OK, So you’ve got Network Virtualization set up and running. Your hosting multiple customers using multiple lans and Vlans in your environment. Just how do you connect the networks to the real (physical) world aka the internet? Well you need to set up a network virtualization appliance otherwise know as a gateway.
This gateway allows us to extend the virtualized networks to the physical world.
- NAT: Internet facing services, such as e-commerce, are NATed by the appliance. This allows incoming/outgoing packets to/from the Internet to reach designated servers in the VM networks/subnets.
- Routing: Internal BGP (iBGP) is provided by the appliance to allow tenants to integrate their on-premise networks with networks in a hosted private or public cloud. This is known as hybrid networking. Using iBGP provides fault tolerant routing from multiple possible connections in the tenants’ on-premise networks.
- Gateway: The hosting company can route (probably via firewall) onto the VM subnets to provide additional management functionality.
To make this work correctly you’ll need to assign a PA (provider address) to your hosts and a CA (Consumer Address) to the VM’s. Once the gateway is setup you can route packets from the CA to your firewall/internet or even setup Site to site VPN’s. This allows you to set up a hybrid network where you are using both on premises and hosted servers and can set up a site to site connection between the on premises and hosted servers.
A basic setup using a network virtualization gateway will look something like this:
In this example we can see both Ford and General Motors being hosted on the same servers using overlapping subnets but being separated to different Virtual Networks and a Network Virtualization gateway connecting them to the internet. All this while keeping both Ford and General Motors totally unaware of each other.
The only problem has been the lack of appliances on the market to support this. However they are now starting to appear from Iron Networks, Huawei, and F5 and I’m sure that more will follow.
As of windows 2012R2 you can actually configure a windows 2012R2 server using RAS to provide appliance/gateway functionality. This is known as Windows Server gateway. You can find more information on windows server gateway here at technet.
I hope these posts have helped you understand the concepts of Hyper-V Network Virtualization.
In part II I explained Hyper-V’s virtual networking capabilities and what it can be used for.