With regard to the virtualized network of Windows Server, the previous configuration changes that occurred at the operating system level were described. Some of these configurations are implemented through widgets provided by Windows Server, such as the configuration of NIC groups, and some require server roles such as Hyper-V to install Windows Server, and then through Hyper-V Manager or its command-line tool to configure the virtual switch. But for global configuration management and implementation of some advanced features, the next leading Role system Center Virtual machine Manager (SCVMM) needs to be introduced. For installation and deployment of SCVMM, refer to another blog post--windows Server 2012 Virtualization Combat: Installation and deployment of SCVMM. The following figure shows how SCVMM is deployed in our data center.
On the right is all physical and physical clusters under SCVMM management, with Windows Server R2 operating system installed on all physical machines, the Hyper-V server role installed, and an SCVMM Agent that communicates with the SCVMM server. The 3 servers on the left make up the core of the SCVMM network architecture. SCVMM database is the SQL Server databases that are used to store all configuration information and state information. To achieve high availability, the SQL Server can also be configured as a SQL Server failover physical cluster. SCVMM is actually a back-end service that is primarily responsible for applying the configuration information managed by the console console to the managed physical machine through the SCVMM agent and updating the physical server and its status on the virtual machine in real time. SCVMM console is the user interface, and SCVMM console can be deployed with SCVMM services or separately on different servers. The schema of SCVMM is similar to any other distributed network architecture, where there is a concentration of SCVMM and its database as the core, requiring special protection to avoid crashes. It is not so critical that each managed physical node crashes or not.
The above is a brief introduction to the SCVMM network architecture, we have a general impression, and then we go back to the topic of this article, continue to discuss the use of SCVMM-related features to achieve the virtualization of the network.
Third, the network virtualization in SCVMM combat
1. Physical network topology
With SCVMM's console console and command-line tools, you can configure and manage separate servers and failover clusters (Failover Cluster) in your network, the most important of which is network virtualization on these physical servers. Lay the groundwork for building a complete virtualization platform. The physical network topology diagram for our data center in the early days of 2014:
In the early stages of construction, all physical machines installed Windows Server R2 and joined the domain. In the medium blue Network01, green Network02, red Network03, purple Network04 represent 4 different physical networks respectively. Why are 4 physical networks, because our servers have 4 NICs, and we want to use them all and load balance.
2, the goal of network virtualization
We initially consider the blue and green bindings for the NIC group for the internal network, the name is internal network, the red and purple bindings for the network card group for the external network, the name is set to public networks, that is, we plan to network virtualization on the basis of the two network card groups.
Build 4 virtual networks on the internal network:
(1) Management Network for domain and management, configured to all physical servers and some virtual machines, intranet address 192.168.0.0/24
(2) Cluster Network for cluster heartbeat, configured to set up the physical server cluster, intranet address 192.168.10.0/24
(3) Migration Network is used for virtual machine migration, configured to all the physical servers that become hosts, intranet address 192.168.20.0/24
(4) Application Network for custom networks between virtual machines, configure the virtual machines that need to customize the network, this is the most complete part of network virtualization, will be explained later, the intranet address 192.168.30.0/24
To create 2 virtual networks on the public network:
(1) Cernet Network for Education Network, configuration to all need education network of virtual machine, public network address 121.192.X.X/26
(2) The Datacenter network is used for internal networks of reverse proxies, and is configured for all virtual machines that need to be connected from outside the non-education network, with internal address 172.16.8.0/24. This network is very special, if the telecommunications network or mobile network needs to connect the virtual machine, the reverse proxy server, such as the cloud-pm-ag01 for the direction of proxy, to achieve a variety of external network access to virtual machines on the virtualization platform.
As described above not every physical server or virtual machine will be connected to all of the above virtual networks, but can be very flexible configuration, then we will look at how to implement in SCVMM.
3. Key concepts of network virtualization in SCVMM
The names of some of the features in SCVMM do not look so reasonable, and many of the configuration items are misleading and thus cause a lot of confusion.
In the Network Virtualization section of Windows R2, we mentioned that changes in the network configuration that occur at the operating system level include: NIC groups, virtual switches, virtual network cards. It is easy to see that these configurations are only for a physical server or a virtual machine (virtual network card can be used for virtual machines), then the virtual network card of these physical servers and virtual machines is connected to the same network, in fact, it is very easy to think that we must be on the basis of the physical network, The same configuration for these physical servers and virtual machines allows them to have the same virtual switch and virtual network card configuration, and the entire virtualization platform will work properly. The ultimate goal of all the work done on SCVMM is to achieve configuration consistency across multiple physical servers and virtual machines, and, of course, the ease of configuration.
In fact, the most important concepts about network virtualization in SCVMM are the following, and I'll see what they will change essentially to the OS level.
(1) Logical networks logical Network and VM Networks virtual Machine Network
You can simply think of the virtual network we need to create above. It is important to note that a logical network (virtual network) does not represent only one subnet, for example, one of our purposes above is to create the management network and identify the use of the intranet address 192.168.0.0/24, because we do not have more than 255 machines. If we do have so many machines that need access to the management network, and they are distributed in different places, such as in different buildings, on different floors or just in different rooms, then we may encounter situations where they are not only using the same subnet. We can simply expand the subnets to accommodate more machines, but if they can be routed between them, then it is not in the same subnet. That is, the logical network represents a collection of all subnets that can be routed, such as a subnet 192.168.0.0/24 in building a, a subnet 172.16.0.0/24 in building B, and if they can be routed, they can be zoned into the same logical network for the same purpose. This is why the configuration of the logical network is configured together with the network site sites (which can be understood as a single site for physically deployed servers). All machines in the same logical network are routable, which can be interconnected, and different logical networks are isolated from each other.
is the 1th interface to create a logical network, there are 3 options, representing 3 different physical network environments. where Vlan-baseed independent networks and private VLAN networks represent two different VLAN-based physical network environments, if so, we do not use VLANs in the data center in general, Thus we focus on the 1th option one connected network, which is the general case of direct connection through the switch router, and does not do VLAN configuration of the physical network.
There are two checkboxes: Allow new VM networks created the logical network to use network virtualization, which requires special attention to VM networks not virtual Instead, it is a virtual machine network . This option means that the virtual machine network, which is the second layer of virtualization, is allowed to be customized based on this logical network. The second layer of virtualization is what I want, not the official concept, that represents the virtual machine network.
Because SCVMM is multi-tenant enabled, that is, on the same logical network (the logical network is determined by the administrator, the tenant cannot be changed), allowing tenants to customize their own network, tenants can control their own virtual machines, or control their own virtual machine network, which can meet the individual needs of tenants.
Create a VM network with the same name to enable virtual machines to access this logical networks directly allows the creation of a VM with the same name to The virtual machine is used to access the logical network.
The virtual machine must be connected to the virtual machine network, and the virtual machine network is associated with the logical network. The first check box allows for a second layer of virtualization on the logical network, then you can then create multiple virtual machine networks on that logical network, and customize the virtual machine network IP pool; the second check box allows you to create a virtual machine network with the same name by default and use the same IP pool as the logical network. If none of the above two checkboxes is selected, then the logical network will be useless. Virtual machine networks are not used only for virtual machines, but for virtual network cards. Virtual network cards created on physical servers also require access to the virtual machine network, so it is important to create a virtual machine network with the same name by default, and the option to use the same IP pool as the logical network.
Microsoft's Official document, the logical network between the absolute isolation, but for the implementation of the second-tier virtualization virtual machine Network (non-default creation, it is easy to confuse here) is not, it is only easy for tenants to manage the network.
(2) Port profiles configuration file
The port profile is configured for the various interfaces of the virtual switch, and there are two types of port configuration files that we can understand simply by referencing a physical switch. The port on the physical switch can be divided into two types of network structure: one is the normal port is connected to the downstream device, such as connecting to each server, the other is the upstream port is connected to the upstream device, such as connecting the upper switch or router. The port profile is also for these two types of ports on the virtual switch.
Virtual Port profile Normal port configuration file, you can standardize the behavior of the downstream port, such as the port on the offload offload, security and bandwidth bandwidth configuration. Network domain Offload technology is booming, its main purpose is to reduce the network I/O to the CPU consumption, improve efficiency, so the CPU load transferred to the network card, then it may be necessary to support the physical network card. Another on the bandwidth configuration, a virtual switch may be connected to multiple logical networks (virtual networks), then you can configure how the bandwidth between them is allocated.
Uplink port profile, configure the virtual switch to connect to those logical networks (virtual networks). Here, the network configuration can be detailed to the combination of the site and the logical network, essentially deciding which physical servers are involved in connecting to the logical network and which logical networks are involved in connecting to the virtual switch.
(3) Logical switch logical switch
The Logical switch logical switch creates a virtual switch at the operating system level and is configured around that virtual switch, or it can be considered a configuration center for a virtual switch. The essence of its configuration is the combination of common port configurations and upstream port configurations to facilitate configuration on physical servers and virtual machines.
For example, we will bind the blue and green identified physical networks as NIC groups for internal network internal networks, and internal Logical switch for unified management. 4 Logical networks (virtual networks) on which to associate the target. One of the options is SR-iov single-root virtualization, which shows that allowing a virtual machine to use a physical network card directly can be considered as a virtual network card of a physical network card directly as a virtual machine to improve network I/O performance. Then this option does not meet our expectations, because we want to create a network card group to do load balancing, and SR-Iov is contradictory.
The other two configuration items uplink and virtual port even configure which upstream port profiles and normal port profiles are associated with each other. The normal port profile is not a direct one-to-two configuration, but is associated with port classifications ports grouping. Thus the overall configuration logic of our center is as follows:
4. Network virtualization configuration in SCVMM
In line with our network virtualization goals and the related configuration capabilities of SCVMM, we generally need to complete such configurations as:
Configuration is a complete configuration, that is, not all physical machines require 4 physical network physical networks, and not every virtual machine needs to access all VM network virtual machine networks, in practical applications, according to actual needs.
(1) Creating logical network logical Networks
We use the 4 physical NIC 22 groups on each physical machine to synthesize the NIC group and create 6 logical networks on it (virtual network), because there is no VLAN configuration in the physical environment, choose one connected network mode. The site is divided into two, part of the server in Buliding A, some servers in buidling N. The configuration of these 6 logical networks is as follows:
Logical Network |
Based on NIC Group |
Site |
IP address Pool |
Second-tier virtualization |
Virtual Machine network with the same name |
Virtual Machine Network |
Management Network |
Internal |
Building A Buidling N |
192.168.0.0/24 |
Whether |
Is |
Management Network |
Cluster Network |
Internal |
Buidling N |
192.168.10.0/24 |
Whether |
Is |
|
Migration Network |
Internal |
Buidling N |
192.168.20.0/24 |
Whether |
Is |
|
Application Network |
Internal |
Buidling N |
192.168.30.0/24 |
Is |
Is |
APP Network Database Network |
Cernet Network |
Public |
Building A Buidling N |
121.192.x.x/26 |
Whether |
Is |
Cernet Network |
Datacenter Network |
Public |
Building A Buidling N |
172.16.8.0/24 |
Whether |
Is |
Datacenter Network |
After completion such as:
(2) Creating port Profile ports configuration file
After each physical network card or NIC group is virtualized, you can create multiple logical networks on it, but this sentence is not obvious in SCVMM. You need to configure the logical network, port profiles and logical switches in advance, and then, when you configure each physical server, associate the configuration with one of the physical machine's network cards or multiple network cards (which automatically form the NIC group). This means that you are in the logical network, the port profile and the logical switch configuration is hardware-independent, but you need to know that your purpose is ultimately to be associated with the hardware NIC.
The configuration of the upstream port configuration file is very flexible and sometimes difficult to grasp. We need to go back to the nature of the upstream port configuration file in order to uniformly configure the connection between the physical server and the logical network. You may also need to understand that servers in different locations, such as different buildings or floors, may be configured differently, and the uplink port profile will not be the same. That is, the upstream port profile is related to the site in relation to the logical network to which it is associated. The purpose of associating with a site is to specify which physical servers the upstream port profile can be applied to.
We take internal uplink port-building N as an example to see the properties of the upstream port configuration file. Internal uplink port-building n is primarily associated with the internal logical network, and the selected server is located in Building N.
The normal port configuration file is essentially to control the behavior of the port and to provision the load between different logical networks. SCVMM has built-in, and we've created some of them based on different logical networks. We take management Port profile For example, security is not selected, other configurations such as, where the bandwidth weight is 10, that is, do not exceed the total bandwidth of 10%.
(3) Creating a logical switch logical switch
The purpose of the logical switch is to combine the above configurations. It is important to note that for normal port profiles, we need to create port classifications ports to group and then associate common port profiles via port grouping. Here we create two logical switches for two NIC groups, with internal Logical switch associated with 4 logical networks: Management network, Cluster Network, migration Network and application network;public Logical switch are associated with 2 logical networks: Cernet Network and Datacenter Netwrok.
Next, let's look at the configuration of internal Logical switch. In the Uplink tab, associate all domain internal for the upstream port profile. This allows the internal Logical switch to associate all relevant locations and all logical networks belonging to internal.
In the Virtual Port tab, associate the associated normal port profile.
(4) Configuring a virtual network for a physical server
All configurations are ready, so the final step is to have the physical server apply these configurations. We do this by using the Virtual Switches tab of the right-click property on the physical server. If we add the following two Logical switch (Virtual switch) to the physical server named Cloud-pm-cn01, Internal Logical switch and public Logical switch, Each logical switch uses two physical network cards, under which the virtual network adapter is required to add the logical networks needed to access the physical service.
It is important to note that each physical server configuration needs to be consistent and that the physical network card that is classified as a logical switch must be in the same network on the physical link. If more than one physical NIC is joined, the NIC group is automatically formed. In the Uplink Port profile column, you need to select the same upstream port configuration file where the physical server is physically located so that it communicates with the same physical server as the physical location where it is located.
The configuration for each of these virtual network adapters is as follows. Special attention should be paid to the configuration of the management virtual network card. After completing the physical server operating system installation, the physical machine is joined to the domain, then the physical NIC Ethernet 01 will configure the domain network, when we configure the Management virtual network card, check this virtual network adapter inherits Settings from the physical manangement adapter. This way the management virtual network card will be configured for Ethernet 01 (the domain network will be briefly disconnected). VM Network selects the corresponding virtual machine networks, and port profile selects the corresponding normal port groupings to apply the relevant port configuration policy.
In fact, the configuration of the virtual network card interface and virtual machine virtual network card is the same, next we also look at how virtual network card configuration is applied in the VM.
(5) Configuring virtual networks for virtual machines
We right-click the virtual machine that needs to configure the network, select the Hardware Configuration tab, and add the virtual NIC network Adapter 1 to it, as seen in the configuration of the virtual network card.
At this point we have a general understanding of the network virtualization configuration process through SCVMM under Windows Server R2 and the difficulties in it. Next I'll continue to summarize more about SCVMM's knowledge of building a virtualized platform, so please keep your eye on it.
Windows Server 2012 Virtualization Combat: Network (II)