This is the 7th posting in a series of postings I will do on VMware vSphere 5 and Windows Server 2012 Hyper-V. Goal of the postings is to give a non-biased overview on features of two main players in the server virtualization market: VMware vSphere and Microsoft Hyper-V.
This posting will give an overview of virtual networking in both solutions.
Other blogs in the serie are:
vSphere 5 versus Windows Server 2012 Hyper-V: storage integration
vSphere 5 versus Windows Server 2012 Hyper-V:management
vSphere 5 versus Windows Server 2012 Hyper-V: high available VMs
vSphere 5 versus Windows Server 2012 Hyper-V: Resource metering for chargeback
vSphere 5 versus Windows Server 2012 Hyper-V: costs
vSphere 5 versus Windows Server 2012 Hyper-V: hybride cloud
Virtual networking is an important part of a server virtualization platform. Without a network or with a faulty, non performing network users will report issues using applications.
I will compare virtual networking on two aspects:
1. virtual switches
2. the abilty to move virtual machines over different IP-subnets without changing IP-address.
Windows Server 2012
Windows Server 2012 Hyper-V has one type of virtual switch which is configured on each host. It is able to isolate network traffic inside a single host, route via the hypervisor and connect it to the outside world. This is type ‘external virtual switch’. Physical network adapters can be teamed for redundancy and throughput using native Microsoft drivers. A big plus since in Windows Server 2008 you needed to use vendor drivers.
Virtual switches are open to other vendors usings public API’s to extent functionality. An example of an extension is one which allows to monitor all network traffic going in and out of the switch.
Cisco annouced it will make available a switch for Hyper-V (Nexus 1000v) which can be managed just like a physical switch using the same command line tools in IOS. The network admin can Telnet to the virtual switch just like a physical switch. The Nexus 1000v is a distributed switch. This means the configuration is done once for one or multiple hosts. Each hos can be connected to the same Cisco virtual switch.
Windows Server 2012 Hyper-V brings a lot of new features in networking which makes it as good as vSphere. Port ACL can be used to allow or block network communication between VMs. This is done using PowerShell commands. Many techniques are available to offload the CPU and manage quality of service.
Windows Server 2012 feature named Network Virtualization is a feature vSphere currently does not offer. Network Virtualization allows a VM to be moved to a different IP-subnet without adjusting the IP-configuration in the guest OS. This allows to move VMs from a private cloud to a public cloud. It also allows a private cloud provider to use multiple networks with the same IP-subnet for multiple tenants.
With Hyper-V Network Virtualization the virtual machine is totally unaware that its IP address is being virtualized. From the VM’s perspective, all communication is occurring via the CA IP address. Because the VMs are unaware that they are part of a virtual network, any operating system running within a Hyper-V VM (e.g. Windows Server 2008 R2, Windows Server 2003, Linux, etc.) can be a member of a virtual network. Hyper-V Network Virtualization is completely transparent to the guest OS.”
For more info on network virtualization see this post.
VMware vSphere networking
VMware vSphere 5 has two types of virtual switches. Standard switches which needs to be configured at each host and distributed switches. A distributed switch is configured once in vCenter Server and can then be ‘deployed’ to one or multiple hosts. The advantage is saving work. An admin does not need to configure virtual switches on each host. This saves time and makes sure each and every distributed virtual switch is configured the same. Distributed switches offer more networking features than standard switches.
Distributed switches are only available in the Enterprise Plus edition.
To zone VMs, VMware vShield Zones 1.0 can be used. It enables to block or allow network traffic between VMs. It has a graphical easy to use interface. vShield Zones is available in Enterprise and Enterprise Plus. Please note in vSphere 4.1 vShield 4.1 was included. VMware decided in included the earlier version vShield Zones 1.0 in vSphere 5. For the reason see here.
VMware is working on a way to move virtual machines between different IP-networks. The technology is called VXLAN and one of the other companies developing on it is Cisco. VMware recently acquired a company named Nicira which has a product for Software Defined Networking. Much like vCenter Server manages distributed switches, Nicira manages physical network devices.
I believe Windows Server 2012 and vSphere 5 offer pretty much the same networking features. However to use more advanced networking in vSphere (port mirroring, netflow) the most expensive vSphere edition needs to be purchased. To use Microsoft networking features IT-admins needs to develop skills in PowerShell.
Microsoft is a step ahead with Network Virtualization already operational. VMware will make big steps in network virtualization with Nicira but it remain to be seen if vSphere customers will benefit.
The image below shows the vShield Zones interface.