Deploy Software Defined Networks using scripts

  • Article

 

Updated: January 5, 2016

Applies To: Windows Server Technical Preview

This topic covers how to deploy a Microsoft Software Defined Network (SDN) infrastructure using scripts. The infrastructure includes a highly available (HA) network controller, an HA SLB/MUX, virtual networks, and associated ACLs. Additionally, another script deploys a tenant workload for you to validate your SDN infrastructure .

If you want your tenant workloads to communicate outside their virtual networks, you can add HNV gateways.

You can also deploy an SDN infrastructure using Virtual Machine Manager. For more information, see Deploy Software Defined Networks using Virtual Machine Manager.

Pre-deployment

Important

Before you begin deployment, you must plan and configure your hosts and physical network infrastructure. For more information, see Plan Software Defined Networking.

All Hyper-V hosts must have Windows Server 2016 Technical Preview installed, Hyper-V enabled, and the virtual switch created with one physical adapter connected. The host must be reachable via a Management IP address. Any storage type that is compatible with Hyper-V, shared or local may be used.

Deployment Steps

Use the following procedure to deploy Microsoft SDN using scripts.

To deploy a Microsoft SDN infrastructure

The installation files are located on GitHub. Download the zip file from the Microsoft SDN GitHub Repository. On the Microsoft SDN repository page, click Download ZIP.

Designate one computer as your deployment computer. This computer must be running Windows Server 2016 Technical Preview. Expand the zip file and copy the SDNExpress folder to the deployment computer's C:\ folder.

Share the C:\SDNExpress folder as “SDNExpress” with permission for Everyone to Read/Write.

Navigate to the C:\SDNExpress folder.

You will see the following folders:

Folder Name

Description

AgentConf

Holds fresh copies of OVSDB schemas used by the SDN Host Agent on each Windows Server 2016 Hyper-V host to program network policy.

Certs

Temporary shared location for the NC certificate file.

Images

Empty, place your Windows Server 2016 Technical Preview vhdx image here

Tools

Utilities for troubleshooting and debugging. Copied to the hosts and virtual machines. We recommend you place Network Monitor or Wireshark here so it is available if needed.

Scripts

Deployment scripts.

  • SDNExpress.ps1

    Deploys and configures the fabric, including the Network controller virtual machines, SLB Mux virtual machines, gateway pool(s) and the HNV gateway virtual machine(s) corresponding to the pool(s) .

  • FabricConfig.psd1

    A configuration file template for the SDNExpress script. You will customize this for your environment.

  • SDNExpressTenant.ps1

    Deploys a sample tenant workload on a virtual network with a load balanced VIP.

    Also provisions one or more network connections (IPSec S2S VPN, GRE, L3) on the service provider edge gateways which are connected to the previously created tenant workload. The IPSec and GRE gateways are available for connectivity over the corresponding VIP IP Address, and the L3 forwarding gateway over the corresponding address pool.

    This script can be used to delete the corresponding configuration with an Undo option as well.

  • TenantConfig.psd1

    A template configuration file for tenant workload and S2S gateway configuration.

  • SDNExpressUndo.ps1

    Cleans up the fabric environment and resets it to a starting state.

  • SDNExpressEnterpriseExample.ps1

    Provisions one or more enterprise site environments with one Remote Access Gateway and (optionally) one corresponding enterprise virtual machine per site. The IPSec or GRE enterprise gateways connects to the corresponding VIP IP address of the service provider gateway to establish the S2S tunnels. The L3 Forwarding Gateway connects over the corresponding Peer IP Address. This script can be used to delete the corresponding configuration with an Undo option as well.

  • EnterpriseConfig.psd1

    A template configuration file for the Enterprise site-to-site gateway and Client VM configuration.

TenantApps

Files used to deploy example tenant workloads.

Verify the Windows Server 2016 Technical Preview VHDX file is in the Images folder.

Deploy the service provider fabric

Navigate to the Scripts folder and open the FabricConfig.psd1 file in the Powershell ISE. (Right-click and select Edit).

Important

Read the text carefully and edit the file as necessary for your environment. See the comments in the file for guidance.

Open an Administrator Windows PowerShell prompt, navigate to the C:\SDNExpress folder, then run:

./SDNExpress.ps1 –ConfigurationDataFile .\FabricConfig.psd1 -verbose

This script will take approximately 30 minutes to run. While the script is running you can do the following:

  • Watch the verbose output of the Windows PowerShell DSC deployment. You will see the following stages of deployment:

    • Network Controller and SLB MUX virtual machine creation

    • Network Controller role installation - windows fabric and network controller

    • Network Controller configuration

    • SLB MUX configuration

    • Host configuration

    • Addition of public IP address to the network controller

    • Gateway Pool(s) and Gateway deployment and configuration

  • Open up the Hyper-V manager and verify that the Network Controller, SLB MUX virtual machines, and gateway virtual machines start correctly. They should be joined to the domain.

The script should complete without error.

Important

Scroll through the entire verbose output, and if you see any errors in red do not continue. Review the errors and troubleshoot as appropriate.

Once complete, verify that the network controller is working and populated by doing the following:

  1. Run the following to setup the REST Windows PowerShell commands:

    • . .\NetworkControllerRESTWrappers.ps1 -ComputerName <your NC’s REST FQDN>

  2. Run the following Windows PowerShell cmdlets to verify your SDN infrastructure:

    • Get-NCLogicalNetwork

    • Get-NCServer

    • Get-NCLoadbalancerMux

    • Get-NCGatewayPool

    • Get-NCGateway

    • Get-NCPublicIPAddress

You can also run the following commands, but they will return no objects since none have been created yet:

  • Get-NCVirtualnetwork

  • Get-NCLoadbalancer

If you want more detailed output from all of the previous cmdlets, you can pipe through a JSON converter. For example:

Get-nclogicalnetwork | convertto-json –depth 10

Deploy a test tenant virtual network infrastructure

  1. Open the TenantConfig.psd1 file in the Powershell ISE. Customize as needed for your environment.

    Note

    If you want the tenant virtual machines to have access to DNS or join an Active Directory, then you to need to update the DNS values to point to valid DNS servers. Search the script for 'DNSServers' and edit as necessary.

  2. Run SDNExpressTenant.ps1 to create the tenant infrastructure for testing purposes:

    ./SDNExpressTenant.ps1 –ConfigurationDataFile .\TenantConfig.psd1 -verbose

    This script creates the following:

    • A virtual network containing two subnets with IP pools:

      • 192.168.0.0/24

      • 192.168.1.0/24

    • An ACL that restricts east/west traffic in the 192.168.0.0 subnet and an allow-all ACL for the 192.168.1.0 subnet.

    • Three virtual machines, two virtual machines on the 192.168.0.0 subnet, and one virtual machine on the 192.168.1.0 subnet.

  3. The script pauses while you verify the virtual networks. Do not continue until have verified that they were successfully created.

  4. The script asks you if a public VIP configuration is required. If you type Yes, it creates a VIP and a load balancer rule for the virtual machines.

    You should now be able to connect to this VIP from your console virtual machine.

    Note

    VIPs do not respond to pings. Use "wget <your VIP address> -DisableKeepAlive –UseBasicParsing" to query via command line.

  5. If you want your tenant infrastructure to communicate outside their virtual networks, you can add HNV gateways for tenants. For Windows Server 2016 Technical Preview 4, a virtual gateway is deployed for each tenant.

    The script asks if you want to configure S2S gateways. If you type Yes, it configures corresponding tenant gateways for S2S VPN connectivity. You can then connect to these gateways from tenant sites and access the workload over these S2S network connections.

    At this point the service provider SDN infrastructure is fully deployed. If you want to configure more tenants, modify the configuration file accordingly and run the script again.

  6. Run the following Windows PowerShell cmdlet to verify your tenant gateway deployment:

    Get-NCVirtualGateway

Deploy a simulated tenant enterprise infrastructure

  1. To deploy simulated tenant enterprise site gateways and virtual machines, open the EnterpriseConfig.psd1 file in the Powershell ISE, and customize the enterprise gateway settings that you need for your environment. Make sure you specify the Routing Type that you want (Dynamic for BGP Routing, Static otherwise).

  2. Run the SDNExpressEnterpriseExample.ps1 script to deploy the Enterprise site Gateways and (optionally) clients

    ./SDNExpressEnterpriseExample.ps1 –ConfigurationDataFile .\EnterpriseConfig.psd1 verbose

    This script creates the following:

    • One or more tenant enterprise sites with a VPN S2S Gateway per site, connected to the "Internet" network.

    • An internal tenant enterprise network switch for this site’s internal connectivity.

    • A S2S VPN interface on this gateway with a destination to the gateway’s public IP address and post connect IPv4 route to the service provider BGP router IPv4 address.

    • Installs a BGP router on the tenant enterprise site and creates a BGP Peer with the destination IP address at the service provider BGP router.

  3. Now you can run the following cmdlets on the tenant enterprise gateways to check the state of network connections (and/or connect them):

    • Get-VpnS2SInterface | Connect-VpnS2SInterface

    • Get-BgpRouter

    • Get-BgpPeer | Start-BgpPeer

    • Get-BgpRouteInformation

  4. To check if the end-to-end connectivity is up, try the following:

    • From one of the tenant enterprise gateways, ping the other tenant enterprise network. For example: ping 14.1.20.1 –S 14.1.10.1

    • From one of the tenant enterprise gateways, try to establish an RDP connection with the WebTier virtual machine in the virtual network hosted at the service provider. For example: mstsc -v 192.168.0.10

      In this example, 192.168.0.10 is the DIP on one of the VNET VMs.

  5. Optional - gateway failover scenario

    To simulate a gateway failover scenario in M+N deployment mode, find out the currently active gateway for the tenant by using the following Windows PowerShell command: Get-NCVirtualGateway –ResourceID <TenantName>

    Now log on to the gateway virtual machine and either shutdown the Remote Access service or shutdown the virtual machine to simulate failover. Check whether the tenant’s virtual gateway has been re-provisioned on a standby Gateway virtual machine by running the above Windows PowerShell command again.

This completes the configuration for SDN environment and the corresponding tenant enterprise sites. If you need to configure additional tenant enterprise sites or network connections, you can modify the corresponding configuration and run it again.