Logical Network
Download
Report
Transcript Logical Network
Software defined data center
Erik Caha
[email protected]
Osnova
Evoluce
W2016
• Compute
• Network
• Storage
Chceme to
Evoluce
Grid computing / SETI@Home, … 90s
Cloud computing 2016
Individual entity is vanishing
Evolution
Windows Server 2016
System Center 2016
Microsoft Azure
Introduced
virtualization
platform/
management
Industry-leading
scale and
performance
Azure as
design point
Cloud-first
innovation:
Infrastructure
and application
platform
Industry trend: Services, not Servers
Rethink your Datacenter
Traditional datacenter
Cloud model
Tight coupling between infrastructure and apps
Loosely coupled apps and micro-services
Expensive, vertically integrated hardware
Industry-standard hardware
Siloed infrastructure and operations
Service-focused DevOps
Highly customized processes and configurations
Standardized processes and configurations
Compute (Hyper-V)
Hyper-V on Nano Server
Nano Server: A new headless, 64-bit only, deployment option for Windows Server
Deep refactoring with cloud emphasis
Cloud fabric & infrastructure (clustering, storage, networking)
Born-in-the-cloud applications (PaaS v2, ASP.NET v5)
VMs & Containers (Hyper-V & Docker)
Extend the Server Core pattern
Roles & features live outside of Nano Server
No Binaries or metadata in OS image
Standalone packages install like apps
Full driver support
Antimalware
Shielded VMs
Shielded Virtual Machines can only
run in fabrics that are designated as
owners of that virtual machine
Shielded Virtual Machines will need
to be encrypted (by BitLocker or
other means) in order to ensure that
only the designated owners can run
this virtual machine
You can convert a running
virtual machine into a
Shielded Virtual Machine
Secure Boot Support for Linux
Providing kernel code integrity protections for Linux guest
operating systems.
Works with:
• Ubuntu 14.04 and later
• SUSE Linux Enterprise Server 12
Storage QoS
Enabled by default
Simple out of
box behavior
Automatic metrics (normalized IOPs &
latency) per VM & VHD
Virtual Machines
Hyper-V Cluster
Policy per VHD, VM, Service or Tenant
Define Minimum & Maximum IOPs
Flexible and
customizable
Fair distribution within policy
Rate
Limiters
Rate
Limiters
Rate
Limiters
SMB3 Storage Network Fabric
Scale-out File Server Cluster
System Center VMM and Ops Manager
PowerShell built-in for Hyper-V and SOFS
Management
Rate
Limiters
VM Storage Resiliency
Designing for cloud scale with commodity
hardware
Preserve tenant VM session state in the
Resiliency event of transient storage disruption
VM stack quickly notified on failure
Visibility
Intelligent and quick VM response to block
or file based storage infrastructure issues
VM moved to PausedCritical state and will
wait for storage to recover
Reliability
Session state retained on recovery
VHD
VM Compute Resiliency
Designing for cloud scale with commodity
hardware
Flexibility
Configurable based on your SLA’s
VMs continue
running when node
becomes isolated
VMs continue to run even when a node falls
out of cluster membership
Availability
Network
Communication
Failure
Resiliency to transient failures
Reliability
Hello?
Quarantine of Flapping Nodes
Unhealthy nodes are quarantined and are no longer
allowed to join the cluster
Prevents flapping nodes from negatively effecting
Protection other nodes and the overall cluster
Node is quarantined if it ungracefully leaves the cluster
three times within an hour
Resiliency
VMs are gracefully drained once quarantined
No more than 25% of nodes can be quarantined at any
given time
Control
Nodes prevented from joining the cluster for 2 hours
Online VM Configuration Changes
Network adapters can be added and removed from
Generation 2 virtual machines while they are running
Network
Memory
For Windows Server Technical Preview 3 / Windows 10
guests, you can now increase and decrease the memory
assigned to virtual machines while they are running.
When you add a new virtual hard disk to a virtual machine
that is being replicated – it is automatically added to the
Replicated not-replicated set. This set can be updated online.
Disks
Seamless Cluster OS Rolling Upgrades
Rolling Upgrades with Win2012 R2 and
Win2016 nodes within the same cluster
Simple
Easily roll in nodes with new OS version
Zero downtime cloud upgrades for
Hyper-V and Scale-out File Server
Seamless
Win2012 R2
Win2012 R2
Win2016
Virtual machine upgrades
Compatibility mode: When a VM is migrated to a
Windows Server Technical Preview host, it will
remain in Windows Server 2012 R2 compatibility
mode.
Upgrading a VM is separate from upgrading host.
VMs can be moved back to earlier versions until
they have been manually upgraded.
Update-VMVersion vmname
Once upgraded, VMs can take advantage of new
features of the underlying Hyper-V host.
Servicing model: VM drivers (integration services)
updated as necessary.
Updated VM drivers will be pushed directly to
guest operating system via Windows Update.
Update-VMVersion
Production checkpoints
Full support for key workloads: Easily create “point
in time” images of a virtual machine, which can be
restored later on in a way that is completely
supported for all production workloads.
VSS: Volume Snapshot Service (VSS) is used inside
Windows virtual machines to create the production
checkpoint instead of using saved state technology.
Familiar: No change to user experience for
taking/restoring a checkpoint. Restoring a checkpoint
is like restoring a clean backup of the server.
Linux: Linux virtual machines flush their file system
buffers to create a file system consistent checkpoint.
Production as default: New virtual machines will use
production checkpoints with a fallback to standard
checkpoints.
PowerShell Direct
Bridge the boundary between Hyper-V host and guest VM in a secure
way to issue PS cmdlets and run scripts easily
Currently supports Win 10/WS2016 guest on Win 10/WS2016 host
No need to configure PS Remoting
Or Network Connectivity
Just need the guest credentials
Can only connect to particular guest from that host
WS2016 Hyper-V – Delivering more of Everything
Performance
Reliability
Security
Flexibility
Beast VM
RDMA and converged networking
High performance live migration
Virtual Machine multi-queue (VMMQ)
Node Fairness
SMB Multi-channel and Multi-NIC
Hot add and remove VM memory
Hot add and remove VM virtual network
Online storage resize (Guest Clustering w/ Shared VHDX)
Production checkpoints
Cluster OS Rolling Upgrade
Mixed OS Mode cluster
VM resiliency
Fault domain-aware clusters
Shielded VM
vTPM
Device Guard
Credential Guard
Just-in-Time administration
Just-Enough-Administration
Storage QoS
Broad Linux support
Virtual machine compatibility mode
VM services model (Integration Services via Windows Update)
Stretched clusters (Storage Replica)
Workgroup and multi-domain cluster
Cloud Witness
Diagnostic improvements
Datacenter Network
Edge Routers
Fixed-Function
Physical Appliances
Compute/Storage
& TOR Switches
How can I manage all of the network
services found in my Data Center?!
Virtual Networks
Challenges customers face
Increase agility
“I need to onboard workloads with complex policies across my own datacenter and/or
other clouds in days – not weeks – to remain competitive.”
Enhance security
“I must be able to instantaneously react to evolving threats and stop an attack from
spreading.”
Reduce costs
“I need to reduce the number of operator interventions and efficiently meet network
growth demands. Current practices just won’t scale.”
Management
Portal
Azure-Inspired
Software Defined Networking
Virtual Networks
Available now in Windows
Server 2016
Management Plane
Control Plane
Comparison with Industry Terminology
Microsoft
Generic
System Center Virtual Machine Manager
Manager
Microsoft Network Controller
Controller
Hyper-V Virtual Switch
vSwitch
(Multi-tenant) Hybrid SDN Gateway
- Layer-3 Forwarding
- Site-to-Site IPSec, GRE
Edge or Gateway
Virtual Network / VM Network (SCVMM)
Logical Network
Logical Switch / Virtual Subnet
Distributed Logical Switch
Distributed Router
Distributed Logical Router
HNV Provider Logical Network
Transport Network
Distributed Firewall / Network Security Groups
Access Control List
User-Defined Routing
Network Extensibility / Service
Insertion
Workflow: Deploy SDN Fabric and Tenants
Step 0. Deploy Fabric Infrastructure
Step 1. Deploy Network Controller
Step 2. Create Tenant VM Networks and Deploy VMs
Step 3. Deploy Software Load Balancer
Step 4. Create Load-Balanced Tenant VIPs
Step 5. Configuring Inbound and Outbound NAT
Step 6. (Opportunistic) Deploy Gateways
Step 7. (Opportunistic) Create S2S VPN Tunnel
Review the Physical Network Plan
Network
IP Prefix
VLAN
Default
Gateway
IP Pool
Management
10.127.132.128/2
5
7
10.127.132.129 *.152 – *.155
HNV Provider
Transit
VIP
• Public
One Management
IP Address per Hyper-V Host (Static or DHCP)
Private VIP
(Optional Two) NIC(s) teamed into Hyper-V Virtual Switch using Switch Embedded Teaming (SET)
Assign IP addresses and set VLAN isolation (on management vNICs)
VMM
Logical
Networks
VMM
Logical
Networks
VMM
Logical
Networks
VMM
Logical
Networks
Network controller
Review the Physical Network Plan
Network
IP Prefix
VLAN
Default
Gateway
IP Pool
Management
10.127.132.128/2
5
7
10.127.132.129 *.211 – *.224
HNV Provider
Transit
Public VIP
Private VIP
•
•
One Management IP Address per Network Controller Node VM
(Optional) One Management IP Address for Network Controller REST Endpoint
VMM
Logical
Networks
https://github.com/microsoft/SDN/VMM/Templates
VMM
Logical
Networks
VMM
Logical
Networks
Customize the Template (Production – 3 Network Controller Node VMs for High Availability)
Each Virtual Machine is a Network Controller (NC) node running on a Service Fabric Cluster
NC Service Template Configuration Example
VMM
Logical
Networks
VMM
Logical
Networks
Network Controller
Managed Logical Networks
NC Host
Agent
NC Host
Agent
NC Host
Agent
NC Host
Agent
VMM
Logical
Networks
Create Tenant VM Networks and
Deploy VMs
Review the Physical Network Plan
Create the HNV Provider Logical Network
Network
IP Prefix
VLAN
Default
Gateway
IP Pool
Management
10.127.132.128/2
5
7
10.127.132.129 *.211 – *.221
HNV Provider
10.10.182.0/25
11
10.10.182.1
*.64 - *.78
Transit
Public VIP
Private VIP
•
•
•
One Management IP Address per Network Controller Node VM
(Optional) One Management IP Address for Network Controller REST Endpoint
Two HNV Provider IP Addresses per Hyper-V Host
Network Controller
Managed Logical Networks
NC Host
Agent
NC Host
Agent
NC Host
Agent
NC Host
Agent
Network Controller
Managed Logical Networks
NC Host
Agent
NC Host
Agent
NC Host
Agent
NC Host
Agent
Network Controller
Managed Logical Networks
Virtual Networks
Network Controller
Managed Logical Networks
Network Controller
Managed Virtual
Networks
… Lot of steps …
Transit
Network Controller
Managed Logical
Networks
NC Host
Agent
SLB Host
Agent
NC Host
Agent
SLB Host
Agent
NC Host
Agent
SLB Host
Agent
NC Host
Agent
SLB Host
Agent
Transit (10.10.181.128/26, VLAN 10)
Converged, Predictable Performance across Storage
and Compute
Windows Server 2016
SDN recap
You still configure some basic ops (VLANs, wiring)
After all, there is only Odula’s web
Software defined Storage
Traditional Storage Array
Virtual
Machines
Compute
Virtualization
Host
Connectivity
Fibre Channel / iSCSI storage network
Storage Array
SAN
Anatomy of a Storage Array
Compute
Connectivity
Fibre Channel / iSCSI storage network
Storage Array
SAN
Controller
Controller
Storage Software
Storage Software
Backplane
Disk Connectivity
Disks
Raw Storage
Lowering costs with WS 2012 Shared Storage
Spaces
Compute
Low cost SMB3 storage
network
Connectivity
SMB3 Storage Network Fabric
Scale-out File Server
NAS
Storage Software
Low cost storage backend
SAS
SAS Connectivity
Enclosure (JBOD)
Raw Storage
Storage Spaces Direct - more scale + lower costs
Compute
More scale – no SAS Fabric
Connectivity
SMB3 Storage Network Fabric
Scale-out File Server
NAS
Lower cost storage backend
Raw Storage
Storage Software
Hyper-converged with Storage Spaces Direct
Virtual
Machines
Lower cost storage
Compute + Storage on same node
Virtualization
and Storage
Host
Compute and Storage
Storage Software
Site A
Storage Software
Low cost
Disaster
Recovery
Site B
Storage Software
Recap
Motivation for change
Compute
Networking
Storage