Virtual Switch in Hyper-V

Before we begin with the nitty-gritties of Virtual Switch, let us try to answer some basic questions.

What is a Virtual Switch?

Virtual Switch is a counterpart of physical Ethernet switch for the virtualized environment. It not only simply forwards the packet to other virtual machines but also intelligently inspects the packet before forwarding them. Each Virtualization platform provides different set of properties to their Virtual Switches. Before we delve further into Virtual Switches, let us understand another essence of this blog HYPER-V.

What is Hyper-V?

Each virtualized network requires a hypervisor as a platform for creation and configurations of virtual machines and their resources. Hyper-V is Windows hypervisor-based virtualization technology which provides software infrastructure and basic management tools. It provides the isolation of a physical machine into child partitions and allocates them to different guest operating systems. Also, provides required hardware and software resources for each guest operating system.

What is Virtual-Switch in Hyper-V?

Now that we have our basics in place, let us dive deep! I will try explaining Virtual Switch by considering the following:

1. Features supported in Virtual Switch

2. How Virtual Switch in Hyper-V different from Other Switches?

3. Different use cases for Hyper-V Virtual Switch.

4. What are all the available alternatives for Virtual Switches?

Starting off with the first discussion point, let us have a look on the features supported in Virtual Switch:

1. Port ACLs - Provides traffic filtering based on Media Access Control (MAC) or Internet Protocol (IP) addresses/ranges, which enables you to set up virtual network isolation.

2. Network traffic monitoring - Enables administrators to review traffic that is traversing the network switch.

3. Isolated (private) VLAN - Enables administrators to segregate traffic on multiple vlans, to more easily establish isolated tenant communities.

4. Trunk mode to a VM - Enables administrators to set up a specific VM as a virtual appliance, and then direct traffic from various VLANs to that VM.

5. DHCP Guard protection - Protects against a malicious VM representing itself as a Dynamic Host Configuration Protocol (DHCP) server for man-in-the-middle attacks.

6. ARP/ND Poisoning (spoofing) protection - Provides protection against a malicious VM using Address Resolution Protocol (ARP) spoofing to steal IP addresses from other VMs. Provides protection against attacks that can be launched for IPv6 using Neighbor Discovery (ND) spoofing.

So, what makes Hyper-V’s Virtual Switch different from other, its Extensibility. A Hyper-V Virtual Switch supports Vendor specific extensible plug-ins (also known as Virtual Switch Extensions). These Virtual Switch extensions provide enhanced networking and security policies. Hyper-V provides three types of Virtual Switch extensions-

1. Capturing Extension - Using this extension, Virtual Switch can capture packets and generate their own packets.

2. Filtering Extension - Using this extension, Virtual Switch can inspect, drop (traffic policing and filtering) or delay (traffic shaping) packets, as well as generate own packets.

3. Forwarding Extension - Using this extension, Virtual Switch along with all the above operations provides an extra operation of replacing the default forwarding rules (specify their own set of output ports). Each packet can be set to one or more output ports to implement flooding, multicast or SPAN like behaviour.

Below figure depicts the flow of packet from Hyper-V Virtual Switch-

Source - Reference 4

Some vendors who applied this extensibility to enhance Virtual Switch and integrated it to their products:

1. NEC- VSEM Provider that converts Hyper-V to an OpenFlow virtual switch and integrates it with NEC’s PFlow Solution.

2. Cisco - VM-FEX extension with direct I/O (SR-IOV) with Nexus 1000V for Hyper-V.

3. Inmon - Extension for Traffic capturing and analysis with sFlow.

4. 5Nine - Virtual Firewall extension.

5. Broadcom - DoS Prevention extension that emulates the functionality provided in OEM switch platform.

Apart from Hyper-V’s Virtual Switch there other switches available which has their own capabilities and features. Some of them are written here:

1. VMware’s Virtual Switch: vSphere platform supports vSphere Standard Switch and vSphere Distributed Switch which provides networking in VMware Infrastructure (ESX).

2. Open vSwich: OVS is an Open source switch runs on OpenFlow Protocol. The basic features supported in OVS are flows, VLANS, trunking, and port aggregation.

3. KVM Virtual Switches

 References-

1. http://blogs.technet.com/b/networking/archive/2013/07/31/hyper-v-extensible-switch-enhancements-in-windows-server-2012-r2.aspx

2. http://technet.microsoft.com/library/hh831410

3. http://msdn.microsoft.com/en-us/library/windows/hardware/hh582268(v=vs.85).aspx#types_of_extensible_switch_extensions

4. http://blogs.technet.com/b/networking/archive/2013/07/31/what-s-new-in-hyper-v-network-virtualization-in-r2.aspx

5. http://channel9.msdn.com/posts/Hyper-V-Extensible-Switch-Part-I--Introduction

NFV - Management and Orchestration

In the past couple of years new technologies have evolved in the networking domain, Software defined networks and Network function virtualization.

Software defined network is an approach which defines the decoupling of the control plane from the data plane.  Control planes are essentially the “data directors,” instructing the data plane on where to transfer packets of data. The data plane then establishes the best path and carries the data to its destination. By separating these two functions, the user can program the open-source network to act in accordance with business requirements—using a central management interface in a vendor-neutral manner.

Network function virtualization is an approach which is mainly proposed by the Telco’s to decouple the network functions from the hardware. Specifically, it involves implementing these network functions using software that can run on a range of commodity industry standard server hardware which can be moved to, or instantiated in, at various geo locations in the network as required programmatically, without having to install new equipment. This enables significant reduction in Capex, OpEx, Space and Power Consumption while providing scale of IT for Telco’s. NFV solutions deliver compelling performance; maintain network reliability and resiliency while keeping costs under control.

This blog is focused on NFV, hence we will more concentrated on it. In the previous blog of NFV we covered the open source tools for various layers/components of NFV architecture framework. In this blog we are focusing on developing the understanding on Management and Orchestration layer/component.

With the increasing service request demands, growing networks it has become a big challenge to network operators to manage them. Hence this triggers the need for management and orchestration to be considered as one of the most important component of the NFV solution.

Orchestration Framework helps customers to easily deploy, manage and orchestrate Virtual Network Functions (VNFs) and roll out new services, thereby simplifying network operations.

Management framework focuses on the lifecycle management of the software based network function, management of the infrastructure resources to these network functions.

There is a standard defined by ETSI for Management and orchestration to be implemented in NFV.  We have prepared a presentation based on the understanding developed after reading the ETSI specification. Click here to view.

References:

h     1. http://blogs.cisco.com/datacenter/software-defined-networking-cisco-style/

       2.  http://www.techmahindra.com/sites/blogs  Beyond_Buzz_words_SDN_NFV_vs_Automation_Orchestration.aspx

3     3. http://docbox.etsi.org/isg/nfv/open/latest_drafts/NFV-MAN001v061-%20management%20and%20orchestration.pdf