Planning and configuring cloud network fabric with SCVMM

Cloud network is the most crucial and complex piece of any private or service provider's cloud. Cloud network has to be efficient and flexible enough to handle daily changing networking needs of tenants and businesses. Software defined networking is a key pillar of providing automated and flexible networking for tenants with complete isolation and extensibilities. In this section we will learn various cloud network solution components for both private cloud and service providers' cloud in a WAP cloud.

Before getting into tenant workload networking needs, it is crucial to note that networking for cloud management infra and tenant workload infrastructure should be kept separate. Also known as Control Plane and Data Plane in networking languages, management infra networking should be kept separate in terms of provisioning and management. Demystifying the recommendation, assume a scenario where cloud network is down due to some issue with the physical network, and you are not able to make any changes to the cloud network solution to get it up and running because network controller VM was also running on the same problematic network. Follow the same cloud management and tenant workload infrastructure recommendation while designing cloud networking Control and Data plane.

Private cloud and service providers' cloud would have different networking requirement, let's have a look at major cloud networking requirement for both and their solution in our WAP cloud:

• Cloud networking needs for a private cloud:
  • Secure and reliable virtual networking with easy management
  • Isolated network capabilities for T&D environments
  • Separate zone separated by firewall depending upon network traffic
  • Faster and automated network provisioning
  • IP address automated allocation and managed
  • Extensibility to support custom needs
  • Quality of service control
  • Load balancing and physical network integration capabilities
  • Hardware independent configurations
• Cloud networking needs for a service provider's cloud:
  • Complete isolation between different tenants' networks while using the same physical network
  • Extensibility to support hybrid networking model with a tenant's on-premises deployment
  • Automated provisioning and tenant controlled management
  • Advanced address translation capabilities with limited resources such as gateways and more for public facing services
  • No IP range usage constraints
  • Easily manageable and open to dynamic changes
  • Quality of service as per the tenant's plans and subscriptions
  • All enterprise class networking features such as load balancing and physical network integrated or hardware independent configurations

WAP along with system center and Hyper-V provides true cloud networking capabilities for requirements of private clouds and service providers' cloud. Networking capabilities of SCVMM such as logical networks and switches, network load balancing integration, network virtualization (the BIG thing), network virtualization gateways, port profiles along with automation and self-service experience of Windows Azure Pack provide solutions to all these requirements of organizations and service providers.

Network Virtualization

Network Virtualization allows us to create multiple independent networks on the same physical hardware, traveling and routing on the same physical NIC cards and network switches/routes with complete isolation to each other. Network Virtualization is the foundation of one of the most modern networking technologies today, that is Software Defined Networking. Network Virtualization enables transforming of traditional physical network devices such as routers, firewalls, and load balancers into software. Software Defined Networking enables all networking features from layer 2 to 7 with isolation and multi-tenancy. Network Virtualization is a must have technology for cloud service providers in order to facilitate flexible isolated networking for tenants without any dependency on each other.

Hyper-V Network Virtualization using General Routing Encapsulation (NVGRE) mechanism is used to facilitate virtualized networks for virtual machines. Windows Azure Pack with SCVMM and Hyper-V provides true self service automated virtual networks for private and service providers' cloud solutions. Hyper-V and VMM provides Network Virtualization gateways to enable virtualized network traffic communication with physical networks and the outside world.

Each VM connected to a virtualized network has two IP associated with it, one from the virtual network known as customer address (CA) and the other from a cloud provider's address (PA). Hyper-V Network Virtualization encapsulates the CA address network packet using PA, source and destination IP and virtual network ID while transmitting the packet so that it can travel on a physical network. On the receiver end it decapsulates the packet and transmits the packet with the CA address only in the other virtual machine.

Network Virtualization works at Hyper-V virtual switch level on Hyper-V hosts. Hyper-V virtual switch on Server 2012 onwards can be extended to provide additional functionalities apart from default layer 2 responsibilities. Additional extension can be programmed and implemented on a virtual switch for additional features for network and security such as network filtering, virtual firewalls, and so on. This enables a true Software Defined Network infrastructure.

There is no separate dedicated NIC requirements for implementing network virtualization, we can use same NIC or virtual switch for both types of traffic including traditional networks as well as virtualized networks.

Tip

The provider address doesn't need to be the IP of physical NIC or team, in VMM it comes from the IP pool configured in the logical network.

Configuring networking fabric in SCVMM

In this section we will configure networking fabric in SCVMM for traditional and virtualized networks. There are multiple network resources when it comes to configuring networking fabric in VMM:

• Logical network
• MAC address pools
• Load balancers
• VIP templates
• Logical switches
• Port profiles
• Port classifications
• Network service
• VM networks (available in VM and services workspace)

Logical networks

A logical network in SCVMM is the top level hierarchy of SCVMM network fabric. It can be used to represent a network site, or a different network domain. Logical networks can consist of multiple virtual machine networks. Multiple logical networks can be created such as production network, T&D logical network. Logical networks can be assigned to hosts and host groups.

In a traditional network, create logical network corresponding to a physical network in your environment such as DMZ, backup, internal and so on. One virtual machine network per logical network shall be created in this scenario.

Network Virtualization is enabled at logical network level.

Creating a logical network

The following steps have to be followed to create a logical network:

1. Login to VMM server using VMM console and select fabric workspace.
2. Expand Networking and click on Logical Networks.
3. Right click on Logical Networks and click on Create Logical Network.
   
4. Type the name of the logical network such as WAP-CLOUD-PROD, along with the optional description for easy identification in case of large deployments. Select One connected network or VLAN based network or PVLAN network as per your network topology.
   
5. Click Next and add the network site in the logical network. Select a host group that can use this logical network along with the VLAN ID and IP subnet.
   
6. Review the configurations on the Summary page and click Finish to create the network.

Creating an IP pool for the newly created logical network

IP pools are created to provide a usable IP address range to VMM for IP allocation. IP pools assigned to a logical network are also used to provide PA (provider address) in Network Virtualization.

1. Open Fabric | Networking in VMM console.
2. Expand the logical network and right click on the logical network to select Create IP Pool.
   
3. Provide the IP pool name and description and select the logical network we created.
4. On Network Sites, click Use an existing network site.
5. Next enter a usable IP range.
   
6. Provide a gateway for the given IP range.
7. Configure DNS, DNS Suffix and WINS settings if any.
8. Review the settings on the Summary page and create the IP pool.

Creating a Virtualized VM Network and IP Pool on the Logical Network

VM networks are used by virtual machine network adaptors to connect with a virtualized VM network use a logical network for PA. In a traditional network scenario one VM network is created per logical network and used by virtual machines. It is also possible to automatically create virtual network corresponding to the logical network.

Create a VM network

The following are the steps to create a VM network:

1. Login to the VMM console and select Logical Network.
2. Right click on Logical Network and select Create VM network.
3. Provide name and description for VM network for identification. Select corresponding logical network.
4. Configure the Isolation setting, click Isolation using Hyper-V network virtualization for isolated networks.
   
5. Provide the Virtual Network Name and Subnet.
   
6. Select a Hyper-V Network Virtualization gateway if any.
7. Review the configuration and finish the wizard for creating the VM network.

Create an IP pool for each VM network created by using the Create IP Pool wizard for VM network.

The next steps in a private or service provider's cloud networking deployment is to create and attach all logical network and VM networks as per cloud network design and attach to host groups accordingly.

Tip

VM Network management wizard is available in the "VM and Services" workspace in VMM Console, not in fabric workspace.

Apart from logical networks, VM networks and IP pools, VMM provides multiple other network resources mentioned above to add greater management control and flexibility on your cloud's network fabric.

MAC address pool

MAC address pool allows you to provide a custom static MAC address for your virtual machine. While the VMM given MAC address pool is created by default, you can always create a new one as per requirement.

Load balancers

By using load balancing, you can easily distribute traffic between multiple servers for a scaled application. SCVMM has inbuilt support of using Microsoft NLB as a native load balancing provider, you can also add custom configurations for supported third party load balancer integration such as F5, Citrix and more. Custom configuration providers need to be installed for third party integration.

VIP template

VIP templates are configurations which are utilized by load balancers for virtual IP needs. They can be used for configuring VIP configuration for load balancing traffic rules such for HTTPS and so on.

Logical switches

These enable centralized networking deployment on your Hyper-V hosts. Logical switches can be configured to use specific port mapping, classifications and extensions.

Port profiles

Port profiles enable deploying consistent network settings such as QoS, and advanced security features across all Hyper-V hosts.

Port classifications

Port classifications can be used to classify ports such as 10GB networks, low bandwidth networks.

Network service

In network services, third party network devices can be integrated with SCVMM such as TOR switches and so on.