Documentos de Académico
Documentos de Profesional
Documentos de Cultura
White Paper
Published: June 2009
For the latest information, please visit:
http://www.microsoft.com/windowsserver2008/en/us/hyperv.aspx
Contents
Introduction .................................................................................................................................2
Vocabulary..............................................................................................................................2
Virtual Networking.......................................................................................................................4
Hyper-V Virtual Network Manager..........................................................................................4
Virtual Network .......................................................................................................................5
Private Virtual Network ...........................................................................................................5
Internal Virtual Network ..........................................................................................................6
External Virtual Network .........................................................................................................7
Summary ................................................................................................................................8
Virtual Network Adapters........................................................................................................9
Virtual Legacy Network Adapter ....................................................................................... 10
Virtual High Speed Network Adapter................................................................................ 10
Virtual LAN Identification .................................................................................................. 11
SCVMM Preferred Location and Tag .................................................................................. 14
Vocabulary
The following list defines the vocabulary and acronyms in Hyper-V:
x APIC: Advanced Programmable Interrupt Controller is a device which allows priority
levels to be assigned to its interrupt outputs.
x Hypercall: The Hypercall is the interface for communication with the hypervisor.. Guests
communicate with the hypervisor via Hypercalls.
x Management Operating System (OS): Manages machine-level functions such as
device drivers, power management, and device hot addition/removal. The management
OS is the only OS that has direct access to physical memory and devices.
x Guest Operating System (OS): A virtual machine that hosts a guest operating system -
All access to physical memory and devices by Guest OS is provided via the Virtual
Machine Bus (VMBus) or the hypervisor.
x IC: Integration component s allow guest OSs to communication with the hypervisor and
management OS more effectively.
x Legacy Device: A virtualized device that mimics an actual physical hardware device so
that guests can use the typical drivers for that hardware device.
x Synthetic (High Speed) Device: A virtualized device not attached to physical hardware
so that guests need a driver (virtualization service client) to that high speed Bus. The
driver uses the VMBus to communicate with the Hypervisor.
x Physical Hard Disk: A physical disk in the physical machine can be used by virtual
machines directly.
x Enlightenment: An improvement to a guest OS to make it aware of VM environments
and increases overall performance.
The physical network adapter is then bound to the virtual switch and allows both virtual
machines and the management OS to connect to the physical (i.e. external) network. The
diagram below provides a visual representation of an external virtual network.
Summary
In conclusion, when selecting a virtual network switch, consider the following.
x Private: Virtual machines connected to this type of network can communicate among
themselves. The management OS has no network connectivity with the virtual machines.
x Internal: Virtual machines connected to this type of network can communicate among
themselves and the management OS. There is no connectivity with the physical network.
x External: An external virtual network binds to miniports which may exist in the form of
multiple miniports for a single physical NIC, a single miniport representing multiple
physical NICs, or a single miniport representing a single physical NIC, allowing both
virtual machines and the management OS to access the physical network.
NOTES:
Each virtual machine can have a total of 12 virtual network adapters. Eight network adapters may be
high-speed adapters and four network adapters may be legacy adapters.
A legacy network adapter emulates a physical network adapter (multiport DEC 21140) and
hence works without installing a virtual machine driver because the driver is already available
on most operating systems. A legacy network adapter also supports network-based
installations because it includes the ability to boot to the Pre-Boot Execution Environment
(PXE).
Notes:
x The 64-bit edition of Windows Server 2003 and the Windows XP Professional x64 Edition
do not include a driver for the legacy network card.
x If the guest operating system does not support the installation of integration services, it
will require the use of a legacy network adapter.
x After using a legacy adapter to perform a network install with PXE, switching the
networking to a network adapter for performance reasons is recommended. If the guest
operating system supports integration services, switching the guest operating system to a
network adapter after the installation has been completed is recommended.
This device is designed to work with virtualization and is optimized for that environment,
making its performance better than with legacy devices. To use a network adapter in a guest
operating system, integration services must be installed.
Virtual LAN Identification specifies an identification number (VLAN ID) that can be used to
isolate network traffic from the operating system running on the management OS or other
guest operating systems sharing the same virtual switch. A physical network adapter must
support a virtual LAN configuration; no configuration on the physical network driver side
should be required. In particular, setting a VLAN ID in the physical adapter should not be
required.
A VLAN ID is a number that uniquely identifies a virtually segmented network. A network card
configured with that VLAN ID is identified as belonging to a particular VLAN.
The VLAN ID is encapsulated within the Ethernet frame, which is how multiple VMs using the
same physical NIC can communicate simultaneously on different VLANs.
The diagram below illustrates using a single physical NIC in the host that is connected to an
802.1q trunk on the physical network carrying three VLANs (5/10/20). The design objectives
in this example are as follows.
x An 802.1q trunk carrying three VLANs (5/10/20) is connected to a physical adapter in the
host.
x A single virtual switch is created and bound to the physical adapter.
x The VLAN ID of the virtual NIC in the management OS is set to 5, allowing the virtual NIC
in the management OS to communicate on VLAN 5.
x The VLAN ID of the virtual NIC in Guest OS 1 is set to 10, allowing the virtual NIC to
communicate on VLAN 10.
x The VLAN ID of the virtual NIC in Guest OS 2 is set to 20, allowing the virtual NIC to
communicate on VLAN 20.
Customer Scenarios
The following is a list of possible scenarios that your organization might be facing.
1. New to Windows Server 2008 R2 Hyper-V and would like to evaluate how Live Migration
works and would like to use my existing hardware before investing in recommended
hardware configuration.
2. A Hyper-V infrastructure has been invested into the enterprise and needs to deploy
Windows Server 2008 R2 Hyper-V to take advantage of Live Migration and enable
maintenance host without downtime, dynamic server utilization, load balancing of server
and effective power management scenarios.
3. Planning on deploying Windows Server 2008 R2 Hyper-V in production environment and
would like to understand network configuration requirements before purchasing necessary
equipment for optimal performance.
When a VM is initial started for the first time Hyper-V will assign the next available MAC
address from the pool of MAC addresses given to Hyper-V. All virtual network adapters and
virtual network switches will receive a MAC address from Hyper-V. By default there are only
256 MAC addresses available under the dynamic address pool.
Once a dynamic MAC address has been assigned the VM will continue to use this MAC
address unless the VM is deleted.
Notes:
For more information to automate this process using a script or PowerShell please see the WMI
documentation for msvm_virtualswitchmanagementservice and CreateInternalEthernetPort method at
http://msdn.microsoft.com/en-us/library/cc136938(VS.85).aspx.
Virtual Network
When installing the Hyper-V role on Windows Server 2008, a virtual network for each physical
adapter installed on the host can be created. For this white paper, this remains unchecked,
and the installation of Hyper-V is finished. After Hyper-V has been installed, a more in-depth
look at networking will be provided.
NOTES:
If two internal (or private) virtual networks are created in Hyper-V and two virtual machines are created
on separate IP subnets, they cannot communicate with each other. The virtual switch operates at layer
two of the ISO/OSI Network Model. To achieve routing at higher levels, a router must be used, the same
as would occur in a physical environment. ISA 2006 or RRAS can also be used to achieve this
functionality.
Setup Details
When installing the Hyper-V roles on Windows Server 2008, the option exists to select which
physical network adapter on the management OS will be used by Hyper-V as virtual external
network switches. This option is not available when installing Hyper-V on Server Core, and
needs to be configured via the Virtual Network Manager. It is recommended that the physical
machine have a minimum of two physical network adapters, one for management and the
second dedicated to virtual machines.
In this scenario, the physical server has four network adapters and storage is not iSCSI; it
may be directly attached, SAS, or Fiber Channel. The first physical network adapter is left
unchecked and assigned to the management OS for management. The remaining three
physical network adapters are checked and assigned to virtual switches for virtual machine
networking.
In this scenario, the physical server has four network adapters and iSCSI storage. The first
physical network adapter is left unchecked and is assigned to the management OS for
management. The second network adapter also remains unchecked for iSCSI. The remaining
two physical network adapters are checked, assigning them to virtual switches for virtual
machine networking. This allows the physical server to maintain the relationship between
itself and the iSCSI target when used as storage for virtual machines.
It is a recommended best practice that the network adapter dedicated to iSCSI is on either
another network or a subnet than the network adapter for the management network adapter.
Physical Machine Network Communication with External Physical Machine and Virtual
Network
Assume that the Ping command is run from the physical machine running Hyper-V. Ping
sends an IP packet to its destinationin this case the other physical machineand waits for a
response. The following are the detailed steps that this packet takes in the above illustration.
x Ping uses the Windows networking stack to determine where the IP protocol is bound.
The only choice in this scenario is the virtual NIC.
x The IP packet is then sent down to the networking stack bound to the virtual NIC.
x The virtual NIC acts like a physical NIC and places the packet on the virtual wire to the
virtual networking switch.
x The packet reaches the virtual switch port.
x The virtual network switch does what a physical switch would do and routes the packet to
its destination, in this case the external virtual port on the virtual switch.
x This switch knows about the Microsoft Virtual Network Switch Protocol and places the
packet onto the physical NIC.
x The packet is then placed onto the physical network with its destination as the other
server.
x Once the packet reaches the destination, it follows the same path in reverse.
A second adapter in the management OS can cause connectivity issues, such as:
x Multiple DNS entries, delayed or incomplete NetBIOS resolution, and routing confusion;
In this scenario, two virtual machines (Guest OSs) are shown on the host and they
communicate with each other via a private virtual network. The image below illustrates the
virtual network topology.
On the management OS, all of the TCP/IP bindings are still enabled because an internal or
external virtual network has not yet been created.
The NYC-DC-01 virtual machine has been configured with the IP address of 192.168.1.1 and
the management OS has been configured with the IP address of 192.168.1.7. The image
below illustrates that the NYC-DC-02 virtual machine can communicate successfully with
NYC-DC-01 but has no access to the management OS or the public network.
Since an internal virtual network on Hyper-V only allows network communication with other
virtual machines and the management OS, it is automatically routed to the virtual network
created on the management OS.
The virtual network adapter of the virtual machine is connected to the internal virtual network
switch and its IP address is set to 192.168.1.2. The management OS internal virtual network
adapter is configured with the IP address of 192.168.1.7. This can be seen in the illustration
below.
Local Area Connection 3 is the virtual internal adapter on the management OS.
In Hyper-V, the default network behavior for a virtual machine to communicate with the
management OS is as follows.
x The packet leaves from the virtual network adapter on the Guest OS and goes to the
external virtual network switch.
x Once the packet has left the external virtual network switch, it goes to the physical
network adapter on the management OS.
x Once the packet has left the physical network adapter, it goes to the physical network
switch.
x The packet returns to the physical network adapter on the management OS, in this case
the second physical network adapter.
After the networking algorithm in the TCP/IP stack has learned the least cost path to the
management OS, it behaves as follows.
x The packet leaves the Guest OS and goes to the external virtual network switch.
x From the external virtual network switch, the packet is received at the virtual network
adapter on the management OS.
The dedicated virtual network is a modified form of the external virtual network offered by
Hyper-V. This type of virtual network allows VMs to communicate with other VMs on the same
machine, as well as with VMs on other systems. They can also access the external network,
although these VMs do not have direct access to the management OS as in the external
virtual network configuration. Removing this direct path eliminates many of the drawbacks of
the external virtual network type discussed above.
The VMs still have access to the management OS through the external network if the
management OS virtual network adapter is connected to the virtual switch, or if the
management OS has another network adapter not dedicated to Hyper-V. Unlike the other
three virtual network types discussed above, dedicated virtual networks are not directly
configurable with Hyper-V Virtual Network Manager. The dedicated virtual network type
discussed here is created by first creating an external virtual network and then modifying the
virtual network adapter added to the management OS.
WMI can be used to implement a dedicated virtual network without causing an additional
virtual network adapter to appear in the management OS. Please see the following link for
more information about the Virtualization WMI Provider.
Start by ensuring that an external network has been created in the Virtual Network Manager.
Connectivity to the management OS has been lost; another network adapter for management
has to be installed to restore this functionality.
Best Practices
x Have at least two physical NICs. If additional services are required, add additional
physical network adapters as needed.
x If only communication between virtual machines is needed and not with the physical
machine or the external network, only create a private virtual network.
x If only communication between virtual machines and the physical machine is needed,
create an internal virtual network.
x If the virtual machines need to communicate with the entire network or the Internet, create
an external network.
x If separate communication is needed between the virtual machines and the physical
server machines while maintaining communication with an external network, use an
external network without a virtual network adapter in the management OS.
x If two internal or private virtual networks are created in Hyper-V and two virtual machines
are created on a separate IP subnet, they cannot communicate with each other. The
virtual switch operates at layer 2 of the ISO/OSI Network Model. To achieve routing at
higher levels, a router needs to be used, , the same as would be done in a physical
environment. ISA 2006 or RRAS may be used to achieve this functionality.
x When using an internal virtual network, create an exception to enable the virtual machines
to communicate with the physical server.
x When using virtual machines to communicate with the management OS, ensure that they
are on the same IP subnet.
x Each virtual machine can have a total of 12 virtual network adapters. Eight network
adapters can be assigned to a high-speed adapter and four network adapters can be
assigned to a legacy adapter.
x If the virtual machine experiences high traffic volume, it is recommended that a dedicated
physical network adapter be assigned to the virtual machine external network switch.
x Whenever possible, use high-speed devices in the virtual machines by enabling the
integration services.
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the
date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment
on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This white paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS
DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this
document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft
Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in
this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not
give you any license to these patents, trademarks, copyrights, or other intellectual property.
2007 Microsoft Corporation. All rights reserved.
The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted
herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place,
or event is intended or should be inferred.
All other trademarks are property of their respective owners.