How to find the SDN gateway local address for BGP peering in Windows Server 2016

A few days back, I wrote a blog post about some issues being faced by Software Defined Networking (SDN) customers. The issue was specific to changing VPN bandwidth settings in Windows Server 2016. You can read more about that issue and the solution here.

Another area where we have seen customers struggle is finding out the local SDN gateway server address. The local SDN gateway Server address is required for the following reasons:

  1. When you configure the remote VPN endpoint (in your enterprise or your local datacenter), you need to provide the local SDN gateway server address as the destination IP. This is the IP address advertised by the gateway for external connectivity
  2. If you are using BGP for learning dynamic routes over VPN, you will need the local SDN gateway server address to configure the BGP peering information. Note that this address will be different from the destination IP I have mentioned above, since this is the IP address of the internal interface of the VPN server.

Finding the external address of SDN gateway

This address will be used as the destination IP address when you configure the on-premise VPN server (or a GRE endpoint in the same datacenter). This address may be different for different tenants because the SDN gateway is a multi-tenant server.

This address is displayed in the System Center Virtual Machine Manager (SCVMM) console when you configure the connection, as depicted in the illustration below.

a

 

Finding the BGP router IP address of the SDN gateway

BGP Router IP for tenant connections

If you are using Border Gateway Protocol (BGP) with your tenant IPsec, GRE or L3 connections for dynamically learning remote routes, you need to know the BGP router IP address so that you can configure that address as the peer address on the remote router. When you configure the VPN connections through SCVMM, SCVMM automatically assigns an IP Address from the gateway routing subnet to the tenant compartment of the gateway VM. SCVMM uses this IP address as the BGP router IP address. Because this router is tenant-specific, the router address is different for each tenant.

First, execute the following Windows Powershell commands on a Network Controller machine or a machine that is configured as a Network Controller client:

$gateway = Get-NetworkControllerVirtualGateway -ConnectionUri <REST uri of your deployment>

$gateway.Properties.NetworkConnections.Properties.DestinationAddress

The results of this command can display multiple virtual gateways, depending on how many tenants have configured gateway connections. Also, each virtual gateway can have multiple connections (IPSec, GRE, L3). Because you already know the destination address of the connection, you can identify the correct connection based on the destination address. After you have the correct network connection, run the following command (on the corresponding virtual gateway) to get the BGP router IP address of the virtual gateway

$gateway.Properties.BgpRouters.Properties.RouterIp

The result of this command provides the IP address that you must configure on the remote router as the peer IP Address.

BGP router IP for GRE gateway

If you are using GRE connectivity in your SDN deployment, you must create a GRE VIP logical network and advertise the GRE VIPs from your SDN gateways to the physical network using internal BGP peering. You can get more details in the SDN planning document here.

You need to create a BGP peer on the Top of Rack router (ToR) that is used by your SDN infrastructure to receive routes for the GRE VIP logical network advertised by the SDN Gateways. BGP peering only needs to occur one way (from SDN Gateway to external BGP peer). To configure the BGP peer, you will need to provide the peer IP i.e, the BGP router IP of the SDN gateways.

To get the BGP router IP of the SDN gateway, execute the following Powershell commands on a Network Controller machine or a machine that is configured as a Network Controller client:

$gateway = Get-NetworkControllerGateway -ConnectionUri <REST uri of your deployment>

$gateway.Properties.BgpConfig.RouterIp

The result of this command provides the IP address that you must configure on the remote router as the peer IP Address.

 

If you want to setup SDN through SCVMM, there is a bunch of detailed documentation on Technet here. Before starting the deployment, please go through the SDN planning guidance here.