During my preparations for Windows server 2012 I was wondering if I can show to the attendees practical example of new multi-tenant feature that comes with Windows server 2012 – network virtualization that allows you to have multiple servers that use same ip subnet completely isolated. It is a common scenario in datacenters that we were solving by using VLANs that made configuration complex and sometimes chaotic 🙂
Microsoft provides two technologies to solve network virtualization in multi tenant cloud – IP rewrite and NVGRE solution.
You can read in detail what are the differences between two mechanisms. IP rewrite and NVGre
There are two cool examples on Technet that provide powershell scripts to do the job:
Simple Hyper-V Network Virtualization Demo
Simple Hyper-V Network Virtualization Script with Gateway
There are some “prerequisites” in your datacenter that should be meet.
Network virtualization is working only on “non vlaned virtual switches” so you need to have “untagged” connection between virtual switches on different hosts.
Virtual machine should be connected without vlan option in network card configuration.
I spent almost two hours to figure it out 🙂
So what have I used:
Two Windows server 2012 with Hyper-V and both domain joined.
I have created only one virtual switch – external – binded to a single physical NIC on both servers.
I have created two virtual machines on both servers (so four in total) named:
On host 1:
07 – Windows 2012 – network isolation blue01
08 – Windows 2012 – network isolation red01
On host 2:
07 – Windows 2012 – network isolation blue02
08 – Windows 2012 – network isolation red02
Then I run this two commands on both servers:
Disable-NetAdapterBinding “vEthernet (Microsoft Network Adapter Multiplexor Driver – Virtual Switch)” -ComponentID “ms_netwnv”
Enable-NetAdapterBinding “vEthernet (Microsoft Network Adapter Multiplexor Driver – Virtual Switch)” -ComponentID “ms_netwnv”
Then on host 1 I run this commands:
Configuration for Blue network:
New-NetVirtualizationLookupRecord -VirtualSubnetID “5001” -CustomerAddress “x.x.x.x” -ProviderAddress “y.y.y.y” -MACAddress “00155DE3F606” -Rule TranslationMethodEncap
New-NetVirtualizationCustomerRoute -RoutingDomainID “{11111111-2222-3333-4444-000000005001}” -VirtualSubnetID “5001” -DestinationPrefix “10.0.0.0/24” -NextHop “0.0.0.0” -Metric 255
Set-VMNetworkAdapter -VirtualSubnetId 5001 -VMName “07 – Windows 2012 – network isolation blue01”
x.x.x.x is internal IP in virtual machine
y.y.y.y is external IP that will be used to transport packets to other host (Hyper-V IP on “shared” virtual swtich)
Configuration for Red network:
New-NetVirtualizationLookupRecord -VirtualSubnetID “6001” -CustomerAddress “x.x.x.x” -ProviderAddress “y.y.y.y” -MACAddress “00155DE3F607” -Rule TranslationMethodEncap
New-NetVirtualizationCustomerRoute -RoutingDomainID “{11111111-2222-3333-4444-000000006001}” -VirtualSubnetID “6001” -DestinationPrefix “10.0.0.0/24” -NextHop “0.0.0.0” -Metric 255
Set-VMNetworkAdapter -VirtualSubnetId 6001 -VMName “08 – Windows 2012 – network isolation red01”
x.x.x.x is internal IP in virtual machine (if you want to see network virtualization in action you can use same internal IP as blue machine – this is multi tenancy 🙂 )
y.y.y.y is external IP that will be used to transport packets to other host (Hyper-V IP on “shared” virtual swtich) (it is the same as in blue network)
On host 2 I run these commands:
Configuration for Blue network:
New-NetVirtualizationLookupRecord -VirtualSubnetID “5001” -CustomerAddress “x.x.x.x” -ProviderAddress “z.z.z.z” -MACAddress “00155DE3F703” -Rule “TranslationMethodEncap”
New-NetVirtualizationCustomerRoute -RoutingDomainID “{11111111-2222-3333-4444-000000005001}” -VirtualSubnetID “5001” -DestinationPrefix “10.0.0.0/24” -NextHop “0.0.0.0” -Metric 255
Set-VMNetworkAdapter -VirtualSubnetId 5001 -VMName “07 – Windows 2012 – network isolation blue02”
x.x.x.x is internal IP in virtual machine (in the same subnet as IPs on virtual machines on host 1 (if you want to see network virtualization in action you can use same internal IP as blue machine – this is multi tenancy 🙂 )
z.z.z.z is external IP that will be used to transport packets to other host (Hyper-V IP on “shared” virtual swtich)
Configuration for Red network:
New-NetVirtualizationLookupRecord -VirtualSubnetID “6001” -CustomerAddress “x.x.x.x” -ProviderAddress “z.z.z.z” -MACAddress “00155DE3F704” -Rule “TranslationMethodEncap”
New-NetVirtualizationCustomerRoute -RoutingDomainID “{11111111-2222-3333-4444-000000006001}” -VirtualSubnetID “6001” -DestinationPrefix “10.0.0.0/24” -NextHop “0.0.0.0” -Metric 255
Set-VMNetworkAdapter -VirtualSubnetId 6001 -VMName “08 – Windows 2012 – network isolation red02”
x.x.x.x is internal IP in virtual machine (in the same subnet as IPs on virtual machines on host 1 (if you want to see network virtualization in action you can use same internal IP as blue machine – this is multi tenancy 🙂 )
z.z.z.z is external IP that will be used to transport packets to other host (Hyper-V IP on “shared” virtual swtich) (it is the same as in blue network)
It should start ping the machine on the other host… Remeber – this parameters “live migrate” with machine – so you can freely move the machine around your environment without thinking about what will happen to your network configuration! Great feature!
Example of configuration – blue01 (in background you see that machine is pinging other machine (blue02)
Config example: Blue02
In this screenshoot you can see machines migrated to a single host but still isolated the Powershell command will give you overview of VirtualSubnetID configuration:
Get-VM | Get-VMNetworkAdapter | fl VMName,VirtualSubnetID
Luka Manojlovic 