Windows Server 2012 Hyper-V Virtual Switch Extension Software UNIVERGE PF1000 Overview IT Network Global Solutions Division UNIVERGE Support Center ProgrammableFlow API architecture Microsoft VSEM Provider Third Party Orchestration System PFC API Application Partners Quantum Plug-in OpenStack API Virtual Tenant Network Logical/Physical Mapping OpenFlow Driver Legacy WAN/ LAN PF1000 Hyper-V vSwitch Open vSwitch OpenFlow Switches What is Hyper-V? Hyper-V is a standard feature included in Windows 2012 to provide server virtualization as a Hypervisor. Child Partition Root Partition HOST OS Virtual Machine 1 Virtual Machine 2 VM NIC VM NIC HOST NIC Virtual Switch Hyper-V Hardware Physical NIC Physical Network • High Performance(Guest OS not introduced between the system) Features • Low Cost(Part of Windows Server) • Compatible with Various Guest OS(Windows, SUSE Linux, Xen, etc) Page 3 © NEC Corporation 2012 Windows Server 2012 Hyper-V Virtual Switch Extension Software What is UNIVERGE PF1000 ? Root Partition HOST NIC EXTENSION Virtual Switch (Extensible Switch) Capturing Filtering Forwarding Physical NIC Page 4 © NEC Corporation 2012 Virtual Machine VM NIC Extensible Switch is a layer 2 virtual network switch to connect virtual machine to physical network. This switch has an EXTENSION feature which includes Capturing, Filtering, and Forwarding. NEC has utilized the Forwarding feature to develop the ProgrammmableFlow Virtual Switch Extension Software PF1000 to provide OpenFlow compatibility. Just simply install this software to have the Hyper-V to be OpenFlow compatible. Issue of Virtual Server and Network The Overlapped Boundary for Server/Network Management Server Server AP AP Past Server Management Border of Server and Network L2 Switch Overlapped boundary to be managed for both Server and Network Server AP Current, Future Network Management L2 Switch Server AP AP VM VM VM vSwitch AP AP VM VM AP VM Server Management vSwitch Network Management L2 Switch Page 5 © NEC Corporation 2012 L2 Switch The Benefit Provided by PF1000 Single Control Management ▌ Centralized single control and management for both virtual and physical switches for virtual server network ProgrammableFlow Controller (PFC) ProgrammableFlow Switches (PFS) Windows Server 2012 Page 6 © NEC Corporation 2012 Windows Server 2012 Windows Server 2012 PF1000 Release Schedule PF1000 is compatible with the UNIVERGE PF Series as shown below. ProgrammableFlow Controller PF6800 (Ver4.0 to be released on xxxx xx, 2012) Notice: To control the PF1000 from the ProgrammableFlow Controller, management license must be purchased separately. ProgrammableFlow Switch ProgrammableFlow Controller Page 7 © NEC Corporation 2012 PF5240/PF5820 V4.0 ProgrammableFlow Switch Family Specification of PF1000 Item Specification Supported Platform Windows Server 2012 Datacenter Edition Required free HDD space 128MB OpenFlow Version OpenFlow Spec 1.0 Max Virtual Switch 256 Switches per Server Max Port 1280 Ports per Virtual Switch (Total of VMNIC, VNIC, Physical NIC) Max Virtual Port VMNIC 1280 Ports/VNIC 1 port per Virtual Switch Max Physical Port 8 Ports per Virtual Switch Max Flow Entry 260,000 Flow (Consumes approx. 0.5MB of memory per 100 flows) Page 8 © NEC Corporation 2012 PF1000 Use Case Security Policy 1 Allow traffic from VM1 to VM2 but do NOT allow from VM1 to VM3 Without Extension VM3 VM1 By applying PF1000 VM3 VM2 VM1 VM2 WS2012 Server #2 Hyper-V Switch PFC Hyper-V Switch WS2012 Server #2 Hyper-V Switch PF1000 WS2012 Server #1 PFS Cannot control NW communication between Virtual Machines located within the same virtual switch. Page 9 © NEC Corporation 2012 Hyper-V Switch PF1000 WS2012 Server #1 Port4 Port1 PFC Port1 Port4 PFS Can control the flow of NW communication between Virtual Machines located within the same virtual switch. PF1000 Use Case Security Policy 1 Allow traffic from VM1 to VM2 but do NOT allow from VM1 to VM3 Even after the VM migrates… VM3 VM1 VM2 Hyper-V Switch PF1000 Migration VM1 PFC WS2012 Server #2 Hyper-V Switch PF1000 WS2012 Server #1 Port1 Port4 PFS Page 10 During VM migration, there is no need for re-configuration. The configuration will be performed automatically by synchronization. © NEC Corporation 2012 Also, the security policy will be persistent. PF1000 Use Case Security Policy 2 All traffic from VM1 to VM2 must go through Firewall Without Extension VM1 VM2 VM1 WS2012 Server #2 WS2012 Server #1 Hyper-V Switch PFC Hyper-V Switch Port4 Port1 VM2 WS2012 Server #1 Hyper-V Switch Migratio n PFC Port 3 Firewall WS2012 Server #2 Hyper-V Switch Port4 Port1 PFS Port 2 VM2 PFS Port 2 Port 3 Firewall If each VM's are located in a different virtual switch, NW communication can be routed to a certain appliance such as the firewall. But if both VM's will be located within the same virtual switch after migration, there is no way to control the flow of NW communication. Page 11 © NEC Corporation 2012 PF1000 Use Case Security Policy 2 All traffic from VM1 to VM2 must go through Firewall After applying PF1000… VM1 VM2 WS2012 Server #2 WS2012 Server #1 PFC Hyper-V Switch Hyper-V Switch PF1000 PF1000 Port1 Port4 PFS Port 2 Port 3 Firewall Page 12 © NEC Corporation 2012 By applying PF1000, the virtual switch will be OpenFlow compatible. As a result, the flow of NW communication for VM's located within the same virtual switch can be controlled. Page 13 © NEC Corporation 2012