network virtualization in the hybrid cloud stanislav zhelyazkov microsoft mvp 21/11/2013
TRANSCRIPT
Network Virtualization in The Hybrid Cloud
Stanislav ZhelyazkovMicrosoft MVP21/11/2013
Session Objectives
VMM NetworkingNetwork Virtualization in Windows Server Hyper-V 2012 and VMM 2012 SP1Improvements in Windows Server 2012 R2 and VMM 2012 R2Microsoft Multi-Tenant Gateway
VMM Networking
Isolation Types in VMM
Physical separation
Physical switches and adapters for each type of traffic
Layer 2:VLAN
Tag is applied to packets which is used to control the forwarding
Network Virtualization
Isolation through encapsulation. Independence from physical address space.
Layer 2:Private VLAN (PVLAN)
Primary and Secondary tags are used to isolate clients while still giving access to shared services.*
* VMM 2012 SP1 and R2 only supports creation of isolated PVLAN VMs
Where and What Isolation We Should Use?
Infrastructure networks
Load balancer back end and internet facing
Tenant networks
VLAN or No isolation
PVLAN
Network virtualization orExternal
Logical Networks
Models the physical NetworkSeparates like subnets and VLANs into named objects that can be scoped to a siteContainer for fabric static IP address poolsVM networks are created on logical network
Port Profiles and Classifications
Two Port Profile TypesUplinkVirtual
Port ClassificationsContainer for port profile settingsReusableExposed to tenants through cloud
Logical Switch
Central container for virtual switch settingsConsistent port profiles across data centerConsistent extensionsCompliance enforcement
Logical Switch in VMM
Port Profiles(Uplink)
Port Profiles(Virtual)
Switch settingsSwitch settings
Corp
Mgm
t
Clu
st.
VM Networks, VM Subnets and IP Pools
Network Virtualization in Windows Server Hyper-V 2012 and VMM 2012 SP1
Hyper-V Network Virtualization Concept
Different subnets
10.0.0.5 10.0.0.5 10.0.0.7 10.0.0.7
192.168.2.22 192.168.5.55
192.168.2.22192.168.5.55
10.0.0.5 10.0.0.7
GRE Key 5001
MACCA
10.0.0.5 10.0.0.7
GRE Key 6001
MACCA192.168.2.22
192.168.5.55
10.0.0.510.0.0.7
10.0.0.510.0.0.7
10.0.0.5 10.0.0.7
10.0.0.510.0.0.7
VSIDProvider Address
Customer Address
NVGREPacket
Improvements in Windows Server 2012 R2 and VMM 2012 R2
Network Virtualization Improvements in Windows Server 2012 R2 Hyper-V
Network Virtualization is now virtual switch extension
Hyper-V network virtualization and forwarding extensions can coexistHyper-V Network Virtualization enabled by default
Broadcast/Multicast SupportDynamic IP Address LearningSupport for Guest ClusteringDHCP inside VM Networks
Inbound and outbound spread on virtualized trafficHigher performance with teamed NICsUtilizes LBFO’s new Dynamic Mode
Network Virtualization Improvements in Windows Server 2012 R2 Hyper-V
Provider Addresses configured with a MAC address*-NetVirtualizationProviderAddresscmdlets updated to take a MAC address
Optimal performance when you have 1 (or more) PAs per NIC in the teamEnhanced diagnostics - Test-VMNetworkAdapter and Select-NetVirtualizationNextHopNVGRE Encapsulated Task Offload – Available in 2012 but recently Emulex and Mellanox have announced products supporting NVGRE Task Offload
Network Virtualization Improvements in VMM 2012 R2
Improved HNV policy applyingAll network devices* and services are now “network services”Highly available Multi-Tenant GatewayFull IPAM Integration
In-box plugin for Microsoft IPAMExchange logical networks, sites and subnets
More error resistant VMM Server
*except load balancers
Network Service
Virtual Switch Extension
Network Manager
Net. Virt. Policy
Gateway
Physical Switch
Microsoft Multi-Tenant Gateway
Hybrid Networking in WS2012
One S2S GW per tenantLimited routing capabilityManual provisioningInternet connectivity back to remote siteNo VMM Integration
ContosoSite 1
ContosoSite 2
Northwind
FabrikamSite 1
FabrikamSite 2
S2S tunnel
S2S tunnel
S2S tunnel
S2S tunnel
S2S tunnel
ContosoVM Network
Northwind VM Network
Fabrikam VM Network
Internet Hoster
Hybrid Networking in WS2012 R2Multitenant S2S network virtualization GWClustering for high availability on guest and host levelUses BGP for dynamic routes updateMultitenant aware NAT for Internet accessIntegration with VMM 2012 R2Up to 200 S2S VPN Connections, 50 Routing domains and 500 virtual subnets
ContosoSite 1
ContosoSite 2
Northwind
FabrikamSite 1
FabrikamSite 2
ContosoVM Network
Northwind VM Network
Fabrikam VM Network
Internet Hoster
S2S tunnelS2S tunnel
S2S tunnel
S2S tunnel
S2S tunnel
BGP
Multi-Tenant Networking Stack
VM NIC
TCP/IP
Network Services
IP Interface
VM
Hyper-V switch
Multi-Tenant Networking Stack
VM NIC
TCP/IP
Default Compartment
Compartment forTenant VM Network
Compartment for Tenant VM Network
IP Interface IP Interface IP Interface IP Interface
Existing Network Services Multitenant Network Services
VM
Hyper-V switch
Network Virtualization Gateway Layout
ManagementManagement
Multi-Tenant PVN Gateway VM01
Multi-Tenant PVN Gateway VM03
Multi-Tenant PVN Gateway VM05
Host
Multi-Tenant PVN Gateway VM02
Multi-Tenant PVN Gateway VM04
Multi-Tenant PVN Gateway VM06
Host
External
PA/Tenant
Network
PA/Tenant
Network
HV Cluster
GW Cluster01 – Active-Passive
GW Cluster02 – Active-Passive
GW Cluster03 – Active-Passive
IPsec Parameters for S2S VPNs
IKE Phase 1 Setup
Property Setting
IKE Version IKEv2
Diffie-Hellman Group Group 2 (1024 bit)
Authentication Method Pre-Shared Key
Encryption AlgorithmsAES2563DES
Hashing Algorithm SHA1(SHA128)
Phase 1 Security Association (SA) Lifetime (Time)
28,800 seconds
IKE Phase 2 SetupProperty Setting
IKE Version IKEv2
Hashing Algorithm SHA1(SHA128)
Phase 2 Security Association (SA) Lifetime (Time)
-
Phase 2 Security Association (SA) Lifetime (Throughput)
-
IPsec SA Encryption & Authentication Offers (in the order of preference)
See Dynamic Routing Gateway IPsec Security Association (SA) Offers
Perfect Forward Secrecy (PFS) No
Dead Peer Detection Supported
Known Compatible VPN Devices
Vendor Device Family Minimum OS Version Configuration Template
Cisco ASR IOS 15.2 Cisco ASR templates
Cisco ISR IOS 15.1 Cisco ISR templates
Juniper SRX JunOS 11.4 Juniper SRX templates
Juniper J-Series JunOS 11.4 Juniper J-series templates
Juniper ISG ScreenOS 6.3 Juniper ISG templates
Juniper ISG ScreenOS 6.3 Juniper SSG templates
MicrosoftRouting and Remote Access Service
Windows Server 2012 Routing and Remote Access Service templates
DEMO
Summary
Check Out Our Whitepaper Hybrid Cloud with NVGRE (WSSC 2012 R2)http://gallery.technet.microsoft.com/Hybrid-Cloud-with-NVGRE-aa6e1e9a
Questions
Очакваме вашата обратна връзка, чрез мобилното ни приложение!
Изтеглете го от: http://www.eventboardmobile.com/download и изберете “In Charge”.