Category: Windows 8/Server 2012

Book Review: Windows Server 2012 Hyper-V: Deploying Hyper-V Enterprise Server Virtualization Platform

These days I’ve managed to get my hands on another Hyper-V book and review it. These book reviews aim to give you more insight so you can make your mind if this book is for you.

The books starts at a very basic level by explaining what is Virtualization and the basic concepts of Hyper-V. After that as usual there is a chapter for planning, designing and implementing so you can  get a grasp on the basic features of Hyper-V. The third chapter is for Hyper-V Replica which is a very popular feature since the release of Hyper-V 3.0. Network and Storage have their own chapters as there are a lot of improvements there. Unfortunately in the Network chapter there is not detailed information about Network Virtualization (NVGRE) which is becoming very popular topic. PowerShell is implemented in every enterprise Microsoft product and because of that the author of the book hasn’t missed to place a chapter about automation with PowerShell. The next three chapters include more advanced content. You can find a chapter on how to use VMM 2012 to manage Hyper-V, a chapter on how to achieve high availability with Hyper-V and a chapter with best practices for securing Hyper-V. The last chapter that you will find in the book is about Backup and Recovery. It is interesting how in real world topic like Backup and Recover is also left last Smile. It may not be the most attractive part of Hyper-V and servers in general but it is something that we should take care good.

As a summary the book aims not so much to show you how to configure a certain feature but more to explain you the capabilities of Hyper-V in order to get most of them in your specific environment. I would recommend the book to engineers who just start to work with Hyper-V 3.0, to engineers who had little experience with Hyper-V 2.0 and now are facing the challenge to migrate to 3.0 and at last but not least to engineers who have been working with “the other guys” and now are converting to Hyper-V 3.0. If you think this book is for you can find in one of the following stores:

Datacenter Abstraction Layer (DAL)

Datacenter Abstraction Layer is a fairly new concept that is worth looking at it. You can find more about it here.

New MP: Windows 8 Client Operating System

At the initial release of Windows 8 there was no plan for releasing SCOM management pack for the client operating system but it seems a lot of customers were actually needing this MP so MSFT changed its mind and decided to develop it. Several months later you can now download this brand new MP from here. This MP covers only Windows 8. Read the documentation before importing in your environment.

New MP: System Center Management Pack for Windows Server DNS

No I am not wrong this is actually a new MP not just an updated version of the old one. You can install it side by side with the old one until you feel comfortable of using only the new one and this is stated in a Note on the download page:

This Management Pack is intended to completely replace the functionality of the previous DNS Management Pack, and as such it is not backwards compatible with them. The old and new management packs can live side-by-side, so you can uninstall the old MP’s if/when you are comfortable with the new Management Pack.

If you open the guide you can find even more information. This MP is structured in a different way which might be the new way of how management packs will be released:

image

 

I like this new structure because it gives you the possibility to enable more advanced monitoring by adding another MP that contains all overrides.

Also the announcement for this MP comes in blog post which is great. So far we noticed some new MP downloads on the Microsoft site and after a few days you may or may not see short announcement about new version of MP. But this time is different and in the announcement it is stated that the new MP was tested by the XBOX Live team which will be equivalent of beta testing. May be it is a good idea to beta MPs to be published on Microsoft Connect in order not only TAP customers and internal Microsoft teams to be able to provide feedback.

You can find the announcement about DNS MP here.

Download is located here.

As usual remember to read the guide first before deploying.

Another reminder that all 2007 R2 and 2012 OpsMgr MPs are located here and I have a nice script to download them all in bulk here.

Network Virtualization (NVGRE) in Windows Server 2012 May Not work if You Do Not Have Update KB2779768 Installed

Two of my colleagues were testing Network Virtualization these days and stumbled on some strange issue. They’ve setup two standalone Hyper-V hosts, installed System Center 2012 Virtual Machine Manager SP1 and added the two hosts to be managed by VMM. They’ve created two networks with network virtualization in VMM. The first network was for customer A the second was for custom B. You can see a demo here how to setup Network Virtualization in VMM. After this 4 virtual machines were installed:

  • 2 for customer A. One (VMA1) located on Host1 and second (VMA2) located on Host 2.
  • 2 for customer B. One (VMB1) located on Host 1 and second (VMB2) located on Host 2.

Then they’ve started to ping VMA2 from VMA1 an vice versa but no replies were received.

It was time for some hard troubleshooting on network level with Wireshark. They’ve started to analyze the packets and compare them also to the RFC of the NVGRE. They were seeing this icmpType3Code10(Destination host administratively prohibited)upon inspection. They’ve searched over Internet and found this presentation Satoshi GOTO who is Microsoft MVP. The presentation is written in Japanese and provides information for our issue and why it was happening.

When Microsoft release Windows Server 2012 RTM Network Virtualization was included but it was based on the initial version of NVGRE RFC. So let’s compare the initial and the latest version of  NVGRE’s RFC:

In the initial version we have the following diagram for GRE Encapsulation Frame Format:

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   Outer Ethernet Header:             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                (Outer) Destination MAC Address                |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |(Outer)Destination MAC Address |  (Outer)Source MAC Address    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                  (Outer) Source MAC Address                   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |Optional Ethertype=C-Tag 802.1Q| Outer VLAN Tag Information    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |       Ethertype 0x0800        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   Outer IPv4 Header:
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |Version|  IHL  |Type of Service|          Total Length         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |         Identification        |Flags|      Fragment Offset    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Time to Live | Protocol 0x2F |         Header Checksum       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                      (Outer) Source Address                   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                  (Outer) Destination Address                  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   GRE Header:
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |0| |1|0| Reserved0       | Ver |   Protocol Type 0x6558        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        Tenant Network ID (TNI)|   Reserved    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   Inner Ethernet Header
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                (Inner) Destination MAC Address                |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |(Inner)Destination MAC Address |  (Inner)Source MAC Address    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                  (Inner) Source MAC Address                   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |Optional Ethertype=C-Tag 802.1Q| PCP |0| VID set to 0          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |       Ethertype 0x0800        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   Inner IPv4 Header:

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |Version|  IHL  |Type of Service|          Total Length         |


Sridharan et al             Informational                      [Page 7]
 
Internet-Draft                  NVGRE                    September 2011


   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |         Identification        |Flags|      Fragment Offset    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Time to Live |    Protocol   |         Header Checksum       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                       Source Address                          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Destination Address                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Options                    |    Padding    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                      Original IP Payload                      |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

In the latest version we have the following diagram for GRE Encapsulation Frame Format:

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   Outer Ethernet Header:             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                (Outer) Destination MAC Address                |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |(Outer)Destination MAC Address |  (Outer)Source MAC Address    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                  (Outer) Source MAC Address                   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |Optional Ethertype=C-Tag 802.1Q| Outer VLAN Tag Information    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |       Ethertype 0x0800        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   Outer IPv4 Header:
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |Version|  IHL  |Type of Service|          Total Length         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |         Identification        |Flags|      Fragment Offset    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Time to Live | Protocol 0x2F |         Header Checksum       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                      (Outer) Source Address                   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                  (Outer) Destination Address                  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   GRE Header:
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |0| |1|0| Reserved0       | Ver |   Protocol Type 0x6558        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |               Virtual Subnet ID (VSID)        |   Reserved    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   Inner Ethernet Header
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                (Inner) Destination MAC Address                |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |(Inner)Destination MAC Address |  (Inner)Source MAC Address    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                  (Inner) Source MAC Address                   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |Optional Ethertype=C-Tag 802.1Q| PCP |0| VID set to 0          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |       Ethertype 0x0800        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   (Continued on the next page)




Sridharan et al             Informational                      [Page 6]
 
Internet-Draft                  NVGRE                     February 2013


   Inner IPv4 Header:
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |Version|  IHL  |Type of Service|          Total Length         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |         Identification        |Flags|      Fragment Offset    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Time to Live |    Protocol   |         Header Checksum       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                       Source Address                          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Destination Address                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Options                    |    Padding    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                      Original IP Payload                      |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

On first sight there are no significant differences. I’ve highlighted with yellow the area where you need to focus your attention. You can see that the only difference is that the term Tenant Network ID (TNI) was replaced with Virtual Subnet ID (VSID). but let’s look closer at the explanation in the RFC.

Initial version:

  • The Key field in the GRE header is used to carry the Tenant Network Identifier. Key field is 32 bits long of which the lower 24 bits are used for TNI. The Key Present (bit 2 in the GRE header) is always set to 1.
  • The upper 8 bits of the Key field are reserved for use by NVGRE endpoints and are not part of the TNI space. NVGRE endpoints MUST set this value to zero.

 

Latest version:

  • Virtual Subnet ID (VSID): The first 24 bits are used for VSID as shown in Figure 1.
  • FlowID: The last 8 bits of the Key field are (optional) FlowID, which can be used to add per-flow entropy within the same VSID, where the entire Key field (32-bit) is used for ECMP purposes by switches or routers in the physical network infrastructure. If a FlowID is not generated, the FlowID field MUST be set to all zero.

 

So if you are reading right in initial version VSID 32 bits were looking like this:

-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

| 8 bits FlowID |                          32 bits VSID                         |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

and in the latest version we have this:

-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

|                   32 bits VSID                                 | 8 bits FlowID |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

Format was changed.

Even it was not stated nowhere update KB2779768 was changing this format from the initial version to the format of the latest version. If you see in the description of the update you will find that only these issues are fixed in it:

  • Improves the speed of text input in some Windows Store apps.
  • Resolves an issue that prevents some users who have Windows Display Driver Model (WDDM) 1.0-based devices from using mirror drivers.
  • Resolves an issue that may prevent some games from being updated.
  • Resolves an issue that may cause blips in audio playback when a computer is running in "Connected Standby" mode.
  • Resolves an issue in which Windows Store apps do not obtain data when they connect to Windows Store through a cellular network.

But this update has another web page where are listed which files will be changed after the update is applied. An there you can see these files are changed:

  • Wnv.sys
  • Wnvapi.dll

Both files define Network Virtualization in Windows Server 2012.

In our case Host1 was having update KB2779768 and Host2 didn’t had it. This is like the two hosts are speaking in different languages for Network Virtualization.

You should install KB2779768 on all your Hyper-V hosts if you plan to implement Network Virtualization because every network device that will be NVGRE aware will follow the latest NVGRE format.

This issue is widely spread over Internet but only in Japanese web sites.

All credits for these findings go to my colleagues Yordan Dimov and Kiril Tsvetanov for tracing and resolving this issue and to Satoshi GOTO who detailed it in his presentation.