Tip

The extensible Hyper-V virtual switch: Finally catching up to VMware

The upcoming extensible Hyper-V virtual switch in Windows Server 2012 should alleviate many of the networking burdens associated with Microsoft’s virtualization platform, bringing it one step close to vSphere.

More on virtual network monitoring

How promiscuous mode affects

    Requires Free Membership to View

virtual network security

Simplifying virtual networking with Converged Network Adapters

Network virtualization technology FAQ

Previously, the Hyper-V virtual switch was a proprietary Microsoft technology, and vendors could not write extensions for it. Microsoft will now provide an application programming interface (API), so vendors can exploit the virtual switch’s capabilities.  

The idea is that third-party vendors should then be able to provide virtual network monitoring tools that are comparable to their physical-networking products. As of last year’s Build conference, Broadcom, 5nine, Cisco Systems, inMon and NEC had all created extensions for the Hyper-V virtual switch. In fact, it seems likely that many vendors will provide methods for monitoring physical and virtual networks through a single pane of glass.

Virtual network monitoring in the Dark Ages
In Windows Server 2008 R2, the virtual machines (VM) traffic residing on a common host is invisible to network-monitoring software. The traffic passes only through a virtual switch and never actually traverses the physical network.

As a result, organizations developed various plans to secure or monitor traffic among virtual machines. For example, some data centers created a separate virtual switch for each VM. When properly executed, this technique ensures that all virtual machine traffic eventually makes its way through the physical network, where it can be monitored. But this method increases network bandwidth utilization, and hardware limitations often make it impractical -- especially if those limitations inhibit the use of this technique in a failover cluster. Most host servers cannot accommodate as many physical network interface cards as virtual machines.

Another common technique pairs a software firewall with each VM. This approach doesn't usually enable virtual network monitoring, but provides a level of isolation, as it prevents communication between VMs. That said, in a multi-tenant environment, you can more efficiently achieve VM isolation through the use of VLANs.

Enter the extensible Hyper-V virtual switch
With an extensible Hyper-V virtual switch, admins can purchase a third-party management product to more easily monitor network traffic, while still retaining the core Hyper-V switch. In essence, admins will not have to replace the entire Hyper-V virtual switch; they can just add capabilities it.

Virtual-switch extensions will use a Microsoft API, based on the Windows Presentation Foundation. As such, vendors that create virtual switch extensions will use Microsoft-approved methods and tools. Microsoft also offers a certification program for virtual switch extensions, which should help to decrease the number of bugs that customers encounter.

Probably the nicest thing about the extensible virtual switch is that Microsoft designed the virtual switch and API to guarantee that extensions are first-class network citizens. In other words, the extensions add capabilities to the Hyper-V virtual switch, rather than replacing it with the vendor’s proprietary code. This means the extension should never impede core Hyper-V functionality, such as live migration. All Hyper-V 3.0 features should continue to work even when you add a virtual switch extension.

This was first published in June 2012

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Expert Discussion

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.