you have actually built the logical switch for your Hyper-V hosts using VMM, in which case you need to go back to the logic switch and enable to check box for network virtualization, which basically runs a similar command as above behind the scenes.

    Nigel and i are planning to recommend in the blogs that you drop the hyper-v configured vSwitchs due to these type problems. So stay tuned!!!

  • Hi Damian\Nigel

    Thanks for the input Damian.

    I have gone over the settings in VMM with SP1 over and over again. All settings in relation to the Network Virtualization are enabled

    If I use the view network all guests are connected to the correct VM Network I created, they all have been assigned the correct CA IP address and the correct PA IP address from VMM.

    I am going to rebuild it using just the powershell on each host and see if I can compare to see if I am missing anything.

    I will keep you posted on the progress.

  • Hi Guys,

    I have rebuilt both Hosts and all Guest Servers. Configured them with SCVMM 2012 with SP1 but still get the same issue.

    I cannot ping the other Guest on the same virtualized network on another Host.

    I have included the Lookup Record, I maybe missing something you can see.

    CustomerAddress : 10.20.20.1

    VirtualSubnetID : 12976117

    MACAddress      : 005056000000

    ProviderAddress : 1.1.1.1

    CustomerID      : {0279BA86-1D6A-4D70-95EA-049F8B8FB452}

    Context         : SCVMM-MANAGED

    Rule            : TranslationMethodEncap

    VMName          : GW

    UseVmMACAddress : False

    CustomerAddress : 10.10.10.1

    VirtualSubnetID : 12880291

    MACAddress      : 005056000001

    ProviderAddress : 1.1.1.1

    CustomerID      : {D0520E0F-0CCF-463A-B117-E4CDC21A4BC9}

    Context         : SCVMM-MANAGED

    Rule            : TranslationMethodEncap

    VMName          : GW

    UseVmMACAddress : False

    CustomerAddress : 10.20.20.3

    VirtualSubnetID : 12976117

    MACAddress      : 001dd8b71c22

    ProviderAddress : 192.168.50.243

    CustomerID      : {0279BA86-1D6A-4D70-95EA-049F8B8FB452}

    Context         : SCVMM-MANAGED

    Rule            : TranslationMethodEncap

    VMName          : Red-02

    UseVmMACAddress : False

    CustomerAddress : 10.10.10.7

    VirtualSubnetID : 12880291

    MACAddress      : 001dd8b71c1f

    ProviderAddress : 192.168.50.240

    CustomerID      : {D0520E0F-0CCF-463A-B117-E4CDC21A4BC9}

    Context         : SCVMM-MANAGED

    Rule            : TranslationMethodEncap

    VMName          : Blue-01

    UseVmMACAddress : False

    CustomerAddress : 10.10.10.6

    VirtualSubnetID : 12880291

    MACAddress      : 001dd8b71c1e

    ProviderAddress : 192.168.50.244

    CustomerID      : {D0520E0F-0CCF-463A-B117-E4CDC21A4BC9}

    Context         : SCVMM-MANAGED

    Rule            : TranslationMethodEncap

    VMName          : Blue-02

    UseVmMACAddress : False

    CustomerAddress : 10.20.20.2

    VirtualSubnetID : 12976117

    MACAddress      : 001dd8b71c21

    ProviderAddress : 192.168.50.242

    CustomerID      : {0279BA86-1D6A-4D70-95EA-049F8B8FB452}

    Context         : SCVMM-MANAGED

    Rule            : TranslationMethodEncap

    VMName          : Red-01

    UseVmMACAddress : False

    Thanks

    Pat

  • Is it possible to configure "allow management operating system to share the network adapter" through vmm sp1? It seems like it would be part of the virtual switch config or the uplink port profile but it isn't mentioned anywhere in the documentation nor can I find it anywhere in the GUI or powershell scripts.

    thanks

  • Where can I select the specific subnet that the VM is located with?  Not just the Virtual Network?

  • Actually, better stated:

    Why can't I select the target Subnet on provisioning.

    Why must I get a random one and then modify it after provisioning.

    Also, what is the minimum size of a subnet?  I have tried 1 IP and 8 IP subnets and they never show up in the available subnet list to attach the VM to.