Tag Archives: Networking

Building a Hyper-V Cluster – SCVMM Configuring Networks and Logical Switches – Part 2/6

Configuring Networks and Logical Switches

In part two of the video series we go over how to implement logical networking in System Center Virtual Machine Manager 2012R2 (SCVMM). First we provide an overview of logical networking and why it is a good idea. We then talk about each of the fabric components necessary to implement logical networking. Finally, we implement logical networking in the SCVMM GUI then show the process for implementation with PowerShell.

Logic Networking Overview

Logical networks provide a way for administrators to represent the physical network configuration in the virtual environment. This enables many features such as delegating access to network segments to specific user roles. It also eases the deployment of converged networking and can help ensure all of your Hyper-V hosts have identical network configuration. If someone makes a change to the network configuration in Hyper-V manager or Failover Cluster manager the host will be flagged as not compliant in SCVMM. The network configuration deployed via logical networking resides on the Hyper-V hosts and is not dependent on SCVMM to stay online. This configuration survives reboots even if SCVMM is offline.

When deploying logical networks the management IP must be available the entire time the switches are deployed. This can be challenging when a system only has two NICs as the management VLAN must be available as both tagged and untagged (native). Systems using more than two adapters are easier to configure as the management interface can be can be deployed locally before the system is imported into SCVMM.

Some of the logical networking features can be used when importing Hyper-V hosts with an existing virtual switch. SCVMM will detect existing configurations as ‘Standard Switches’. The administrator must manually select the logical networks in the properties of the host hardware to use virtual networks.

Networking Concepts

This diagram shows how all of the fabric components in SCVMM relate to one another.
Logical Network Components

VM Network

This component allows you to assign a network segment (VLAN) to a virtual adapter. It is created under ‘VMs and Services’ rather than Fabric-Networking. One VM network will typically be associated with one network segment. This gives the network segment a friendly name that can be used so that users do not need to know subnets or VLANIDs. It also can have permissions assigned so that only certain users can select the network segment in their virtual machines.

Logical Network

Logical networks represent a group of network segments. Logical networks may group network segments in many ways:

  • Single segments or VLAN
  • All Production segments in all sites
  • All segments in a single site

Logical Network – Network Site

Logical network have a subcomponent called a network site. A network site can be used to associate network segments with host groups. Multiple sites can exist in a single logical network. Network sites are primarily used to represent geographies or unique areas such as a DMZ.

Logical Network – Network Site – Subnet / VLAN

Subnets and VLANs can be defined within the network site. Subnets/VLANs are used to associate one or more network segments within a site. You do not have to populate the subnet field in all cases.

IP Pool

This component is used to associate a range of IP Address with a network segment. VMM can then assign these addresses statically to VMs or Hyper-V hosts.

Port Profile

Two types of port profiles exist, ‘Uplink’ and ‘Virtual Adapter’. Uplink port profiles are used to represent the network segments (VLANs) in the configuration of a physical switch port to which a Hyper-V host is connected. It is also used to define the teaming and load balancing mode for a host.

Virtual Adapter port profiles provide a way to create a collection of setting pertaining to virtual adapters. These profiles can define settings such a network optimization, security and QoS. Virtual adapter port profiles are assigned to virtual adapters in VMs and Hyper-V hosts.

Logical Switch

The logical switch component is a vSwitch deployed by SCVMM employing a network topology and configuration defined by the components listed above. It is not possible to import existing Hyper-V network configurations into SCVMM as logical switches. Both the LBFO Team and the vSwitch must be created by SCVMM. By forcing deployment with SCVMM this ensures configuration uniformity among the hosts where it is deployed.

A logical switch will have an association with one or more virtual adapter port profiles. It will also have at least one uplink port profile. When deploying a logical switch one uplink port profile is selected and this will determine the teaming and load balance modes for the vSwitch. Logical networks are the last network fabric component deployed as they depend on the other fabric components.

Example Configuration

Example Logical Network
In the video we deploy a sample configuration with two data center sites. These sites have several network segments each. The segments are grouped into 3 logical networks: Dev, Backup and Prod. Dev is only in Las Vegas while Prod is in both datacenters. Prod uses a different VLAN ID in each data center. Backup is a single stretched VLAN. Two uplink port profiles are created to describe the two possible switch port configuration for the Hyper-V hosts. In this case the switch ports are uniformly configured within a site, so one port profile is required for the Seattle datacenter and a second for the Las Vegas datacenter. These port profiles can be used to create two possible logical switches: Host and Virtual Machine. In our example we use separate physical adapters for the host traffic and the VM traffic.

References

TechNet – Configuring Logical Networking in VMM Overview
TechNet – Configuring VM Networks in VMM Illustrated Overview
MSDN Blog – Building a teamed virtual switch for Hyper-V from SCVMM

Check out the other videos in this series!

Building a Hyper-V Cluster – Building The Hyper-V Cluster – Part 4/5

In this video we validate our cluster node configuration and then create the cluster. Once the cluster is formed, we update the names of various cluster components to match their function. Finally we set up a CSV on the cluster.

In Server 2012R2 the cluster validation well help to ensure that the nodes in the cluster are configured identically and correctly. By passing the cluster validation and using hardware certified for 2012R2, we are ensuring our cluster will be in a supported configuration.

When we form the cluster we only need two items, the name and IP of the cluster. The name we specify will be used to create a computer account in active directory. If the using running the new-cluster command does not have rights to create computer accounts in AD the account may be prestaged. If this is done, the account should be disabled and the user should have full permission on the account.

PowerShell Command

Test-Cluster -node 2k12r2-node1,2k12r2-node2
New-Cluster -Name HVC1 -node 2k12r2-node1,2k12r2-node2 -staticAddress 192.168.0.100

#Update Cluster Network Names to Match Function
(Get-ClusterNetwork| ?{$_.Address -eq "192.168.1.0"}).name = "Managment"
(Get-ClusterNetwork| ?{$_.Address -eq "10.0.1.0"}).name = "iSCSI"
(Get-ClusterNetwork| ?{$_.Address -eq "10.0.2.0"}).name = "Cluster1"
(Get-ClusterNetwork| ?{$_.Address -eq "10.0.3.0"}).name = "Cluster2"

#Update Cluster Disk Names to Match Function
(Get-ClusterGroup -Name "Cluster group"| Get-ClusterResource |?{$_.ResourceType -eq "Physical Disk"}).name = "Witness"
(Get-ClusterGroup "available storage"| Get-ClusterResource).name = "CSV1"

#Configure the CSV
Get-ClusterResource -Name "CSV1"| Add-ClusterSharedVolume
Rename-Item -name C:\ClusterStorage\Volume1 -NewName C:\ClusterStorage\CSV1

Cluster Network Roles

In our example we did not need to change anything other than the cluster network’s name. This is because the excellent work the Windows Failover Clustering team has done on the cluster creation wizard. Automatically each cluster network will be configured with the correct cluster role and metric. These setting can be used to fine tune cluster network behavior, but in most cases are best left in default configuration.
We can use Get-ClusterNetwork to inspect the values for role and metric:
PS C:\> Get-ClusterNetwork -Cluster HVC0 | Format-Table Name, role, Metric, AutoMetric -AutoSize
Name Role Metric AutoMetric
—- —- —— ———-
Cluster1 1 30384 True
Cluster2 1 39841 True
iSCSI 0 79842 True
Management 3 79841 True

We will connect to the cluster network name using the role 3 network. The cluster networks are role 1 and will be used for cluster communications. iSCSI communication was detected on the storage network so it was created as a role 1 network, blocked for use by the cluster.

We will do a deep dive on cluster networks in another video.

Check out the other post in this series!

Building a Hyper-V Cluster – Configuring Networks – Part 2/5

PowerShell Commands

# New Network LBFO Team
$NICname = Get-NetAdapter | %{$_.name}
New-NetLbfoTeam -Name LBFOTeam –TeamMembers $NICname -TeamingMode SwitchIndependent -LoadBalancingAlgorithm HyperVPort -Confirm:$false
# Attach new VSwitch to LBFO team
New-VMSwitch -Name HVSwitch –NetAdapterName LBFOTeam –MinimumBandwidthMode Weight –AllowManagementOS $false

# Create vNICs on VSwitch for parent OS
# Management vNIC
Add-VMNetworkAdapter –ManagementOS –Name Management –SwitchName HVSwitch
Rename-NetAdapter -Name "vEthernet (Management)" -NewName Management
#In this lab we are using one vLAN, typically each subnet gets its own vlan
#Set-VMNetworkAdapterVlan –ManagementOS –VMNetworkAdapterName Management –Access –VlanId 10
New-NetIPAddress -InterfaceAlias Management -IPAddress 192.168.0.101 -PrefixLength 24 -DefaultGateway 192.168.0.1 -Confirm:$false
#New-NetIPAddress -InterfaceAlias Management -IPAddress 192.168.0.102 -PrefixLength 24 -DefaultGateway 192.168.0.1 -Confirm:$false
Set-DnsClientServerAddress -InterfaceAlias Management -ServerAddresses 192.168.0.211, 192.168.0.212

# Cluster1 vNIC
Add-VMNetworkAdapter –ManagementOS –Name Cluster1 –SwitchName HVSwitch
Rename-NetAdapter -Name "vEthernet (Cluster1)" -NewName Cluster1
#In this lab we are using one vLAN, typically each subnet gets its own vlan
#Set-VMNetworkAdapterVlan –ManagementOS –VMNetworkAdapterName Cluster1 –Access –VlanId 2
New-NetIPAddress -InterfaceAlias Cluster1 -IPAddress 10.0.2.20 -PrefixLength 24 -Confirm:$false
#New-NetIPAddress -InterfaceAlias Cluster1 -IPAddress 10.0.2.21 -PrefixLength 24 -Confirm:$false

# Cluster2 vNIC
Add-VMNetworkAdapter –ManagementOS –Name Cluster2 –SwitchName HVSwitch
Rename-NetAdapter -Name "vEthernet (Cluster2)" -NewName Cluster2
#In this lab we are using one vLAN, typically each subnet gets its own vlan
#Set-VMNetworkAdapterVlan –ManagementOS –VMNetworkAdapterName Cluster2 –Access –VlanId 3
New-NetIPAddress -InterfaceAlias Cluster2 -IPAddress 10.0.3.20 -PrefixLength 24 -Confirm:$false
#New-NetIPAddress -InterfaceAlias Cluster2 -IPAddress 10.0.3.21 -PrefixLength 24 -Confirm:$false

# iSCSI vNIC
Add-VMNetworkAdapter –ManagementOS –Name iSCSI –SwitchName HVSwitch
Rename-NetAdapter -Name "vEthernet (iSCSI)" -NewName iSCSI
#In this lab we are using one vLAN, typically each subnet gets its own vlan
#Set-VMNetworkAdapterVlan –ManagementOS –VMNetworkAdapterName iSCSI –Access –VlanId 1
New-NetIPAddress -InterfaceAlias iSCSI -IPAddress 10.0.1.20 -PrefixLength 24 -Confirm:$false
#New-NetIPAddress -InterfaceAlias iSCSI -IPAddress 10.0.1.21 -PrefixLength 24 -Confirm:$false

Cluster Network Roles

In the video we leverage PowerShell to deploy converged networking to our Hyper-V hosts.  We have 2 physical network adapters to work with, but need to implement all of the network roles in the table below so that we will be able to deploy a cluster per best practices.  To accomplish this we create a team and attach a virtual switch.  This vSwitch is shared with the host and the VMs.  The host is given 4 vNICs on the virtual switch to accommodate the various types of network traffic (Storage, Cluster1, Cluster2, Management).  The failover cluster creation process will automatically detect iSCSI traffic on our storage network and set it for no cluster access.  It will also detect the default gateway on the management interface and set that network for cluster use and client use.  This is the network where we will create our cluster network name when the cluster is formed.  The remaining two network are non routed and are used for internal cluster communication.  Cluster communications, CSV traffic and cluster heart beat will use BOTH of these networks equally. One of the networks will be used for live migration traffic. In 2012R2 we have the option of using SMB3 for Live Migration to force the cluster to use both Cluster Only networks if we prefer that to the default compression option.  In the video we don’t care which of the cluster networks is preferred for live migration, so we simply name our networks Cluster1 and Cluster2.

We break the traffic into 4 vNICs rather than just using one because this will help us to ensure network traffic is efficiently utilizing the hardware.  By default the management vNIC will be using VMQ. Because we created the LBFO team using Hyper-V Port the vNICs will be balanced across the physical NICs in the team.  Because the networks roles are broken out into separate vNICs, we can also later apply QoS policies at the vNIC level to ensure important traffic has first access to the network.

When using converged networks, the multiple vNICs provide the ability to fine tune the quality of service for each type of traffic, while the high availability is provided by the LBFO team they are created on. If we had unlimited physical adapters, we would create a team for the Management and a separate team for VM Access Networks. We would use two adapters configured with MPIO for our storage network.  The remaining two cluster network would each be configured on a single physical adapter as failover clustering will automatically fail cluster communication between cluster networks in the event of failures.  Given you number of available physical adapters, you may choose many different possible configurations.  In doing so keep the network traffic and access requirements outlined below in mind.

Network   access type
Cluster Role Purpose of the   network access type Network traffic   requirements Recommended   network access
Storage None Access   storage through iSCSI or Fibre Channel (Fibre Channel does not need a network   adapter). High   bandwidth and low latency. Usually,   dedicated and private access. Refer to your storage vendor for guidelines.
Virtual machine access N/A Workloads   running on virtual machines usually require external network connectivity to   service client requests. Varies Public   access which could be teamed for link aggregation or to fail over the   cluster.
Management Cluster   and Client Managing   the Hyper-V management operating system. This network is used by Hyper-V   Manager or System Center Virtual Machine Manager (VMM). Low   bandwidth Public   access, which could be teamed to fail over the cluster.
Cluster and Cluster Shared Volumes (Cluster 1) Cluster   Only Preferred network used by the cluster for   communications to maintain cluster health. Also, used by Cluster Shared   Volumes to send data between owner and non-owner nodes. If storage access is   interrupted, this network is used to access the Cluster Shared Volumes or to   maintain and back up the Cluster Shared Volumes. Transfer virtual machine   memory and state. The cluster should have access to more than one network for   communication to ensure the cluster is highly available. Usually   low bandwidth and low latency. Occasionally, high bandwidth. Private   access
Live migration (Cluster 2) Cluster   Only High   bandwidth and low latency during migrations. Private   access
Table adapted from Hyper-V: Live Migration Network Configuration Guide

Resources

Networking Overview for 2012/R2
NIC Teaming Overview 2012/R2
Windows PowerShell Cmdlets for Networking 2012/R2

Check out the other post in this series!