It’s official: software-defined networking (SDN) is here to stay. Who wouldn’t want physical and virtual network devices able to be centrally configured and managed? Here, we explain the new SDN features in Windows Server 2016 and how to understand and use these virtualization technologies.
What is software-defined networking?
To understand the benefits of software-defined networking in Windows Server 2016, it’s first important to know what it actually is.
Software-defined networking allows you to access switches and routers that would usually use closed, proprietary firmware by applying globally aware software control. Essentially, both physical and virtual network devices in your datacenter, like routers and gateways, can be configured and managed centrally.
SDN infrastructure includes virtual network elements such as Hyper-V Virtual Switch, network virtualization, and RAS Gateway. Of course, you can still use physical devices, but as long as they have SDN compatibility, there can be a deeper integration between the virtual and physical networks.
This is possible because “the network planes — the management, control, and data planes — are no longer bound to the network devices themselves, but are abstracted for use by other entities, such as datacenter management software like System Center 2016.”
Software-defined networking lets you automate and centralize the management of your datacenter network. So, the main benefits of SDN are:
- Abstracting applications and workloads, providing virtual abstractions for physical network elements like IP addresses, and load balancers. This is accomplished by virtualizing the network and is non-disruptive.
- The possibility of centrally defining and managing both physical and virtual networks and the traffic flow between them.
- Move workloads across virtual or physical networks and deploy new workloads while implementing consistent network policies.
SDN technologies in Windows Server 2016
Network Controller
This “centralized, programmable point of automation to manage, configure, monitor, and troubleshoot both virtual and physical network infrastructure in your datacenter” is new in Windows Server 2016.
This scalable service allows users to make network infrastructure configurations automatic instead of manual setting devices and services on your network. It provides you with two application programming interfaces (API): the Southbound API and the Northbound API.
The Southbound API lets Network Controller communicate with the network, while the Northbound API lets you communicate with Network Controller.
Windows Server 2016 allows you to use a management application, Windows PowerShell, or the Representational State Transfer (REST) API to use Network Controller.
From there, according to Microsoft, you can manage Hyper-V VMs and virtual switches, physical network switches and routers, firewall software, VPN gateways including Remote Access Service (RAS) multitenant gateways, and load balancers with Network Controller.
Hyper-V Network Virtualization
As evidenced by its name, Hyper-V Network Virtualization uses virtual networks to help you abstract your applications and workloads from the physical network. This was introduced in Windows Server 2012.
Virtual networks are very popular today and are compatible with virtual Local Area Networks (VLANs). Additionally, they give users the ability to have isolation even while running on a shared physical network infrastructure, utilizing the available resources.
You have the possibility of setting up virtual networks on existing networking gear, as well as deploying and migrating tenant workloads across three clouds — the service-provider cloud, the private cloud, or the Microsoft Azure public cloud.
Hyper-V Virtual Switch
Hyper-V Virtual Switch is available in Hyper-V Manager after you install the Hyper-V server role. It’s a software-based layer-2 Ethernet network switch that allows you to connect virtual machines to both virtual networks and the physical network. Additionally, it “provides policy enforcement for security, isolation, and service levels.”
In Windows Server 2016, you’re also able to deploy Switch Embedded Teaming (SET) and Remote Direct Memory Access (RDMA).
Internal DNS Service (iDNS)
As you may know, hosted VMs and applications need DNS to communicate among their networks and external resources on the Internet. Using iDNS on Windows Server 2016 allows you to “provide tenants with DNS name resolution services for their isolated, local name space, and for Internet resources.”
This helps protect the server from malicious activities on tenant networks because there is no way to access the iDNS service without the iDNS proxy.
Network Function Virtualization
Many functions that were previously performed by hardware appliances are quickly becoming virtualized. Microsoft offers many Network Function Virtualization technologies in Windows Server 2016, including:
- Software Load Balancer (SLB) and Network Address Translation (NAT) to help distribute network traffic equally among virtual network resources.
- Datacenter Firewall allows you to apply firewall policies at the VM interface level or at the subnet level by providing granular access control lists (ACLs).
- RAS Gateway to bridge traffic between virtual networks and nonvirtualized networks.
Remote Direct Memory Access (RDMA) and Switch Embedded Teaming (SET)
Windows Server 2016 gives you the possibility of using fewer network adapters when using RDMA and SET simultaneously by enabling RDMA on network adapters that are bound to a Hyper-V Virtual Switch with or without SET.
SET, an alternative NIC Teaming solution that integrates some of its functionality into the Hyper-V Virtual Switch, lets you group one to eight physical Ethernet network adapters into one of more software-based virtual network adapters.
All of the SET member network adapters have to be in the same physical Hyper-V host to be placed in a team. “These virtual network adapters,” according to Microsoft, “provide fast performance and fault tolerance in the event of a network adapter failure.”
RAS Gateway for SDN
Using RAS Gateway in Windows Server 2016, you can route network traffic between the physical network and VM network resources, not worrying about where the resources are located. It is possible to route the network traffic at numerous physical locations over the Internet and virtual networks.
In Microsoft’s own words, it’s “a software-based, multitenant, Border Gateway Protocol (BGP) capable router in Windows Server 2016 that is designed for Cloud Service Providers (CSPs) and Enterprises that host multiple tenant virtual networks using Hyper-V Network Virtualization” meant to give you many choices of gateway infrastructure.
Software Load Balancing (SLB)
As stated in the “Network Function Virtualization” section, SLBs help distribute network traffic equally among virtual network resources. The Windows Server SLB, specifically, uses multiple servers for hosting the same workload to help give high availability and scalability.
Windows Server Containers
Containers are a popular operating system virtualization method that separates applications or services from other services that are running on the same container host. They function in a way that is similar to virtual machines when speaking of networking.
Every container has a “virtual network adapter which is connected to a virtual switch” where inbound and outbound traffic can go. Isolation is guaranteed through the network compartment that is created for the container when it’s installed.
The containers on Windows Server are able to be isolated because they each have their own view of the operating system, processes, file system, registry, and IP addresses. Windows Server 2016 now allows users to connect Windows Server containers to virtual networks.
Photo credit: Flickr / allison_dc
Interesting read, thanks for sharing Angela.