Advanced Network Features What’s New & Improved In Windows Server 2012
40
Experts2Experts (E2E) Virtualization Conference Vienna 2012 Didier Van Hoye ADVANCED NETWORK FEATURES WHAT’S NEW & IMPROVED IN WINDOWS SERVER 2012 25-27 MAY 2012 VIENNA, AUSTRIA
description
25-27 May 2012 Vienna, Austria. Advanced Network Features What’s New & Improved In Windows Server 2012. Advanced Network Features What’s New & Improved In Windows Server 2012. Didier Van Hoye Technical Architect @ FGIA MVP – Virtual Machine Microsoft Extended Experts Team Member. - PowerPoint PPT Presentation
Transcript of Advanced Network Features What’s New & Improved In Windows Server 2012
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
ADVANCED NETWORK FEATURES
WHAT’S NEW & IMPROVED IN WINDOWS SERVER 2012
25-27 MAY 2012VIENNA, AUSTRIA
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
ADVANCED NETWORK FEATURESWHAT’S NEW & IMPROVED IN WINDOWS SERVER 2012
Didier Van HoyeTechnical Architect @ FGIAMVP – Virtual MachineMicrosoft Extended Experts Team Member
@workinghardinit
http://workinghardinit.wordpress.com
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
NETWORK BOTTLE NECKS
• In the host networking stack
• In the NICs
• In the switches & routers
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
ADVANCED NETWORK FEATURES (1)
Receive Side Scaling (RSS) Receive Segment Coalescing (RSC)Dynamic Virtual Machine Queuing (DVMQ) Single Root I/O Virtualization (SR-IOV)NIC TEAMINGRDMA/Multichannel support for virtual machines on SMB3.0DHCP Guard/Router Guard/Port Mirroring
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
RECEIVE SIDE SCALING (RSS)
• RSS exists for many years. Windows Server 2012 takes RSS to the next generation of servers
• Spreads interrupts across all available CPUs• Even for those very large scale hosts• RSS now works across k-groups• Even RSS is “Numa Aware” to optimize performance• Now load balances UDP traffic across CPUs
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
RECEIVE SEGMENT COALESCING (RSC)
• Coalesces packets in the NIC so the stack processes fewer headers
• Multiple packets belonging to connection that arrive within a single interrupt are coalesced to a larger packet (max of 64 K) by the NIC
• 10 – 30% improvement in I/O overhead
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
DYNAMIC VIRTUAL MACHINE QUEUE (D-VMQ)
• VMQ is to virtualization what RSS is to native workloads
• Dynamic VMQ reassigns available queues based on changing networking demands of the VMs
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
DYNAMIC VIRTUAL MACHINE QUEUE (D-VMQ)
No VMQ
Adaptive processing = optimal performance across changing workloads
Root Partition
Physical NIC
CPU0
CPU1
CPU2
CPU3
Static VMQ
Root Partition
Physical NIC
CPU0
CPU1
CPU2
CPU3
Dynamic VMQ
Root Partition
Physical NIC
CPU0
CPU1
CPU2
CPU3
Root Partition
Physical NIC
CPU0
CPU1
CPU2
CPU3
VMQ REDUCES THE OVERHEAD OF ROUTING PACKETS FOR THE HOST
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
SR-IOV
Windows Server 2012 supports direct device assignment to virtual machines without compromising flexibility
Network I/O path without SRIOV Network I/O path with SRIOV
HostRoot Partition
Hyper-V Switch
Physical NIC
Virtual Machine
Virtual NIC
RoutingVLAN Filtering
Data Copy VMBUS
HostRoot Partition
Hyper-V Switch
SR-IOV Physical NIC
Virtual MachineVirtual Function
RoutingVLAN Filtering
Data Copy
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
• Reduces CPU utilization for processing network traffic
• Reduces latency of network path• Increases throughput• Supports Live Migration• Requires:– Chipset: Interrupt and DMA
remapping– BIOS Support– CPU: Hardware virtualization, EPT or
NPT
SINGLE-ROOT I/O VIRTUALIZATION (SR-IOV)DIRECT DEVICE ASSIGNMENT TO VIRTUAL MACHINES WITHOUT COMPROMISING FLEXIBILITY
Network I/O path with SR-IOVNetwork I/O path without SR-IOV
Physical NIC
Root PartitionHyper-V Switch
RoutingVLAN Filtering
Data Copy
Virtual Machine
Virtual NIC
SR-IOV Physical NIC
Virtual Function
VMBUS
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
SR-IOV ENABLING & LIVE MIGRATION
Windows Server 8 – Developer Preview
Virtual MachineNetwork Stack
Software NIC
• Enable IOV (VM NIC Property)• Virtual Function is “Assigned”• “NIC” automatically created• Traffic flows through VF
Turn On IOV• Switch back to Software path • Reassign Virtual Function
• Assuming resources are available• Migrate as normal
Live Migration Post Migration• Remove VF from VM
VM has connectivity even if
• Switch not in IOV mode• IOV physical NIC not
present• Different NIC vendor• Different NIC firmwareSR-IOV Physical NICPhysical NIC
Software Switch
(IOV Mode)
SR-IOV Physical NIC
• Software path is not used
Virtual Function
“NIC”Software NIC
Virtual Function
Software Switch
(IOV Mode)
“NIC”
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
RELIABILITYEven when hardware fails …
… our customers want continuous availability
Windows Server 8 – Developer Preview
Tenant 2: Multiple VM Workloads
Data Center
Tenant 1: Multiple VM WorkloadsTEAMING
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
NIC TEAMING
• Customers are dealing with way to many issues.
• NIC vendors would like to get rid of supporting this.
• Microsoft needs this to be competitive & complete the solution stack.
No more 3
rd party driv
ers & utiliti
es
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
Hyper-V Extensible Switch
Network switch
IM MUXProtocol edge
Virtual miniport 1
Port 1 Port 2 Port 3
LBFO Configuration DLL
LBFO Admin GUI
Kern
el m
ode
Use
r mod
e
WMI
IOCTL
NIC TEAMING
NIC 1 NIC 2 NIC 3
• Multiple modes: switch dependent and switch independent
• Hashing modes: port and 4-tuple• Active -Active and Active - Standby
LBFO Provider
Frame distribution/aggregationFailure detection
Control protocol implementation
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
NIC TEAMING (LBFO)
Parent NIC Teaming Guest NIC Teaming
Hyper-V virtual switch
VM (Guest Running Any OS)
SR-IOV NIC SR-IOV NIC
LBFO Teamed NIC
SR-IOV Not exposed Hyper-V virtual switch
VM (Guest Running Windows Server 2012)
LBFO Teamed NIC
Hyper-V virtual switch
SR-IOV NIC SR-IOV NIC
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
• Addresses congestion in network stack by offloading the stack to the network adapter• Great for storage traffic: high throughput with low CPU
utilization• SMB-Direct uses new RDMA capability if the NICs support
this• Windows Server 2012 now supports RDMA low latency,
high speed application-to-application data transfer
REMOTE DMA (NETWORK DIRECT, SMB-DIRECT)
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
MULTICHANNEL
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
MULTICHANNEL
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
MULTICHANNEL
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
MULTICHANNEL
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
MULTICHANNEL
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
DHCP & ROUTER GUARD, PORT MIRRORING
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
ADVANCED NETWORK FEATURES (2)
DCTCP/DCBConsistent Device Naming Network virtualizationGeneric Routing Encapsulation (GRE)IPSEC Task Offload for Virtual Machines (IPsecTOv2)Wireless Network Support
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
DCTCP REQUIRES LESS BUFFER MEMORY
1Gbps flow controlled by TCP• Requires 400 to 600KB of memory• TCP saw tooth visible
1Gbps flow controlled by DCTCP• Requires 30KB of memory• Smooth
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
DATACENTER TCP (DCTCP)
• W2K12 deals with network congestion by reacting to the degree & not merely the presence of congestion.• DCTCP aims to achieve low latency, high burst tolerance,
and high throughput, with small buffer switches.• Requires Explicit Congestion Notification (ECN, RFC 3168)
capable switches• Algorithm enabled when it makes sense (low round trip
times, i.e. in the data center)
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
DATACENTER TCP (DCTCP)
Running out of buffer in a switch gets you in to stop/go hell by getting a boatload of green, orange & red lights along your way
Big buffers mitigate this but are very expensive
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
DATACENTER TCP (DCTP)
You want to be in a green wave
Windows Server 2012 & ECN provides network traffic control
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
DATA CENTER BRIDGING (DCB)
• Prevents congestion in NIC & network by reserving bandwidth for particular traffic types• Windows 2012 provides support & control for DCB,
tags packets by traffic type• Provides lossless transport for mission critical
workloads
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
DATA CENTER BRIDGING (DCB)
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
DCB REQUIREMENTS
1. Enhanced Transmission Selection (IEEE 802.1Qaz)
2. Priority Flow Control (IEEE 802.1Qbb)3. (Optional) Datacenter Bridging Exchange
protocol4. (Not required) Congestion Notification (IEEE
802.1Qau)
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
CONSISTENT DEVICE NAMING
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
NETWORK VIRTUALIZATION
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
IP REWRITING
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
GENERIC ROUTING ENCAPSULATION (GRE)
• Multi-tenant scenarios: hide the tenant’s multi-premise networking from the datacenter’s networking.
• GRE (RFCs 2784 & 2890) provides the mechanism to tunnel tenant networks over the datacenter network
• GRE breaks today’s task offloads if the NIC vendors don’t support GRE offload
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
GENERIC ROUTING ENCAPSULATION (GRE)• 1 Provider Address per HOST (shared by all VMs on the host)• Embed Tenant Network ID in the GRE header Key field
10.1.1.11 10.1.1.11 10.1.1.12 10.1.1.12
192.168.2.22 192.168.5.55
192.168.2.22192.168.5.55
10.1.1.1110.1.1.12 10.1.1.1110.1.1.1210.1.1.1110.1.1.12 10.1.1.1110.1.1.12
1:N
10.1.1.1110.1.1.12
10.1.1.1110.1.1.12
GRE Key=20
GRE Key=30
MAC
MAC192.168.2.22192.168.5.55
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
IPSEC TASK OFFLOAD
• IPsec is a CPU intensive workload => Offload to NIC• In demand due to compliance (SOX, HIPPA, etc.) • IPsec is required & needed for secured operations• Only available to host/parent workloads in W2K8R2–Now extended to VMs–Managed by the Hyper-V switch
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
BANDWIDTH NETWORK MANAGEMENT
• Manage the Network Bandwidth with a Maximum and a Minimum value
• SLAs for hosted Virtual Machines
• Control per VMs and not per HOST
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
HYPER-V EXTENSIBLE SWITCH
Physical NIC
Root Partition
Extensible SwitchExtension Protocol
Extension Miniport
Capture Extensions
WFP Extensions
Filtering Extensions
Forwarding Extensions
Host NICVM NICVM1
VM NICVM2 • Capture extensions can inspect traffic
and generate new traffic for report purposes
• Capture extensions do not modify existing Extensible Switch traffic
Example: sflow by inMon
• Windows Filter Platform (WFP) Extensions can inspect, drop, modify, and insert packets using WFP APIs
• Windows Antivirus and Firewall software uses WFP for traffic filtering
Example: Virtual Firewall by 5NINE Software
• Filtering extensions can also be implemented using NDIS filtering APIsExample: VM DoS Prevention by Broadcom
• Forwarding extensions direct traffic, defining the destination(s) of each packet
• Forwarding extensions can capture and filter trafficExamples: Cisco Nexus 1000V and UCS
NEC OpenFlowCapture Extensions
WFP Extensions
Filtering ExtensionsForwarding Extensions
Filtering Engine
BFE Service Firewall
Callout
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
EXTENSIBLE SWITCH
Exper ts2Expert s (E2E) V i r t u a l i za ti o n Conference V ienna 2012 Did ier Van Hoye
QUESTION & ANSWERS
ADVANCED NETWORK FEATURESWHAT’S NEW & IMPROVED IN WINDOWS SERVER 2012
