Azure Stack HCI 和 Windows Server 中 (SDN) 软件定义的网络Software Defined Networking (SDN) in Azure Stack HCI and Windows Server

适用于 Azure Stack HCI,版本 20H2;Windows Server 2019;Windows Server 2016Applies to Azure Stack HCI, version 20H2; Windows Server 2019; Windows Server 2016

软件定义的网络 (SDN) 提供了一种方法,用于在数据中心中集中配置和管理网络和网络服务,如交换、路由和负载均衡。Software defined networking (SDN) provides a way to centrally configure and manage networks and network services such as switching, routing, and load balancing in your data center. 可以使用 SDN 动态创建、保护和连接网络,以满足不断演变的应用需求。You can use SDN to dynamically create, secure, and connect your network to meet the evolving needs of your apps. 运营全球规模的数据中心网络,适用于 Microsoft Azure 的服务,这些服务每天有效地执行数十个网络更改,只是因为 SDN。Operating global-scale datacenter networks for services like Microsoft Azure, which efficiently performs tens of thousands of network changes every day, is possible only because of SDN.

虚拟网络元素(例如 Hyper-V 虚拟交换机Hyper-V 网络虚拟化软件负载均衡RAS 网关)的作用是充当 SDN 基础结构的构成部分。Virtual network elements such as Hyper-V Virtual Switch, Hyper-V Network Virtualization, Software Load Balancing, and RAS Gateway are designed to be integral elements of your SDN infrastructure. 还可以使用现有 SDN 兼容设备,在虚拟网络中运行的工作负载与物理网络之间实现更深入的集成。You can also use your existing SDN-compatible devices to achieve deeper integration between your workloads running in virtual networks and the physical network.

有三个主要 SDN 组件,你可以选择要部署的组件:网络控制器、软件负载平衡器和网关。There are three major SDN components, and you can choose which you want to deploy: Network Controller, Software Load Balancer, and Gateway.


拉伸(多站点)群集不支持 SDN。SDN is not supported on stretched (multi-site) clusters.

网络控制器Network Controller

网络控制器提供一种集中的可编程自动操作点,用于对数据中心的虚拟网络基础结构进行管理、配置、监视和故障排除。The Network Controller provides a centralized, programmable point of automation to manage, configure, monitor, and troubleshoot virtual network infrastructure in your data center. 它是高度可缩放的服务器角色,使用 Service Fabric 提供高可用性。It’s a highly scalable server role that uses Service Fabric to provide high availability. 网络控制器必须部署在其自己的专用 VM 上。The Network Controller must be deployed on its own dedicated VMs.

部署网络控制器可实现以下功能:Deploying Network Controller enables the following functionalities:

  • 创建和管理虚拟网络和子网。Create and manage virtual networks and subnets. 将虚拟机 (VM) 连接到虚拟子网。Connect virtual machines (VMs) to virtual subnets.
  • 为连接到虚拟网络或基于 VLAN 的传统网络的 VM 配置和管理微分段。Configure and manage micro-segmentation for VMs connected to virtual networks or traditional VLAN-based networks.
  • 将虚拟设备连接到虚拟网络。Attach virtual appliances to your virtual networks.
  • 为连接到虚拟网络或基于 VLAN 的传统网络的 VM 配置服务质量 (QoS) 策略。Configure Quality of Service (QoS) policies for VMs attached to virtual networks or traditional VLAN-based networks.

建议 使用 SDN Express 部署网络控制器We recommend deploying Network Controller using SDN Express.

软件负载均衡 (SLB)Software Load Balancing

软件负载均衡器 (SLB) 可用于在多个 vm 之间平均分配客户网络流量。Software Load Balancer (SLB) can be used to evenly distribute customer network traffic among multiple VMs. 它使多台服务器可以托管相同的工作负载,从而提供高可用性和可伸缩性。It enables multiple servers to host the same workload, providing high availability and scalability. SLB 使用边界网关协议向物理网络播发虚拟 IP 地址。SLB uses Border Gateway Protocol to advertise virtual IP addresses to the physical network.


网关用于在虚拟网络与另一个网络(本地或远程)之间路由网络流量。Gateways are used for routing network traffic between a virtual network and another network, either local or remote. 网关可用于:Gateways can be used to:

  • 通过 Internet 在 SDN 虚拟网络与外部客户网络之间创建安全的站点到站点 IPsec 连接。Create secure site-to-site IPsec connections between SDN virtual networks and external customer networks over the internet.
  • 在 SDN 虚拟网络与外部网络之间创建通用路由封装 (GRE) 连接。Create Generic Routing Encapsulation (GRE) connections between SDN virtual networks and external networks. 站点到站点连接与 GRE 连接的不同之处在于后者不是加密连接。The difference between site-to-site connections and GRE connections is that the latter is not an encrypted connection. 有关 GRE 连接方案的详细信息,请参阅 Windows Server 中的 GRE 隧道For more information about GRE connectivity scenarios, see GRE Tunneling in Windows Server.
  • 在 SDN 虚拟网络与外部网络之间创建第 3 层连接。Create Layer 3 connections between SDN virtual networks and external networks. 在这种情况下,SDN 网关只充当虚拟网络与外部网络之间的路由器。In this case, the SDN gateway simply acts as a router between your virtual network and the external network.

网关使用边界网关协议播发 GRE 终结点,并建立点到点连接。Gateways use Border Gateway Protocol to advertise GRE endpoints and establish point-to-point connections. SDN 部署会创建支持所有连接类型的默认网关池。SDN deployment creates a default gateway pool that supports all connection types. 在此池中,可以指定保留为备用以防活动网关出现故障的网关数。Within this pool, you can specify how many gateways are reserved on standby in case an active gateway fails.

