Jaa


Configuring Ports and Switches for VM Networks in VMM

 

Updated: May 13, 2016

Applies To: System Center 2012 SP1 - Virtual Machine Manager, System Center 2012 R2 Virtual Machine Manager

In Virtual Machine Manager (VMM) in System Center 2012 Service Pack 1 (SP1) or System Center 2012 R2, you can consistently configure identical capabilities for network adapters across multiple hosts by using port profiles and logical switches. Port profiles and logical switches act as containers for the properties or capabilities that you want your network adapters to have. Instead of configuring individual properties or capabilities for each network adapter, you can specify the capabilities in port profiles and logical switches, which you can then apply to the appropriate adapters. This can simplify the configuration process.

Important

Settings

The following table provides details about port profiles, port classifications, and logical switches and the settings within them. The table includes prerequisites for specific settings. For a higher-level outline of prerequisites, see the Prerequisites section in this topic.

Networking item in VMM Uses and settings
Native port profile for uplinks (in System Center 2012 SP1)

 Hyper-V port profile for uplinks (in System Center 2012 R2)
A port profile for uplinks (also called an uplink port profile) specifies which logical networks can connect through a particular physical network adapter.

After you create an uplink port profile, add it to a logical switch, which places it in a list of profiles that are available through that logical switch. When you apply the logical switch to a network adapter in a host, the uplink port profile is available in the list of profiles, but it is not applied to that network adapter until you select it from the list. This helps you to create consistency in the configurations of network adapters across multiple hosts, but it also enables you to configure each network adapter according to your specific requirements.

To enable teaming of multiple network adapters, you can apply the same logical switch and uplink port profile to those network adapters and configure appropriate settings in the logical switch and uplink port profile. In the logical switch, for the Uplink mode, select Team to enable teaming. In the uplink port profile, select appropriate Load-balancing algorithm and Teaming mode settings (or use the default settings). For background information about load-balancing algorithms and teaming modes, see NIC Teaming Overview.
Native port profile for virtual network adapters (in System Center 2012 SP1)

 Hyper-V port profile for virtual network adapters (in System Center 2012 R2)
A port profile for virtual network adapters specifies capabilities for those adapters and makes it possible for you to control how bandwidth is used on the adapters. The capabilities include offload settings and security settings. The following list of options provides details about these capabilities:

- Enable virtual machine queue (offload setting): With virtual machine queue (VMQ), packets that are destined for a virtual network adapter are delivered directly to a queue for that adapter, and they do not have to be copied from the management operating system to the virtual machine.
VMQ requires support from the physical network adapter.
- Enable IPsec task offloading (offload setting): With this type of offloading, some or all of the computational work that IPsec requires is shifted from the computer’s CPU to a dedicated processor on the network adapter. For details about IPsec task offloading, see What's New in Hyper-V Virtual Switch.
IPsec task offloading requires support from the physical network adapter and the guest operating system.
- Enable Single-root I/O virtualization (offload setting): With single-root I/O virtualization (SR-IOV), a network adapter can be assigned directly to a virtual machine. The use of SR-IOV maximizes network throughput while minimizing network latency and minimizing the CPU overhead that is required to process network traffic.
SR-IOV requires support from the host hardware and firmware, the physical network adapter, and drivers in the management operating system and the guest operating system.
To use SR-IOV with VMM, SR-IOV must be enabled or configured in multiple places. It must be enabled in the port profile, and in the logical switch in which you include the port profile. It must also be configured correctly on the host, when you create the virtual switch that brings together the port settings and the logical switch that you want to use on the host. In the port profile, the SR-IOV setting is in Offload Settings, and in the logical switch configuration, the SR-IOV setting is in the General settings. In the virtual switch, attach the port profile for virtual network adapters to the virtual switch by using a port classification. You can use the SR-IOV port classification that is provided in VMM, or you can create your own port classification.

- Allow MAC spoofing (security setting): With media access control (MAC) spoofing, a virtual machine can change the source MAC address in outgoing packets to an address that is not assigned to that virtual machine. For example, a load-balancer virtual appliance might require this setting to be enabled.
- Enable DHCP guard (security setting): With DHCP guard, you can protect against a malicious virtual machine that represents itself as a Dynamic Host Configuration Protocol (DHCP) server for man-in-the-middle attacks.
- Allow router guard (security setting): With router guard, you can protect against advertisement and redirection messages that are sent by an unauthorized virtual machine that represents itself as a router.
- Allow guest teaming (security setting): With guest teaming, you can team the virtual network adapter with other network adapters that are connected to the same switch.
- Allow IEEE priority tagging (security setting): With Institute of Electrical and Electronics Engineers, Inc. (IEEE) priority tagging, outgoing packets from the virtual network adapter can be tagged with IEEE 802.1p priority. These priority tags can be used by Quality of Service (QoS) to prioritize traffic. If IEEE priority tagging is not allowed, the priority value in the packet is reset to 0.
- Allow guest specified IP addresses (only available for virtual machines on Windows Server 2012 R2) (security setting): This option is available in VMM in System Center 2012 R2 only, and affects virtual machine networks (VM networks) that use Hyper-V network virtualization only. With this option, the virtual machine (guest) can add and remove IP addresses on this virtual network adapter. This can simplify the process of managing virtual machine settings. Guest-specified IP addresses are required for virtual machines that use guest clustering with network virtualization. The IP address that a guest adds must be within an existing IP subnet in the VM network.

- Bandwidth settings: You can use the bandwidth settings in this type of port profile to specify the minimum and maximum bandwidth that are available to the adapter. The minimum bandwidth can be expressed as megabits per second (Mbps) or as a weighted value (from 0 to 100) that controls how much bandwidth the virtual network adapter can use in relation to other virtual network adapters.
Port classification A port classification provides a global name for identifying different types of virtual network adapter port profiles. As a result, a classification can be used across multiple logical switches while the settings for the classification remain specific to each logical switch. For example, you might create one port classification that is named FAST to identify ports that are configured to have more bandwidth, and one port classification that is named SLOW to identify ports that are configured to have less bandwidth. You can use the port classifications that are provided in VMM, or you can create your own port classifications.
Logical switch A logical switch brings port profiles, port classifications, and switch extensions together so that you can apply them consistently to network adapters on multiple host systems.

Note that when you add an uplink port profile to a logical switch, this places the uplink port profile in a list of profiles that are available through that logical switch. When you apply the logical switch to a network adapter in a host, the uplink port profile is available in the list of profiles, but it is not applied to that network adapter until you select it from the list. This helps you to create consistency in the configurations of network adapters across multiple hosts, but it also makes it possible for you to configure each network adapter according to your specific requirements.

To enable teaming of multiple network adapters, you can apply the same logical switch and uplink port profile to those network adapters and configure appropriate settings in the logical switch and uplink port profile. In the logical switch, for the Uplink mode, select Team to enable teaming. In the uplink port profile, select appropriate Load-balancing algorithm and Teaming mode settings (or use the default settings). For background information about load-balancing algorithms and teaming modes, see NIC Teaming Overview.

 Switch extensions (which you can install on the VMM management server and then include in a logical switch) allow you to monitor network traffic, use Quality of Service (QoS) to control how network bandwidth is used, enhance the level of security, or otherwise expand the capabilities of a switch. In VMM, four types of switch extensions are supported:

- Monitoring extensions can be used to monitor and report on network traffic, but they cannot modify packets.
- Capturing extensions can be used to inspect and sample traffic, but they cannot modify packets.
- Filtering extensions can be used to block, modify, or defragment packets. They can also block ports.
- Forwarding extensions can be used to direct traffic by defining destinations, and they can capture and filter traffic. To avoid conflicts, only one forwarding extension can be active on a logical switch.
Virtual switch extension manager or Network manager A virtual switch extension manager (or network manager) makes it possible for you to use a vendor network-management console and the VMM management server together. You can configure settings or capabilities in the vendor network-management console—which is also known as the management console for a forwarding extension—and then use the console and the VMM management server in a coordinated way. To do this, you must ensure that the provider software (which might be included in VMM, or might need to be obtained from the vendor) is installed on the VMM management server. Then you must add the virtual switch extension manager or network manager to VMM, which enables the VMM management server to connect to the vendor network-management database and to import network settings and capabilities from that database.

The result is that you can see those settings and capabilities, and all your other settings and capabilities, together in VMM.

With System Center 2012 R2, settings can be imported into and also exported from VMM. That is, you can configure and view settings either in VMM or your network manager, and the two interfaces synchronize with each other.

Prerequisites

Before you configure ports, switches, and switch extensions for virtual machine networks (VM networks) in System Center 2012 SP1 or System Center 2012 R2, you must configure your logical networks and, optionally, load balancing. The logical networks form the foundation for networking configurations in VMM. For more information, see the following overviews:

Also, before you configure ports, switches, and switch extensions, review the following table of prerequisites.

Configurable item Prerequisite
Port profile for uplinks Decide which logical networks you want to make available through the physical network adapters on your hosts. Also, if you want to enable teaming for multiple network adapters, decide whether you want to choose specific settings for the load-balancing algorithm and the teaming mode, or whether you want to use the default settings.
Port profile for virtual network adapters Before you create a port profile for virtual network adapters, review the following guidelines:

- If you want to enable VMQ, IPsec task offloading, or SR-IOV, review the requirements for these capabilities, as described in the Settings section, earlier in this topic.
- Determine which security or bandwidth settings, if any, you want to use. For more information, see the Settings section, earlier in this topic.
Port classification Decide how you want to classify ports in your networking environment. For more information, see the Settings section, earlier in this topic.
Logical switch, regardless of whether you use switch extensions Decide how you want to combine port profiles and port classifications to provide consistent, useful settings on the network adapters in your virtualized environment. This will help you decide how to configure your logical switches.

Also, decide whether you want to enable teaming for multiple network adapters to which you will apply the same logical switch.
Logical switch with virtual switch extensions from a vendor Before you can add a virtual switch extension to a logical switch, you must install the provider software (provided by the vendor) on the VMM management server. For more information, refer to the documentation from the vendor. After you install the provider, restart the System Center Virtual Machine Manager service. When these steps are completed, in the Extensions property of a logical switch, the virtual switch extension appears in the list of extensions that you can select.
Virtual switch extension manager or Network manager Before you can add a virtual switch extension manager or network manager to VMM, you must ensure that the provider software is installed on the VMM management server. For most network managers, you must install the provider. The exception is with System Center 2012 R2 when the network manager is an IPAM server, in which case the provider is included in VMM. For more information, refer to the documentation from the vendor. After you install a provider, restart the System Center Virtual Machine Manager service. Then you can add the virtual switch extension manager or network manager as a resource in VMM.

In this section

The following topic provides illustrations of logical switches, port profiles, and port classifications:

The following procedures can help you use VMM to configure uplink port profiles, virtual network adapter port profiles, logical switches, and switch extensions in System Center 2012 SP1 or System Center 2012 R2.

Procedure Description
How to Create a Port Profile for Uplinks in VMM Describes how to create a port profile for uplinks. Create port profiles before you create logical switches.
How to Create a Port Profile for Virtual Network Adapters in VMM Describes how to create a port profile for virtual network adapters. Create port profiles before you create logical switches.
How to Create a Port Classification in VMM Describes how to create a port classification. You can create port classifications either before or during the process of creating a logical switch.
How to Add a Virtual Switch Extension Manager in System Center 2012 SP1 Optional. Describes how to add a virtual switch extension manager in System Center 2012 SP1. If you want to add a virtual switch extension manager, we recommend that you add it before you create your logical switch.
How to Add a Virtual Switch Extension or Network Manager in System Center 2012 R2 Optional. Describes how to add a virtual switch extension or a network manager in System Center 2012 R2. If you want to add a virtual switch extension or network manager, we recommend that you add it before you create your logical switch.
How to Create a Logical Switch in VMM Describes how to create a logical switch to bring together port profiles, port classifications, and virtual switch extensions in ways that match your requirements. You can apply the logical switch as necessary to consistently configure the capabilities for network adapters across multiple hosts.
How to Configure Network Settings on a Host by Applying a Logical Switch in VMM Describes how to bring together the network settings that you configured in port profiles and logical switches, by applying them to network adapters on a host. These adapters can be physical network adapters or virtual network adapters on the host. The host property through which you apply port profiles and logical switches is called a "virtual switch." This concept is the same concept as the Hyper-V Virtual Switch, which is described in Hyper-V Virtual Switch Overview.

Next steps after you configure port profiles and logical switches

For information about the next steps to take after you configure port profiles and logical switches, see Configuring VM Networks and Gateways in VMM.

Next steps after you configure networking

For information about the next steps to take after you configure networking, see the topics in the following table.

Topic Step
Preparing the Fabric in VMM Configure additional fabric resources, such as storage and library resources.
Adding and Managing Hyper-V Hosts and Scale-Out File Servers in VMM 
 Managing VMware ESX and Citrix XenServer in VMM
Configure hosts.
Creating and Deploying Virtual Machines and Services in VMM Deploy virtual machines, individually or as part of a service.

See Also

Configuring Networking in VMM
Configuring Ports and Switches in VMM Illustrated Overview
How to Add a Top-of-Rack Switch in VMM in System Center 2012 R2
How to Add an IPAM Server in VMM in System Center 2012 R2