- I-Hyper-V virtual switch inikeza izindlela zangaphandle, zangaphakathi, kanye nezangasese ezinquma izinga lokuhlukaniswa phakathi kwama-host, ama-VM, kanye ne-inthanethi.
- Ukuhlukaniswa kwamachweba kuqiniswa nge-VLAN, i-PVLAN, i-ACL, i-NAT yangaphakathi, kanye ne-firewall. Windows, kokubili kuma-host kanye nasezitsheni kanye nama-VM.
- Isikhungo Sesistimu i-VMM sinezela amaphrofayili echweba kanye nokuhlukaniswa ukuze kuqinisekiswe ukusebenza okulinganayo kanye nezinqubomgomo zokuphepha kuzo zonke izidayeli ezingokoqobo nezibonakalayo.
- Imikhuba emihle kakhulu efana nokusebenzisana kwe-NIC, ozimele abakhulu, ama-IP angaguquki, kanye nokusetshenziswa kwama-adapter okwenziwa kuthuthukisa ukusebenza kanye nokuphepha kumanethiwekhi e-Hyper-V.
Uma usebenza nge-virtualization ku-Windows, kuzomele ubhekane nayo ngokushesha noma kamuva. I-Hyper-V virtual switch kanye ne-port isolationAkukhona nje ukumaka amabhokisi ambalwa: indlela oyiklama ngayo inethiwekhi inquma ukuthi imishini yakho ebonakalayo ivikelwe, isebenza kahle, futhi ayibonani lapho kungafanele.
Kulesi sihloko sizokhuluma ngama-brass tacks: sizobona ukuthi kusebenza kanjani. Inethiwekhi ku-Hyper-V, izinketho zokuhlukanisa (amachweba, i-VLAN, i-PVLAN, i-ACL kanye ne-NAT)Konke lokho kuhambisana kanjani ne-System Center VMM, futhi yini tricks Lawa amathiphu awusizo ongawasebenzisa ukugcina indawo yakho ihlanzekile, icocekile, futhi ivikelekile, kungakhathaliseki ukuthi kumuntu ohlala ekhaya noma eqenjini elikhulu.
Ukuhlukaniswa kwenethiwekhi kanye nezikhala zamagama ku-Windows Server kanye ne-Hyper-V
Ezindaweni zesimanje zeMicrosoft, ingxenye enkulu yokuhlukaniswa isekelwe ku- Izikhala zamagama zenethiwekhi ye-TCP/IP stack kanye nezindawo zenethiwekhiIndawo ngayinye yokuxhuma (isibonelo, yesikhongozeli noma i-adaptha ye-VM) ingahlala endaweni yayo, ukuze umbono wayo wenethiwekhi uhluke kokunye.
Umphathi kanye ne- I-adaptha yenethiwekhi ebonakalayo yokuphatha igcinwa endaweni yegama yenethiwekhi ezenzakalelayoNgenkathi isitsha ngasinye se-Windows Server esisebenza nge-Hyper-V isolation sinesikhala saso samagama lapho kufakwa khona i-adaptha ebonakalayo ethile kuleyo sitsha.
Iziqukathi ze-Windows Server zakudala zisebenzisa i- i-adaptha yenethiwekhi ebonakalayo ebanjwe ku-host ukuze ixhunywe ku-switch ebonakalayo ye-Hyper-VOkwamanje, izitsha ezikwimodi yokuhlukaniswa kwe-Hyper-V zixhuma nge-adaptha yomshini ebonakalayo yokwenziwa (engabonakali ku-VM yokusetshenziswa), ngaleyo ndlela kuqinisa ukuhlukaniswa phakathi kwe-host, izitsha, kanye neminye imisebenzi.
Uma ufuna ukubona ukuthi yiziphi izingxenye zenethiwekhi ezikusistimu yakho, ungadonsa I-PowerShell bese ubhala konke nge-cmdlet I-Get-NetCompartment, iwusizo kakhulu lapho uxazulula izinkinga zokuhlukaniswa noma zokuxhumeka ezingavamile ezindaweni ezifakwe amakhonteyina kanye ne-NAT.
Ukuphepha kwenethiwekhi kanye nokuhlukaniswa kusetshenziswa ama-ACL, ama-firewall, kanye ne-VFP
Ukuphepha kwenethiwekhi kanye nokuhlukaniswa akuxhomekile kuphela ku-Hyper-V; nezinye izici nazo zidlala indima. I-Windows Firewall, ama-ACL e-virtual switch port, kanye ne-Azure Virtual Filtering Platform (VFP), kuye ngohlobo lwesitsha kanye nesilawuli senethiwekhi osisebenzisayo.
Eziqukathini ze-Windows Server, inqubomgomo ezenzakalelayo ihlanganisa I-firewall yokusingatha (enezikhala zamagama ezivuliwe) kanye nemithetho ku-VFPUmphumela uvame ukuba "ukuvumela konke", kuyilapho ithrafikhi engacelwanga ye-TCP, i-UDP, i-ICMP kanye ne-IGMP ivunyelwe futhi ezinye izinhlelo zokusebenza ezingafakiwe zivinjelwe.
Kwama-container asebenza nge Ukuhlukaniswa kwe-Hyper-V; ngayinye isebenzisa isibonelo sayo se-Windows Firewall ngaphakathi kwengqikithi yayo ehlukanisiwe, ngokuvamile enenqubomgomo evumelayo yokuzenzakalelayo (Vumela Konke) kokubili kuleyo firewall yangaphakathi kanye naku-VFP, okukushiya kuwe ukuthi uqinise imithetho uma umthwalo womsebenzi udinga lokho.
Ku-Kubernetes, i-logic ishintsha kancane: ngaphakathi kwe-pod, kuqala kudalwe isitsha sengqalasizinda, lapho iphuzu lenethiwekhi lixhunywe khona, futhi Zonke iziqukathi eziku-pod zabelana ngesikhala segama senethiwekhi esifanayoLokhu kufaka phakathi ikheli le-IP kanye nesikhala sembobo. Ukuhlukaniswa phakathi kwama-pod bese kuncike kuma-firewall, izinqubomgomo zenethiwekhi, kanye nama-ACL kuma-switch abonakalayo.
Uma udinga ukushintsha Ama-ACL embobo achazwe ngaphambiliniUdinga ukubuyekeza ukucushwa kwe-Host Networking Service bese ulungisa izinqubomgomo kubalawuli benethiwekhi abahlukene (i-Transparent, i-NAT, i-L2Bridge, i-L2Tunnel, i-Overlay), wazi ukuthi iyiphi ingxenye esebenzisa imithetho esimweni ngasinye: i-Windows Firewall, i-VFP, noma kokubili.
Iyini i-Hyper-V virtual switch kanye nezinhlobo zama-switch
I-Hyper-V virtual switch, empeleni, i- Iswishi ye-Ethernet ye-Layer 2 echazwe yisofthiweUmgomo wayo ukuxhuma imishini yakho ebonakalayo kumanethiwekhi angokoqobo noma anengqondo futhi ikunikeze amathuluzi okuhlukaniswa, ukuqapha, kanye nokuphepha adingekayo endaweni yokwenza i-virtualization.
Unayo kusukela ekuqaleni Umphathi we-Hyper-V Futhi ngenguqulo ngayinye ye-Windows Server, ithole amandla: ukulandelela izinsiza, izindlela ezintsha zokuvikela kuma-VM anonya, izinketho zokuhlukanisa ithrafikhi yembobo ethuthukisiwe, ukwesekwa kwe-PVLAN, ukugoqa, ama-ACL anwetshiwe, njll.
Ngokuzenzakalelayo, ngemva kokufaka indima ye-Hyper-V, akukho switch edalwayo. Kuze kube yilapho ulungisa eyodwa, ama-VM akho awakwazi ukufinyelela kunoma iyiphi inethiwekhi. Ukuze uwaphathe ngokuchofoza okukodwa, vula i- Umphathi Wokushintsha Okubonakalayo kusuka kuphaneli yezenzo zomsingathi.
I-Hyper-V ivumela izinhlobo ezintathu zokushintsha okubonakalayo, ngayinye inemiphumela eqondile yokuhlukaniswa kwenethiwekhi nokuthi ama-switch port aziphatha kanjani:
- Iswishi yangaphandleIxhumanisa i-NIC ebonakalayo kumphathi wenethiwekhi ne-NIC ebonakalayo, ihlinzeka ngokufinyelela kunethiwekhi ebonakalayo (kanye ne-inthanethi uma inethiwekhi ivumela). Ama-VM, umphathi wenethiwekhi, kanye nomhlaba wangaphandle babelana ngalokhu kuxhumana.
- Iswishi yangaphakathi: Inikeza inethiwekhi ebonakalayo lapho ama-VM axhunyiwe kanye nomsingathi uqobo bengakwazi ukuxhumana, kodwa ngaphandle kokufinyelela amanethiwekhi angaphandle.
- I-switchboard yangasese: kudala inethiwekhi ehlukanisiwe ngokuphelele lapho ama-VM angabonana khona kuphela; i-host noma amanye amanethiwekhi awakwazi ukusebenzisana nale "sandbox".
Ukulungiselela iswishi ebonakalayo kanye nezinketho zokuhlukanisa ukhiye
Uma udala iswishi yangaphandle, umthakathi ukuqondisa ngezinketho eziningana ezithinta ukuphepha kanye nokuhlukaniswa kwamachwebaIsinyathelo sokuqala ukukhetha ukuthi iyiphi i-adaptha ebonakalayo ezoba yi-uplink ye-vSwitch; uma unama-NIC amaningi, yilapho ithrafikhi izoya khona.
Elinye ibhokisi elibalulekile yilelo vumela uhlelo lokusebenza lokuphatha ukuthi lwabelane nge-adapthaUma ivuliwe ngokuzenzakalelayo, lokhu kuphoqa i-host ukuthi isebenzise leyo NIC efanayo ekuxhumekeni kwayo. Uma ungayikhethi, unqamula uxhumano lwenethiwekhi ye-host ngaleyo ndlela. Lokhu kubaluleke kakhulu uma wenza lokhu ukude, ngoba ungalahlekelwa ukufinyelela kuseva ngokuchofoza okukodwa.
Iswishi ingavumela futhi I-SR-IOV (Eyodwa Umsuka I-Virtualization ye-I/O)ubuchwepheshe obuthi, uma hardware Iyakusekela lokhu, iphambukisa ithrafikhi ethile ngqo kusuka ku-NIC ebonakalayo iye kuma-VM, idlula ingxenye ebalulekile yendiza yedatha ye-vSwitch futhi inciphise ukubambezeleka kanye nokusetshenziswa kwe-CPU. Kodwa-ke, i-SR-IOV ayikwazi ukufakwa kabusha kuswishi ekhona futhi idinga ukuhambisana nayo. I-BIOSI-CPU (SLAT) kanye nekhadi lenethiwekhi.
Ekugcineni, ungenza kusebenze inketho yokuthi I-VLAN ID yesistimu yokusebenza yokuphathaLokhu kubeka ithrafikhi yomsingathi ku-VLAN ethile, okuwusizo kakhulu uma ufuna ukuhlukanisa ngokuphelele ukuphathwa kwethrafikhi esele, kokubili ezingeni lokushintsha okungokoqobo kanye nasezimbobeni ezibonakalayo ze-vSwitch.
Ngemva kokusebenzisa izinguquko, umsingathi angase alahlekelwe ukuxhumana imizuzwana embalwa ngenkathi I-NIC ebonakalayo icishiwe, ixhumeka ku-virtual switch, bese konke kuvuselelwa futhi.Kujwayelekile, kodwa kufanelekile ukukhumbula uma usebenza kude ukuze ungesabi.
Shintsha izinhlobo kanye nokuhlukaniswa phakathi kwama-host, ama-VM, kanye ne-inthanethi
Uma ukhathazekile ngokuthi ama-VM athile ngeke abonakale ku-host noma kwi-inthanethi, ukukhetha uhlobo olufanele lweswishi ebonakalayo kubalulekile. ukuhlukaniswa kwembobo ku-Hyper-V.
Nge ibhodi lokushintsha eliyimfihloKulokhu kusethwa, imishini ebonakalayo yabelana ngenethiwekhi ehlukanisiwe, kodwa ayikwazi ukubona i-host noma amanethiwekhi angaphandle. I-host futhi ayikwazi ukubona ama-VM axhunywe kuyo. Lokhu kulungele izindawo zokuhlola noma imisebenzi ebucayi kakhulu edinga ukuxhumana kuphela.
Nge inkinobho yangaphakathiAma-VM angaxhumana namanye ama-VM kanye ne-host, kodwa awanakho ukufinyelela okuqondile ezweni langaphandle. Awulungiseleli isango kumakheli e-IP ama-VM lapha (akudingeki), ngaphandle kokuthi ungeze i-router ebonakalayo noma i-NAT ngokwakho.
Nge ukushintsha kwangaphandleAma-VM, i-host, kanye nenethiwekhi ebonakalayo babelana ngesixhumanisi esifanayo. Lena inketho evamile uma udinga ukuxhumana "kwangempela", kodwa futhi inikeza ukuhlukaniswa okuncane ngokuzenzakalelayo, ngakho-ke ngokuvamile kudinga ukuzithiba okwengeziwe nge I-VLAN, ama-port ACL kanye ne-firewall.
Ngaphezu kokukhetha uhlobo lokushintsha, ungazama ama-NIC amaningi abonakalayo nge-VM ngayinye, unikeze i-adaptha ngayinye kushintsho oluhlukile, futhi uma uthanda, kuma-VLAN ahlukene, ngaleyo ndlela uhlanganise ukuhlukaniswa okunengqondo nokulawulwa okuningiliziwe kwe-port ngayinye.
I-NAT yangaphakathi ku-Hyper-V: inethiwekhi ehlukanisiwe enokufinyelela kwangaphandle
Sekuyiminyaka eminingi, uma ufuna inethiwekhi yangaphakathi ehlukanisiwe ibe nokufinyelela ku-inthanethi, kwakudingeka usethe i-VM ukuze isebenze njenge-router noma i-firewall. Ukuqala nge-Windows Server 2016 kanye ne-Windows 10 yesimanje, ungakha i- inkinobho yangaphakathi ene-NAT ehlanganiswe ohlelweni lokusebenza uqobo, ngaphandle kwesidingo semishini eyengeziwe.
Uhlelo lulula: udala iswishi yangaphakathi, uyinike ikheli le-IP kumphathi ozosebenza njengesango laleyo nethiwekhi, bese uchaza Inethiwekhi ye-NAT esebenzisa i-PowerShell yaleso siqaloAma-VM axhunywe kulolo switch, anama-IP avela kuleyo subnet futhi akhomba kulelo gateway, azokwazi ukufinyelela ngaphandle, kodwa inethiwekhi yangaphakathi ayihanjiswa ngqo isuka ngaphandle.
Izinyathelo eziyisisekelo yilezi:
- Dala iswishi yangaphakathi: I-VMSwitch entsha -Igama le-Switch “swNAT” -Uhlobo lwe-Switch lwangaphakathi.
- Thola i-adaptha ehlotshaniswa ne-vSwitch bese uyinika ikheli le-IP lesango, isibonelo: Ikheli le-NetIP elisha -Ikheli le-IP 192.168.254.1 -Isiqalo Ubude 24 -Isikhombisi-ndlela.
- Dala inethiwekhi ye-NAT: I-NetNat Entsha -Igama le-netNAT -Ikheli le-InternalIPInterfaceIsiqalo 192.168.254.0/24.
Ama-VM axhuma kulolo swishi, futhi anikezwa ikheli le-IP elingaguquki ku-subnet (isibonelo, 192.168.254.2, 254.3…) nge isango 192.168.254.1 kanye ne-DNS yangaphandleFuthi yilokho kuphela, manje usungakwazi ukuphequlula. I-host iyazi ngaleyo nethiwekhi yangaphakathi ngoba inekheli le-IP kuyo, kodwa ngaphandle, leyo subnet ayibonakali ngqo; ikheli le-IP le-host kuphela eliveziwe.
Ukuze ushicilele izinsizakalo kusukela ku-VM yangaphakathi (isibonelo, i-IIS ku-port 80) kuya ngaphandle, uchaza imithetho ye- ukumepha kwembobo engaguquki kunethiwekhi ye-NAT, uhlobo: Engeza i-NetNatStaticMapping -NatName «netNAT» -Protocol TCP -ExternalIPAddress 0.0.0.0 -InternalIPAddress 192.168.254.2 -ExternalPort 80 -InternalPort 80. Ukufinyelela kwenziwa ngokumelene ne-IP yomsingathi, hhayi ngokumelene ne-IP yangaphakathi.
Hlukanisa i-VM kumphathi kanye nenethiwekhi ebonakalayo usebenzisa i-NAT kanye ne-firewall
Icala elivamile kakhulu yilelo lokufuna I-VM "esebenzayo" engakwazi ukubona i-host noma inethiwekhi yasekhayakodwa ukuthi ikhuluma ne-inthanethi noma ne-a i-VPN inkampani. Nge-NAT yangaphakathi kanye ne-firewall ungasondela kakhulu kuleso simo, yize kunezici ezibalulekile.
Uma uhlela iswishi yangaphakathi nge-NAT njengasesibonelweni (inethiwekhi 172.168.100.0/24 noma 192.168.254.0/24) bese uxhuma i-VM lapho, i-VM akufanele ibone inethiwekhi ye-host engu-192.168.xx ngaphandle kwemizila ekhona ohlelweni noma emithethweni ye-firewall evumelayo.
Uma i-VM ingakwazi uku-ping inethiwekhi ye-192.168.xx, khona-ke kukhona uxhumano. Imizila evumela ukudluliselwa phakathi kwenethiwekhi yangaphakathi ye-NAT kanye nenethiwekhi ebonakalayo, noma imithetho yomlilo evulekile kakhuluUkuze uqinise ukufudumala, ungenza okulandelayo:
- Hlola futhi uhlanze imizila ku-host evumela ukudluliselwa phakathi kwezindawo zokusebenzela (i-Get-NetRoute kanye nokususwa kwemizila engaguquki esolisayo).
- Dala imithetho ye-Windows Firewall kumphathi ukuze uvimbele ithrafikhi evela kunethiwekhi yangaphakathi (isb., 172.168.100.0/24) iye kunethiwekhi yangempela 192.168.0.0/16, ngaphandle kwemphathi uqobo uma kudingeka.
- Hlunga ithrafikhi ku-VM, ukhawulele konke okungayi ku-VPN noma ezindaweni ezidingekayo ngokuphelele, usebenzisa amaphrofayili e-firewall kanye nemithetho ekhawulelwe yokuphuma.
Uma ufuna i-VM ingaboni nhlobo i-host nge-IP, enye indlela ebaluleke kakhulu ukusebenzisa i- inkinobho yangasese esikhundleni sangaphakathi futhi inikeze ukufinyelela kwe-inthanethi nge-firewall ye-VM/UTM esebenza nge-NAT, igcina i-host kuleyo ngxenye ingaxhunyiwe ngokuphelele.
Elinye ithuluzi elinamandla kakhulu lokuzihlukanisa, ikakhulukazi uma wabelana nge-vSwitch efanayo kuma-VM amaningi,... Imbobo yokushintsha ebonakalayo i-ACLokukuvumela ukuthi uvimbele ithrafikhi phakathi kwama-VM abelana ngenethiwekhi (ukuhlukaniswa kwempumalanga nentshonalanga) ngaphandle kokushintsha i-topology noma ukusebenzisa ama-VLAN engeziwe.
Amaphrofayili echweba kanye nokuhlukaniswa kwechweba ku-System Center VMM
Uma uphatha i-Hyper-V nge-System Center Virtual Machine Manager (VMM) noma nge- I-Windows Admin CenterEsikhundleni sokulungiselela i-port nge-port, ungasebenzisa amaphrofayili echweba kanye nokuhlukaniswa ezichaza izinqubomgomo zenethiwekhi engasetshenziswa kabusha.
I-Los amaphrofayili ephothi yesixhumanisi esingenhla Lokhu kusebenza kuma-adaptha angokoqobo lapho kusetshenziswa amaswishi anengqondo. Lapho uchaza i-algorithm yokulinganisela umthwalo (ngokusekelwe kuma-port e-Hyper-V, ama-IP, ama-port okuthutha, I-MAC, noma ukulinganisela okuguquguqukayo), kanye nemodi yokubambisana (i-Switch Independent, i-LACP noma i-static) nokuthi yimaphi amanethiwekhi anengqondo namasayithi enethiwekhi ahlotshaniswa ne-uplink.
Ukuze uziklame kahle, kungcono ukuthi okungenani ube nephrofayili eyodwa ye-uplink ngayinye inethiwekhi ebonakalayo noma indawo ene-VLAN yayo kanye nama-subnetUma ukhawulela amanethiwekhi anengqondo kumaqembu athile abamba, kufanele udale amaphrofayili athile alawo maqembu, uqinisekise ukuthi ama-VLAN nama-subnet achazwe ayasebenza futhi angadluliselwa kusuka kuma-NIC asebenza kuwo.
I-Los amaphrofayili ephothi ye-adaptha yenethiwekhi ebonakalayo Zisetshenziswa kuma-NIC abonakalayo ama-VM futhi zivumela amakhono okuchaza njenge-bandwidth encane/ephezulu, imisebenzi yokukhipha (i-VMQ, i-IPsec offload, i-SR-IOV) kanye nezinketho zokuphepha (ukukhwabanisa kwe-MAC, ukuvikelwa kwe-DHCP, ukuvikelwa kwe-router, ukumaka kwe-IEEE 802.1p, amakheli e-IP aphethwe yizivakashi, ukuhlangana kwezivakashi, njll.).
Lawa maphrofayili ayisisekelo sokwakha ukuhlukaniswa kwezibukoLawa amalebula asebenziseka kalula (isb., FAST, SLOW, SR-IOV) ahlotshaniswa nephrofayili ethile yephothi. Lapho kusetshenziswa i-VM, abaphathi noma abaqashi bakhetha ukuhlukaniswa, bese i-VMM isebenzisa iphrofayili efanele ku-adaptha yenethiwekhi ebonakalayo, ngaleyo ndlela ilinganisela ukuziphatha kwephothi ngaphandle kokudinga abasebenzisi ukuthi bakhumbule wonke amapharamitha.
Ukudala amaphrofayili e-uplink port ku-VMM
Ukuze uchaze iphrofayili ye-uplink port ku-VMM, uzulazula uye endaweni ethi Indwangu > Amanethiwekhi > Amaphrofayili Echweba bese uqalisa i-wizard ukuze udale iphrofayili entsha yephothi ye-Hyper-V, uhlola inketho yesixhumanisi esiphezulu.
Ngaphakathi kwe-wizard ukhetha indlela yokulinganisa umthwaloLokhu kungaba yi-host ezenzakalelayo (i-Hyper-V Port noma i-Dynamic, kuye ngenguqulo) noma ethile ingaphoqeleka (i-Hyper-V port, amakheli e-IP, ama-port ezokuthutha, ikheli le-MAC). Inketho ngayinye isabalalisa ithrafikhi ngendlela ehlukile kuwo wonke amalungu eqembu le-NIC, okuthinta indlela umthwalo osatshalaliswa ngayo phakathi kwama-port.
Bese ukhetha imodi ye- ukwakha iqembuI-Switch Independent (akukho ukucushwa okuqondile kuswishi ebonakalayo), i-LACP (ukuxoxisana okuguqukayo), noma ukusebenzisana okungaguquki (ukucushwa ngesandla ku-host kanye neswishi). Ezimweni eziningi ze-Hyper-V, i-Switch Independent iyindlela enconywayo ngenxa yobulula bayo nokuqina kwayo.
Esigabeni sokucushwa kwenethiwekhi uhlanganisa eyodwa noma ngaphezulu amasayithi enethiwekhi kuphrofayela ye-uplink; ngayinye ixhumeka kunethiwekhi ehlukile enengqondo. Kubalulekile ukuthi amasayithi abelane ngobubanzi beqembu elifanayo le-host nokuthi ama-VLAN nama-subnet ahambisane nalokho okukhona ngempela engqalasizinda ebonakalayo.
Ngokusebenzisa leyo phrofayili ku-adaptha ebonakalayo kumphathi, uzobe unquma ukuthi yini amanethiwekhi anengqondo nokuthi yiziphi izigaba ze-VLAN ne-IP Zizotholakala kuma-VM kanye nezinsizakalo ezixhunywe kuswishi enengqondo esebenzisa leyo uplink.
Amaphrofayili ephothi ye-adaptha yenethiwekhi ebonakalayo kanye nezinketho zokuphepha
Ukudala iphrofayili yembobo yama-adaptha abonakalayo ku-VMM kuhilela, ngaphezu kokuyiqamba, ukudlulela ezigabeni eziningana zokucushwa ezithinta ngqo i- Ukuhlukaniswa kwembobo ye-VM nokuziphatha.
Esigabeni sokulayisha ithrafikhi ungavumela I-VMQ (Umugqa Womshini Obonakalayo) ukuqondisa amaphakethe aqondiswe ku-NIC ebonakalayo emgqeni othize ku-NIC ebonakalayo, ukunciphisa ukukopisha phakathi kwe-host kanye ne-VM, ukuvumela i-IPsec Task Offload ukuthi ilayishe i-cryptography ku-NIC, futhi inike amandla i-SR-IOV uma indawo yakho iyisekela futhi uyivumele futhi kuswishi enengqondo.
Kuthebhu yokuphepha yephrofayela, ulawula izici ezibalulekile zokuhlukaniswa njenge Ukukhwabanisa kwe-MAC, okufanele uyisebenzise kuphela ezimweni ezithile kakhulu (izilinganiseli zokulayisha, izimo zokuhlanganisa); ukuvikelwa kwe-DHCP, okuvimba amaseva e-DHCP anonya ngaphakathi kwenethiwekhi yama-VM; kanye nokuvikelwa kwe-router, okuvimbela izikhangiso ze-router ezingagunyaziwe.
Unquma futhi ukuthi uzovumela yini ukubambisana njengesimenywa (ukuze uhlelo lokusebenza lwezivakashi lukwazi ukuqoqa ama-NIC amaningana abonakalayo), ukuthi uzogunyaza yini ukuthi i-IEEE 802.1p ibekwe uphawu lokubeka izinto ezibalulekile kumaphakethe aphumayo nokuthi uvumela i-VM ukuthi iphathe amakheli e-IP engeziwe kuleyo adaptha (okuthile okudingekayo kumaqoqo athile ezivakashi kumanethiwekhi abonakalayo).
Ekugcineni, ulungiselela i-bandwidth: ungasetha isivinini esincane nesiphezulu ku-Mbps noma isisindo esihlobene ukuze i-vSwitch ibeke phambili amanye ama-NIC abonakalayo kunamanye ezindaweni ezibhaliselwe kakhulu, enye indlela yokulawula nokuhlukanisa ukusetshenziswa kwenethiwekhi nge-port ngayinye.
Ama-adaptha enethiwekhi ye-Hyper-V: izinhlobo, ama-VLAN, nezinketho ezithuthukisiwe
Ngaphakathi kwe-Hyper-V VM ngayinye, i-adaptha yenethiwekhi oyibonayo ohlelweni lokusebenza lwezivakashi imane nje iyingxenye ebonakalayo ye- i-adaptha yenethiwekhi ebonakalayo exhunywe echwebeni ku-vSwitchUnemindeni emibili eyinhloko: ama-adaptha okwenziwa kanye nama-adaptha akudala.
Ama-adaptha izinto zokwenziwa Lezi yizona ezinconywayo: zisebenza nezinsizakalo zokuhlanganisa i-Hyper-V, zinikeza ukusebenza okungcono, futhi zisekela izici ezithuthukisiwe ezifana nama-VLAN ane-tag noma i-SR-IOV. Ziyizinhlobo ezijwayelekile kuma-VM esizukulwane sesi-2 futhi kuma-VM amaningi izinhlelo ezisebenzayo yesimanje.
Ama-adaptha ifa landela i-NIC endala (uhlobo Intel 21140) futhi zisetshenziswa ngokuyisisekelo ku- Ukufakwa kwe-PXE boot noma uhlelo okungenalo abashayeli ye-adaptha yokwenziwaUma izinsiza zohlelo kanye nokuhlanganiswa sezifakiwe, umkhuba ojwayelekile ukwengeza i-adaptha yokwenziwa bese ususa leyo endala.
Ukuze uhlukanise ithrafikhi ungayabela I-VLAN ezingeni le-adaptha yenethiwekhi ebonakalayoLokhu kungenziwa kokubili nge-graphical interface kanye nokusebenzisa i-PowerShell (Set-VMNetworkAdapter -VMName VM -VlanId ID). Ngale ndlela, i-switch port ngayinye ingathwala ithrafikhi evela kuma-VLAN ahlukene ngisho noma ixhunywe ku-vSwitch efanayo.
Izici ezithuthukisiwe ze-adaptha zifaka phakathi i-SR-IOV, i-VMQ, i-RSS, nezinye eziningana. i-ascargas (Ama-TCP checksum, ukuhlukaniswa, njll.) asiza ukunciphisa umthwalo we-CPU ku-host kanye nama-VM ezindaweni ezisebenza kahle kakhulu. Njengokujwayelekile, kuyalulekwa ukuhlola umthelela wawo engqalasizinda yakho ngaphambi kokuwavumela ngobuningi.
Izindlela ezinhle kakhulu zenethiwekhi ye-Hyper-V zokusebenza kanye nokuhlukaniswa
Ukuze kuvinjelwe konke lokhu ukuthi kungapheli ngesiphithiphithi, kufanelekile ukulandela iziqondiso ezithile. izindlela ezinhle kakhulu zenethiwekhi ethile ku-Hyper-VOkokuqala ukusebenzisa njalo abashayeli bamuva be-NIC yakho ebonakalayo, okungcono kakhulu kumkhiqizi, ukuze usebenzise zonke izici zehadiwe futhi ugweme amaphutha aziwayo.
Esinye isincomo esicacile ukusebenzisa amakheli e-IP angaguquki kuma-adaptha enethiwekhi e-Hyper-V host (kanye naku-VMs ezisebenza njengamaseva) ukuqinisekisa ukuthi ungawathola njalo nokuthi amarekhodi e-DNS noma ukuncika akuphulwa ngemva kokuvuselelwa kwe-DHCP.
Ezindaweni ezinabantu abangaphezu koyedwa, kuyanconywa ukuhlukanisa ngokomzimba, noma ukusebenzisa ama-VLAN ukuhlukanisa, izinhlobo ezahlukene zethrafikhi: ukuphathwa, ukufuduka okubukhoma, isitoreji (iSCSI noma i-SMB 3.0), ithrafikhi ye-VM, kanye nama-cluster pulses (i-CSV/i-Heartbeat). Inethiwekhi ngayinye kufanele ibe neyayo inkinobho ebonakalayo ezinikele noma, okungenani, i-VLAN echazwe kahle.
Ukuhlanganisa ama-NIC (kungakhathaliseki ukuthi yi-LBFO yakudala noma yi-SET -Switch Embedded Teaming-) kungenye insika ebalulekile: ukuhlanganisa amakhadi amaningana kuvumela ukuthi ithrafikhi isatshalaliswe futhi ukubekezelela amaphutha kuthuthukiswe, inqobo nje uma kungewona amanethiwekhi okugcina e-iSCSI noma e-SMB 3.0 lapho kunconywa khona amasu e-MPIO noma amanye amasu athile.
Kumanethiwekhi okugcina, i-Live Migration, kanye ne-CSV, kungaba mnandi kakhulu. Nika amandla ozimele abakhulu (MTU 9000) kuwo wonke amadivayisi ahilelekile (ama-NIC, amaswishi, ama-router) ukunciphisa izindleko zokudlulisa nokuthuthukisa ukusebenza ekudlulisweni okukhulu nokuqhubekayo.
Kuma-VM, noma nini lapho uhlelo lokusebenza lukuvumela, sebenzisa ama-adaptha okwenziwa, okukhawulela ukusetshenziswa kwama-adaptha akudala ezimweni ze- ibhuthini I-PXEFuthi ungakhohlwa ukubuyekeza izinsizakalo zokuhlanganisa noma abashayeli be- Linux Izinsizakalo Zokuhlanganisa ukuze uthole okuningi kuzo.
Okokugcina, gcina ibhalansi efanele phakathi i-bandwidth yenethiwekhi etholakalayo kanye nomthamo wesitoreji esabiweI-SAN esheshayo enenethiwekhi ehamba kancane, noma okuphambene nalokho, inethiwekhi engu-10 Gb enamadiski ahamba kancane, igcina isiba yizithiyo ezifanayo.
Ngokuhlanganisa kahle ukushintsha okubonakalayo (kwangaphandle, kwangaphakathi, kanye nokwangasese), i-NAT yangaphakathi, i-VLAN, i-PVLAN, ama-port ACL, amaphrofayili e-port kanye nokuhlukaniswa ku-VMM, kanye nezinketho ze-firewall zezinga le-host kanye ne-VM, ungakha indawo ye-Hyper-V lapho i-virtual switch port ngayinye iqonda ngokucacile lokho engakubona nokuthi ingaxhumana kuphi, ngenkathi igcina ukusebenza okuqinile kanye nokuphathwa okunengqondo ngaphandle kokuhlanya njalo uma ufaka omunye umshini.
Umbhali oshisekayo ngomhlaba wamabhayithi nobuchwepheshe ngokujwayelekile. Ngiyathanda ukwabelana ngolwazi lwami ngokubhala, futhi yilokho engizokwenza kule bhulogi, ngikubonise zonke izinto ezithakazelisayo kakhulu ngamagajethi, isofthiwe, ihadiwe, izitayela zobuchwepheshe, nokuningi. Inhloso yami ukukusiza ukuthi uzulazule emhlabeni wedijithali ngendlela elula nejabulisayo.