We've been busy building out our new Server 2012/Hyper-V infrastructure in support of our move to all new and shiny Exchange 2013, SharePoint 2013, Lync 2013 and Office 2013 along with our move to Windows 8 on all the client machines. We made the decision to move off VMware ESXi as our virtualization platform and onto Hyper-V as we are first and foremost a Microsoft shop. Server 2012 and Hyper-V now offer a compelling platform for virtualization and, frankly, if we can do what we want to do with products from one vendor rather than multiple vendors then so much the better. Hyper-V is no longer a poor relation to VMware in terms of performance or capabilities and, believe me, I was the most “dyed in the wool” rabid VMware user for many years so I’m not saying this just to toe the company line. I firmly believe that it’s now pretty much a level playing field between VMware and Microsoft.
During our migration we have been learning about the subtle differences between the two platforms and have had to adjust our thinking accordingly. Virtual networking, and specifically “virtual switches”, is one area where we have had to really make a conscious effort to adjust how we look at things and how we configure things. Let me explain …
In both VMware and Hyper-V you have to deal with virtual switching to “bridge” the virtual machines hosted on a virtualization host to your physical network. Both platforms allow you to create virtual switches that act pretty much the same a physical layer 2 switches and both platforms require you to create at least one virtual switch before VM’s can be connected to the outside world. But while the overall concept is the same the execution varies rather a lot between the two platforms.
In VMware I can create a virtual switch and attach one or more physical NIC’s to the switch. If I create a virtual switch with 2 NIC’s then the switch would have theoretical throughput of 2Gbps assuming both underlying physical NIC’s were gigabit. When I attach VM’s to the switch the VM’s would route traffic over both NIC’s (in theory). I know in practice that traffic might “ping pong” across the NIC’s as they aren’t actually teamed together (bonded) but the point is the switch provides “bigger” bandwidth than a switch with only one NIC attached. (You can bond NIC’s for switches but that is beyond the scope of this blog.) Think of the switch as providing “load balancing” across the attached NIC’s as well as a certain amount of redundancy as the switch (and the attached VM’s) can survive a component NIC failure and keep connectivity in place. Our VMware configs usually had a couple of switches configured, each with a couple of NIC’s, and each switch would support multiple VM’s. VMware virtual switches normally do NOT have an IP assigned to the switch as underlying VMware doesn’t attempt to bind an IP to the physical NIC.
Here is the list of physical NIC’s in my lab ESXi box, one NIC is currently connected to the physical network:
And here is the current switch configuration:
In this case the switch is the default one created at installation time. It includes the single cabled NIC I have in place right now. Note that there are actually two networks configured – VM Network and Management Network. The Management Network actually has an IP address assigned as that is the IP address for the VMware host itself. In many cases when a VMware host has many NIC’s the Management Network might have a NIC all to itself. The VM Network provides switch connectivity to the VM’s attached to it and an IP address is NOT assigned to the network. Note: as there is only one NIC assigned to the switch connectivity to both the host and the VM’s would be lost if the NIC failed or was disconnected from the network.
As you can see I have now added a second virtual switch (it has a NIC that is NOT cabled in to the physical network at this point). I have removed the VM Network from the first virtual switch (vSwitch0) and added a new network, VM Network 2, to the second virtual switch (vSwitch1). Now I have completely segmented my management network (physical host access) from my virtual machine network (virtual machine access). In this case the host would be accessible from the physical network as its switch (vSwitch0) has an operational NIC attached. The Server 2012 VM on vSwitch1 would NOT be accessible from the physical network as its switch does not have an operational (cabled in) NIC attached.
And now I have removed the second virtual switch, added the second NIC to the first virtual switch and moved the Server 2012 VM back on to the VM Network on the switch. In this case both the host and the VM would be accessible from the physical network as the switch has at least one operational NIC attached to it.
VMware virtual switching is pretty configurable and elastic.
Hyper-V virtual switches do NOT have the same ability to bind multiple NIC’s into a switch config, at least not at the virtual switch level. Traditional Hyper-V “external switches” work on the paradigm of one physical host NIC being bound to the switch. If you have a server with a whole bunch of NIC’s then you would need to create a virtual switch for each NIC that you want to use with Hyper-V. Each switch can support multiple VM’s attached to it, just like VMware, but each switch can only have the one physical NIC bound to it.
With the advent of Server2012 and Hyper-V 3 the single NIC constraint can be circumvented by TEAMING NIC’s at the Server 2012 level through Server Manager. The resulting tNIC can then be selected as the “NIC” for a Hyper-V virtual switch and the virtual switch would then have the aggregated bandwidth of the underlying NIC’s. The caveat here is that the PHYSICAL SWITCH on the other end of the cables from the NIC’s has to also allow for port teaming either via a manual set up or via LACP.
The other thing to understand is that the virtual switch will “take over” most of the characteristics of the NIC/tNIC assigned to it. That means the virtual switch will take on the IP address – DHCP or STATIC – of the underlying NIC as the NIC is just a NIC to the Windows Server host. This is very important to understand when you are setting up Hyper-V, specially so on a single NIC server.
Here is the adapter configuration on my lab Hyper-V server:
This is pretty similar to my VMware server, I have two physical NIC’s but only one is actually cabled into the physical network at this time. You’ll also note the “vEthernet” connection, this is the single Hyper-V virtual switch that has been created on this box.
In the Hyper-V Manager on the server I see the following for the virtual switch config:
This is the switch that I created to support my first Hyper-V VM’s. It is created as an “External Network” which means that it provides connectivity between the attached VM’s and the physical network beyond the Hyper-V host. And, importantly, it is set to, “Allow management operating system to share the network adapter”. This is critical in a single NIC server or, as in my case, when there is only one connected NIC on a multi-NIC machine. This setting is analogous to the VMware “Management Network” in that it is what allows the Server 2012 host to “share” the NIC with the Hyper-V guests attached to the switch. If I had created this switch and NOT selected this setting I would have ended up NOT being able to access the HOST over the network as the switch would NOT share the NIC between the VM’s and the host (single operational NIC, remember?). When this setting is selected, the switch will take on many of the characteristics of the underlying NIC including its network address settings (DHCP or Static); therefore, the switch will bind itself to the IP assigned to the HOST.
This is a really important concept to grasp because I cannot create a switch and assign multiple NIC’s to it (as mentioned previously). If I have a server with a bunch of NIC’s and I go and create one virtual switch per physical NIC AND I select the “Allow management setting …” then I will be binding multiple IP addresses to my host and that is probably not what I want to do. In our office our sysadmin, Louis, was wondering why all of a sudden the Hyper-V host had pulled a bunch of DHCP addresses; the answer was he created a bunch of switches all of which had management turned on which, in turn, required an IP and the default setting is DHCP.
Note that the switch IP, if there is one, has no bearing on the IP’s assigned to the VM’s nor do the VM’s require the switch to have an assigned IP. If a switch has an IP then it is there strictly to provide connectivity passthrough to the host.
As you might imagine, it is not as easy to configure Hyper-V virtual networking to be as “elastic” as VMware virtual networking, VMware still outshines Microsoft in this regard. You CAN use NIC teaming at the Server 2012 level to create tNIC’s (teamed NIC’s) that can then be incorporated into Hyper-V virtual switches but there are caveats that have to be met. Your physical switches must “understand” how you have teamed the NIC’s and be configured (or configure themselves) accordingly. Also, depending on how the NIC’s are teamed there is the possibility of tNIC failure if an underlying teamed NIC fails. If a tNIC in a Hyper-V switch fails then the switch itself will fail. This is very different behaviour from that of the VMware virtual switching that I have discussed and it is something you need to understand as you move from VMware to Hyper-V.
VMware still has the edge on Microsoft when it comes to simple virtual switching (and simple is what we deal with in the SMB world). But the edge is slim and Hyper-V does offer real value and a compelling use argument. Like anything else in IT, you need to understand the strengths and weaknesses of the products you select and design your environment accordingly. I hope this discussion of VMware and Hyper-V virtual switching will help you in your endeavours.