Monthly Archives: October 2012

“Demystifying” – Windows server 2012 Hyper-V 3.0 network virtualization – part III – (two hosts / two subnets)

2 Replies

In this part III I would like to show you how network virtualization works between two Hyper-V hosts in different subnet (in my example connected HV01 – Router (IPSec VPN) – WAN – WAN – Router (IPsec VPN) – HV02).

You can see how to do that by clicking on a link to video tutorial:
http://www.screencast.com/t/pRDC7Z4UKrg  – Hyper-V 3.0 – Network virtualization Part 4

* at 1:48 – I have already copy pasted that before – you should do it on both hosts
* at 2:04 – there is mistake as those parameters were already there so I removed them and resumed with video recording
* at 2:43 – I did not paste the second part to HV02 (I already did that in previous demo)
* at 3:59 – You will not see GRE traffic until you add Ethernet card to monitoring

In my environment I have two hyper-v hosts called HV01 (10.17.217.177 with gw 10.17.217.1 (router – that makes IPSec VPN)) and HV02 (10.17.218.177 with gw 10.17.218.1 (router – that makes IPSec VPN)).

So only Hyper-V hosts “see” each other over VPN (two different subnets).

I have used folowing powershell cmdlets:

First we need to enable ms_netwnv component on !PHYSICAL! nic – not on virtual switch NIC!
Run it on HV01 and HV02:

Enable-NetAdapterBinding “Ethernet” -ComponentID ms_netwnv

Now we create Lookup record and CustomerRoute (we use IP addresses of our virtual machines, their mac address and IP address of Hyper-V host) This is explained in my previous post.
Run it on HV01 and HV02:
New-NetVirtualizationLookupRecord -CustomerAddress “10.10.10.11” -ProviderAddress “10.17.217.177” -VirtualSubnetID “5001” -MACAddress “AAAAAAAAAA01” -Rule “TranslationMethodEncap”
New-NetVirtualizationLookupRecord -CustomerAddress “10.10.10.12” -ProviderAddress “10.17.218.177” -VirtualSubnetID “5001” -MACAddress “AAAAAAAAAA02” -Rule “TranslationMethodEncap”
New-NetVirtualizationCustomerRoute -RoutingDomainID “{11111111-2222-3333-4444-000000000000}” -VirtualSubnetID “5001” -DestinationPrefix “10.10.10.0/24” -NextHop “0.0.0.0” -Metric 255

Now only on HV01 you should configure provider address and provider route (this is how hosts will get connectivity to each other…):
New-NetVirtualizationProviderAddress -InterfaceIndex 12 -ProviderAddress “10.17.217.177” -PrefixLength 24
New-NetVirtualizationProviderRoute -InterfaceIndex 12 -DestinationPrefix “0.0.0.0/0” -NextHop “10.17.217.1”

The same thing on HV02:
New-NetVirtualizationProviderAddress -InterfaceIndex 12 -ProviderAddress “10.17.218.177” -PrefixLength 24
New-NetVirtualizationProviderRoute -InterfaceIndex 12 -DestinationPrefix “0.0.0.0/0” -NextHop “10.17.218.1”

At the end we need to add VirtualSubnetID parameter to our VM’s sitting on HV01 and on HV02

HV01 (Where Blue01 VM sits):
Get-VMNetworkAdapter -VMName Blue01 | where {$_.MacAddress -eq “AAAAAAAAAA01”} | Set-VMNetworkAdapter -VirtualSubnetID 5001

HV02 (Where Blue02 VN sits):
Get-VMNetworkAdapter -VMName Blue02 | where {$_.MacAddress -eq “AAAAAAAAAA02”} | Set-VMNetworkAdapter -VirtualSubnetID 5001

“Demystifying” Windows server 2012 Hyper-V 3.0 network virtualization – part II (two hosts / same subnet)

5 Replies

Today I was presenting @ bleedingedge.si conference… My session was about Windows server 2012 / Hyper-V 3.0 network virtualization.

 

I have recorded this sequence of commands so you can see the configuration and how it works:

http://www.screencast.com/t/wsDAKpKumlSm – Hyper-V 3.0 – Network virtualization Part 1

http://www.screencast.com/t/q3G9SViY6gId – Hyper-V 3.0 – Network virtualization Part 2

http://www.screencast.com/t/bxOznDklp – Hyper-V 3.0 – Network virtualization Part 3

 

In my demo environment I have:

Two Windows server 2012 with Hyper-V 3.0 role installed

HV01 / Only one network card so it is used by VMs and host (management) with IP 172.31.200.11
HV02 / Only one network card so it is used by VMs and host (management) with IP 172.31.200.12

On each host there are TWO virtual machines:

On HV01 there are:

– Blue01 (10.10.10.11 with STATIC MAC*address AAAAAAAAAA01)
– Red01 (10.10.10.21 with STATIC MAC*ddress CCCCCCCCCC01)

On HV02 there are:

– Blue02 (10.10.10.12 with STATIC MAC*address AAAAAAAAAA02)
– Red02 (10.10.10.22 with STATIC MAC*address CCCCCCCCCC02)

*You should DEFINE STATIC MAC on Virtual Machine network configuration – you must not use dynamicaly assigned MAC address (System center Virtual machine manager 2012 SP1 will do that for you automaticaly)

By defalt all machines are able to ping themselfs… We want to isolate Blue network so only Blue01 and Blue02 can ping each other and Red network so only Red01 and Red02 can ping each other.

First thing we need to do is to enable ms_netvm component on PHYSICAL NIC! (not on virtual switch created NIC!)
Enable-NetAdapterBinding “Ethernet” -ComponentID ms_netwnv

Second thing is that we need to create Lookup records on both Hyper-V servers. You should copy/paste this script on both hosts:
New-NetVirtualizationLookupRecord -CustomerAddress “10.10.10.11” -ProviderAddress “172.31.200.11” -VirtualSubnetID “5001” -MACAddress “AAAAAAAAAA01” -Rule “TranslationMethodEncap”
New-NetVirtualizationLookupRecord -CustomerAddress “10.10.10.12” -ProviderAddress “172.31.200.12” -VirtualSubnetID “5001” -MACAddress “AAAAAAAAAA02” -Rule “TranslationMethodEncap”

Then you need to create Costumer Route – on both Hyper-V hosts:
New-NetVirtualizationCustomerRoute -RoutingDomainID “{11111111-2222-3333-4444-000000005001}” -VirtualSubnetID “5001” -DestinationPrefix “10.10.10.0/24” -NextHop “0.0.0.0” -Metric 255

Then you need to add provider address to PHYSICAL NIC – you need to find out interface index by using get-netadapter!

In my example on HV01:
New-NetVirtualizationProviderAddress -InterfaceIndex 12 -ProviderAddress “172.31.200.11” -PrefixLength 24
New-NetVirtualizationProviderRoute -InterfaceIndex 12 -DestinationPrefix “0.0.0.0/0” -NextHop “172.31.200.1”

and on HV02:
New-NetVirtualizationProviderAddress -InterfaceIndex 12 -ProviderAddress “172.31.200.12” -PrefixLength 24
New-NetVirtualizationProviderRoute -InterfaceIndex 12 -DestinationPrefix “0.0.0.0/0” -NextHop “172.31.200.1”

When this is done we need to configure VirtualSubnetID on virtual machines:
On HV01 (where Blue01 vm is running) we should do:
Get-VMNetworkAdapter -VMName Blue01 | where {$_.MacAddress -eq “AAAAAAAAAA01”} | Set-VMNetworkAdapter -VirtualSubnetID 5001

and on HV02 (where Blue02 vm is running) we should do:
Get-VMNetworkAdapter -VMName Blue02 | where {$_.MacAddress -eq “AAAAAAAAAA02”} | Set-VMNetworkAdapter -VirtualSubnetID 5001

Now network virtualization will take place and Blue01 will only be able to ping Blue02 and vice-versa. Red01 and Red02 are outside this VitualSubnet. In video you can see network monitoring where you can detect GRE network between hosts.
In video I also do live migration so I move Blue02 machine from HV02 to HV01 so you can see that network virtualization is aware of live migration and moving machines between HV hosts in the same network or also cross premise… I will cover that in next part! 🙂

Let’s virtualise!