Hyper-V Networking Overview

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

Microsoft has changed how they go through and do networks they call them kind of the same thing that they always call them internal external and private but now what Microsoft does is they make it as a virtual switch so what I will do is is I will have what would be a network switch let's connect it in here I have a network switch that's connected here and then I have a network switch that's connected here these are going to be virtual switches and we have to be able to support virtual switch extension so let's talk about the different types of networks the first one that we have is an external network an external network means that these virtual machines can talk to each other they can talk to the host machine and they can talk into your local area network so if you have computers that you want people in your network to be able to access then you would set it up as an external network if we go through and have an internal network what the internal network does is allows the virtual machines on that hose to be able to communicate with each other as long as they're joined that same internal network but it also allows you to communicate with the host machine so if I need to maybe manage this on a host machine I can do that now the third option here we have is a private network a private network the virtual machines assigned to that private network can communicate with each other but nobody else can talk to them the external networks can't talk to them and the hyper-v hose can't talk to them via a network they're isolated and what you will see and a lot of solutions is a combination of things let's say for example I have a sequel server and up here I have an is server and we don't want this sequel server to be exposed because the sequel server on this virtual machine has credit-card processing information so I keep R it keep it completely separate then on this is server I can put in a separate network adapter and this separate network adapter it's a virtual adapter that can be plugged into an external network and so now the clients down here would be able to go to that web server via that network adapter they would talk to that is server but they're not going to be allowed to talk directly to that private machine or to that that sequel server because it's in a separate private network that nobody else has access to so you can use this and a combination of these by putting in multiple network adapters to make it so that they are usable or you could have them completely isolated what a lot of folks will use with private networks is let's say that I'm trying to get security plus certified or certified ethical hacker or I'm trying to get my blackhat certification whatever and I don't want my virtual machines and I'm practicing all of my evil hacking attacks and worms to go in and eat the host machine or eat my my regular local area network I can put them into a private land and in this private local area network they only communicate with it with each other and then I can use things like PowerShell direct or I can directly go in via the hyper-v console and control these machines and monitor them and see what they're doing I can even go in and I can do port mirroring where I mirror the ports so I can sniff the packets as they go through without having to worry about infecting my network with all of these different attacks so let's go ahead and make some networks I'm going to go over to my hyper-v server here and we will fire off hyper-v server number five here and let's go ahead and make some networks now I'm gonna go through and I'm gonna show you all of the buttons and all the components and all the things associated with it in just a little while but we're gonna start off by showing you networks now when you first install this you're not gonna have any networks but if I go up into my virtual switch manager this is where I have all of my networks and what I'm gonna do is I'm gonna go ahead and get my head out of the way so you can see all the dialog boxes here I'll slide this over let me go ahead and make this full screen little easier to see so it says we're gonna do a brand new virtual network switch and that's what they call it and it's actually a really good name because that's what it is but unfortunately they called it networks for a very long time so allow the documentation still calls it networks in fact the exam still calls it networks I say hyper-v Networks hyper-v networks and it is a hyper-v network but they do this by having a pretend switch that we plug into it so if I go and I say hey I want to do an external Network I would say create the the virtual switch we'll give it a name I'll call this one out to the Internet and I go through and I specify which network adapter that we want to have it on here now realize this is a virtual machine running inside of a virtual machine if I went up to my my primary hyper-v server and I said let's go ahead and do a switch manager I have lots and lots of network adapters so if I say create a new external machine I could go in and I could grab all these other physical network adapters that are in there but I'm going to do this inside of virtual machines that way if you want to do this in labs you can you have that opportunity so we'll go ahead and bring this back up and we'll do the full of you on here so I can say we want an external network I can say allow the management operating system to show this network adapter that means can the host machine use this network adapter as well as the virtual machines now if I have a system that has multiple network adapters one of the best practices is as you reserve one network adapter just for management and then the other network adapters you can split and choose between the various virtual machines but if I only have one network adapter I can say allow the the guest or the host operating system to use that as well I can also have single route IO virtualization I can also do VLANs and we'll talk about VLANs virtual local area networks where you can do VLAN tagging if you need to but that's an external network I can also create an internal network and if I do an internal network remember the host machine and the virtual machines can talk to each other but it doesn't communicate outside of the network so I would call this one an internal network int RNA o net force equal for example and then I can even do private networks and with private networks the host operating system cannot use the network to talk to the guest operating systems because they're they're going to be network isolated so I would call this one a private network there's really not a whole lot of settings it's just whoever I connect to that private network can communicate if it's internal whoever I connect to that internal network plus the host can communicate and if it's external whoever's connected to that external switch as well as the host as well as the rest of the land would be able to go through and communicate so that is how you would go through and you can make different switches so we'll just go ahead and create our private so I'll say apply then I will go ahead and make a internal so we'll call this one internal int er nal for testing for example boom and now I have a an external right here oops where do my networks go switch manager so now I have a an external here I have a private and I have an internal and there's not a lot of settings are involved you can do VLAN tagging if you want and it's pretty much exact same things the only differences is if I do external it'll say can I manage can I allow the management console to use it and also am I going to do virtual i/o and routes and all that now they do have some best practices if I do have multiple physical network adapters they do recommend to do things like NIC teaming this is where I can do is called bonding I take multiple network adapters and it make them look like a bigger network adapter also they have fault tolerance that way if one network adapter goes over and fails you'll still be able to communicate on the existing network adapter but they are active active I also have the ability on this NIC teaming I can plug these physical network adapters into separate physical switches that gives me redundancy so if the network switch happens to fail I still have network connectivity so that's that's available there well we can also go in and set up bandwidth management that way with bandwidth management I can go in and I can set up set up a minimum and maximum amount of bandwidth allocation it's set up that way other virtual machines including the host operating system isn't going to be sucking up all of my my network bandwidth because you may have line of business applications and get really busy or maybe it's a website that you set up and it gets really busy and now it starts to consume all the bandwidth and now the other virtual machines are going to be starved out you can also set up virtual machine queues with virtual machine keys it allows me to take the information from the network adapter and drop it right to the virtual machine without having the host operating system have to process it so you want to make sure it's available and there's a lot of advantages over this over VLANs because with VLANs I have to do lots of tagging and we have to peel the tags off and it's just easier to go through and create internal networks or private networks or external networks and if I need to tag it especially external networks if I'm moving that into a VLAN environment where I am going to be where I'm going to be using VLANs and VLAN queues and all this other stuff I still can do VLAN tags it's just an internal and private network so it really doesn't make a whole lot of sense to go through and do the tagging unless you know I need to but there's lots of features that are available for us we have quality of service that way we can have a minimum amount of network capacity we can also have multiple queues this allows us to have multiple queues for virtual machine and spread the traffic across the queues this allows me to leverage multiple network adapters to provide access to a whole bunch of machines we also have what's called our DMA our DMA is remote direct memory access remote direct memory access is also known as SMB direct this allows me to have very low resource utilization but I can receive and I can send packets but I don't have to bother the the host operating system as much now one of the problems is is that we've had NIC teaming where I can combine multiple network adapters but NIC teaming and older versions of the Windows operating system didn't support remote direct memory access so now what they have is what is called switch embedded teaming set with switch embedded teaming it allows us to have a remote direct memory access and we can also do virtual machine queues and we can also do Network teaming all into a virtual switch and whether you turn this on is you would go in and you would a new vm switch should give it a name this is the name of the virtual switch it's not the name of the team and then you just add the adapters and it will turn on switch embedded teaming as long as my network adapters support it that way we can bond all the stuff together and they're still going to be able to communicate now another problem that you run into with these networks is that they are separate networks now if I have one set up as an external network which I had where do we have it here okay so we have external these already have access to the regular network but if I have private or I have internal I may want to have an interface that will hook into the land but I need to make it so that the the land and the physical switch they hook up into will be able to deal with these MAC addresses and there's a couple of ways that we do this one way that I can do this is I can use network address translation so let me go ahead and show you an app so here we have a private network so we have a sequel server and maybe we have an iOS server and they have their own internal network communicating back and forth and back and forth and back and forth however I want to set up a virtual switch that gives me access into the local network here but notice that I have this IP address here but this is a 10.5 dot 7 network here so I have to be able to provide let's say this machine here with an IP address and we use network address translation now if you're not familiar with network address translation you use it all the time especially if you have things like cable modems because you have private IP addresses and you have public IP addresses and with network address translation I can have assigned a single address here that provides access to all these internal machines if I want so I gotta have 30 40 50 machines in here and we can map them out into a single address and what I would do is that say new VM switch in fact let me get my head out of the way so you can see all this stuff I can say new VM switch we're gonna give it a name or to call nat switch 0 1 and switch type is going to be network address translation and then I tell it the NAT subnet address is 172 dot 16 so I'm saying we're gonna make a brand new switch but it's gonna have a public IP address that goes into the land or a land available IP address but it'll also be able to work inside the private network and it will convert it into this information here now we have all the different commands in here so here we create a brand new switch we're gonna say our NAT subnet address is 172 16 s 0.1 that is going to be the the NAT switch that goes into our private network then we will go through and we will say here's the IP address for the other side that's going to be 10 dot v dot 7.15 and we're going to give it an alias we're gonna call it the ethernet NAT switch I can also go in and I can say external IP interface address prefix that is my internal network it's just simply saying this is the network portion I can also use this to do port address translation where I do different port numbers if I would like so we have our internal IP address as anything on the network for external and the internal address is going to be a dot 2 and it's gonna go from port 80 to port 80 but if I wanted to I can say instead of port 80 we will allow it to come in on port 80 but then we're gonna remap it to port 82 and one of the reasons that we do a lot of network address translation is maybe I have virtual machines that I'm moving from one network to another network but I don't want to have to go through and reconfigure the networks so maybe it has a 172 dot 16 Network and I'm moving it over to this other hyper-v hosts that happens to be in a different physical network so I can set up a NAT switch and I'll convert that 172 dot 16 address into a 10.7 address for example and now it'll allow us to communicate but I don't have to go through and reconfigure these machines also if these machines happen to use non-standard port numbers I can have my Nats which converts so here I'm converting from port 80 to port 82 or 8080 or whatever port that I want so it allows me to take these it allows me to take these virtual machines that may not have the right IP addresses for my network put them on to a host and then put them into their own separate Network but I can use network address translation so that people can go through and communicate with it

Info

Channel: StormWind Studios

Views: 36,441

Rating: undefined out of 5

Keywords: Hyper-V, Networking, Doug Bassett, StormWind, MCSA, MCSE, Virtualization, IT Pro

Id: CuzOxpWopT0

Channel Id: undefined

Length: 15min 47sec (947 seconds)

Published: Wed Jun 06 2018