Tip of the Day: Demystifying Software Defined Networking Terms - The Components

  • Article

Today’s Tip…

Today’s tip continues the series, Demystifying Software Defined Networking Terms. In part two, The Components, we will look at the many roles and services available with Windows Server 2016 Software Defined Network.

Part 2: The Components

Terms in this tip include:

  • Network Controller
  • Network Function Virtualization
  • Virtual Appliances
  • Software Load Balancer (SLB)
  • SLB MUX
  • SLB Host Agent
  • Gateways
  • Datacenter Firewall

Network Controller - New in Windows Server 2016, Network Controller provides a centralized, programmable point of automation to manage, configure, monitor, and troubleshoot both virtual and physical network infrastructure in your datacenter. Using Network Controller, you can automate the configuration of network infrastructure instead of performing manual configuration of network devices and services.

Network Controller is a highly available and scalable server role, and provides one application programming interface (API) – the Southbound API - that allows Network Controller to communicate with the network, and a second API – the Northbound API - that allows you to communicate with Network Controller.

Using Windows PowerShell, the Representational State Transfer (REST) API, or a management application, you can use Network Controller to manage the following physical and virtual network infrastructure.

  • Hyper-V VMs and virtual switches
  • Physical network switches
  • Physical network routers
  • Firewall software
  • VPN Gateways, including Remote Access Service (RAS) Multitenant Gateways
  • Load Balancers

(NB/SB/REST API’s are discussed later in this series)

Network Function Virtualization / Virtual Appliances – Network Function Virtualization is a natural progression of server virtualization and network virtualization, extending the paradigm to include network functions traditionally performed by hardware appliances.  Appliances such as load balancers, firewalls, routers, switches, are increasingly being virtualized as Virtual Appliances.  Examples of virtual appliances that can be deployed on Windows Server 2016 and managed by the network controller role include software load balancers, gateways, and distributed firewalls.

Software Load Balancer (SLB) - Software Load Balancing (SLB) can be used to evenly distribute tenant and tenant customer network traffic among virtual network resources. The Windows Server 2016 SLB enables multiple servers to host the same workload, providing high availability and scalability. 

SLB MUX – Part of the Software Load Balancer (SLB on Windows Server 2016, the SLB MUX processes inbound network traffic and maps VIPs (virtual IPs) to DIPs (datacenter IPs), then forwards the traffic to the correct DIP. Each MUX also uses BGP to publish VIP routes to edge routers. BGP Keep Alive notifies MUXes when a MUX fails, which allows active MUXes to redistribute the load in case of a MUX failure - essentially providing load balancing for the load balancers.

(VIPS, DIPs, and BGP are discussed later in this series)

SLB Host Agent - When you deploy SLB, you must use System Center, Windows PowerShell, or another management application to deploy the SLB Host Agent on every Hyper-V host computer. You can install the SLB Host Agent on all versions of Windows Server 2016 that provide Hyper-V support, including Nano Server.

The SLB Host Agent listens for SLB policy updates from Network Controller. In addition, the host agent programs rules for SLB into the SDN-enabled Hyper-V Virtual Switches that are configured on the local computer.

Gateways – In a software defined datacenter, you can use gateways for bridging traffic between virtual networks and non-virtualized networks; specifically, you can deploy site-to-site VPN gateways, (layer 2 / layer 3) forwarding gateways, and Generic Routing Encapsulation (GRE) gateways.  Windows Server 2016 Software Defined Networking (SDN) supports redundancy through deployment of gateways in one or more pools  

Datacenter Firewall - Datacenter Firewall is a new service included with Windows Server® 2016. It is a network layer, 5-tuple (protocol, source and destination port numbers, source and destination IP addresses), stateful, multitenant firewall. When deployed and offered as a service by the service provider, tenant administrators can install and configure firewall policies to help protect their virtual networks from unwanted traffic originating from Internet and intranet networks.

In tomorrow’s tip, Demystifying Software Defined Networking Terms – Part 3: The Cloud Compass: Directions in Data Flow