During my preparations for Windows server 2012 I was wondering if I can show to the attendees practical example of new multi-tenant feature that comes with Windows server 2012 – network virtualization that allows you to have multiple servers that use same ip subnet completely isolated. It is a common scenario in datacenters that we were solving by using VLANs that made configuration complex and sometimes chaotic 🙂
Microsoft provides two technologies to solve network virtualization in multi tenant cloud – IP rewrite and NVGRE solution.
You can read in detail what are the differences between two mechanisms. IP rewrite and NVGre
There are two cool examples on Technet that provide powershell scripts to do the job:
Simple Hyper-V Network Virtualization Demo
Simple Hyper-V Network Virtualization Script with Gateway
There are some “prerequisites” in your datacenter that should be meet.
Network virtualization is working only on “non vlaned virtual switches” so you need to have “untagged” connection between virtual switches on different hosts.
Virtual machine should be connected without vlan option in network card configuration.
I spent almost two hours to figure it out 🙂
So what have I used:
Two Windows server 2012 with Hyper-V and both domain joined.
I have created only one virtual switch – external – binded to a single physical NIC on both servers.
I have created two virtual machines on both servers (so four in total) named:
On host 1:
07 – Windows 2012 – network isolation blue01
08 – Windows 2012 – network isolation red01
On host 2:
07 – Windows 2012 – network isolation blue02
08 – Windows 2012 – network isolation red02
Then I run this two commands on both servers:
Disable-NetAdapterBinding “vEthernet (Microsoft Network Adapter Multiplexor Driver – Virtual Switch)” -ComponentID “ms_netwnv”
Enable-NetAdapterBinding “vEthernet (Microsoft Network Adapter Multiplexor Driver – Virtual Switch)” -ComponentID “ms_netwnv”
Then on host 1 I run this commands:
Configuration for Blue network:
New-NetVirtualizationLookupRecord -VirtualSubnetID “5001” -CustomerAddress “x.x.x.x” -ProviderAddress “y.y.y.y” -MACAddress “00155DE3F606” -Rule TranslationMethodEncap
New-NetVirtualizationCustomerRoute -RoutingDomainID “{11111111-2222-3333-4444-000000005001}” -VirtualSubnetID “5001” -DestinationPrefix “10.0.0.0/24” -NextHop “0.0.0.0” -Metric 255
Set-VMNetworkAdapter -VirtualSubnetId 5001 -VMName “07 – Windows 2012 – network isolation blue01”
x.x.x.x is internal IP in virtual machine
y.y.y.y is external IP that will be used to transport packets to other host (Hyper-V IP on “shared” virtual swtich)
Configuration for Red network:
New-NetVirtualizationLookupRecord -VirtualSubnetID “6001” -CustomerAddress “x.x.x.x” -ProviderAddress “y.y.y.y” -MACAddress “00155DE3F607” -Rule TranslationMethodEncap
New-NetVirtualizationCustomerRoute -RoutingDomainID “{11111111-2222-3333-4444-000000006001}” -VirtualSubnetID “6001” -DestinationPrefix “10.0.0.0/24” -NextHop “0.0.0.0” -Metric 255
Set-VMNetworkAdapter -VirtualSubnetId 6001 -VMName “08 – Windows 2012 – network isolation red01”
x.x.x.x is internal IP in virtual machine (if you want to see network virtualization in action you can use same internal IP as blue machine – this is multi tenancy 🙂 )
y.y.y.y is external IP that will be used to transport packets to other host (Hyper-V IP on “shared” virtual swtich) (it is the same as in blue network)
On host 2 I run these commands:
Configuration for Blue network:
New-NetVirtualizationLookupRecord -VirtualSubnetID “5001” -CustomerAddress “x.x.x.x” -ProviderAddress “z.z.z.z” -MACAddress “00155DE3F703” -Rule “TranslationMethodEncap”
New-NetVirtualizationCustomerRoute -RoutingDomainID “{11111111-2222-3333-4444-000000005001}” -VirtualSubnetID “5001” -DestinationPrefix “10.0.0.0/24” -NextHop “0.0.0.0” -Metric 255
Set-VMNetworkAdapter -VirtualSubnetId 5001 -VMName “07 – Windows 2012 – network isolation blue02”
x.x.x.x is internal IP in virtual machine (in the same subnet as IPs on virtual machines on host 1 (if you want to see network virtualization in action you can use same internal IP as blue machine – this is multi tenancy 🙂 )
z.z.z.z is external IP that will be used to transport packets to other host (Hyper-V IP on “shared” virtual swtich)
Configuration for Red network:
New-NetVirtualizationLookupRecord -VirtualSubnetID “6001” -CustomerAddress “x.x.x.x” -ProviderAddress “z.z.z.z” -MACAddress “00155DE3F704” -Rule “TranslationMethodEncap”
New-NetVirtualizationCustomerRoute -RoutingDomainID “{11111111-2222-3333-4444-000000006001}” -VirtualSubnetID “6001” -DestinationPrefix “10.0.0.0/24” -NextHop “0.0.0.0” -Metric 255
Set-VMNetworkAdapter -VirtualSubnetId 6001 -VMName “08 – Windows 2012 – network isolation red02”
x.x.x.x is internal IP in virtual machine (in the same subnet as IPs on virtual machines on host 1 (if you want to see network virtualization in action you can use same internal IP as blue machine – this is multi tenancy 🙂 )
z.z.z.z is external IP that will be used to transport packets to other host (Hyper-V IP on “shared” virtual swtich) (it is the same as in blue network)
It should start ping the machine on the other host… Remeber – this parameters “live migrate” with machine – so you can freely move the machine around your environment without thinking about what will happen to your network configuration! Great feature!
Example of configuration – blue01 (in background you see that machine is pinging other machine (blue02)
Config example: Blue02
In this screenshoot you can see machines migrated to a single host but still isolated the Powershell command will give you overview of VirtualSubnetID configuration:
Get-VM | Get-VMNetworkAdapter | fl VMName,VirtualSubnetID
Luka Manojlovic 
Fantastic blog post Luka!
LikeLike
Fantastic …. Simple and smart demo…. I was infact looking for an appropriate Network virtualization demo to on stage for it pro audience.
Thanks a ton…
LikeLike
Hello Luka,
Thank you very much for your posts!!!
Would you be so kind to answer the following questions?
You mentioned: “I have created only one virtual switch – external – binded to a single physical NIC on both servers.” Is it absolute necessity to have VMs attached to the External Virtual network and why?
By any chance is there a way to use “Internal Network” virtual switch?
Thank you for your help, in advance!
LikeLike
Yes, Mike you can use internal and private also… It works on them too…
LikeLike
Thank you for your reply, Luka!
I tried making it step by step following your swf videos, but it did not work at the end. In the process I was getting the same output in the PowerShell as you’ve got though.
Also, I’ve got another reply from http://itproctology.blogspot.ca/2012/08/my-windows-network-virtualization-demo.html. Brian states that “By definition and by the design of how the feature works, it must be an External Virtual Switch.
The WNV filter is actually bound to the physical NIC, between the physical NIC and the Virtual Switch.
This is why if you add just the virtual subnet ID to the vNIC you get the internal virtual switch behavior of creating a VLAN that is local to the virtual switch.”
May be you would be so kind to make a post on the diagnostic of the virtual network deployment?
For instance, after configuring all according to your and Gallery Technet PowerShell instructions, but using internal switch, I am not getting any results on either of the Hyper-V hosts for
(1) Get-NetVirtualizationLookupRecord
(2) Get-NetVirtualizationCustomerRoute
(3) Get-NetVirtualizationProviderAddress
I am getting only result for:
(4) Get-VM | Get-VMNetworkAdapter | fl VMName,VirtualSubnetID
with the expected output.
Is it supposed to be any output from Command 1 through 3? At the same time, when I configured Subnet Locator and Route records on each Hyper-V Host I received the proper output as:
PS C:> New-NetVirtualizationLookupRecord -CustomerAddress “10.10.20.20” -ProviderAddress “192.168.69.30” -VirtualSubnetID “6001” -MACAddress “060600000005” -Rule “TranslationMethodEncap”
CustomerAddress : 10.10.20.20
VirtualSubnetID : 6001
MACAddress : 060600000005
ProviderAddress : 192.168.69.30
CustomerID : {00000000-0000-0000-0000-000000000000}
Context :
Rule : TranslationMethodEncap
VMName :
UseVmMACAddress : False
PS C:> New-NetVirtualizationLookupRecord -CustomerAddress “10.10.20.21” -ProviderAddress “192.168.69.28” -VirtualSubnetID “6001” -MACAddress “060600000007” -Rule “TranslationMethodEncap”
CustomerAddress : 10.10.20.21
VirtualSubnetID : 6001
MACAddress : 060600000007
ProviderAddress : 192.168.69.28
CustomerID : {00000000-0000-0000-0000-000000000000}
Context :
Rule : TranslationMethodEncap
VMName :
UseVmMACAddress : False
PS C:> New-NetVirtualizationCustomerRoute -RoutingDomainID “{11111111-2222-3333-4444-000000006001}” -VirtualSubnetID “6001” -DestinationPrefix “10.10.20.0/24” -NextHop “0.0.0.0” -Metric 255
PS C:> New-NetVirtualizationProviderAddress -InterfaceIndex $NIC.InterfaceIndex -ProviderAddress “192.168.69.30” -PrefixLength 24
ProviderAddress : 192.168.69.30
InterfaceIndex : 12
PrefixLength : 24
VlanID : 0
AddressState : Preferred
PS C:> New-NetVirtualizationProviderRoute -InterfaceIndex $NIC.InterfaceIndex -DestinationPrefix “0 .0.0.0/0” -NextHop “192.168.69.1”
InterfaceIndex : 12
DestinationPrefix : 0.0.0.0/0
NextHop : 192.168.69.1
Metric : 0
Thank you very much for your time and attention in advance!
LikeLike
Wow, what a complete trainwreck this is. Still can’t get my 2012 Hyper-V to allow a simple ping from a 192.168.1.0/24 network to my VLAN 10 10.1.1.0/24 network from the VM Host itself with a simple ping command. The server/VM and this virtual nonsense blocks it by default, and I cannot find a simple way to allow a ping to leave the host itself, go over the wire to the default gateway and route as it should. Ridiculous. Any help appreciate. Basic networking here, but Hyper-V has created a road block out of the box.
LikeLike