Poster Companion Reference: Hyper-V Networking

 

Applies To: Windows Server 2012

This document is part of a companion reference that discusses the Windows Server 2012 Hyper-V Component Architecture Poster.

This document refers to the section titled “Hyper-V Networking” and discusses new networking features included in Windows Server® 2012 including load balancing and failover, single-root I/O virtualization (SR-IOV), Quality of Service (QoS) bandwidth management, and the new extensible Hyper-V® virtual switch.

To download the poster, see the Windows Server 2012 Hyper-V Component Architecture Poster in the Microsoft® Download Center. This is a free resource.

1. NIC Teaming (Load Balancing and Failover)

The failure of an individual Hyper-V port or virtual network adapter can cause a loss of connectivity for a virtual machine. However, you can configure your server running Hyper-V to have two virtual network adapters.

Windows Server 2012 includes built-in support for NIC Teaming–capable network adapter hardware. You may also hear NIC Teaming referred to as “network adapter teaming technology” or “load balancing failover” (LBFO).

The ability to team multiple network adapters to aggregate bandwidth and provide failover is a highly desirable feature in datacenters for enterprise customers.

Regardless of the terminology, NIC Teaming allows you to increase reliability and performance in virtualized environments. There can be significant gain in bandwidth aggregation and being able to deliver traffic failover. NIC Teaming also supports multivendor implementations.

To implement NIC Teaming for your virtual machines, you require the following:

  • Windows Server 2012−compliant hardware.

  • Two or more network adapters if you are seeking bandwidth aggregation or failover protection. If you are using multiple network adapters, they should be the same speed.

Keep in mind that NIC Teaming requires the presence of a single Ethernet network adapter, which can be used for separating traffic that is using VLANs. All modes that provide fault protection through failover require at least two Ethernet network adapters.

NIC Teaming in Windows Server 2012 also lets a virtual machine have virtual network adapters connected to more than one Hyper-V virtual switch and, at the same time, maintain connectivity even if the network adapter under that virtual switch is disconnected. This way, you can build availability and reliability into your virtualized workload scenarios.

The Windows Server 2012 implementation of NIC Teaming supports up to 32 network adapters in a team. You can create a NIC team by using the GUI or by using Windows PowerShell™.

2. Teamed Virtual Network Adapters

On your server running Hyper-V, you can add multiple physical hardware network adapters to produce NIC Teaming. What about the virtual environment? In Windows Server 2012, Hyper-V supports NIC Teaming within a virtual machine. To provide this redundancy functionality, your virtual machines should have multiple virtual network adapters, each connected to a different external virtual switch. The virtual machine will have connectivity even if a physical network adapter fails.

3. Configurations for NIC Teaming

The NIC Teaming feature provided in Windows Server 2012 has two configuration modes for establishing your NIC team. The configurations use two basic sets of algorithms.

Algorithms that do not require the switch to participate in the teaming are referred to as switch-independent mode. Switch-independent mode does not require the physical switch to participate in teaming. There is no configuration required on the switch side. In fact, the switch is not aware that network adapters are part of a team on the server, so your network adapters can be connected to different switches if required.

Algorithms that require the switch to participate in the teaming are known as switch-dependent modes. Switch-dependent modes require a physical switch to participate in teaming. Typically, all the interfaces of the team are connected to the same switch. This teaming mode requires configuration on the connected switch for the team to work properly.

4. Single-Root I/O Virtualization

Single-root I/O virtualization (SR-IOV) refers to a standard that was introduced by the PCI-SIG, the special interest group that owns and manages PCI specifications as open industry standards. SR-IOV works in conjunction with system chipset support for virtualization technologies that provide remapping of interrupts and direct memory access (DMA) and lets SR-IOV–capable devices be assigned directly to a virtual machine.

The SR-IOV standard allows PCI Express (PCle) devices to be shared among multiple virtual machines by providing them with a direct hardware path for I/O. Hyper-V in Windows Server 2012 provides support for SR-IOV–capable network adapters. Using SR-IOV provides several advantages. It can help reduce your network latency, reduce your CPU utilization for processing network traffic, and increase your network throughput.

SR-IOV–capable networking devices have hardware surfaces called virtual functions that can be securely assigned to virtual machines— bypassing the virtual switch in the management operating system for sending and receiving data. However, remember that not everything is bypassed. Policy and control remains under the management operating system.

SR-IOV is fully compatible with live migration because software-based networking is available at all times. During live migration, virtual functions are temporarily removed. This enables live migration using network adapters from different vendors, or in a situation where SR-IOV is not available on the destination computer. SR-IOV requires support from the network adapter, firmware, system chipset, and driver.

5. NIC Teaming and Single-Root I/O Virtualization

SR-IOV traffic doesn’t go through the virtual switch and thus can’t be protected by a NIC team that’s under a virtual switch.

With the NIC Teaming feature, you can set up two virtual switches, each connected to its own SR-IOV−capable network adapter. NIC Teaming then works in one of the following ways:

  • Each virtual machine can install a virtual function from one or both SR-IOV network adapters and, if a network adapter disconnection occurs, fail over from the primary virtual function to the backup virtual function.

  • Each virtual machine may have a virtual function from one network adapter and a non-virtual function interface to the other switch. If the network adapter associated with the virtual function becomes disconnected, the traffic can fail over to the other switch with minimal loss of connectivity.

Because failover between network adapters in a virtual machine might result in traffic being sent with the media access control (MAC) address of the other interface, each virtual switch port associated with a virtual machine that’s using NIC Teaming must be set to allow MAC spoofing. MAC spoofing is a technique for changing a factory-assigned MAC address of a network adapter on a networked device.

6. Quality of Service Bandwidth Management

Windows Server 2012 includes new Quality of Service (QoS) bandwidth management features that enable cloud hosting providers and enterprises to provide services that deliver predictable network performance to virtual machines on a server running Hyper-V.

Configuring Quality of Service Bandwidth Management

To architect and configure bandwidth management, you can design and specify a maximum and minimum bandwidth limit. You can use these limits to manage bandwidth allocations across your business, depending on your type of network traffic.

It is important to note that the new minimum bandwidth feature allows each network service (such as management, storage, live migration, and virtual machine traffic) to get an allocated share of bandwidth when the network bandwidth is heavily utilized and contended. When bandwidth is freely available, each of these network services gets as much bandwidth as required.

There are two mechanisms to enforce minimum bandwidth. You can use QoS software on your server running Hyper-V, or Windows-certified network adapters that support Data Center Bridging (DCB).

In the virtualized environment, Hyper-V in Windows Server 2012 can take advantage of DCB-capable hardware to converge multiple types of network traffic on a single network adapter with a maximum level of service for each traffic type. To take advantage of DCB, you will need Windows Server 2012 with an installed Hyper-V role and a DCB-enabled network adapter.

You can configure bandwidth management features through the virtual machine settings or by using Windows PowerShell commands. With Windows PowerShell, you can configure all these new features manually or enable automation in a script to manage a group of servers, regardless of whether they stand alone or are joined to a domain.

7. Hyper-V Virtual Switch

Many enterprises need the ability to extend virtual switch features with their own plug-ins to suit their virtual environment.

In Windows Server 2012, the Hyper-V virtual switch is extensible. It is a layer-2 virtual network switch that provides programmatically managed and extensible capabilities to connect virtual machines to the physical network. The extensible switch allows new capabilities to be added to the virtual switch so that you can view and manage the traffic on your server running Hyper-V.

The Hyper-V virtual switch is an open platform that lets multiple vendors provide extensions that are written to standard Windows API frameworks. The reliability of extensions is strengthened through the Windows standard framework, and the reduction of required non-Microsoft code for functions is backed by the Windows Hardware Quality Labs (WHQL) certification program.

The Hyper-V virtual switch provides several benefits:

  • It is an open platform that allows plug-ins to sit in the virtual switch between all traffic, including virtual machine−to−virtual machine traffic. The extensions can provide traffic monitoring, firewall filters, and switch forwarding.

  • The management of extensions is integrated into Windows management through Windows PowerShell cmdlets and WMI scripting.

  • Unified tracing means that it’s quicker and easier to diagnose issues when they arise. Reduced downtime increases the availability of services.

  • The Hyper-V virtual switch provides capabilities so extensions can participate in Hyper-V live migration.

Implementing Extensions

The virtual switch extensions are implemented by using the following drivers:

  • Network Driver Interface Specification (NDIS) filter drivers are used to monitor or modify network packets in Windows.

  • Windows Filtering Platform (WFP) callout drivers, introduced in Windows Vista® and Windows Server 2008, let independent software vendors (ISVs) create drivers to filter and modify TCP/IP packets, monitor or authorize connections, filter IPsec-protected traffic, and filter remote procedure calls (RPCs).

This table lists the various types of Hyper-V virtual switch extensions.

Extension Purpose Extensible component
Network Packet Inspection Inspecting network packets, but not altering them NDIS filter driver
Network Packet Filter Injecting, modifying, and dropping network packets NDIS filter driver
Network Forwarding Non-Microsoft forwarding that bypasses default forwarding NDIS filter driver
Firewall/Intrusion Detection Filtering and modifying TCP/IP packets, monitoring or authorizing connections, filtering IPsec-protected traffic, and filtering RPCs WFP callout driver

8. Hyper-V Virtual Switch Management

In Windows Server 2012, management features are built into the Hyper-V virtual switch, and they allow you to troubleshoot and resolve problems on your Hyper-V virtual switch networks. Management features include the following.

Windows PowerShell Support

As with many aspects of Windows Server 2012, Hyper-V cmdlets for Windows PowerShell are available for creating, configuring, and monitoring a Hyper-V virtual switch. The cmdlets let you perform all available tasks in the GUI of Hyper-V Manager. As a result, Microsoft partners can now build customized tools by using Window PowerShell for managing a virtual switch.

Unified Tracing and Enhanced Diagnostics

Unified Tracing helps identify and resolve network connectivity issues. It provides a clean and simple interface to diagnose networking issues without the need for a debugger. Unified Tracing provides two levels of troubleshooting:

  • At the first level, the Event Tracing for Windows (ETW) provider for the Hyper-V virtual switch allows tracing packet events through the Hyper-V virtual switch and extensions, making it easier to pinpoint where an issue has occurred.

  • The second level allows capturing packets for a full trace of events and traffic packets.

9. Windows Server Component Architecture Posters

To download the Windows Server 2012 poster, see Windows Server 2012 Hyper-V Component Architecture in the Microsoft Download Center. If you want to reference the previous component architecture posters that relate to Hyper-V in Windows Server 2008 R2, please see the following posters.

Windows Server 2008 R2: Hyper-V Component Architecture

The Windows Server 2008 R2: Hyper-V Component Architecture poster provides a visual reference for understanding key Hyper-V technologies in Windows Server 2008 R2. It focuses on architecture, snapshots, live migration, virtual networking, storage, and import/export.

You can use this poster in conjunction with the previously published Windows Server 2008 R2 Feature Components Poster.

Windows Server 2008 R2 Hyper-V Component Architecture (with Service Pack 1)

This Windows Server 2008 R2 Hyper-V Component Architecture (with Service Pack 1) poster provides a visual reference for understanding key Hyper-V technologies in Windows Server 2008 R2 with Service Pack 1. It focuses on architecture, snapshots, live migration, virtual networking, storage, RemoteFX®, and Dynamic Memory.

You can also use this poster in conjunction with the previously published Windows Server 2008 R2 Feature Components Poster.

Windows Server 2008 R2 Feature Components Poster

The Windows Server 2008 R2 Feature Components Poster provides a visual reference for understanding key technologies in Windows Server 2008 R2. It focuses on Active Directory® Domain Services, Hyper-V, Internet Information Services, Remote Desktop Services (including Virtual Desktop Infrastructure (VDI)), BranchCache®, and DirectAccess technologies. In addition, updates to core file services and server management are illustrated.

You can use this poster in conjunction with the Windows Server 2008 and Windows Server 2008 R2 component posters.

Remote Desktop Services Component Architecture Poster

The Remote Desktop Services Component Poster provides a visual reference for understanding key Remote Desktop Services technologies in Windows Server 2008 R2. It explains the functions and roles of Remote Desktop Session Host, Remote Desktop Virtualization Host, Remote Desktop Connection Broker, Remote Desktop Web Access, Remote Desktop Gateway, Remote Desktop Licensing, and RemoteFX.

You can use this poster in conjunction with the Windows Server 2008 and Windows Server 2008 R2 component posters.