In layman's Hyper-V network virtualization (sequential)

Server virtualization is becoming more and more common, and many companies are trying to run their existing business in a virtualized way--virtual multiple instances on a physical server, each isolated from each other as if they were using a real host, and so is network virtualization. Several network environments are virtualized on the same physical link and isolated from each other; Network virtualization also breaks down traditional VLANs and IP address assignment, and using network virtualization can directly and seamlessly host existing services into IaaS without even having to consider the duplication of IP addresses. There is no need to make any changes to the existing app's access

So when it comes to network virtualization, we have to mention "software-defined Networking (SDN)", which is an introduction to Baidu encyclopedia.

"For an inappropriate example, SDN technology is equivalent to stripping the management setup system and routers of each home router." Once each router has its own management system, and with SDN, a management system can be used on all brands of routers. If the network system is a function machine, the system and hardware are bundled together at the factory, then SDN is the Android system, can be installed on many smartphones, upgrade, but also to install more powerful mobile app (SDN Application Layer Deployment) "

Because the firmware of a traditional network device (switch, router) is locked and controlled by the device manufacturer, SDN wants to decouple network control from the physical network topology to get rid of hardware limitations on the network architecture

#######################################################################################

With support for network virtualization in Windows Server 2012, and in R2, it was a Windows Server R2-based Hyper-V Manager, and I took test01 and 02 as an example to first set the IP of two virtual machines to the same

test01 IP is 10.10.1.122/16, no problem

test02 The IP conflict occurs after using the same address (10.10.1.122/16), because IP duplication occurs in the same broadcast domain or in the same VLAN, So the virtual machine test02 is assigned a 169.254.x.x IP; it's obviously not working in this case.

So how to define the network through software, instead of involving hardware devices to achieve network isolation? Let's take a look at the current configuration environment, which is the VM network that the current virtual machine is bound to, that is, virtual networking TDIv2; environment based on System Center R2 VMM

Let's take a look at the logical network resources that the virtual network relies on, also called TDIv2, which is automatically captured when the host is added, which is the usual default setting, and you can see that the logical network of TDIV2 is checked for "Allow network virtualization"

Take a look at the VM network "TDIV2" that the virtual machine is connected to, the virtual opportunity to use the VM network to connect to the logical networks, such as location; some friends may be confused by the logical network and the virtual network, the actual is not so complicated

To isolate network virtualization, create a new VM network on a current basis, as shown in

We enter the name AAA and select the VM network that will be created is based on the same logical network, that is, the TDIV2

Next you can see the improvement of R2, originally there is no isolation option, the above "using Hyper-V network Virtualization" is what we want to implement the function, and the following "no isolation" is the previous kind of "1 to 1" mode, you can see the description below "Using non-isolated mode, Only one virtual network can be created per logical network "

Next we don't create subnets for the time being

In the gateway here because we have not configured the gateway so there is no choice, in the end I will do a short explanation

Our AAA virtual network is now created

Next we take out a machine just now, give it a "network card", as shown, from TDIv2 to AAA

Found an error ~ Look at the log, oh ~ Originally said I have no subnet

Then add a subnet, as shown in 10.10.0.0/16, subnet name test

Modify the virtual machine configuration again, eh? Again the error ... Look at log, oh ~ There's no subnet, there's an address pool.

Then create an address pool on the AAA VM network.

Enter the name of the address pool CA pool, address pool based on the subnet we just created "test"

Type the address pool range, where "10.10.1.100~10.10.1.130" is the example

Return to VM network to see that the address pool has been successfully created

Once again, you can see that VM subnet has a subnet called "test" here, as you modify the virtual machine configuration

This time finally succeeded.

Let's do the same, create a VM network called BBB, and give it a pool of addresses called CA pool, which is also the network address of the 10.10.0.0/16; there might be a question, is there a problem with the same IP address segment? Yes, no problem at all, because they're absolutely isolated.

We changed the VM network of another virtual machine to BBB, and the subnet is also called Test.

######################################################################################

Now go back to the virtual machine to see the situation, the IP on the test01 through automatic acquisition has become 10.10.1.100; also automatically gets a 10.10.0.1 gateway and 192.0.2.253 DHCP server address

Test02 also got the 10.10.1.100 IP and the same gateway and DHCP address, but this time there is no IP address duplication problem, that is, now test01 and 22 virtual machines, although the same IP, but the absolute isolation from each other, not affected by the impression

However, it is important to note that since test01 and 02 are now in the AAA and BBB two VM networks, the gateway is assumed by default by the first IP of the virtual subnet, and if you want to access the extranet or other external access, you need the gateway in SCVMM to implement the

Here are some important concepts for Hyper-V network virtualization, as shown in view of the current network virtualization route by executing PowerShell under the-module NETWNV module, with two 10.10.0.0/16 routing entries visible. That is, we just created the AAA with BBB, note two parameters:

Routingdomainid

Virtualsubnetid

The same rdid can contain one or more vsid, which are accessible to each other, but cannot span rdid, meaning that different rdid are absolutely isolated

Here reprinted Microsoft Official note as follows:

In the diagram, VSID is 5001 virtual machines that route or forward their packets to a virtual machine VSID 5002 or 5003 through Hyper-V network virtualization. Before sending packets to the Hyper-V switch, Hyper-V network virtualization will update the VSID of incoming packets to the VSID of the target virtual machine. This can only be achieved if the two VSID belong to a rdid. If the VSID on the packet does not match the VSID of the target virtual machine, the packet is discarded. Therefore, a virtual network adapter with RDID1 cannot send packets to a virtual network adapter with RDID2

Then take a look at some parameters, and also use PowerShell under the NETWNV module to fetch TEST01 network virtualization records, as shown in:

CustomerAddress

Provideraddress

The significance of CA and PA is very important, it is with these two addresses, it is possible to implement the tenant's cross-subnet migration, such as enterprise users to the existing environment directly onto the public cloud, without the need to modify the IP;

CA is the user's existing IP, is visible, and PA as the name implies, is the provider IP, or called the operator's IP, which is not visible to the user, in the existing resources to the public cloud or hybrid cloud environment, through the CA and PA conversion to achieve data communication, in, The CA is our AAA IP assigned to the address pool in this VM network, and PA is the network segment of my System Center infrastructure, although it appears to be an IP segment, but it is not

"Hyper-V Network virtualization supports basic routing encapsulation to implement network virtualization as a mechanism to virtualize IP addresses:"

The basic route encapsulates this network virtualization mechanism to use the Basic route Encapsulation (NVGRE) as part of the channel header. This pattern of address virtualization mechanisms is designed for most data centers that deploy Hyper-V network virtualization. In NVGRE, the virtual machine's packets are encapsulated in another packet. , the new packet header contains the appropriate source and destination PA IP addresses, plus the virtual subnet ID stored in the GRE header key field.

The virtual subnet ID contained in the GRE header allows the host to determine the client virtual machine for any specified packet, although the PA and CA on the packet overlap. This allows all virtual machines on the same host to share a PA () "

Previously test01 and test02 were located on the Host16 host, and after the implementation of network virtualization, virtual machines could still be migrated, such as migrating test01 to host15

By visible, the previous execution of Get-netvirtualizationcustomerroute on host15 has no return information, and after migrating test01, the Network virtualization routing entry on the current host can be queried.

Attached teched2013 Video:

http://www.tudou.com/programs/view/vhaLwmRYcjk/

#######################################################################################

Next we create a subnet under the AAA vmnetwork, named test02, and create an address pool based on test02 172.16.0.0/16

The effect of this operation is equivalent to the same Routingdomainid (AAA) created two virtualsubnetid (test, test02), then according to such a structure, the two vsid should be unrestricted access, the following to verify

We keep the AAA and test subnets intact for one VM and the other to AAA and test02 subnets

The routing information is then viewed through PowerShell and you can see that the rdid of the two routes are consistent

Ping 10.10.0.0/16 on 172.16.0.0/16 's subnet, no problem at all Oh, see

####################################################################################

These are some of the basic concepts of network virtualization introduced with SCVMM, in fact, a friend who has experienced Windows Azuer Pack should understand that applying for a VM network on the portal is actually creating a "virtual net" on SCVMM, just like our AAA or BBB, This allows different tenants to be isolated for network virtualization

So if you don't have VMM to manage, is it possible to simply use Hyper-V? There is no problem, just need to use PowerShell to do:

# topology:

#

#    +---------+  +---------+          +---------+  +---------+

#    |  Blue1 |  |          Red1 |  |  Blue2 |  | Red2 |

# |10.0.0.5 |          |10.0.0.5 |  |10.0.0.7 | |10.0.0.7 |

#    +---------+  +---------+          +---------+  +---------+

#        | VSID | VSID | VSID | VSID

#        | 5001 | 6001 | 5001 | 6001

#    +======================+          +======================+

# # host 1 # # host 2 #

#    #                      #          #                      #

#    +======================+          +======================+

# Pa= | | Pa=

# 192.168.4.11| | 192.168.4.22

#                +----------------------------------+

The above topology is a very simple environment, two hosts, four virtual machines, a blue network, a red network, through these resources to achieve network virtualization, only a few simple PowerShell can

# ADD the locator records for blue&red subnet

New-netvirtualizationlookuprecord-virtualsubnetid "VSID"-customeraddress "IP"-provideraddress "IP"-MACAddress "Mac "-rule" Translationmethodencap "

New-netvirtualizationlookuprecord-virtualsubnetid "VSID"-customeraddress "IP"-provideraddress "IP"-MACAddress "Mac "-rule" Translationmethodencap "

# ADD the customer route records for blue&red Subnet

New-netvirtualizationcustomerroute-routingdomainid "Rdid"-virtualsubnetid "VSID"-destinationprefix "IP"-NextHop " 0.0.0.0 "

# Attach a script download link:

Http://gallery.technet.microsoft.com/scriptcenter/Simple-Hyper-V-Network-d3efb3b8

http://gallery.technet.microsoft.com/scriptcenter/Simple-Hyper-V-Network-6928e91b

#####################################################################################

Finally, to reprint the introduction of the official website to say the meaning of the gateway:

1. Private cloud environment (routing)

"Large companies may not be willing to, or for compliance reasons, not be able to transfer some of their services and data to a public cloud host. However, the company still wants to enjoy the benefits of the cloud provided by Hyper-V network virtualization by consolidating data center resources into a private cloud. In a private cloud deployment, overlapping IP addresses may not be required because the company generally has enough non-routable internal addresses (such as 10.x.x.x or 192.x.x.x) space "

Note that in, the virtual subnet has a customer address of 157.x address, and the IP address of the network non-network virtual part (Corp Net) is also a 157.x address. In this example, the PA address of the virtual subnet in the datacenter is a 10.x IP address. This deployment allows companies to take advantage of a feature of Hyper-V network virtualization, which allows for flexibility in the location of virtual machines and dynamic migration across subnets in data center architectures. This increases the efficiency of the data center, thereby reducing operational expenditure (OPEX) and capital expenditure (capex). In this case, the Hyper-V Network virtualization Gateway provides routing between the 10.x and 157.1 IPs "

2. Hybrid cloud Environment (VPN)

"The main advantage of Hyper-V network virtualization is the ability to seamlessly extend on-premises datacenters to the Windows Server 2012-based cloud data center. This is the hybrid cloud model, as shown in: "

In this case, an internal subnet, such as a subnet with a Web server, is transferred from the corporate network to the cloud host's datacenter. With the "Take your own IP address" provided by the host, the company does not need to change the network configuration of the Web server virtual machine or any other network endpoint that references the Web server. The host provides a secure link through the Hyper-V Network virtualization gateway device. Company admins only need to configure a local VPN with a suitable IP address. The WEB server virtual machine will not be aware that it has been moved to the cloud. It still keeps the domain in a state that is combined with Active Directory (AD), and uses the company's DNS servers. The WEB server virtual machine also continues to interact with other corporate servers, such as SQL Server. In this example, the three services (AD, DNS, SQL) are still local. Network diagnostic tools, such as path trackers that compute the number of network hops, indicate that network traffic between the WEB server virtual machine and SQL is no longer local but is routed across the Internet "

The Hyper-V Network virtualization gateway can support multiple station-to-station (S2S) VPN tunnels, as shown in. Note that VMM is not shown in the diagram, but it is required for Hyper-V network virtualization deployments.

#####################################################################################

Hyper-V Network virtualization simply said here, I am also groping, I believe that in the future development, software definition XX will be more and more popular, Welcome to Microsoft Network Virtualization has experienced friends to exchange, thank you:)

This article is from the "Technology Not Home" blog, please be sure to keep this source http://maomaostyle.blog.51cto.com/2220531/1346900

In layman's Hyper-V network virtualization (sequential)