Manualshelf

Specifications

ManualsBrandsDell ManualsComputer equipmentSystem 220e
31323334353637383940
Best Practices for Virtualizing and Managing Exchange 2013
32
32
In this path, the outgoing and incoming packets can be modified or examined before additional
processing occurs. By accessing the TCP/IP processing path at different layers, ISVs can easily
create firewalls, antivirus software, diagnostic software, and other types of applications and
services.
Extensions can extend or replace the following three aspects of the switching process: ingress filtering,
destination lookup and forwarding, and egress filtering. Table 3 lists a number of top partners that offer
networking extensions for Hyper-V environments, as well as their key extension products.
Table 3: Example options for networking extensions
Cisco Nexus
®
1000V Series Switches and Cisco Unified
Computing System™ Virtual Machine Fabric Extender (VM-FEX)
NEC ProgrammableFlow PF1000
InMon sFlow Agent
5nine Security Manager for Hyper-V
Virtual LANs
Virtual LANs (VLANs) subdivide a network into logical groups that share common physical infrastructure
to provide network isolation. A VLAN uses explicit tagging in the Ethernet frames, and relies on Ethernet
switches to enforce isolation and restrict traffic to network nodes of the same tag. However, there are
some drawbacks with VLANs that limit networking capabilities within a large and complex network that
provides communications for mission-critical workloads.
Windows Server 2012 introduces support for private VLANs (PVLANs) that extends the VLAN capabilities
by providing isolation between two virtual machines on the same VLAN. Network virtualization in
Windows Server 2012 removes the constraints of VLAN and hierarchical IP address assignment for virtual
machine provisioning. Windows Server 2012 PVLANs provide scalability and better isolation of workloads.
With PVLANs, a VLAN domain can be divided into subdomains that are represented by a pair of VLANs
(primary VLAN and secondary VLAN). In such an implementation, every virtual machine in a PVLAN is
assigned one primary VLAN ID and one or more secondary VLAN IDs. There are three modes for
secondary PVLANs (Figure 20):
Isolated: Isolated ports cannot exchange packets with each other at layer 2. If fact, isolated ports
can only talk to promiscuous ports.
Community: Community ports on the same VLAN ID can exchange packets with each other at
layer 2. They can also talk to promiscuous ports. They cannot talk to isolated ports.
Promiscuous: Promiscuous ports can exchange packets with any other port on the same primary
VLAN ID (secondary VLAN ID makes no difference).