I wanted to share some of my experiences with debugging Windows Server 2016 Software Defined Networking (SDN) related customer issues. These issues are related to SDN RAS Gateways.If you’ve deployed Software Defined Networking (SDN) in Windows Server 2016 Datacenter by using System Center Virtual Machine Manager (SCVMM), you might have encountered problems configuring the RAS Gateway virtual private network (VPN) connection inbound and outbound bandwidth settings.
Gateways are used in SDN to provide external connectivity to a virtual network. This can be connectivity to an on-premises network or to the physical network in the same datacenter. You can get more information about gateways in the topic RAS Gateway for SDN.
The customer was unable to change VPN connection inbound and outbound bandwidth settings by using the SCVMM user interface (UI) setting Maximum Incoming and Maximum Outgoing.
When the customer tried to change these gateway bandwidth settings from the SCVMM UI, he received the error ID 26909, Network service ‘SA19N30NC’ doesn’t support this type of traffic metering, as depicted in the following screen shot.
Solution for Issue #1
SCVMM currently does not support changing bandwidth settings for a VPN connection. They will start supporting this shortly. By default, the inbound and outbound bandwidth is set as 500 Kbps.
Meanwhile, if you want to change bandwidth settings, you can use the Network Controller Windows PowerShell command New-NetworkControllerVirtualGatewayNetworkConnection with the parameters OutboundKiloBitsPerSecond and InboundKiloBitsPerSecond.
NOTE: If you make any other changes to the VPN connection through SCVMM after changing the bandwidth settings, the bandwidth settings will be reset to the default (500 Kbps). So, you will need to run the Network Controller Powershell again to update the bandwidth settings.
Even after changing the VPN network connection bandwidth settings to 200 Mbps by using Network Controller Windows PowerShell commands, the customer observed a bandwidth cap of about 150 Mbps for the connection.
Solution for Issue #2
The customer had set the gateway capacity as 1000 Mbps (this is the default value in the SCVMM UI). The Gateway capacity (Mbps) parameter denotes the normal TCP bandwidth which is expected out of the gateway VM. Customer should fill this accordingly based on his underlying network speed.
Maximum IPsec tunnel bandwidth is limited to (3/20)* Gateway Capacity on a particular gateway. So, if the gateway capacity is set to 1000 Mbps, the equivalent IPsec tunnel capacity would be 150 Mbps.
The equivalent ratios for GRE and L3 tunnels are 1/5 and 1/2, respectively.
NOTE: You must be wondering why the customer was allowed to add a connection with 200 Mbps bandwidth if the gateway did not have available capacity. Actually, the configuration change never succeeded. This configuration change is an asynchronous operation. After changing the settings, if the customer had executed Get-NetworkControllerVirtualGatewayNetworkConnection and checked the ConfigurationState of the resource, the “Status” would have been “Failure” with “DetailedInfo” giving more details about the error.
If you want to setup SDN through SCVMM, see the topic Set up a Software Defined Network (SDN) infrastructure in the VMM fabric. Before starting the setup, you can review the SDN planning guidance in the topic Plan a Software Defined Network Infrastructure.
Anirban Paul, Senior Program Manager