- 1 Tracking Active Directory Operations with PowerShell Commands
- 2 Azure Automation DSC Configures from the Cloud
- 3 AD Key Health Checks, Part 4: Backing Up AD Partitions
- 4 AD Key Health Checks, Part 3: Designating Bridgehead Servers
- 5 Keeping Active Directory Running Smoothly - Key Health Checks, Part 2
Hyper-V Network Virtualization: Overview and Q&A
Microsoft Hyper-V Network Virtualization (HNV) enables hosting providers to host customer virtual machines (VMs) without requiring any changes to the physical network topology. Customers can bring their own IP address and network topologies and easily move enterprise services to a shared IaaS cloud. HNV provides the following benefits:
- HNV enables organizations to move enterprise services to a shared IaaS cloud without making any changes to the network topologies and IP addresses.
- There is no need to use VLAN IDs anymore.
- Cloud hosting providers can use VSID to provide the isolation between customer virtual machines instead of using the traditional VLAN ID tagging system.
- HNV enables hosting providers to host up to 16 million virtual subnets on a shared IaaS cloud.
- Hosting providers can use Live Migration technology to migrate virtual machines across different virtual subnets in real time without any service disruptions.
Microsoft introduced Hyper-V Network Virtualization in Windows Server 2012 with the help of a new module called "WNV," which stands for Windows Network Virtualization. The WNV Module provides various components to implement Hyper-V Network Virtualization, which are explained below:
- PA, or Provider Address, manages all the CA virtual machines. PA is responsible for managing the CA traffic.
- CA, or Customer Address, is a virtual machine participating in the Hyper-V Network Virtualization.
- VSID, or Virtual Subnet ID, is assigned to virtual machines participating in the Hyper-V Network virtualization. The VSID range starts from 4096 and goes up to 16,777,214. A virtual machine must be assigned with a VSID in order to participate in HNV.
- RDID, or Routing Domain ID, is created for isolating customer virtual machines. A unique RDID must be created for each customer.
- Lookup Table contains the policy entries for virtual machines participating in HNV. The Lookup Table is what the WNV Module uses to look for a Destination CA IP address and then route traffic to appropriate Hyper-V servers (locally or remotely).
HNV implements a Layer 3 routing mechanism that offers some improvements over physical Layer 3 networking. The Hyper-V hosts maintain a Lookup Table (PA + CA + MAC + VSID mapping) that is used by the WNV Module to look for the destination CA IP Address on the local or remote Hyper-V Servers.
In this tutorial, we will also cover the PowerShell cmdlets that can be used to implement WNV components, and we'll additionally provide a set of questions and answers to help you get ready to implement HNV in your production environment.
There are four PowerShell cmdlets that are executed on Hyper-V Hosts to make sure Hyper-V Network Virtualization is set up correctly as summarized in the table below:
To make sure HNV is configured properly, you can use the PowerShell cmdlets below on Hyper-V Hosts:
Hyper-V Network Virtualization Questions and Answers
- Q. What are all the configuration approaches available with Hyper-V Network Virtualization?
A. Two: NVGRE and IP Rewrite.
- Q. What is the mechanism used by NVGRE?
A. NVGRE uses the GRE mechanism to encapsulate and de-capsulate methods. You can take a closer look at the NVGRE protocol draft here: http://tools.ietf.org/html/draft-sridharan-virtualization-nvgre-00
- Q. What is the mechanism used by IP Rewrite?
A. IP Rewrite uses a NAT-like approach to rewrite CA IP Addresses to native physical addresses.
- Q. Does HNV virtualize Host IP also?
A. No, HNV only virtualizes CA IP Addresses.
- Q. Does PA Address need to be routable across the datacenter network?
A. Yes, PA Address must be routable and unique across the datacenter network. In other words, PAs communicate with each other, so they must be unique on the physical network.
- Q. Does HNV support IPv6?
A. Yes, CA IP Address can be any combination of IPv4 or IPv6.
- Q. Can you have multiple RDIDs created on a Hyper-V Host?
A. Yes, a separate RDID must be created for each customer. You can have any number of RDIDs created on a Hyper-V Host.
- Q. Can RDIDs communicate with each other?
A. No. RDIDs do not communicate with each other. In other words, virtual machines running in a RDID can not communicate with virtual machines running in another RDID.
- Q. Can we configure multiple virtual subnets in a RDID?
A. Yes, you can have any number of virtual subnets configured in a RDID, but a virtual subnet’s IP Prefix and VSID must not overlap.
- Q. Is it necessary to assign the same VSID to virtual machines in a virtual subnet?
A. Yes, otherwise virtual machines will not be able to communicate with each other.
- Q. Can you assign a VSID to a virtual machine if it is already configured with a VLAN ID?
A. No, a VLAN ID is different from VSID. A virtual machine can either be assigned a VLAN ID or a VSID. A Virtual Machine must be assigned a VSID if it needs to participate in Hyper-V Network Virtualization.
- Q. Can virtual machines from different virtual subnets talk to each other?
A. Yes, but virtual subnets must belong to the same RDID. Virtual Machines running in different subnets in the same RDID can talk to each other and there is no way to stop communication between them. If you want to stop communication, then you must create a separate RDID. By default, a Virtual Subnet’s first IP Address is reserved as a default gateway address for communication between virtual machines running in the different virtual subnet.
- Q. What is the action taken by the WNV Module for a virtual machine for which policy entry is not found in the Lookup Table?
A. The virtual machine traffic is dropped by the WNV Module.
- Q. Are we required to execute the New-NetVirtualizationCustomerRoute command for each VSID and Virtual Subnet in the same RDID?
- Q. What is the range of traditional VLAN IDs and VSIDs?
A. The VLAN ID range spans from 1 to 49095 and the VSID range is from 4096 to 16,777,214.
- Q. How are customer virtual machines isolated from each other?
A. Using VSID and RDID. Each virtual machine participating in Hyper-V Network virtualization is assigned with a VSID. A VSID is what makes it possible to isolate a virtual machine from other customer virtual machines.
- Q. Can virtual machines talk to outside networks?
A. No, this is what HNV is lacking at the moment. Virtual Machines participating in Hyper-V Network Virtualization cannot access the Internet or an outside network unless you implement a forwarding agent. Forwarding agents such as CISCO Nexus 1000v or an NVGRE gateway must be implemented in order to allow virtual machines to access the Internet or enterprise premises networks.
- Q. Can we use SCVMM to implement Hyper-V Network Virtualization?
A. There are two methods to implement HNV: using PowerShell cmdlets and SCVMM. SCVMM is the preferred way to implement Hyper-V Network Virtualization.
Nirmal Sharma is a MCSEx3, MCITP and Microsoft MVP in Directory Services. He has specialized in Microsoft Technologies since 1994 and has followed the progression of Microsoft Operating System and software. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites and contributing to Solution IDs for www.Dynamic-SpotAction.com. Nirmal can be reached at firstname.lastname@example.org.
Read more on "Server Virtualization Spotlight" »