Configuring Virtual Networks in VMM
Applies To: Virtual Machine Manager 2008, Virtual Machine Manager 2008 R2, Virtual Machine Manager 2008 R2 SP1
For virtual machine hosts that are running Windows Server 2008 with Hyper-V or Windows Server 2008 R2 with Hyper-V, System Center Virtual Machine Manager (VMM) 2008 and VMM 2008 R2 use the virtual networks in Hyper-V. This topic describes how to configure virtual networks in VMM. For more information about configuring virtual networks in Hyper-V, see Configuring Virtual Networks (http://go.microsoft.com/fwlink/?LinkId=158767).
Virtual Network Types
This section describes the different types of virtual networks that you can create on each type of host in VMM.
Virtual Network Types on a Hyper-V Host
On a Hyper-V host, you can create virtual networks to define various networking topologies for virtual machines and the host. In VMM, you can create three different types of virtual networks on a Hyper-V host.
Private virtual network. Use this type when you want to allow communication between virtual machines on the same host but not with the host or with external networks. A private virtual network does not have a virtual network adapter in the host operating system, nor is it bound to a physical network adapter. Private virtual networks are typically used when you want to isolate virtual machines from network traffic in the host operating system and in the external networks.
Internal virtual network. Use this type when you want to allow communication between virtual machines on the same host and between the virtual machines and the host. An internal virtual network is not bound to a physical network adapter. It is typically used to build a test environment where you have to connect to the virtual machines from the host operating system.
External virtual network (Physical network adapter). Use this type when you want to allow virtual machines to communicate with each other and with externally located servers, and optionally with the host operating system. An external virtual network is bound to a physical network adapter and optionally, it can have a virtual network adapter in the host operating system. An external virtual network can be used to allow virtual machines to access a perimeter network (also known as a screened subnet, or DMZ) and not expose the host operating system.
Virtual Network Types on a Virtual Server Host
On a Virtual Server host, VMM allows you to configure a virtual network just as you would in Virtual Server. In VMM, you can create two different types of virtual networks on a Virtual Server host.
Internal virtual network. If no network adapter is selected, then any virtual machine attached to the virtual network becomes part of the internal virtual machine network. Each internal virtual machine network is completely isolated from all other internal virtual machine networks.
External virtual network. If a network adapter in the physical computer is selected, then any virtual machines attached to the virtual network can access the networks to which that physical adapter is connected.
Virtual Network Types on an ESX Server Host
In VMware, a virtual network is also referred to as a virtual switch. The different types of virtual networks on an ESX Server host appear as follows in VMM.
Private virtual network. Two types of configuration are represented as private virtual networks in VMM:
Virtual switches configured with all virtual network adapters attached only to virtual machine port groups so that virtual machines on the host can communicate only with each other. This is similar to a private virtual network in VMM.
Virtual switches configured with virtual network adapters attached to virtual machine port groups, and also attached to a service console port group so that virtual machines on the host can communicate with each other and also with the host. This is similar to an internal virtual network in VMM.
External virtual network. Virtual switches that are configured with all virtual network adapters attached to virtual machine port groups, and that are bound to a physical network adapter so that virtual machines on the host can communicate with each other and with externally located servers, are represented as external virtual networks in VMM. Optionally, a virtual switch also can be attached to a service console port group. This is similar to an external virtual network in VMM.
For the greatest level of control, create and configure new virtual networks in VMware. For more information about virtual networks on an ESX Server host, see the VMware documentation.
VMM does not support VMware vNetwork Distributed Switches. Customers who want to manage their VMware environments with VMM should only use Standard Switches (formerly called vSwitches).
Virtual Network Adapters
There are two types of virtual network adapters that you can configure for a virtual machine:
Emulated network adapter. Emulated network adapters are available on all of the virtualization software platforms and allow virtual machines to be connected to virtual networks. An emulated network adapter supports network-based installations because it includes the ability to boot to the Pre-Execution Environment (PXE boot). An emulated network adapter is also required if a virtual machine must boot from a network. You must disable the network adapter after the PXE boot.
Synthetic network adapter. Synthetic devices are new with Hyper-V and provide better performance than emulated network adapters. Synthetic network adapters require that integrated services are installed on the virtual machine. VMM installs integrated services for all supported guest operating systems.
Virtual Network Considerations
For an external virtual network, we recommend that you always use at least two physical network adapters on a host: one network adapter dedicated to the physical computer for remote management and communication between the host and the VMM server, and one or more network adapters dedicated to the virtual machines.
When you bind a virtual network to a physical network adapter, all network traffic is routed through the virtual network. If there is only one physical network adapter on a host, you will temporarily lose connectivity to the host.
If you use an Internet SCSI (iSCSI) initiator for virtual hard disk storage and virtual machine transfers, we recommend that you use additional network adapters in the host operating system.
For a virtual machine to communicate with the host operating system, there are two options. One option is to route the network packet through the physical network adapter and out to the physical network, which then returns the packet back to the Hyper-V host by using the second physical network adapter. A more efficient option is to route network packets through the virtual network. Virtual networks in Hyper-V include a learning algorithm that determines the best port to direct traffic to and will send the network packet to that port. Until this determination is made by the virtual network, network packets are sent out to all virtual ports.
To view a graphical representation of the virtual networking configuration on a host, in Hosts view, right-click the host, and then click View networking. The Networking window displays the following:
Virtual networks on the host
Virtual network adapters of virtual machines on the host and which networks that they are attached to
Physical network adapters on the host and which virtual networks and external networks that they are bound to
You can position the pointer over objects in the diagram to display information about the object, and you can click an object to view its connection path in the network. You can also change the scope of the diagram by adding other hosts, switching views, copying the diagram to the clipboard, and changing the scale.
Virtual Local Area Networks
VMM supports virtual local area networks (VLANs) on Hyper-V hosts and on ESX Server hosts. A VLAN provides a method for creating independent logical networks within a physical network. This helps network administrators by separating the logical segments of a LAN that should not exchange data, and it is done by using a LAN that is software-based rather than hardware-based. Because a VLAN configuration is software-based, computers can easily be moved and still maintain their network configurations.
For virtual machines on Hyper-V hosts, each port corresponds to a virtual network adapter on a virtual machine. You can configure VLANs by assigning a numerical value called a VLAN identifier (VLAN ID) to the port on the virtual machine. Internally, the network traffic coming from the virtual machine is assigned to a specific VLAN that is configured on the virtual network; however, the network traffic between the virtual network adapter and the virtual network is not tagged with the VLAN ID. A VLAN-enabled network that is in trunk mode, either virtual or physical, routes all network traffic based on the VLAN ID tag. This ensures that network traffic for a VLAN is routed only to and from ports that are on the same VLAN. For a VLAN-enabled network that is in access mode, the network traffic is not tagged; it is assigned to the VLAN that is configured on the virtual network. A VLAN requires a physical network adapter that supports VLANs and network packets with VLAN IDs. If you want the virtual machine to communicate with additional VLANs, connect additional network adapters to the appropriate virtual network and assign the VLAN ID. Ensure that the IP addresses are configured correctly and that the traffic you want to move across the VLAN is also using the correct IP address.
There are two modes in which you can configure a VLAN: access mode and trunk mode.
Access mode. In access mode, the external port of the virtual network is restricted to a single VLAN ID. Use access mode when the physical network adapter is connected to a port on the physical network switch that also is in access mode. To give a virtual machine external access on the virtual network that is in access mode, you must configure the virtual machine to use the same VLAN ID that is configured in the access mode of the virtual network.
Trunk mode. Trunk mode allows multiple VLAN IDs to share the connection between the physical network adapter and the physical network. To give virtual machines external access on the virtual network in multiple VLANs, you have to configure the port on the physical network to be in trunk mode. You must also provide the specific VLANs that are to be used and all of the VLAN IDs that are used by the virtual machines that the virtual network supports.
If you specify a VLAN for a single network connection to the host, network connectivity may be lost and you may lose the ability to manage the host. If you specify a VLAN for the virtual network, ensure that the VMM server can maintain network connectivity after the change is made. For an external virtual network, we recommend that you always use at least two physical network adapters on a host: one network adapter dedicated to the physical computer for remote management and communication between the host and the VMM server, and one or more network adapters dedicated to the virtual machines.
To configure a VLAN in VMM, you must do the following:
For each virtual machine that you want to access the VLAN, enable VLAN identification and specify a VLAN ID for a virtual network adapter on the Hardware Configuration tab of the Virtual Machine Properties dialog box. For more information, see How to Configure Network Adapters for a Virtual Machine.
For the physical network adapter on the host, enable VLANs for the connection, specify access or trunk mode, and add the VLAN IDs that the network adapter should accept. Configure these settings by using the Switch Binding dialog box, which is available from the Networking tab of the Host Properties. For more information, see How to Add or Modify Virtual Networks on a Host (http://go.microsoft.com/fwlink/?LinkID=163453).
Before enabling VLANs on a network adapter, ensure that there will be at least one other network adapter available for communications between the host and the VMM server.
Optionally, enable host access through the VLAN and specify the VLAN ID on Networking tab of the Host Properties dialog box. For more information, see How to Add or Modify Virtual Networks on a Host (http://go.microsoft.com/fwlink/?LinkID=163453).
Network Optimization Support
With VMM 2008 R2, you can take advantage of network optimization capabilities that are available on hosts that are running Windows Server 2008 R2. VMM 2008 R2 supports both the Virtual Machine Queue (VMQ) and TCP Chimney features, which improve network performance for virtual machines that are bound to a physical network adapter that supports one or both of these features.
Virtual Machine Queue (VMQ). Network adapters that support the VMQ feature can create a unique network queue for each virtual network adapter and then connect that queue directly to the virtual machine’s memory. This connection routes packets directly from the hypervisor to the virtual machine, bypassing much of the processing in the virtualization stack.
TCP Chimney Offload. Network adapters that support the TCP Chimney Offload feature can offload the processing of network traffic from the networking stack. Both of these features increase network performance and reduce CPU utilization. For more information about network optimization, see the Windows Server 2008 R2 documentation.
If network optimization is enabled on a host that is running Windows Server 2008 R2, VMM automatically detects this. When you create a new virtual network in the Host Properties dialog box and then bind it to a network adapter that supports network optimization, the next time that you open the Host Properties dialog box, the Hardware tab will have a read-only property above the Host access check box to indicate that network optimization is available for the virtual network.
For a virtual machine to take advantage of network optimization, you must add a synthetic network adapter on the Hardware Configuration tab of the Virtual Machine Properties dialog box, connect it to a virtual network on which network optimization is available, and then select the Enable virtual network optimizations check box. This feature is not available for an emulated network adapter.
Role of Virtual Networks in Virtual Machine Placement
When you deploy or migrate a virtual machine to a host, the process of evaluating and selecting the most suitable host for the virtual machine is known as virtual machine placement, or simply placement. During placement, Virtual Machine Manager (VMM) evaluates the suitability of available hosts and assigns each host a rating of 0 stars (not suitable) through 5 stars (very suitable). Each host’s rating is based upon a number of factors, such as the virtualization software on the host, the hardware and networking configuration of the host and the virtual machine, the virtual machine's resource requirements, and whether the virtual machine is highly available.
When evaluating the suitability of a host, VMM compares the network location and network tag specified for each of the virtual network adapters on the virtual machine against the network configuration on each host. This helps you to place the virtual machine on a host that can provide its network connection requirements.
Network location. On a host, the network location for each physical network adapter is specified on the Hardware tab of the Host Properties dialog box. In most cases, VMM can determine the network location automatically by using the Windows Network Location Awareness (NLA) feature. NLA determines a name for the network based on the Domain Name System (DNS) settings.
In some instances, VMM cannot determine the network location by using NLA. This happens when a loopback adapter is used because it is not part a network, and on ESX Servers because the operating system on ESX Server hosts does not have an NLA feature. In these cases, you can manually enter the network location by selecting the Override discovered network location check box and then typing a name for the network location in the Network location box.
Network tag. On a host, you can specify a network tag for each virtual network on the Networking tab of the Host Properties dialog box. You can use a network tag to differentiate the host’s virtual networks during placement based one other criterion than just the network location. For example, you could use a network tag to distinguish networks based on network throughput, or security (for example, IPsec), or a VLAN. This is a user-defined, custom tag that you can create and use however you want.
When you create a network tag, VMM associates it with the network location that is being used by the host, as specified on the Hardware tab of the Host Properties dialog box. The network tag is only associated with the host through that network location. When you create an internal network or a private network, VMM creates a location for it that is named Internal Network. A network tag that you create on one host will be available for use by any other host in VMM that uses the same network location. For example, if on HostA you create the network tag “999” for the network location “corp.contoso.com”, and then, on HostB you create a virtual network that uses the “corp.contoso.com” network location, the network tag “999” that you created on HostA will also be in the Network tag list of HostB.
After you specify a network location for a new or existing virtual machine, all of the network tags that are associated with that network location can then be used by the virtual machine. This allows you to use specific network tags to match virtual machines with suitable hosts. When you are creating a new virtual machine, you can specify the network tag in the Connection requirements area on the Configure Hardware page. For an existing virtual machine, you can specify the network tag on the Hardware Configuration tab of the Virtual Machine Properties dialog box. This matching of virtual machines to host is very important during virtual machine placement.
You must specify the network location before the network tags that are associated with that network location appear in the Network tag list.
When you use a wizard to place a virtual machine on a host, if the network location and the network tag for the virtual machine are not identical to those of a host, the host rating will be 0 stars. If you place the virtual machine on that host, it will not be connected to any network. This is very important during automatic placement, when VMM automatically places a virtual machine on the most suitable host in a host group. If the network location and the network tag for the virtual machine are not identical to those of a host, VMM will not place the virtual machine on that host. For more information about automatic placement, see Placing Virtual Machines on Hosts in VMM (http://go.microsoft.com/fwlink/?LinkID=148962).