Microsoft Official

Course

Module 4

Creating and Configuring

Virtual Machine Networks

Module Overview
Creating and Using Hyper-V Virtual Switches
Advanced Hyper-V Networking Features
Configuring and Using Hyper-V Network

Virtualization

Lesson 1: Creating and Using Hyper-V

Virtual Switches
Overview of the Hyper-V Virtual Switch
Types of Virtual Switches
Demonstration: Using Virtual Switch Manager
What Is VLAN Tagging?
Demonstration: Configuring and Using VLANs
Ethernet Resource Pool

Overview of the Hyper-V Virtual Switch

Software-implemented layer two switch
Connects virtual machines to virtual and
physical networks

Parent partition is also a virtual machine

Extensible, has advanced features, can be

replaced

Policy enforcement, isolation, traffic shaping,

protection

Managed by Hyper-V Manager and

Windows PowerShell
Get-VMSwitch

Parent partition can have multiple virtual

NICs
Can be connected to different virtual switches

Overview of the Hyper-V Virtual Switch

Overview of the Hyper-V Virtual Switch

Overview of the Hyper-V Virtual Switch

Types of Virtual Switches

Parent has physical network adapters
Each virtual machine (and parent) has virtual
network adapters
Each virtual network adapter is connected to a
virtual switch

Types of virtual switches:

External connects to a physical or wireless
adapter
Internal parent and virtual machine
connections only
Private virtual machine connections only

Configuration
Use Virtual Switch Manager to create virtual
switches
Use virtual machine settings to connect a virtual

Types of Virtual Switches

Private

Virtual
machine

Parent
App

App

Virtual
machine
App

Parent
App

Internal

Virtual
machine
App

Virtual
machine

Parent
App

Virtual
machine
Virtual
App
machine

NAT

App

App

External

Virtual
machine

Parent
- Physical network adapter
- Virtual network adapter
- Virtual switch

App
IP

App
IP

Virtual
machine
App
IP

No IP

Types of Virtual Switches

Types of Virtual Switches

Types of Virtual Switches

Types of Virtual Switches

Types of Virtual Switches

Types of Virtual Switches

Types of Virtual Switches

Demonstration: Using Virtual Switch

Manager
In this demonstration you will see how to:
Use Virtual Switch Manager for configuring
virtual switches
Connect virtual machines to virtual switches

What Is VLAN Tagging?

Used to isolate network traffic for nodes that are

connected to the same physical network

VLANs are used by Hyper-V to
Isolate Hyper-V server management networks
Isolate virtual machines that are connected to
external virtual switches
Isolate virtual machines on a single Hyper-V server

VLAN ID can be configured on:

Virtual machine network adapter

External and Internal virtual switch

VLAN is limited to a single physical subnet:

VLAN ID has 12 bits (up to 4,094 VLAN IDs)

Demonstration: Configuring and Using

VLANs
In this demonstration, you will see how to
configure and use VLANs on the Hyper-V
virtualization platform

Ethernet Resource Pool

Virtual machine connects to virtual switch port

to gain network connectivity
Virtual switch is configured on a Hyper-V host
Can be an issue when migrating a virtual machine to a
different Hyper-V

Ethernet resource pool allows a virtual machine

to connect to one or more virtual switches in a
pool
Virtual switch is placed in the default Primordial pool
Created in Windows PowerShell

New-VMResourcePool cmdlet
Configured in Hyper-V Manager on Windows PowerShell

Is part of the virtual machine configuration

Enables automatic reconnection when virtual machine is

migrated

Ethernet Resource Pool

Ethernet Resource Pool

Ethernet Resource Pool

Lab A: Creating and Using Hyper-V Virtual

Switches
Exercise 1: Creating and Using Windows

Server 2012 R2 Hyper-V Virtual Switches

Logon Information
Virtual machines:
20409B-LON-HOST1
20409B-LON-HOST2
20409B-LON-DC1
20409B-LON-PROD1
20409B-LON-PROD2
20409B-LON-TEST1
20409B-LON-TEST2
User name:
Adatum\Administrator
Password:
Pa$$w0rd

Estimated Time: 20 minutes

Lab Scenario
A. Datum Corporation has implemented the
Hyper-V virtualization platform in one of
their subsidiaries. You have created several
test virtual machines and familiarized
yourself with many of the configuration
options. The next step is to implement and
test network connectivity for the virtual
machines. You have been asked to verify
current Hyper-V networking, and explore the
differences between various Hyper-V virtual
switch types.

Lab Review
Can you connect a virtual machine that is

running on Hyper-V to an external Hyper-V

virtual switch that you created on a
different Hyper-V host?

Lesson 2: Advanced Hyper-V Networking

Features
Virtual Switch Expanded Functionality
Virtual Switch Extensibility
What Is SR-IOV?
What Is Dynamic Virtual Machine Queue?
Network Adapter Advanced Features
NIC Teaming in Virtual Machines
Demonstration: Configuring Network

Adapter Advanced Features

Virtual Switch Expanded Functionality

ARP/Neighbor Discovery Poisoning

protection

Protects against ARP and Neighbor Discovery

spoofing

Router Guard
DHCP Guard protection

Protects against rogue DHCP server in virtual

machine

Port ACLs
Enables isolation by allowing/denying traffic
Trunk mode to a virtual machine

Trunk mode forwards traffic from multiple VLANs

Network traffic monitoring

Virtual Switch Extensibility

Extensible

Virtual
Virtual
machine
machine
NDIS filter drivers
NIC

WFP callout
drivers

Extensions
Ingress
Forwarding
Egress
Monitoring

Virtual switch

can be replaced

Parent
partition
Host NIC
Virtual
Virtual
machine
machine
NIC

Hyper-V virtual switch

Extension protocol
Capture extensions
WFP extensions
Filtering extensions
Forwarding extension
Extension miniport

Physical NIC

What Is SR-IOV?
Requires support in the network adapter
Provides Direct Memory Access to virtual
machines

Increases network throughput

Reduces network latency
Reduces CPU overhead on the Hyper-V server
Virtual machine
Virtual machine bypassesParent
virtual
switch
partition

Supports
Live
Migration Virtual switch
Even when
different
SR-IOV adapters are
used

Routing
VLAN Filtering

Virtual NIC
VMBUS

Virtual
Function
Physical
NIC Physical NIC
SR-IOV

NetworkI/O
I/Owithout
with SR-IOV
Network
SR-

What Is Dynamic Virtual Machine Queue?

Network adapter uses receive queues to

route traffic to the appropriate virtual

machine
Physical network adapter must support VMQ
Dynamically use multiple CPUs when processing
virtual machine network traffic
DMA reduces CPU overhead on Hyper-V server
Beneficial when virtual machines receive heavy
network traffic

VMQ is automatically configured and tuned

Based on processor networking and CPU load
VMQ is enabled by default on a virtual network
adapter

Network Adapter Advanced Features

Same features
available for all
virtual network
adapters
Features are
implemented in
Hyper-V virtual
switch

NIC Teaming in Virtual Machines

Provides redundancy and aggregates bandwidth
Can be used at the operating system and virtual

machine level

Multiple physical network adapters in an NIC team

If a physical adapter fails, virtual switch has connectivity

Multiple virtual network adapters in an NIC team

If a virtual switch fails, virtual machine has connectivity

Particularly important when SR-IOV is used

SR-IOV traffic bypasses the virtual switch

Intended and optimized to support teaming of SR-IOV

May be used with any virtual network interface

Virtual machine must have multiple network

adapters

Connected to different virtual switches

Demonstration: Configuring Network

Adapter Advanced Features
In this demonstration, you will see how to
configure advanced Hyper-V virtual switch
features, such as bandwidth management
and DHCP guard

Lab B: Creating and Using Advanced

Virtual Switch Features
Exercise 1: Configuring and Using Advanced

Virtual Switch Features

Logon Information
Virtual machines:
20409B-LON-HOST1
20409B-LON-HOST2
20409B-LON-DC1
20409B-LON-PROD1
20409B-LON-PROD2
20409B-LON-TEST1
20409B-LON-TEST2
User name:
Adatum\Administrator
Password:
Pa$$w0rd

Estimated Time: 20 minutes

Lab Scenario
IT management has identified several cases
of client computers obtaining network
settings from unauthorized DHCP servers.
You have been asked to demonstrate how
Hyper-V can prevent rogue DHCP servers
from providing network settings. You also
need to demonstrate some of the advanced
virtual switch settings, and demonstrate how
to limit bandwidth that virtual machines can
use.

Lab Review
Can you change an internal virtual switch to

an external virtual switch?

Lesson 3: Configuring and Using Hyper-V

Network Virtualization
Providing Multitenant Network Isolation
What Is Network Virtualization?
Benefits of Network Virtualization
What Is Network Virtualization Generic
Routing Encapsulation?
What Are Network Virtualization Policies?
Demonstration: Configuring Network

Virtualization

Providing Multitenant Network Isolation

Multiple isolated networks on the same

infrastructure

VLANs are often used

Limited scalability (maximum of 4,094 VLANs)
VLANs cannot span multiple subnets
Challenging to reconfigure when adding or
Switch
Switch
moving virtual
machine
VLAN ID

Virtual machines

Providing Multitenant Network Isolation

Private VLANs
Addresses some VLAN scalability issues
Reduces the number of IP subnets and VLANs
Virtual switch can limit virtual machines to the
same VLAN

Port ACLs
Challenging to manage and update ACLs

Hyper-V virtual switch supports private VLANs

and port ACLs
Software Defined Networking
Network virtualization is an implementation of
Software Defined Networking
Hyper-V enables network virtualization

What Is Network Virtualization?

Test virtual
machine

Production
virtual
machine

Physical
server

Server virtualization

Multiple virtual
machines on the
same physical server
Each virtual machine
is isolated from

Test network

Production networ

Physica
l
networ
k

Network virtualization

Multiple virtual
networks on a same
physical network
Each virtual network is
isolated from others

Benefits of Network Virtualization

Flexible virtual machine placement
Multitenant network isolation without VLANs
IP address reuse
Live migration across subnets
Is compatible with existing network

infrastructure
Transparent moving of virtual machines to a
shared IaaS cloud
Can be configured using Windows
PowerShell

Can also use VMM

What Is Network Virtualization Generic

Routing Encapsulation?
192.168.2.22192.168.
5.55

GRE
Key=5001

MAC 10.1.1.1110.1.1.12

192.168.2.22192.168.
5.55

GRE
Key=6001

MAC 10.1.1.1110.1.1.12

192.168.2.22
(Provider address)

192.168.5.55
192.168.5.55
(Provider
address)
10.1.1.12
(Customer
address)

10.1.1.11
(Customer
address)

10.1.1.11
(Customer
address)

10.1.1.12
(Customer
address)

10.1.1.11

10.1.1.11

10.1.1.12

10.1.1.12

10.1.1.1110.1.1
.12

10.1.1.1110.1.1
.12

10.1.1.1110.1.1
.12

10.1.1.1110.1.1
.12

Customer address space based on virtual machine

configuration
Provider address space based on physical network

What Are Network Virtualization Policies?

Define customer address-provider address mappings
Specify on which Hyper-V server virtual machines are running
Hyper-V implements policies by translating incoming and
outgoing packets
If a virtual machine is moved, policies are modified
Virtual machine configuration stays the same
Blue Yonder
Airlines
SQ
L

10.1.1.
1

WE
B

10.1.1.
2

Woodgrove
Bank
SQ
L

10.1.1.
1

WE
B

10.1.1.
2

Provider address
space

Policy settings
Blue Yonder
Airlines
Customer
Address

Provider
Address

10.1.1.1

192.168.1.
10

10.1.1.2

192.168.1.

Woodgrove
12
Bank

Customer
Address

Provider
Address

10.1.1.1

192.168.1.
10

10.1.1.2

192.168.1.

Data Center
Network
192.168.1.
10
Hyper-V host 1

192.168.1.
12
Hyper-V host 2

SQL

SQL

WE
B

WE
B

10.1.1.
1

10.1.1.
1

10.1.1.
2

10.1.1.
2

Customer address
spaces

Demonstration: Configuring Network

Virtualization
In this demonstration, you will see how to
configure network virtualization

Lab C: Configuring and Testing Hyper-V

Network Virtualization
Exercise 1: Configuring Hyper-V Network

Virtualization
Logon Information
Virtual machines:
20409B-LON-HOST1
20409B-LON-HOST2
20409B-LON-DC1
20409B-LON-PROD1
20409B-LON-PROD2
20409B-LON-TEST1
20409B-LON-TEST2
User name:
Adatum\Administrator
Password:
Pa$$w0rd

Estimated Time: 20 minutes

Lab Scenario
You have been asked to demonstrate how
you can use network virtualization to
separate test and preproduction
environments that are using the same
network infrastructure. IT management
would like to ensure that the servers in
both environments can use the same IP
addresses, and can communicate with
other servers that are part of the same
environment.

Lab Review
Can you add virtual network adapters to the
parent partition by using Hyper-V Manager?
Is DHCP guard enabled by default? Where
can you change this setting, and why would
you use it?
Is there a better way to configure network

virtualization other than using Windows

PowerShell?

Module Review and Takeaways

Review Questions