Windows Server 2012 Hyper-V Extensible Switch and Cisco Nexus 1000V Series Switches 1
Windows Server 2012 Hyper-V
Extensible Switch and Cisco Nexus 1000V Series Switches Streamlining Virtual Networks in the Data Center A Microsoft/Cisco White Paper May 2012 Windows Server 2012 Hyper-V Extensible Switch and Cisco Nexus 1000V Series Switches 2
Table of contents Copyright information ...................................................................... 3 Introduction .......................................................................................... 4 Working Together: Hyper-V Extensible Switch and Cisco Nexus 1000V Series Switches.......... 4 Windows Server 2012 Hyper-V Extensible Switch .................. 5 Five New Native Policy Features in the Hyper-V Extensible Switch ....................................................... 6 New Extension Classes for the Hyper-V Extensible Switch ......................................................................... 7 Extensibility and the Windows Server 2012 Hyper-V Extensible Switch ............................................. 7 Efficient Management with Microsoft System Center 2012 ...................................................................... 8 Providing an Efficient, Flexible Switch for Virtual Networks ....................................................................... 9 Cisco Virtual Networking Solutions .............................................. 9 Cisco Nexus 1000V Series Switches ........................................................................................................................ 9 Cisco UCS VM-FEX ......................................................................................................................................................... 10 Reducing Complexity, Increasing Benefits in Virtual Networks ............................................................. 11 Microsoft and Cisco: Providing Advanced Choices for Virtual Networking ........................................................................... 12 Extending Network Functions to Hyper-V with Nexus 1000V Series Switches ............................. 12 Extending a Physical Network to Hyper-V Virtual Machines with the Cisco VM-FEX ................ 14 Conclusion .......................................................................................... 15 For More Information...................................................................... 15 List of charts, tables, and figures ................................................ 16
Windows Server 2012 Hyper-V Extensible Switch and Cisco Nexus 1000V Series Switches 3
Copyright information 2012 Microsoft Corporation. All rights reserved. This document is provided "as-is." Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. You may modify this document for your internal, reference purposes.
Windows Server 2012 Hyper-V Extensible Switch and Cisco Nexus 1000V Series Switches 4
Introduction The growth of virtualization technologies in enterprises and data centers is one of todays key IT trends. IT professionals are looking more and more to virtualization to help control costs, create greater efficiencies in meeting business demands, and innovate with solutions such as private clouds. Windows Server, which powers many of the worlds largest data centers and enterprise IT systems, has been at the forefront of giving organizations the tools to create, deploy, and manage virtual networks, virtual machines, and complete virtual environments. A core Windows Server component that supports virtualization is Hyper-V, which first shipped with early versions of Windows Server 2008. Hyper-V has been updated and enhanced with Windows Server 2012; now organizations have an even better foundation for advanced virtualization tasks and scenarios, such as extensive server consolidation, delivering secure multitenancy for hosting different customers on physical servers, and creating private clouds. One of the core features in Hyper-V is the new Hyper-V Extensible Switch. As its name implies, a central feature of this switch is its extensibility. Hyper-V Extensible Switch offers an open platform that lets third parties create software that adds to or extends the capabilities of a virtual switch. It provides a standard application programming interface (API) to make solution development easier and faster for IT departments and third-party independent software vendors (ISVs). The Hyper-V Extensible Switch delivers management capabilities that streamline IT tasks by integrating physical and virtual network management tasks. It also integrates tightly with the Virtual Machine Manager component of Microsoft System Center 2012 for advanced virtual network management functions. Working Together: Hyper-V Extensible Switch and Cisco Nexus 1000V Series Switches In developing the Hyper-V Extensible Switch, Microsoft worked closely with Cisco Systems, the world leader in networking technology. The Cisco Nexus 1000V Series Switches and the Cisco Unified Computing System (Cisco UCS) Virtual Machine Fabric Extender (VM-FEX) have been widely adopted by enterprises to deliver advanced networking features for their virtual environments. At a Glance: Windows Server 2012 Hyper-V Extensible Switch Provides an open platform for easy development of extensions Readily available APIs for quick solution development Only virtual switch that can be extended without requiring rewrite of entire switch Easily managed using standard tools At a Glance: Cisco Virtual Networking Solutions Cisco Nexus 1000V Series Switches: Market-leading virtual switches used by organizations worldwide to extend comprehensive networking capabilities to their virtualized environments Cisco UCS VM-FEX: Delivers near bare- metal performance for virtualized workloads and a streamlined management model Windows Server 2012 Hyper-V Extensible Switch and Cisco Nexus 1000V Series Switches 5
Now, Microsoft and Cisco are providing enterprises and data centers with the combined power of the Hyper-V Extensible Switch and the Cisco networking technology to deliver advanced networking features to virtual environments running on Windows Server 2012. Customers using Windows Server 2012 Hyper-V can choose the Cisco solution that best suits their needs: either the software-based Nexus 1000V Series Switches, or the hardware-based UCS VM-FEX solution, which offers simplified management and near bare-metal input/output (I/O) performance. This paper provides an overview of the Windows Server 2012 Hyper-V Extensible Switch and the Cisco technologies. It provides a general discussion of the key benefits for customers in using these technologies together, including the ease of adding extensions, migrating switches and virtual machines, and working in a unified management environment. It also provides at-a-glance descriptions of common scenarios. Windows Server 2012 Hyper-V Extensible Switch The demand for virtualization technologies is growing at a fast and accelerating pace. The reasons for the trend are apparent to IT professionals and business users alike. The traditional model of fixed physical server assets brings with it potentially high up-front expenses and significant maintenance costs. It also lacks flexibility and scalability, whether that means ramping up to meet demand, or scaling back and consolidating to save money on idle hardware. With virtualized server environments, on the other hand, IT departments can achieve many technical and financial benefits when responding to constantly shifting business needs. Windows Server 2012 not only helps enterprises and data centers with basic virtualization projects, but it also helps organizations to move beyond virtualization to support advanced scenarios, such as the development of private clouds for specific departments and initiatives, and running more virtual machines on a single physical server for greater efficiencies. With Windows Server 2012 Hyper-V, organizations benefit from enormous scalability, flexibility, and speed for IT departments that need to respond to shifting business needs while simultaneously controlling costs and overhead. One of the key elements of virtual environments is the configuration and management of virtual networks. Previous editions of the Windows Server Hyper-V virtual switch provided essential virtual networking tasks, such as handling network traffic between virtual and physical networks and the host operating system. Hyper-V in Windows Server 2012 delivers a number of new and enhanced features that improve virtual networking operations.
Windows Server 2012 Hyper-V Extensible Switch and Cisco Nexus 1000V Series Switches 6
Five New Native Policy Features in the Hyper-V Extensible Switch Microsoft has added native policy features to Windows Server 2012 Hyper-V that enhance virtual environments. These improvements affect the following five areas of virtual network operations: Traffic Isolation and Flow Port access control lists (ACLs). ACLs are used to allow or deny specific addresses to move through the network. Private virtual LANs (PVLANs). These let IT administrators establish a gateway without the need to define a strong two-tier network. Trunk mode. Previously, when Hyper-V sent VLAN traffic to a virtual machine, it could only choose a single VLAN per virtual machine. Trunk mode in Windows Server 2012 Hyper-V allows multiple VLANs to be used on a virtual machine network adapter. Traffic Shaping Quality of Service (QoS). QoS is used to set minimum and maximum bandwidth levels by using absolute or relative amounts. QoS can be used to guarantee minimum levels of bandwidth to customers to meet service level agreements, and also to minimize or prevent excessive usage by specific clients. Security Dynamic Host Configuration Protocol (DHCP) guard. This is used to control whether or not a virtual machine is allowed to behave as a DHCP server, which can help prevent network attacks involving the deliberate misuse of addresses. IP security (IPsec) task offloads. This enables virtual machines to offload IPsec encryption directly to the IPsec offload engine on a network adapter. Performance Enhancements Dynamic virtual machine queues (VMQs). Windows Server 2012 provides support for dynamic VMQs, which adjust the number of cores used by the host virtual switch base on traffic load. Single Root I/O Virtualization (SR-IOV). SR-IOV accelerates performance by letting network traffic go directly to a virtual machine. Diagnostics Port mirroring. This provides the ability to copy traffic from multiple virtual machines to multiple port switches, which can help in identifying network issues. Event Tracing for Windows (ETW). ETW helps IT managers to easily diagnose issues with a switch and related extensions without having to use a debugger.
Windows Server 2012 Hyper-V Extensible Switch and Cisco Nexus 1000V Series Switches 7
New Extension Classes for the Hyper-V Extensible Switch In addition to the policy features listed above, Windows Server 2012 Hyper-V now includes three extension class types that are typically found on physical network switches: Capturing. Capture extensions can inspect traffic and generate new traffic for report purposes. They cannot modify existing switch traffic. Multiple capture extensions can be present on the same switch. Filtering. Hyper-V now includes the Windows Filtering Platform (WFP). WFP extensions are commonly used in antivirus and firewall scenarios, and can be used to change traffic in a switch, such as dropping packets, modifying packet contents, and blocking delivery to specific destinations. Filtering extensions can be implemented by using Network Driver Interface Specification (NDIS) APIs. As with capture extensions, multiple WFP extensions can be on the same switch. Forwarding. Forwarding extensions are used for computing the destination of each packet. They can do everything that capturing and filtering extensions do. There can only be one instance of a forwarding extension per switch instance. Extensibility and the Windows Server 2012 Hyper-V Extensible Switch During development of Windows Server 2012 Hyper-V, Microsoft listened closely to customer and partner requests for new features and functionality that could help streamline the creation and deployment of virtual networks. A significant pain point for IT departments is finding easier, less disruptive ways of adding virtual tenant security, isolation, traffic shaping, and network intelligence to their data center deployments. Virtual switch extensions should help them accomplish these tasks, but installing those extensions can be a challenge. The process of adding software-based functionality to virtual switches has always meant rewriting the entire switch. This is cumbersome and time-consuming, and frequently discourages enterprise developers and third-party ISVs from innovating with solutions that can address specific tasks and issues.
Figure 1: The Windows Server 2012 Hyper-V Extensible Switch comes with three native extensions that support essential virtual networking activities Windows Server 2012 Hyper-V Extensible Switch and Cisco Nexus 1000V Series Switches 8
Microsoft is the first vendor to truly address this issue with the new Hyper-V Extensible Switch, which comes with an open platform that has easily accessible APIs and an efficient path for adding new functions to the switch. Today, the Windows Server 2012 Hyper-V Extensible Switch is the only virtual switch on the market that is extensible instead of being only replaceable. With the Hyper-V Extensible Switch, ISVs and enterprise developers creating virtual appliances and functionality can create their extensions and simply plug them into the existing switch. Several key aspects of the Hyper-V Extensible Switch set it apart from the competition and deliver more benefits to enterprise IT professionals and ISVs: Open, accessible platform with a public API. The Hyper-V Extensible Switch provides an open platform that uses a public API that is readily available for download from the Microsoft Developer Network (MSDN) website. For developers, this opens the door to new solutions that deliver just the functionality that they want to create. For IT departments, the flexibility and simplicity provided by the open platform and API mean smaller, more streamlined extensions for virtual switches, smaller footprints, and fewer issues that need attention in the long term. Easy development with existing API model. Extensions are coded by using either WFP or NDISthe same programming model that has been available for more than a decade for creating networking filters and drivers. For developers, this means they can begin working immediately without being forced to learn a new development environment. First-class citizens of the system. Hyper-V Extensible Switch extensions receive the same levels of support and service as the switch itself. IT professionals benefit from this because functions and activities, such as offloads and live migrationsand the related migration of configuration settings simply work, with no additional effort. Quality extensions with Windows logo certification. Extensions built in this framework are backed by the Windows Hardware Certification program and associated tools to test and certify the end products. This results in fewer bugs, better overall performance, and higher customer satisfaction. Simpler diagnostics with unified tracing. With Unified Tracing support in the Hyper-V Extensible Switch, ISVs and developers can spend less time diagnosing issues, which increases productivity while cutting support costs. For IT professionals, it also leads to shorter down times. Efficient Management with Microsoft System Center 2012 The Hyper-V Extensible Switch helps organizations enhance their virtual networking scenarios. If they have Microsoft System Center 2012 installed, they gain additional tools to help manage virtual switches and extensions. Configuration information that is applied to both physical and virtual switches is critical for providing network connectivity and capabilities. In most IT environments, transmitting information between network management systems and virtual machines involves a data exchangeoften in the form of spreadsheetsbetween network administrators and server administrators. This can be a time-consuming and error-prone approach, one that becomes even more complex with the introduction of additional third-party extensions. The Virtual Machine Manager component of System Center 2012 addresses this management issue to help simplify and streamline the management of switches and their extensions. At the center of the new capabilities is the Virtual Machine Manager logical switch. The logical switch provides a central location Windows Server 2012 Hyper-V Extensible Switch and Cisco Nexus 1000V Series Switches 9
where a fabric administrator can define what extensions are used and the port profiles that are available for those extensions. Virtual Machine Manager uses this feature to distribute extensions to hosts as needed and to ensure that ports are configured uniformly, which helps to provide consistent virtual machine behavior across the data center. Organizations can benefit from this integration of Virtual Machine Manager through: Automated importing of network settings from a virtual switch extension manager, which helps reduce errors related to improper configurations. Simplified management of network capabilities across all hosts in a single object. The ability to create network capabilities as needed by the virtual machines, rather than providing all virtual machines with equal access to those capabilities. Providing an Efficient, Flexible Switch for Virtual Networks The Windows Server 2012 Hyper-V Extensible Switch offers enterprise organizations and data centers an efficient and flexible virtual switch that provides an open platform for easy modifications and added functionality. When used with Cisco virtual networking products, organizations can select from powerful technology options to develop and deploy private clouds. Cisco Virtual Networking Solutions The Windows Server 2012 Hyper-V Extensible Switch delivers significant advances for enterprise customers and data centers that are deploying private clouds. Now enterprises and data centers can combine the virtualization features of the Hyper-V Extensible Switch with world-leading networking products from Cisco. These include the Cisco Nexus 1000V Series Switches and the Cisco UCS VM FEX. Cisco Nexus 1000V Series Switches Cisco Nexus 1000V Series Switches are distributed virtual switching platforms that deliver advanced networking features, integrated virtual services, and a consistent operational model across virtual and physical networking environments. Like other modular Cisco switches, Cisco Nexus 1000V Series Switches have two major components: The Virtual Ethernet Module (VEM) is a software line card that is embedded with Hyper-V when deployed on a physical host. It delivers advanced networking capabilities to the virtual machines and replaces Hyper-V Extensible Switch functionality. The VEM takes configuration information from the Virtual Supervisor Module (VSM) and performs layer 2 switching and advanced networking functions, including port channeling, QoS, and security and monitoring.
Windows Server 2012 Hyper-V Extensible Switch and Cisco Nexus 1000V Series Switches 10
The VSM is a virtual machine that provides functionality similar to that of a supervisor module in a physical modular switch. It controls multiple VEMs and provides a single point of management and monitoring for the distributed virtual switch. All the switching and virtual machine networking configuration is performed through VSM, and VSM automatically propagates the relevant data to the participating VEMs. In addition to these two components, Cisco Nexus 1000V Series Switches include Cisco vPath technology, which extends multiple network services to Hyper-V environments. Cisco UCS VM-FEX The Cisco UCS VM-FEX simplifies virtual machine networking by collapsing virtual and physical networking into a single, easily managed infrastructure. This infrastructure takes advantage of the Hyper-V Extensible Switch SR-IOV technology to provide near bare-metal I/O performance to the virtual machines. With VM-FEX, IT administrators can provision, configure, manage, monitor, and diagnose virtual machine network traffic and bare-metal network traffic within a unified infrastructure. The VM- FEX software extends Cisco network fabric technology to virtual machines. As a result, each virtual machine has a dedicated interface to the parent switch, and all virtual machine traffic is sent directly to the dedicated interface on the switch. Cisco Nexus 1000V Series Switches and the VM-FEX technologies are among the most widely used virtual networking technologies for enterprises and data centers, and they integrate nicely with Windows Server 2012 Hyper-V deployments to deliver an advanced solution for virtual networking.
Scenario: Shorter Down Times While monitoring network statistics, one of Contosos IT administrators notices that packets are being dropped somewhere between the external network connection and a virtual machine. In the past, the administrator would have contacted a technician with debugging skills to find the cause by examining the virtual switch network stack. This process could have taken hoursor longer. Today, however, the organization is running a virtual environment on Windows Server 2012 Hyper-V and Cisco Nexus 1000V Series Switches for Hyper-V. Using the troubleshooting tools available for Cisco NX-OS and the ETW tool, the administrator views generated logs and quickly sees which module and extension is dropping the packets. There is no need to bring in extra resources, so the problem is resolved quickly. Windows Server 2012 Hyper-V Extensible Switch and Cisco Nexus 1000V Series Switches 11
Scenario: Adding Virtual Switch Functionality A. Datum Corporation, a hosting company that serves Fortune 1000 customers, has a network infrastructure that consists primarily of Cisco Nexus switches. The company uses Windows Server 2012 Hyper-V and has a firewall extension from Trey Research installed on every Hyper-V Extensible Switch in the data center for customer protection. The company would like to unify management of both their physical switches and virtual switches by deploying the Cisco Nexus 1000V for Hyper-V extension into the Hyper-V Extensible Switches. While the company expects to eventually migrate to a Cisco ASA firewall, the first phase is to deploy Cisco Nexus 1000V Series Switches for Hyper-V onto each of the virtual switches with the Trey Research firewall. This is easily accomplished because the Hyper-V Extensible Switch framework allows multiple extensions to coexist with each other. The administrator can safely deploy Nexus 1000V Series Switches onto the same switches, gaining unified switch functionality and management while maintaining the same firewall protection that is already in place.
Reducing Complexity, Increasing Benefits in Virtual Networks Cisco virtual networking solutions reduce the complexities associated with virtual machine- to-virtual machine networking, helping IT professionals realize more of the benefits of server virtualization technology. With Cisco Nexus 1000V Series Switches and the VM-FEX technology, organizations can preserve their existing investments in network operation models and management tools. Network administrators can use Cisco NX-OS features to manage network policies across both physical and virtual environments, which helps minimize the need for retraining. The solutions offer high visibility into virtual machine traffic, which streamlines troubleshooting tasks. And virtualization- aware networking features simplify virtual machine network policy management while providing better security through the extension of enterprise network policies to the virtual network. Cisco virtual solutions operating in Windows Server 2012 Hyper-V environments provide organizations with advanced technologies for optimizing the functionality of their cloud deployments.
Windows Server 2012 Hyper-V Extensible Switch and Cisco Nexus 1000V Series Switches 12
Microsoft and Cisco: Providing Advanced Choices for Virtual Networking Major organizations worldwide have standardized on Windows Server and Cisco networking products. In response to customer requests, Microsoft and Cisco partnered in response to those customers seeking a powerful, integrated solution for managing their virtual networking and cloud environments. With the Windows Server 2012 Hyper-V Extensible Switch and the Cisco Nexus 1000V Series Switches and VM-FEX solutions, customers with Windows Server environments now have compelling options for deploying and managing virtual networking systems. Organizations have two options when using the Cisco products with Hyper-V. The following is an overview of each scenario. Extending Network Functions to Hyper-V with Nexus 1000V Series Switches Organizations that want to extend comprehensive networking capabilities to their virtualized environments can use the Nexus 1000V Series Switches to bring additional virtualization-aware networking functions to the Hyper-V Extensible Switch. In this scenario, the Cisco VEM provides a software line card that is embedded in Hyper-V. Each virtual machine on the host is then connected to the VEM through a virtual Ethernet port. At the same time, the Cisco VSM helps to define virtual machinecentric network policies in much the same way as a supervisor module works on a physical network switch. Windows Server 2012 Hyper-V Extensible Switch and Cisco Nexus 1000V Series Switches 13
Figure 2: The Cisco Nexus 1000V Series Switches architecture used with Windows Server 2012 Hyper-V
This combination lets organizations take advantage of the Cisco virtual networking services that are part of the Nexus 1000V Series. 1 They include: Cisco Virtual Security Gateway for providing detailed, zone-based policies for multitenant environments. Cisco ASA 1000V Cloud Firewall, which provides multi-tenant edge security, default gateway functionality, and protection against network-based attacks. Cisco Virtual Wide Area Application Services (vWAAS), which ensure application performance acceleration to users connected to enterprise data centers and enterprise private clouds. Cisco Network Analysis Module (NAM), which provides visibility to troubleshoot performance problems in virtual environments. Organizations needing a dedicated hardware appliance to host all of their virtual appliances Nexus 1000V from Series Switches, such as vWAAS and NAM, can use the Cisco Nexus 1010 Virtual Services Appliance. With the Nexus 1010 Virtual Services Appliance, network administrators do not need to rely on server administrators to run networking appliances.
1 Cisco will provide more information about the availability of these services closer the general availability of the Nexus 1000V. Windows Server 2012 Hyper-V Extensible Switch and Cisco Nexus 1000V Series Switches 14
Extending a Physical Network to Hyper-V Virtual Machines with the Cisco VM-FEX Organizations that want near bare-metal performance for virtualized workloads running with Hyper-V can turn to the Cisco UCS VM-FEX solution. VM-FEX builds on the network fabric extender technology developed by Cisco. Fabric extender technology helps organizations achieve the benefits of simplified management of chassis-based modular switches and the convenience of top-of-rack deployment. VM-FEX brings these developments to virtual machines. By using VM-FEX in Windows Server 2012 Hyper-V environments, organizations achieve operational simplicity by being able to collapse the physical and virtual networking layers into one, which reduces the number of management points that have to be monitored. It also delivers the same consistent feature set and infrastructure for both physical and virtual environments. Using VM-FEX with Hyper-V also provides improved performance through the SR- IOV functionality discussed earlier in this paper.
Scenario: Migrating Switches and Extensions Kim is a developer at Litware Inc., an independent software development company that provides a range of niche enterprise software products for Fortune 500 companies. Her primary role is to provide security and network intelligence capabilities for virtual networks. With third-party solutions, this has always involved writing or rewriting the virtual switches to include the new capabilities. Kim is an expert at this task, but it is a tedious, time-consuming process that involves a large amount of coding. It also increases the possibility of bugs and security holes. With the Windows Server 2012 Hyper-V Extensible Switch, however, Kim has access to a plug-in architecture that uses an open, public API. With the open platform provided by Windows Server 2012, Kim can focus her efforts on delivering just the functionality she needs without rewriting the entire switch. Her extensions will support live migrations and network adapter hardware offloads without any need for additional code. Because her extensions have a smaller code footprint and went through rigorous Microsoft extension certification tests, Kim is confident that she is delivering high quality extensions to her customers. Windows Server 2012 Hyper-V Extensible Switch and Cisco Nexus 1000V Series Switches 15
Conclusion Some of the biggest IT innovations today are being driven by the demand for new and enhanced virtualization technologies to provide greater flexibility, scalability, and cost savings for enterprise organizations and data centers. To realize the full potential of virtualization without suffering from excessive cost and resource demands, IT professionals need solutions that can streamline the deployment and management of virtualized networks. The alliance between Microsoft and Cisco provides virtual networking solutions that fill this need. With the capabilities provided by Windows Server 2012 Hyper-V Extensible Switch, Cisco virtual networking solutions, and the optional deployment of the Virtual Machine Manager component of Microsoft System Center 2012, organizations can take full advantage of virtualization-aware networking features, simplify their operations through this tight integration, and benefit from an operational model that streamlines IT management for virtual and physical networks. This reduces complexity while helping reduce time- consuming tasks for IT administrators. It also provides businesses with new possibilities for getting the most out of their IT investments to make business operations more efficient. For More Information To learn more about Windows Server and the enhanced Hyper-V Extensible Switch, go to www.microsoft.com/windowsserver To learn more about the Cisco Nexus 1000V and related virtual networking products, go to www.cisco.com/en/US/products/ps9902/index.html For more information about the Hyper-V Extensible Switch API, go to http://msdn.microsoft.com/en-us/library/hh598161(v=VS.85).aspx A sample forwarding extension is available for download at http://code.msdn.microsoft.com/Hyper-V-Extensible-Virtual-e4b31fbb
Windows Server 2012 Hyper-V Extensible Switch and Cisco Nexus 1000V Series Switches 16
List of charts, tables, and figures Figure 1: The Windows Server 2012 Hyper-V Extensible Switch comes with three native extensions that support essential virtual networking activities .................................................................... 7 Figure 2: The Cisco Nexus 1000V Series Switches architecture used with Windows Server 2012 Hyper-V ........................................................................................................................................................................ 13