HYPER-V 網路模擬技術的詳細資料中 Windows Server 2016Hyper-V Network Virtualization Technical Details in Windows Server 2016

適用於:Windows Server 2016Applies To: Windows Server 2016

伺服器模擬可在單一實體主機; 同時執行多個伺服器執行個體尚彼此隔離的伺服器執行個體。Server virtualization enables multiple server instances to run concurrently on a single physical host; yet server instances are isolated from each other. 每個一樣基本上運作為是否唯一實體電腦上執行的伺服器。Each virtual machine essentially operates as if it is the only server running on the physical computer.

網路模擬提供類似的功能、 中的多個 virtual 網路 (潛在重疊的 IP 位址) 執行相同的實體網路基礎結構及每個 virtual 網路運作為是否只 virtual 網路上的共用的網路基礎結構執行。Network virtualization provides a similar capability, in which multiple virtual networks (potentially with overlapping IP addresses) run on the same physical network infrastructure and each virtual network operates as if it is the only virtual network running on the shared network infrastructure. 圖 1 顯示此關係。Figure 1 shows this relationship.

伺服器模擬與網路模擬

圖 1: 伺服器模擬與網路模擬Figure 1: Server virtualization versus network virtualization

HYPER-V 網路模擬概念Hyper-V Network Virtualization Concepts

在 [HYPER-V 網路模擬 (HNV),客戶承租人定義或 」 的擁有者 」 設定的 IP 子網路中的企業資料中心部署。In Hyper-V Network Virtualization (HNV), a customer or tenant is defined as the "owner" of a set of IP subnets that are deployed in an enterprise or datacenter. 客戶可以的公司或多個部門或私人資料中心業務單位需要隔離的網路或房客在公用資料中心裝載服務提供者的企業。A customer can be a corporation or enterprise with multiple departments or business units in a private datacenter which require network isolation, or a tenant in a public data center which is hosted by a service provider. 每個客戶只能有一或多虛擬網路資料中心,與每個 virtual 網路所組成一或多虛擬子網路Each customer can have one or more Virtual networks in the datacenter, and each virtual network consists of one or more Virtual subnets.

有兩種 HNV 實作,將可在 Windows Server 2016: HNVv1 和 HNVv2。There are two HNV implementations which will be available in Windows Server 2016: HNVv1 and HNVv2.

  • HNVv1HNVv1

    HNVv1 是與 Windows Server 2012 R2 和系統中心 2012 R2 一樣 Manager (VMM) 相容。HNVv1 is compatible with Windows Server 2012 R2 and System Center 2012 R2 Virtual Machine Manager (VMM). 設定 HNVv1 依賴 WMI 管理及 Windows PowerShell cmdlet (透過 System Center VMM 加速) 定義隔離設定和客戶位址 (CA) virtual 網路的實際地址 (PA) 對應和路由。Configuration for HNVv1 relies on WMI management and Windows PowerShell cmdlets (facilitated through System Center VMM) to define isolation settings and Customer Address (CA) - virtual network - to Physical Address (PA) mappings and routing. 若要在 Windows Server 2016 HNVv1 新增了任何其他功能,並計劃中的新功能。No additional features have been added to HNVv1 in Windows Server 2016 and no new features are planned.

  • HNVv2HNVv2

    使用 Azure Virtual 篩選平台 (VFP) 轉寄切換 HYPER-V 中的擴充功能是實作 HNVv2 包含大量的新功能。A significant number of new features are included in HNVv2 which is implemented using the Azure Virtual Filtering Platform (VFP) forwarding extension in the Hyper-V Switch. Microsoft Azure 堆疊的軟體定義網路 (SDN) 堆疊包含新的網路控制器完全整合 HNVv2。HNVv2 is fully integrated with Microsoft Azure Stack which includes the new Network Controller in the Software Defined Networking (SDN) Stack. 透過 Microsoft virtual 的網路原則定義Network Controller使用 RESTful NorthBound (NB) API 並套用到透過多個 SouthBound Intefaces (SBI) 包括 OVSDB 主機代理程式。Virtual network policy is defined through the Microsoft Network Controller using a RESTful NorthBound (NB) API and plumbed to a Host Agent via multiple SouthBound Intefaces (SBI) including OVSDB. 主機代理程式 VFP 擴充 HYPER-V 開關切換至何處執行的原則。The Host Agent programs policy in the VFP extension of the Hyper-V Switch where it is enforced.

    重要

    本主題焦某 HNVv2。This topic focuses on HNVv2.

Virtual 網路Virtual network

  • 每個 virtual 網路一或多個 virtual 子網路所組成。Each virtual network consists of one or more virtual subnets. Virtual 網路形成隔離邊界虛擬機器 virtual 網路位置只能與其他通訊。A virtual network forms an isolation boundary where the virtual machines within a virtual network can only communicate with each other. 一般而言,這種隔離已執行使用 Vlan 隔離的 IP 位址和 802.1q 標記或 VLAN id。Traditionally, this isolation was enforced using VLANs with a segregated IP address range and 802.1q Tag or VLAN ID. 但 HNV,使用隔離執行使用 NVGRE 或 VXLAN 封裝重疊的 IP 子網路針對或 tenants 之間的可能性建立覆疊網路。But with HNV, isolation is enforced using either NVGRE or VXLAN encapsulation to create overlay networks with the possibility of overlapping IP subnets between customers or tenants.

  • 每個 virtual 網路主機上具有獨特路由網域 ID (RDID)。Each virtual network has a unique Routing Domain ID (RDID) on the host. 這個 RDID 大約地圖資源 id 找出 virtual 網路 Network Controller 中的其餘部分資源。This RDID roughly maps to a Resource ID to identify the virtual network REST resource in the Network Controller. 參考統一資源識別碼 (URI) 命名空間使用附加資源 ID virtual 網路其餘資源The virtual network REST resource is referenced using a Uniform Resource Identifier (URI) namespace with the appended Resource ID.

Virtual 子網路Virtual subnets

  • 子網路 virtual 實作虛擬電腦的層級 3 IP 子網路語意相同 virtual 子網路中。A virtual subnet implements the Layer 3 IP subnet semantics for the virtual machines in the same virtual subnet. 子網路 virtual 形成廣播的網域 (類似 VLAN) 和隔離由使用 NVGRE 承租人網路 ID (TNI) 或 VXLAN 網路識別碼 (VNI) 欄位。The virtual subnet forms a broadcast domain (similar to a VLAN) and isolation is enforced by using either the NVGRE Tenant Network ID (TNI) or VXLAN Network Identifier (VNI) field.

  • 每個 virtual 子網路屬於單一 virtual 網路 (RDID),而已指派唯一 Virtual 子網路 ID (VSID) 使用 TNI 或 VNI 鍵頭封裝封包。Each virtual subnet belongs to a single virtual network (RDID), and it is assigned a unique Virtual Subnet ID (VSID) using either the TNI or VNI key in the encapsulated packet header. VSID 必須唯一 datacenter 和 4096 到 2 的範圍中 ^24-2。The VSID must be unique within the datacenter and is in the range 4096 to 2^24-2.

主要優點 virtual 網路與路由網域是雲端它可以讓針對讓他們自己的網路拓撲 (例如 IP 子網路)。A key advantage of the virtual network and routing domain is that it allows customers to bring their own network topologies (for example, IP subnets) to the cloud. 圖 2 所示示範,以 Contoso Corp 擁有兩個不同的網路,R 與網路 D 和銷售網路。Figure 2 shows an example where the Contoso Corp has two separate networks, the R&D Net and the Sales Net. 這些網路有不同的尚網域 Id,因為它們無法彼此互動。Because these networks have different routing domain IDs, they cannot interact with each other. 也就是,以 Contoso R 與 D 網路隔離從網路 Contoso 銷售即使是兩者由 Contoso Corp.Contoso R 所擁有與網路 D 包含三 virtual 子網路。That is, Contoso R&D Net is isolated from Contoso Sales Net even though both are owned by Contoso Corp. Contoso R&D Net contains three virtual subnets. 請注意,RDID 和 VSID 唯一資料中心。Note that both the RDID and VSID are unique within a datacenter.

客戶網路和 virtual 子網路

圖 2 所示: 客戶網路和 virtual 子網路Figure 2: Customer networks and virtual subnets

轉送層級 2Layer 2 Forwarding

在圖 2 所示,在 VSID 5001 虛擬電腦都可以有轉送虛擬機器 VSID 5001 HYPER-V 開關切換至透過在他們封包。In Figure 2, the virtual machines in VSID 5001 can have their packets forwarded to virtual machines that are also in VSID 5001 through the Hyper-V Switch. 從一樣 VSID 5001 中輸入封包會傳送至上 HYPER-V 開關切換至特定 VPort。The incoming packets from a virtual machine in VSID 5001 are sent to a specific VPort on the Hyper-V Switch. 透過這些封包 HYPER-V 開關切換至套用輸入規則 (例如壓縮) 和對應 (例如封裝標頭)。Ingress rules (e.g. encap) and mappings (e.g. encapsulation header) are applied by the Hyper-V Switch for these packets. 封包然後轉送至不同 VPort HYPER-V 切換上 (如果目的地一樣已連接到同一部主機) 或其他 HYPER-V 切換在不同的主機 (如果有不同的主機上位於目的地一樣)。The packets are then forwarded either to a different VPort on the Hyper-V Switch (if the destination virtual machine is attached to the same host) or to a different Hyper-V switch on a different host (if the destination virtual machine is located on a different host).

層級 3 路由Layer 3 Routing

同樣地,在 VSID 5001 虛擬電腦可能路由傳送至 VSID 5002 或 VSID 5003 虛擬電腦 HNV 分散式路由器會在每個 HYPER-V 主機的 VSwitch 他們封包。Similarly, the virtual machines in VSID 5001 can have their packets routed to virtual machines in VSID 5002 or VSID 5003 by the HNV distributed router which is present in each Hyper-V host's VSwitch. 於封包傳遞至 HYPER-V 切換、 HNV 更新的目的地一樣 VSID VSID 傳入封包。Upon delivering the packet to the Hyper-V switch, HNV updates the VSID of the incoming packet to the VSID of the destination virtual machine. 這只會發生這兩個 VSIDs 相同 RDID 如果。This will only happen if both VSIDs are in the same RDID. 因此,virtual 網路介面卡,與 RDID1 無法傳送封包 virtual 網路介面卡,與 RDID2 不通過閘道。Therefore, virtual network adapters with RDID1 cannot send packets to virtual network adapters with RDID2 without traversing a gateway.

注意

封包流程描述以上,在 「 一樣 「 實際上是指 virtual 網路介面卡上一樣。In the packet flow description above, the term "virtual machine" actually means the virtual network adapter on the virtual machine. 常見案例是一樣僅有單一 virtual 網路介面卡。The common case is that a virtual machine only has a single virtual network adapter. 在本案例中的文字 」 一樣 」 和 「 virtual 網路介面卡] 概念可以表示是同一件事。In this case, the words "virtual machine" and "virtual network adapter" can conceptually mean the same thing.

每個 virtual 子網路定義層級 3 IP 子網路和層級 2 (L2) 廣播的網域邊界 VLAN 類似。Each virtual subnet defines a Layer 3 IP subnet and a Layer 2 (L2) broadcast domain boundary similar to a VLAN. 當一樣廣播了封包時,HNV 使用單複寫 (UR) 做了一份原始封包及每個 VM 的位址相同 VSID 中有哪些取代目的地 IP 和 MAC。When a virtual machine broadcasts a packet, HNV uses Unicast Replication (UR) to make a copy of the original packet and replace the destination IP and MAC with the addresses of each VM which are in the same VSID.

注意

Windows Server 2016 出貨時, 將會使用單複寫實作廣播和子網路多點傳送。When Windows Server 2016 ships, broadcast and subnet multicasts will be implemented using unicast replication. 子網路跨多點路由並 IGMP 不支援。Cross-subnet multicast routing and IGMP are not supported.

正在廣播的網域,除了 VSID 提供隔離。In addition to being a broadcast domain, the VSID provides isolation. 在 HNV virtual 網路介面卡被連接至 HYPER-V 切換具有 ACL 規則套用直接連接埠 (資源 virtualNetworkInterface 其餘部分) 或是其中一部分 virtual 子網路 (VSID)。A virtual network adapter in HNV is connected to a Hyper-V switch port that will have ACL rules applied either directly to the port (virtualNetworkInterface REST resource) or to the virtual subnet (VSID) of which it is a part.

HYPER-V 切換連接埠必須套用 ACL 規則。The Hyper-V switch port must have an ACL rule applied. 此 ACL 可能會允許所有、 拒絕全部或更多針對只允許特定類型的資料傳輸根據 5-tuple 來源 IP、 目的地 IP、 來源連接埠,目的地連接埠 (通訊協定) 相符。This ACL could be ALLOW ALL, DENY ALL, or be more specific to only allow certain types of traffic based on 5-tuple (Source IP, Destination IP, Source Port, Destination Port, Protocol) matching.

注意

HYPER-V 切換擴充功能不適用於 HNVv2 中新的軟體定義網路 (SDN) 堆疊。Hyper-V Switch Extensions will not work with HNVv2 in the new Software Defined Networking (SDN) stack. 使用 Azure Virtual 篩選平台 (VFP) 切換擴充功能無法使用的任何其他第 3 廠商切換延伸搭配實作 HNVv2。HNVv2 is implemented using the Azure Virtual Filtering Platform (VFP) switch extension which cannot be used in conjunction with any other 3rd-party switch extension.

切換,並在網路 HYPER-V 模擬路由Switching and Routing in Hyper-V Network Virtualization

HNVv2 實作正確層級 2 (L2) 切換和層級 3 (L3) 路由語意如同實體切換工作,或路由器會運作。HNVv2 implements correct Layer 2 (L2) switching and Layer 3 (L3) routing semantics to work just as a physical switch or router would work. 當一樣連接到 HNV virtual 網路會嘗試相同 virtual 子網路 (VSID) 以了解 CA 的 MAC 位址遠端一樣必須先在連接的另一個一樣。When a virtual machine connected to an HNV virtual network attempts to establish a connection with another virtual machine in the same virtual subnet (VSID) it will first need to learn the CA MAC address of the remote virtual machine. 如果有 ARP 項目的一樣的來源一樣的 ARP 表格中的 IP 位址,使用此項目從 MAC 位址。If there is an ARP entry for the destination virtual machine's IP address in the source virtual machine's ARP table, the MAC address from this entry is used. 如果輸入不存在,將會傳送給 ARP 廣播傳回目的地一樣的 IP 位址相對應的 MAC 位址,要求來源一樣。If an entry does not exist, the source virtual machine will send an ARP broadcast with a request for the MAC address corresponding to the destination virtual machine's IP address to be returned. HYPER-V 開關切換至將攔截這個要求,並將它傳送給主機代理程式。The Hyper-V Switch will intercept this request and send it to the Host Agent. 主機代理程式看起來會要求的目的地一樣的 IP 位址相對應的 MAC 位址其本機資料庫中。The Host Agent will look in its local database for a corresponding MAC address for the requested destination virtual machine's IP address.

注意

主機代理,做為 OVSDB 伺服器,使用 VTEP 結構描述 variant 儲存 CA-PA 對應、 MAC 表格和等等。The Host Agent, acting as the OVSDB server, uses a variant of the VTEP schema to store CA-PA mappings, MAC table, and so on.

如果有可用的 MAC 位址,主機代理程式插入 ARP 回應與傳送此回到一樣。If a MAC address is available, the Host Agent injects an ARP response and sends this back to the virtual machine. 一樣的網路堆疊所有所需的 L2 標頭資訊後,畫面會傳送到對應 HYPER-V 連接埠 V 式開關切換至。After the virtual machine's networking stack has all the required L2 header information, the frame is sent to the corresponding Hyper-V Port on the V-Switch. 內部,HYPER-V 開關切換至測試此框架有 N 序元組符合規則指派給 V 連接埠和適用於特定的轉換框架根據本規則。Internally, the Hyper-V Switch tests this frame against N-tuple matching rules assigned to the V-Port and applies certain transformations to the frame based on these rules. 最重要的是一組封裝轉換適用於建構封裝標頭 NVGRE 或 VXLAN,使用定義在 Network Controller 的原則。Most importantly, a set of encapsulation transformations is applied to construct the encapsulation header using either NVGRE or VXLAN, depending on the policy defined at the Network Controller. 根據原則主機代理程式所設計,CA-PA 對應用來判斷 HYPER-V 主機的 IP 位址所在目的地一樣。Based on the policy programmed by the Host Agent, a CA-PA mapping is used to determine the IP address of the Hyper-V host where the destination virtual machine resides. HYPER-V 開關切換至確保正確的路徑規則及 VLAN 標籤到達遠端 PA 地址,會套用至外部封包。The Hyper-V Switch ensures the correct routing rules and VLAN tags are applied to the outer packet so it reaches the remote PA address.

連接到 HNV virtual 網路一樣想要建立連接一樣,在不同的 virtual 子網路 (VSID) 使用時,如果需要路由傳送,因此請務必妥善封包。If a virtual machine connected to an HNV virtual network wants to create a connection with a virtual machine in a different virtual subnet (VSID), the packet needs to be routed accordingly. HNV 假設星形拓撲其中瑞曲之戰所有 IP 首碼 (意義一個預設之前的路徑日閘道) 做為躍 CA 空間中只有一個 IP 位址。HNV assumes a star-topology where there is only one IP address in the CA space used as the next-hop to reach all IP prefixes (meaning one default route/gateway). 目前,這會執行單一預設路由的限制和路徑非預設不支援。Currently, this enforces a limitation to a single default route and non-default routes are not supported.

子網路 Virtual 之間路由Routing Between Virtual Subnets

實體網路,在的 IP 子網路是位置 (virtual 和實體) 的電腦可以直接彼此層級 2 (L2) 網域。In a physical network, an IP subnet is a Layer 2 (L2) domain where computers (virtual and physical) can directly communicate with each other. L2 網域是廣播的網域位置 ARP 項目 (IP:MAC 位址地圖) 的所有介面正在廣播的 ARP 要求透過學習和 ARP 回應會傳送到要求主機。The L2 domain is a broadcast domain where ARP entries (IP:MAC address map) are learned through ARP requests that are broadcast on all interfaces and ARP responses are sent back to the requesting host. 電腦完全建構包括乙太網路標頭 L2 框架使用以來 ARP 回應的 MAC 資訊。The computer uses the MAC information learned from the ARP response to completely construct the L2 frame including Ethernet headers. 不過,如果在不同的 L3 子網路的 IP 位址,ARP 要求不會跨此 L3 邊界。However, if an IP address is in a different L3 subnet, the ARP request does not cross this L3 boundary. 而是來源子網路中的 IP 位址 L3 路由器介面 (躍或預設閘道) 必須回應有它自己的 MAC 位址這些 ARP 要求。Instead, an L3 router interface (next-hop or default gateway) with an IP address in the source subnet must respond to these ARP requests with its own MAC address.

在標準 Windows 網路,系統管理員可以建立靜態路徑,然後指定這些網路介面。In standard Windows networking, an administrator can create static routes and assign these to a network interface. 此外,[預設閘道] 通常被設定為上封包預設路由 (0.0.0.0 / 0) 直接傳送位置介面躍 IP 位址。Additionally, a "default gateway" is usually configured to be the next-hop IP address on an interface where packets destined for the default route (0.0.0.0/0) are sent. 如果不有任何特定路由預設閘道會收到封包。Packets are sent to this default gateway if no specific routes exist. 這通常是您的實體網路路由器。This is typically the router for your physical network. HNV 使用建路由器是每個主機的一部分,並在每個 VSID 建立分散式的路由器的 virtual 網路介面。HNV uses a built-in router that is part of every host and has an interface in every VSID to create a distributed router for the virtual network(s).

因為 HNV 前提星級拓撲 HNV 分散式的路由器會做為單一預設閘道之間的相同 VSID 網路 Virtual 子網路將所有資料傳輸。Since HNV assumes a star topology, the HNV distributed router acts as a single default gateway for all traffic that is going between Virtual Subnets that are part of the same VSID network. 地址做為預設閘道預設值是在 VSID 最低的 IP 位址,以及已指派給 HNV 分散式路由器。The address used as the default gateway defaults to the lowest IP address in the VSID and is assigned to the HNV distributed router. 允許此分散式的路由器 VSID 網路中的所有資料傳輸方式因為每一部主機可以直接傳送資料傳輸到適當的主機而不需要介正確傳遞至分公司。This distributed router allows for a very efficient way for all traffic inside a VSID Network to be routed appropriately because each host can directly route the traffic to the appropriate host without needing an intermediary. 尤其是時的相同 VM 網路但不同 Virtual 子網路中的兩個虛擬電腦上相同的實體主機。This is particularly true when two virtual machines in the same VM Network but different Virtual Subnets are on the same physical host. 您將會在本區段中稍後看到、 封包從未必須離開實體主機。As you will see later in this section, the packet never has to leave the physical host.

路由之間 PA 子網路Routing between PA subnets

相較於配置一個 PA IP 位址的每個 Virtual 子網路 (VSID) HNVv1,HNVv2 現在可以使用每個 Switch-Embedded 小組 (設定) NIC 小組成員 PA IP 位址。In contrast to HNVv1 which allocated one PA IP address for each Virtual Subnet (VSID), HNVv2 now uses one PA IP address per Switch-Embedded Teaming (SET) NIC team member. 預設部署假設兩-NIC 團隊,並會指定每個主機的兩個 PA IP 位址。The default deployment assumes a two-NIC team and assigns two PA IP addresses per host. 一部主機有 PA IPs 指派相同提供者 (PA) 邏輯子網路相同的 VLAN 上。A single host has PA IPs assigned from the same Provider (PA) logical subnet on the same VLAN. 在相同的 virtual 子網路中的兩個承租人 Vm 確實位於兩個不同的主機這兩個不同的提供者邏輯子網路來連接。Two tenant VMs in the same virtual subnet may indeed be located on two different hosts which are connected to two different provider logical subnets. HNV 將建構封裝封包根據 CA-PA 對應的外部 IP 標頭。HNV will construct the outer IP headers for the encapsulated packet based on the CA-PA mapping. 不過,它依賴 PA 預設閘道 ARP 主機 TCP/IP 堆疊,然後根據 ARP 回應的外部乙太網路標頭的組建。However, it relies on the host TCP/IP stack to ARP for the default PA gateway and then builds the outer Ethernet headers based on the ARP response. 一般而言,此 ARP 回應來自 SVI 介面實體切換或 L3 路由器上已連接主機的地方。Typically, this ARP response comes from the SVI interface on the physical switch or L3 router where the host is connected. HNV 因此依賴路由加密的封包提供者邏輯子網路之間 L3 路由器日 Vlan。HNV therefore relies on the L3 router for routing the encapsulated packets between provider logical subnets / VLANs.

路由外 Virtual 網路Routing Outside a Virtual Network

大多數客戶部署需要從 HNV 環境通訊不 HNV 環境的部分資源。Most customer deployments will require communication from the HNV environment to resources that are not part of the HNV environment. 網路模擬閘道需要允許兩個環境間通訊。Network Virtualization gateways are required to allow communication between the two environments. 需要 HNV 閘道基礎結構包含的私人雲端和混合雲端。Infrastructures requiring an HNV Gateway include Private Cloud and Hybrid Cloud. 基本而言,HNV 閘道所需的層級 3 路由內外 (實體) 網路 (包括 NAT) 或之間不同的網站和/或雲朵 (私人或公開) 使用 IPSec VPN 或 GRE 的通道。Basically, HNV gateways are required for Layer 3 routing between internal and external (physical) networks (including NAT) or between different sites and/or clouds (private or public) which use an IPSec VPN or GRE tunnel.

可以進入實體的不同尺寸規格閘道。Gateways can come in different physical form factors. 他們可以在 Windows Server 2016 納入的架頂端 (TOR) 切換作為存取透過 Virtual IP (VIP) 來負載平衡器通知 VXLAN 閘道進入其他現有的網路裝置,或可以將新的網路獨立應用裝置上建置。They can be built on Windows Server 2016, incorporated into a Top of Rack (TOR) switch acting as a VXLAN Gateway, accessed through a Virtual IP (VIP) advertised by a load balancer, put into other existing network appliances, or can be a new stand-alone network appliance.

如需 Windows RAS 閘道選項的相關資訊,請查看RAS 閘道For more information about Windows RAS Gateway options, see RAS Gateway.

封包封裝Packet Encapsulation

在 HNV 每個 virtual 網路介面卡是相關聯的兩個 IP 位址:Each virtual network adapter in HNV is associated with two IP addresses:

  • 客戶地址] (CA) 位址指派客戶,根據其內部網路基礎結構。Customer Address (CA) The IP address assigned by the customer, based on their intranet infrastructure. 此地址可客戶如同它不需要移至公用或私人雲端換貨網路流量的一樣。This address allows the customer to exchange network traffic with the virtual machine as if it had not been moved to a public or private cloud. 已可見一樣,且可以客戶。The CA is visible to the virtual machine and reachable by the customer.

  • 提供者地址(PA) 的 IP 位址裝載者指派或根據其實體網路基礎結構 datacenter 系統管理員。Provider Address (PA) The IP address assigned by the hosting provider or the datacenter administrators based on their physical network infrastructure. PA 會顯示在網路上的換貨執行裝載一樣 HYPER-V server 的封包。The PA appears in the packets on the network that are exchanged with the server running Hyper-V that is hosting the virtual machine. PA 會顯示在實體網路,但不是一樣。The PA is visible on the physical network, but not to the virtual machine.

Ca 維護顧客網路拓撲,來 PAs 實作分離實際基礎實體網路拓撲和地址,並擬化檔案。The CAs maintain the customer's network topology, which is virtualized and decoupled from the actual underlying physical network topology and addresses, as implemented by the PAs. 下圖顯示概念和之間的關係一樣 Ca 網路基礎結構 PAs 根據網路模擬。The following diagram shows the conceptual relationship between virtual machine CAs and network infrastructure PAs as a result of network virtualization.

網路模擬上方所在的基礎結構的概念圖

圖 6: 的網路模擬上方所在的基礎結構的概念圖Figure 6: Conceptual diagram of network virtualization over physical infrastructure

在圖表,客戶虛擬電腦傳送資料封包 CA 空間,往返實體網路基礎結構透過自己 virtual 網路或 「 通道 」。In the diagram, customer virtual machines are sending data packets in the CA space, which traverse the physical network infrastructure through their own virtual networks, or "tunnels". 在上述範例通道可以視為 」 信封 」 操作遺漏出貨標籤 (PA 位址) 直接從左邊來源主機傳送到目的主機上向右以 Contoso 和 Fabrikam 資料封包。In the example above, the tunnels can be thought of as "envelopes" around the Contoso and Fabrikam data packets with green shipping labels (PA addresses) to be delivered from the source host on the left to the destination host on the right. 關鍵在於主機如何判斷 」 寄送地址] (PA) Contoso Fabrikam CA、 」 信封 」 如何放在封包及如何解除包裝封包並正確地提供 Contoso 和 Fabrikam 目的地虛擬機器目的地主機相對應。The key is how the hosts determine the "shipping addresses" (PA's) corresponding to the Contoso and the Fabrikam CA's, how the "envelope" is put around the packets, and how the destination hosts can unwrap the packets and deliver to the Contoso and Fabrikam destination virtual machines correctly.

此簡單類比反白顯示網路模擬的重要:This simple analogy highlighted the key aspects of network virtualization:

  • 每個一樣 CA 對應至 PA.實體主機Each virtual machine CA is mapped to a physical host PA. 可能會有多個相同 PA.相關聯的 CaThere can be multiple CAs associated with the same PA.

  • 虛擬電腦傳送 CA 空間,這進入 「 信封 」 的 PA 來源和目的地配對根據對應資料封包。Virtual machines send data packets in the CA spaces, which are put into an "envelope" with a PA source and destination pair based on the mapping.

  • CA-PA 對應必須允許主機來區分不同客戶虛擬機器封包。The CA-PA mappings must allow the hosts to differentiate packets for different customer virtual machines.

如此一來,是虛擬化虛擬機器所使用的網路位址虛擬化網路的機制。As a result, the mechanism to virtualize the network is to virtualize the network addresses used by the virtual machines. 負責位址對應,網路控制器和主機代理維持使用 MS_VTEP 架構的製圖資料庫。The network controller is responsible for the address mapping, and the host agent maintains the mapping database using the MS_VTEP schema. 下一節中描述的實際地址模擬機制。The next section describes the actual mechanism of address virtualization.

網路模擬透過模擬地址Network virtualization through address virtualization

HNV 實作覆疊網路模擬一般路由封裝 (NVGRE) 或虛擬最具擴充性的區域網路 (VXLAN) 使用承租人網路。HNV implements overlay tenant networks using either Network Virtualization Generic Routing Encapsulation (NVGRE) or the Virtual eXtensible Local Area Network (VXLAN). 預設 VXLAN。VXLAN is the default.

Virtual 最具擴充性的區域網路 (VXLAN)Virtual eXtensible Local Area Network (VXLAN)

虛擬最具擴充性的區域網路 (VXLAN) (RFC 7348) 通訊協定已被普遍在市場,並可支援從等 Cisco、 錦緞、 Arista、 Dell、 HP 和其他廠商取得。The Virtual eXtensible Local Area Network (VXLAN) (RFC 7348) protocol has been widely adopted in the market place, with support from vendors like Cisco, Brocade, Arista, Dell, HP and others. 使用傳輸 UDP VXLAN 通訊協定。The VXLAN protocol uses UDP as the transport. 已 VXLAN IANA 指派 UDP 目的連接埠 4789 與 UDP 連接埠來源應該 hash 的資訊,用於 ECMP 分配最封包。The IANA-assigned UDP destination port for VXLAN is 4789 and the UDP source port should be a hash of information from the inner packet to be used for ECMP spreading. UDP 標頭之後 VXLAN 標頭附加到包括後面 3 位元組欄位的 VXLAN 網路識別碼 (VNI)-VSID-後面另一個保留 1 位元組欄位保留的 4 位數欄位封包。After the UDP header, a VXLAN header is appended to the packet which includes a reserved 4-byte field followed by a 3-byte field for the VXLAN Network Identifier (VNI) - VSID - followed by another reserved 1-byte field. VXLAN 標頭之後附加原始 CA L2 框架 (不含 CA 乙太網路架構 FCS)。After the VXLAN header, the original CA L2 frame (without the CA Ethernet frame FCS) is appended.

VXLAN 封包標頭

一般路由壓縮 (NVGRE)Generic Routing Encapsulation (NVGRE)

此網路模擬機制使用一般路由封裝 (NVGRE) 通道標頭的一部分。This network virtualization mechanism uses the Generic Routing Encapsulation (NVGRE) as part of the tunnel header. 在 [NVGRE,一樣的封包封裝在另一封包。In NVGRE, the virtual machine's packet is encapsulated inside another packet. 這個新的封包標頭有來源的適當和目的地 PA IP 位址,除了 Virtual 子網路 ID,會儲存在金鑰欄位 GRE 標頭,如圖 7 所示。The header of this new packet has the appropriate source and destination PA IP addresses in addition to the Virtual Subnet ID, which is stored in the Key field of the GRE header, as shown in Figure 7.

封裝 NVGRE

圖 7 所示: 網路模擬 NVGRE 封裝Figure 7: Network virtualization - NVGRE encapsulation

子網路 Virtual ID 允許找出為任何特定的封包客戶一樣主機時,可能會重疊即使 PA 的與 CA 的封包。The Virtual Subnet ID allows hosts to identify the customer virtual machine for any given packet, even though the PA's and the CA's on the packets may overlap. 這可讓所有虛擬電腦上同一部主機分享單一 PA,如圖 7 所示。This allows all virtual machines on the same host to share a single PA, as shown in Figure 7.

分享 PA 延展性網路上有很大的影響。Sharing the PA has a big impact on network scalability. 所需的網路基礎結構學習 IP 和 MAC 位址數目可以大幅降低。The number of IP and MAC addresses that need to be learned by the network infrastructure can be substantially reduced. 例如,如果每個主機 30 虛擬電腦的 IP 平均且需要學習網路基礎結構的 MAC 位址減少 30.embedded Virtual 子網路中的編號封包倍也可讓輕鬆相互關聯的實際針對封包。For instance, if every end host has an average of 30 virtual machines, the number of IP and MAC addresses that need to be learned by the networking infrastructure is reduced by a factor of 30.The embedded Virtual Subnet IDs in the packets also enable easy correlation of packets to the actual customers.

Windows Server 2012 R2 的共用配置 PA 是 VSID 每一個 PA 每個主機。The PA sharing scheme for Windows Server 2012 R2 is one PA per VSID per host. Windows Server 2016 配置是一個 PA 每個 NIC 小組的成員。For Windows Server 2016 the scheme is one PA per NIC team member.

Windows Server 2016 的與更新版本,HNV 完全支援 NVGRE 和 VXLAN 另外;不需要升級,或購買新的網路硬體,例如 Nic (網路介面卡),參數或路由器。With Windows Server 2016 and later, HNV fully supports NVGRE and VXLAN out of the box; it does NOT require upgrading or purchasing new network hardware such as NICs (network adapters), switches, or routers. 這是因為這些封包來傳送 PA 空間,也就是目前的網路基礎結構相容的一般 IP 封包。This is because these packets on the wire are regular IP packet in the PA space, which is compatible with today's network infrastructure. 不過,以取得最佳效能使用 Nic 支援支援工作卸載的最新驅動程式。However, to get the best performance use supported NICs with the latest drivers that support task offloads.

多承租人部署範例Multi-tenant deployment example

下圖顯示兩個針對關聯的網路原則定義 CA-PA 位於雲端的資料中心的部署範例。The following diagram shows an example deployment of two customers located in a cloud datacenter with the CA-PA relationship defined by the network policies.

多承租人部署範例

圖 8: 多承租人部署範例Figure 8: Multi-tenant deployment example

請參考圖 8 範例。Consider the example in Figure 8. 移至主機的供應商之前的共用 IaaS 服務:Prior to moving to the hosting provider's shared IaaS service:

  • Contoso Corp 執行 SQL Server (名為SQL),IP 位址 10.1.1.11 與 web 伺服器 (名為網頁),其 SQL Server 資料庫交易使用的 IP 位址 10.1.1.12。Contoso Corp ran a SQL Server (named SQL) at the IP address 10.1.1.11 and a web server (named Web) at the IP address 10.1.1.12, which uses its SQL Server for database transactions.

  • Fabrikam Corp 執行 SQL Server、 也稱為SQL並指定 IP 位址 10.1.1.11,與 web 伺服器,也稱為網頁,並也在 10.1.1.12 IP 位址,使用其 SQL Server 資料庫交易。Fabrikam Corp ran a SQL Server, also named SQL and assigned the IP address 10.1.1.11, and a web server, also named Web and also at the IP address 10.1.1.12, that uses its SQL Server for database transactions.

我們將會假設裝載的服務提供者已先前建立透過依據他們實體網路拓撲 Network Controller 的提供者 (PA) 邏輯網路。We will assume that the hosting service provider has previously created the provider (PA) logical network through the Network Controller to correspond to their physical network topology. Network Controller 的邏輯子網路的 IP 首碼所定義連接主機的地方配置兩個 PA IP 位址。The Network Controller allocates two PA IP addresses from the logical subnet's IP prefix where the hosts are connected. 網路控制器也會指出適當的 VLAN 標籤套用的 IP 位址。The network controller also indicates the appropriate VLAN tag to apply the IP addresses.

使用網路控制器,以 Contoso Corp Fabrikam Corp 則建立 virtual 網路和子網路的由裝載的服務提供者所指定的提供者 (PA) 邏輯網路的支援。Using the Network Controller, Contoso Corp and Fabrikam Corp then create their virtual network and subnets which are backed by the provider (PA) logical network specified by the hosting service provider. 移動他們各團隊 Contoso Corp 和 Fabrikam Corp 和網頁伺服器相同裝載提供者共用 IaaS 服務,正巧,執行SQL HYPER-V 主機 1 虛擬電腦和網頁(IIS7) 虛擬電腦上 HYPER-V 主機 2。Contoso Corp and Fabrikam Corp move their respective SQL Servers and web servers to the same hosting provider's shared IaaS service where, coincidentally, they run the SQL virtual machines on Hyper-V Host 1 and the Web (IIS7) virtual machines on Hyper-V Host 2. 虛擬的所有電腦都維持其原始內部 IP 位址 (他們 Ca)。All virtual machines maintain their original intranet IP addresses (their CAs).

這兩個公司已指派下列 Virtual 子網路 ID (VSID) Network Controller 如下所示。Both companies are assigned the following Virtual Subnet ID (VSID) by the Network Controller as indicated below. 主機上的代理程式每個 HYPER-V 主機接收 Network Controller 的配置的 PA IP 位址,並建立區間非預設網路中的兩個 PA 主機 vNICs。The Host Agent on each of the Hyper-V hosts receives the allocated PA IP addresses from the Network Controller and creates two PA host vNICs in a non-default network compartment. 網路介面已指派給每個這些的主機 vNICs PA IP 位址指派,如下所示:A network interface is assigned to each of these host vNICs where the PA IP address is assigned as shown below:

  • VSID 和 PAs Contoso Corp 虛擬電腦: VSID是 5001, SQL PA是 192.168.1.10, Web PA是 192.168.2.20Contoso Corp's virtual machines VSID and PAs : VSID is 5001, SQL PA is 192.168.1.10, Web PA is 192.168.2.20

  • VSID 和 PAs Fabrikam Corp 虛擬電腦: VSID是 6001, SQL PA是 192.168.1.10, Web PA是 192.168.2.20Fabrikam Corp's virtual machines VSID and PAs: VSID is 6001, SQL PA is 192.168.1.10, Web PA is 192.168.2.20

Network Controller plumbs 所有的網路原則 (包括 CA-PA 對應),將會維持原則 (以 OVSDB 資料庫表格) 持續市集中 SDN 主機代理程式。The Network Controller plumbs all network policy (including CA-PA mapping) to the SDN Host Agent which will maintain the policy in a persistent store (in OVSDB database tables).

當 Contoso Corp Web 一樣 (10.1.1.12) HYPER-V 主機 2 上建立的 TCP 連接 SQL Server 10.1.1.11 在時下列動作:When the Contoso Corp Web virtual machine (10.1.1.12) on Hyper-V Host 2 creates a TCP connection to the SQL Server at 10.1.1.11, the following happens:

  • VM Arp 10.1.1.11 的目的地的 MAC 位址VM ARPs for the destination MAC address of 10.1.1.11

  • 在 vSwitch VFP 擴充功能攔截這封包並將其傳送到 SDN 主機代理程式The VFP extension in the vSwitch intercepts this packet and sends it to the SDN Host Agent

  • SDN 主機代理程式看起來 10.1.1.11 的 MAC 位址其原則網上商店中The SDN Host Agent looks in its policy store for the MAC address for 10.1.1.11

  • 如果找到是 MAC,則主機代理程式插入回 VM ARP 回應If a MAC is found, the Host Agent injects an ARP response back to the VM

  • 如果找不到是 MAC,則會傳送無回應和 ARP 中的項目適用於 10.1.1.11 VM 標示無法存取。If a MAC is not found, no response is sent and the ARP entry in the VM for 10.1.1.11 is marked unreachable.

  • VM 現在建構正確 CA 乙太網路及 IP 標頭的 TCP 封包,並將其傳送到 vSwitchThe VM now constructs a TCP packet with the correct CA Ethernet and IP headers and sends it to the vSwitch

  • 轉送 vSwitch 中的擴充功能 VFP 處理這封包透過指派給在其封包接收,以及 VFP 流量統一的表格中建立新的 flow 輸入來源 vSwitch 連接埠 VFP 層 (如下所述)The VFP forwarding extension in the vSwitch processes this packet through the VFP layers (described below) assigned to the source vSwitch port on which the packet was received and creates a new flow-entry in the VFP unified flow table

  • VFP 引擎會執行規則符合或流量表格搜尋 IP 和乙太網路首依據每一層 (例如 virtual 網路層級)。The VFP engine performs rule matching or flow-table lookup for each layer (e.g. virtual network layer) based on the IP and Ethernet headers.

  • 符合 virtual 網路層規則參考 CA-PA 對應空間,並執行封裝。The matched rule in the virtual network layer references a CA-PA mapping space and performs encapsulation.

  • 加上 VSID VNet 層中指定封裝類型 (VXLAN 或 NVGRE)。The encapsulation type (either VXLAN or NVGRE) is specified in the VNet layer along with the VSID.

  • VXLAN 封裝,在外部 UDP 標頭建構 VSID 5001 VXLAN 標頭的使用。In the case of VXLAN encapsulation, an outer UDP header is constructed with the VSID of 5001 in the VXLAN header.
    指派給 HYPER-V 主機 2 (192.168.2.20) 與 「 HYPER-V 主機 1 (192.168.1.10) 分別根據 SDN 主機代理程式原則市集來源和目的地 PA 位址建構外部 IP 標頭。An outer IP header is constructed with the source and destination PA address assigned to the Hyper-V Host 2 (192.168.2.20) and Hyper-V Host 1 (192.168.1.10) respectively based on the SDN Host Agent's policy store.

  • 然後流向 PA 路由層級在 VFP 這封包。This packet then flows to the PA routing layer in VFP.

  • 在 VFP PA 路由層將參考用於 PA 空間交通和 VLAN ID 網路區間,並使用 TCP/IP 堆疊的主機正確 HYPER-V 主機 1 向前 PA 封包。The PA routing layer in VFP will reference the network compartment used for PA-space traffic and a VLAN ID and use the TCP/IP stack of the host to forward the PA packet to Hyper-V Host 1 correctly.

  • 封裝封包收到 HYPER-V 主機 1 PA 網路槽在收到一封包,轉送給 vSwitch。Upon receipt of the encapsulated packet, Hyper-V Host 1 receives the packet in the PA network compartment and forward it to the vSwitch.

  • VFP 處理封包透過其 VFP 層級,並建立 VFP 流量統一的表格中的新流程項目。The VFP processes the packet through its VFP layers and create a new flow-entry in the VFP unified flow table.

  • VFP 引擎符合 virtual 網路層 ingres 規則,除去外部封裝封包乙太網路、 IP 和 VXLAN 標頭。The VFP engine matches the ingres rules in the virtual network layer and strips off the outer encapsulated packet's Ethernet, IP, and VXLAN headers.

  • VFP 引擎然後轉送連接目的地 VM 的 vSwitch 連接埠封包。The VFP engine then forwards the packet to the vSwitch port to which the destination VM is connected.

類似的程序 Fabrikam Corp 間的流量的網站SQL虛擬電腦使用 Fabrikam Corp.HNV 原則設定如此一來,Corp HNV,Fabrikam 與 Contoso Corp 虛擬電腦互動當成其原始內部上。A similar process for traffic between the Fabrikam Corp Web and SQL virtual machines uses the HNV policy settings for the Fabrikam Corp. As a result, with HNV, Fabrikam Corp and Contoso Corp virtual machines interact as if they were on their original intranets. 他們可以永遠不會彼此互動,即使在他們使用的相同的 IP 位址。They can never interact with each other, even though they are using the same IP addresses.

(Ca 和 PAs) 的另一個地址、 原則設定的 HYPER-V 主機,CA 之間輸入 / 輸出一樣流量 PA 位址轉譯隔離伺服器 NVGRE 鍵或 VLXAN VNID 使用這些的設定。The separate addresses (CAs and PAs), the policy settings of the Hyper-V hosts, and the address translation between the CA and the PA for inbound and outbound virtual machine traffic isolate these sets of servers using either the NVGRE Key or the VLXAN VNID. 此外,模擬對應和轉換分離從實體網路基礎結構 virtual 網路架構。Furthermore, the virtualization mappings and transformation decouples the virtual network architecture from the physical network infrastructure. 雖然 Contoso SQL網頁並 Fabrikam SQL網頁位於自己 CA IP 子網路 (10.1.1/24),其實體部署分別交貨不同 PA 子網路,192.168.1/24 和 192.168.2/24,兩部主機上。Although Contoso SQL and Web and Fabrikam SQL and Web reside in their own CA IP subnets (10.1.1/24), their physical deployment happens on two hosts in different PA subnets, 192.168.1/24 and 192.168.2/24, respectively. 不提供跨子網路一樣和即時移轉成為 HNV 使用。The implication is that cross-subnet virtual machine provisioning and live migration become possible with HNV.

HYPER-V 網路模擬架構Hyper-V Network Virtualization architecture

Windows Server 2016 中 HNVv2 係使用 Azure Virtual 篩選平台 (VFP) 也就是在 HYPER-V 開關切換至 NDIS 篩選擴充功能。In Windows Server 2016, HNVv2 is implemented using the Azure Virtual Filtering Platform (VFP) which is an NDIS filtering extension within the Hyper-V Switch. 主要的 VFP 概念是公開 SDN 主機代理程式的程式設計網路原則內部 api 符合動作流程引擎。The key concept of VFP is that of a Match-Action flow engine with an internal API exposed to the SDN Host Agent for programming network policy. SDN 主機代理本身接收 Network Controller OVSDB 和 WCF SouthBound 的通訊通道上的網路原則。The SDN Host Agent itself receives network policy from the Network Controller over the OVSDB and WCF SouthBound communication channels. 不只是 virtual 的網路原則 (例如 CA-PA 對應) 設計的額外的原則,例如 Acl、 服務品質、 等等,但 VFP 使用。Not only is virtual network policy (e.g. CA-PA mapping) programmed using VFP but additional policy such as ACLs, QoS, and so on.

以下是物件階層 vSwitch 和 VFP 轉寄擴充功能:The object hierarchy for the vSwitch and VFP forwarding extension is the following:

  • vSwitchvSwitch

    • 外部 NIC 管理External NIC Management

    • NIC 硬體卸載NIC Hardware Offloads

    • 全球轉送規則Global Forwarding rules

    • 連接埠Port

      • 轉送層彈將釘選的輸出Egress forwarding layer for hair-pinning

      • 列出的對應和 NAT 集區的空間Space lists for mappings and NAT pools

      • 流量統一的表格Unified Flow Table

      • VFP 層VFP Layer

        • 流量表格Flow table

        • 群組Group

        • 規則Rule

          • 規則參考空間Rules can reference spaces

在 VFP,層建立每個原則類型 (例如,Virtual 網路),是一組一般規則日流程資料表。In the VFP, a layer is created per policy type (for example, Virtual Network) and is a generic set of rule/flow tables. 它不會有任何建功能直到特定規則指派給該層實作此類功能。It does not have any intrinsic functionality until specific rules are assigned to that layer to implement such functionality. 每個層級指派優先順序和層級已指派給連接埠遞增優先順序。Each layer is assigned a priority and layers are assigned to a port by ascending priority. 規則分為群組主要根據方向及 IP 位址的家庭。Rules are organized into groups based primarily on direction and IP address family. 擁有也群組高優先順序,並從群組一個規則最多可以符合指定的流程。Groups are also assigned a priority and at most, one rule from a group can match a given flow.

副檔名 VFP vSwitch 轉接邏輯如下:The forwarding logic for the vSwitch with VFP extension is as follows:

  • 輸入處理 (從進入連接埠封包觀點輸入)Ingress processing (ingress from the point of view of packet coming into a port)

  • 轉接Forwarding

  • 輸出處理 (從封包離開連接埠觀點輸出)Egress processing (egress from the point of view of packet leaving a port)

VFP 支援 NVGRE 和 VXLAN 封裝類型以及外部 MAC VLAN 根據轉接最 MAC 轉送。The VFP supports inner MAC forwarding for NVGRE and VXLAN encapsulation types as well as outer MAC VLAN based forwarding.

VFP 擴充功能有 slow 路徑和封包周遊快速路徑。The VFP extension has a slow-path and fast-path for packet traversal. 第一封包流程必須往返每個層級在所有規則群組,以及執行規則對應即高。The first packet in a flow must traverse all rule groups in each layer and do a rule lookup which is an expensive operation. 不過之後流量統一如下表所使用的動作 (根據規則符合) 清單係流程, 所有後續封包將處理根據流量統一的表項目。However, once a flow is registered in the unified flow table with a list of actions (based on the rules matched) all subsequent packets will be processed based on the unified flow table entries.

HNV 原則是設計用來主機代理程式。HNV policy is programmed by the host agent. 每個一樣網路介面卡的 [IPv4 位址設定。Each virtual machine network adapter is configured with an IPv4 address. 這些虛擬的電腦將會使用與互相溝通 Ca 與他們執行中的虛擬電腦的 IP 封包。These are the CAs that will be used by the virtual machines to communicate with each other, and they are carried in the IP packets from the virtual machines. HNV 封裝 CA 框架根據主機代理程式資料庫中儲存的網路模擬原則 PA 畫面中。HNV encapsulates the CA frame in a PA frame based on the network virtualization policies stored in the host agent's database.

HNV 架構

圖 9: HNV 架構Figure 9: HNV Architecture

摘要Summary

以雲端為基礎的資料中心可提供改善的延展性和得更好的資源使用量許多好處。Cloud-based datacenters can provide many benefits such as improved scalability and better resource utilization. 若要實現優點可能需要一種技術,徹底位址動態環境中的多承租人擴充性的問題。To realize these potential benefits requires a technology that fundamentally addresses the issues of multi-tenant scalability in a dynamic environment. HNV 是設計用來處理這些問題,而且也聯繫實體網路拓撲 virtual 網路拓撲改進操作資料中心的效能。HNV was designed to address these issues and also improve the operational efficiency of the datacenter by decoupling the virtual network topology for the physical network topology. 在現有標準上建置,HNV 在今天的資料中心執行,並使用您現有的 VXLAN 基礎結構的運作方式。Building on an existing standard, HNV runs in today's datacenter and operates with your existing VXLAN infrastructure. 針對使用 HNV 可以現在入私人雲端整合他們資料中心或順暢延長他們主機伺服器供應商的環境與混合雲端的資料中心。Customers with HNV can now consolidate their datacenters into a private cloud or seamlessly extend their datacenters to a hosting server provider's environment with a hybrid cloud.

也了See also

若要了解詳細 HNVv2 查看下列連結:To learn more about HNVv2 see the following links:

內容類型Content type 資訊尋找參考資料References
社群資源Community Resources - 私人雲端架構部落格- Private Cloud Architecture Blog
-詢問問題:cloudnetfb@microsoft.com- Ask questions: cloudnetfb@microsoft.com
RFCRFC - NVGRE 草稿 RFC- NVGRE Draft RFC
- VXLAN-RFC 7348- VXLAN - RFC 7348
相關的技術Related Technologies -適用於 Windows Server 2012 R2 HYPER-V 網路模擬技術詳細資訊,請查看HYPER-V 網路模擬技術的詳細資料- For Hyper-V Network Virtualization technical details in Windows Server 2012 R2 , see Hyper-V Network Virtualization technical details
- Network Controller- Network Controller