在 VMM 构造中设置 SDN RAS 网关Set up an SDN RAS gateway in the VMM fabric

重要

此版本的 Virtual Machine Manager (VMM) 已停止提供支持,建议升级到 VMM 2019This version of Virtual Machine Manager (VMM) has reached the end of support, we recommend you to upgrade to VMM 2019.

本文介绍如何在 System Center - Virtual Machine Manager (VMM) 构造中设置软件定义的网络 (SDN) RAS 网关。This article describes how to set up a Software Defined Networking (SDN) RAS gateway in the System Center - Virtual Machine Manager (VMM) fabric.

SDN RAS 网关是 SDN 中的数据路径元素,可实现两个自治系统间的站点到站点连接。An SDN RAS gateway is a data path element in SDN that enables site-to-site connectivity between two autonomous systems. 具体而言,RAS 网关可使用 IPSec、通用路由封装 (GRE) 或第 3 层转发,在远程租户网络和你的数据中心之间实现站点到站点连接。Specifically, a RAS gateway enables site-to-site connectivity between remote tenant networks and your datacenter using IPSec, Generic Routing Encapsulation (GRE) or Layer 3 Forwarding. 了解详情Learn more.

备注

  • 从 VMM 2019 UR1 开始,“一个连接的网络”类型已更改为“连接的网络”。From VMM 2019 UR1, One Connected network type is changed to Connected Network.
  • VMM 2019 UR2 及更高版本支持 IPv6。VMM 2019 UR2 and later supports IPv6.

准备工作Before you start

开始前,确保以下方面:Ensure the following before you start:

  • 规划:阅读如何规划软件定义的网络,并参看文档中的规划拓扑。Planning: Read about planning a software defined network, and review the planning topology in this document. 该图展示了一个 4 节点设置示例。The diagram shows a sample 4-node setup. 该设置高度可用,具有 3 个网络控制器节点 (VM)和 3 个 SLB/MUX 节点。The setup is highly available with Three network controller nodes (VM), and Three SLB/MUX nodes. 该图展示了 2 个租户和 1 个分解为 2 个虚拟子网的虚拟网络,两个子网用于模拟 Web 层和数据库层。It shows Two tenants with One virtual network broken into Two virtual subnets to simulate a web tier and a database tier. 基础结构和租户虚拟机均可在所有物理主机之间重新分布。Both the infrastructure and tenant virtual machines can be redistributed across any physical host.
  • 网络控制器:在部署 RAS 网关之前,应部署网络控制器。Network controller: You should deploy the network controller before you deploy the RAS gateway.
  • SLB:若要确保正确处理依赖关系,还应在设置网关前部署 SLB。SLB: To ensure that dependencies are handled correctly, you should also deploy the SLB before setting up the gateway. 如果配置了 SLB 和网关,可使用和验证 IPsec 连接。If an SLB and a gateway are configured, you can use and validate an IPsec connection.
  • 服务模板:VMM 使用服务模板实现 GW 部署自动化。Service template: VMM uses a service template to automate GW deployment. 服务模板支持第 1 代和第 2 代 VM 上的多节点部署。Service templates support multi-node deployment on generation 1 and generation 2 VMs.

部署步骤Deployment steps

若要设置 RAS 网关,请执行以下操作:To set up a RAS gateway, do the following:

  1. 下载服务模板:下载 GW 部署时所需的服务模板。Download the service template: Download the service template that you need to deploy the GW.
  2. 创建 VIP 逻辑网络:创建 GRE VIP 逻辑网络。Create the VIP logical network: Create a GRE VIP logical network. 它需要专用 VIP 的 IP 地址池并将 VIP 分配给 GRE 终结点。It needs an IP address pool for private VIPs, and to assign VIPs to GRE endpoints. 网络是为了定义 VIP,这些 VIP 分配给在适合站点到站点连接的 SDN 构造上运行的网关 VM。The network exists to define VIPs that are assigned to gateway VMs running on the SDN fabric for a site-to-site GRE connection.
  3. 导入服务模板:导入 RAS 网关服务模板。Import the service template: Import the RAS gateway service template.
  4. 部署网关:部署网关服务实例,并配置其属性。Deploy the gateway: Deploy a gateway service instance, and configure its properties.
  5. 验证部署:配置站点到站点 GRE、IPSec、或 L3,并验证部署。Validate the deployment: Configure site-to-site GRE, IPSec, or L3, and validate the deployment.

下载服务模板Download the service template

  1. Microsoft SDN GitHub 存储库下载 SDN 文件夹,并通过“VMM”**** >“模板”**** > “GW”**** 将模板复制到 VMM 服务器上的本地路径。Download the SDN folder from the Microsoft SDN GitHub repository and copy the templates from VMM >Templates > GW to a local path on the VMM server.
  2. 将内容提取到本地计算机的文件夹。Extract the contents to a folder on a local computer. 稍后将它们导入到库中。You'll import them to the library later.

下载内容包含两个模板:The download contains Two templates:

  • EdgeServiceTemplate_Generation 1 VM.xml 模板适用于在第 1 代虚拟机上部署 GW 服务。The EdgeServiceTemplate_Generation 1 VM.xml template is for deploying the GW Service on generation 1 virtual machines.
  • EdgeServiceTemplate_Generation 2 VM.xml 模板适用于在第 2 代虚拟机上部署 GW 服务。The EdgeServiceTemplate_Generation 2 VM.xml is for deploying the GW Service on Generation 2 virtual machines.

这两个模板的默认虚拟机计数都是 3 个,可在服务模板设计器中更改此计数。Both the templates have a default count of three virtual machines which can be changed in the service template designer.

创建 GRE VIP 逻辑网络Create the GRE VIP logical network

  1. 在 VMM 控制台中,运行“创建逻辑网络向导”。In the VMM console, run the Create Logical Network Wizard. 键入名称,选择性地提供描述,然后单击“下一步”****。Type a Name, optionally provide a description, and click Next.
  2. 在“设置”中,选择“一个连接的网络”。In Settings, select One Connected Network. 或者,可以选择“创建同名 VM 网络”。Optionally you can select Create a VM network with the same name. 此设置允许 VM 直接访问此逻辑网络。This setting allows VMs to access this logical network directly. 选择“由网络控制器托管”,并单击“下一步”。Select Managed by the Network Controller, and click Next.
  • 对于 VMM 2019 UR1 及更高版本,在“设置”中,依次选择“连接的网络”和“由网络控制器托管”,然后单击“下一步”。For VMM 2019 UR1 and later, in Settings, select Connected Network, and select Managed by the Network Controller, and click Next.
  1. 在“网络站点”中,指定设置:In Network Site, specify the settings:

    下面是示例值:Here are the sample values:

    • 网络名称:GRE VIPNetwork name: GRE VIP
    • 子网:31.30.30.0Subnet: 31.30.30.0
    • 掩码:24Mask: 24
    • Trunk 上的 VLAN ID:NAVLAN ID on trunk: NA
    • 网关:31.30.30.1Gateway: 31.30.30.1
  1. 在“摘要”中,检查设置,然后完成向导。In Summary, review the settings and finish the wizard.
  1. 若要使用 IPv6,请将 IPv4 和 IPV6 子网都添加到网络站点。To use IPv6, add both IPv4 and IPV6 subnet to the network site. 下面是示例值:Here are the sample values:

    • 网络名称:GRE VIPNetwork name: GRE VIP
    • 子网:FD4A:293D:184F:382C::Subnet: FD4A:293D:184F:382C::
    • 掩码:64Mask: 64
    • Trunk 上的 VLAN ID:NAVLAN ID on trunk: NA
    • 网关:FD4A:293D:184F:382C::1Gateway: FD4A:293D:184F:382C::1
  2. 在“摘要”中,检查设置,然后完成向导。In Summary, review the settings and finish the wizard.

创建 GRE VIP 地址的 IP 地址池Create an IP address pool for GRE VIP addresses

备注

从 VMM 2019 UR1 开始,可以使用“创建逻辑网络”向导来创建 IP 地址池。From VMM 2019 UR1, you can create IP address pool using Create Logical Network wizard.

  1. 右键单击 GRE VIP 逻辑网络 >“创建 IP 池”。Right-click the GRE VIP logical network > Create IP Pool.
  2. 键入池的名称和可选描述,并确保已选中 VIP 网络。Type a Name and optional description for the pool, and check that the VIP network is selected. 单击“下一步” 。Click Next.
  3. 接受默认网络站点,然后单击“下一步”。Accept the default network site and click Next.
  1. 为范围选择开始和结束 IP 地址。Choose a starting and ending IP address for your range. 范围应从可用子网的第二个地址开始。Start the range on the second address of your available subnet. 例如,如果可用子网为 .1 到 .254,则范围应从 .2 开始。For example, if your available subnet is from .1 to .254, start the range at .2.
  2. 在“为负载均衡器 VIP 保留的 IP 地址”**** 框中,键入子网中的 IP 地址范围。In the IP addresses reserved for load balancer VIPs box, type the IP addresses range in the subnet. 这应与用于开始和结束 IP 地址的范围相匹配。This should match the range you used for starting and ending IP addresses.
  3. 由于此池用于为 VIP 分配 IP 地址(仅通过网络控制器),因此不需要提供网关、DNS 或 WINS 信息。You don't need to provide gateway, DNS or WINS information as this pool is used to allocate IP addresses for VIPs through the network controller only. 单击“下一步”,跳过这些屏幕。Click Next to skip these screens.
  4. 在“摘要”中,检查设置,然后完成向导。In Summary, review the settings and finish the wizard.
  1. 如果已创建 IPv6 子网,请创建单独的 IPv6 GRE VIP 地址池。If you had created IPv6 subnet, create a separate IPv6 GRE VIP address pool.
  2. 为范围选择开始和结束 IP 地址。Choose a starting and ending IP address for your range. 范围应从可用子网的第二个地址开始。Start the range on the second address of your available subnet. 例如,如果可用子网为 .1 到 .254,则范围应从 .2 开始。For example, if your available subnet is from .1 to .254, start the range at .2. 若要指定 VIP 范围,请不要使用 IPv6 地址的缩短形式;使用 2001:db8:0:200:0:0:0:7 格式,而不要使用 2001:db8:0:200::7For specifying VIP range, don’t use the shortened form of IPv6 address; Use 2001:db8:0:200:0:0:0:7 format instead of 2001:db8:0:200::7
  3. 在“为负载均衡器 VIP 保留的 IP 地址”**** 框中,键入子网中的 IP 地址范围。In the IP addresses reserved for load balancer VIPs box, type the IP addresses range in the subnet. 这应与用于开始和结束 IP 地址的范围相匹配。This should match the range you used for starting and ending IP addresses.
  4. 由于此池用于为 VIP 分配 IP 地址(仅通过网络控制器),因此不需要提供网关、DNS 或 WINS 信息。You don't need to provide gateway, DNS or WINS information as this pool is used to allocate IP addresses for VIPs through the network controller only. 单击“下一步”,跳过这些屏幕。Click Next to skip these screens.
  5. 在“摘要”中,检查设置,然后完成向导。In Summary, review the settings and finish the wizard.

导入服务模板Import the service template

  1. 单击“库” > “导入模板”。Click Library > Import Template.

  2. 浏览到服务模板文件夹。Browse to your service template folder. 例如,选择 EdgeServiceTemplate Generation 2.xml 文件。As an example, select the EdgeServiceTemplate Generation 2.xml file.

  3. 导入服务模板时请更新环境参数。Update the parameters for your environment as you import the service template. 请注意,在网络控制器部署过程中已导入库资源。Note that the library resources were imported during network controller deployment.

    • WinServer.vhdx:选择先前在网络控制器部署期间准备和导入的虚拟硬盘映像。WinServer.vhdx: Select the virtual hard drive image that you prepared and imported earlier, during the network controller deployment.
    • EdgeDeployment.CR:映射到 VMM 库中的 EdgeDeployment.cr 库资源。EdgeDeployment.CR: Map to the EdgeDeployment.cr library resource in the VMM library.
  4. 在“摘要”**** 页上查看详细信息,然后单击“导入”****。On the Summary page, review the details and click Import.

    注意:可自定义服务模板。Note: You can customize the service template. 了解详细信息Learn more.

部署网关服务Deploy the gateway service

此示例使用第 2 代模板。This example uses the generation 2 template.

  1. 选择“EdgeServiceTemplate Generation2.xml”服务模板,然后单击“配置部署”。Select the EdgeServiceTemplate Generation2.xml service template, and click Configure Deployment.

  2. 为服务实例键入名称并选择目标。Type a Name and choose a destination for the service instance. 该目标必须映射到一个主机组,该组包含之前为部署网关配置的主机。The destination must map to a host group that contains the hosts configured previously for gateway deployment.

  3. 在“网络设置”中,将管理网络映射到管理 VM 网络。In Network Settings, map the management network to the management VM network.

    注意:完成映射后,将显示“部署服务”**** 对话框。Note: The Deploy Service dialog appears after mapping is complete. VM 实例最初一般为红色。It's normal for the VM instances to be initially Red. 单击“刷新预览”****,自动查找适合 VM 的主机。Click Refresh Preview to automatically find suitable hosts for the VM.

  4. 在“配置部署”**** 窗口的左侧,配置以下设置:On the left of the Configure Deployment window, configure the following settings:

    • AdminAccountAdminAccount. 必需。Required. 选择要在网关 VM 上用作本地管理员的运行方式帐户。Select a RunAs account that will be used as the local administrator on the gateway VMs.
    • 管理网络Management Network. 必需。Required. 选择为主机管理创建的管理 VM 网络。Choose the Management VM network that you created for host management.
    • 帐户管理Management Account. 必需。Required. 选择一个运行方式帐户,该帐户有权向关联了网络控制器的 Active Directory 域添加网关。Select a Run as account with permissions to add the gateway to the Active Directory domain associated with the network controller. 此帐户可与部署网络控制器时用于 MgmtDomainAccount 的帐户相同。This can be the same account used for MgmtDomainAccount while deploying the network controller.
    • FQDNFQDN. 必需。Required. 网关的 Active Directory 域的 FQDN。FQDN for the Active directory domain for the gateway.
  5. 单击“部署服务”以开始服务部署作业。Click Deploy Service to begin the service deployment job.

    注意Note:

    • 部署时间因硬件而异,但通常介于 30 到 60 分钟之间。Deployment times will vary depending on your hardware but are typically between 30 and 60 minutes. 如果网关部署失败,请先通过“所有主机” > “服务”删除失败的服务实例,然后重新尝试部署。If gateway deployment fails, delete the failed service instance in All Hosts > Services before you retry the deployment.

    • 如果未使用批量许可的 VHDX(或未使用答案文件提供产品密钥),则在 VM 设置期间,部署将停止于“产品密钥”页。If you aren't using a volume licensed VHDX (or the product key isn't supplied using an answer file), then deployment will stop at the Product Key page during VM provisioning. 需要手动访问 VM 桌面,且必须输入密钥或跳过。You need to manually access the VM desktop, and either enter the key, or skip it.

    • 如果想要缩小或扩大已部署的 SLB 实例,请阅读此博客If you want to scale-in or scale-out a deployed SLB instance, read this blog.

网关限制Gateway limits

以下是 NC 托管网关的默认限制:The following are the default limits for NC managed gateway:

  • MaxVMNetworksSupported= 50MaxVMNetworksSupported= 50
  • MaxVPNConnectionsPerVMNetwork= 10MaxVPNConnectionsPerVMNetwork= 10
  • MaxVMSubnetsSupported= 550MaxVMSubnetsSupported= 550
  • MaxVPNConnectionsSupported= 250MaxVPNConnectionsSupported= 250

替代网关限制Override the gateway limits

若要替代默认限制,请将替代字符串追加到网络控制器服务连接字符串并在 VMM 中进行更新。To override the default limits, append the override string to the network controller service connection string and update in VMM.

  • MaxVMNetworksSupported= 后跟可与此网关一起使用的 VM 网络数。MaxVMNetworksSupported= followed by the number of VM networks that can be used with this gateway.
  • MaxVPNConnectionsPerVMNetwork= 后跟每个 VM 网络可使用此网关建立的 VPN 连接数。MaxVPNConnectionsPerVMNetwork= followed by the number of VPN Connections that can be created per VM network with this gateway.
  • MaxVMSubnetsSupported= 后跟可与此网关一起使用的 VM 网络子网数。MaxVMSubnetsSupported= followed by the number of VM network subnets that can be used with this gateway.
  • MaxVPNConnectionsSupported= 后跟可与此网关一起使用的 VPN 连接数。MaxVPNConnectionsSupported= followed by the number of VPN Connections that can be used with this gateway.

示例Example:

若要将可与此网关一起使用的最大 VM 网络数替代为 100,则将连接字符串更新如下:To override the maximum number of VM networks that can be used with the gateway to 100, update the connection string as follows:

serverurl=https://NCCluster.contoso.com;servicename=NC_VMM_RTM; MaxVMNetworksSupported==100

配置网关管理器角色Configure the gateway manager role

由于已部署网关服务,现在便可以配置属性并将此服务与网络控制器服务关联起来。Now that the gateway service is deployed, you can configure the properties, and associate it with the network controller service.

  1. 单击“构造” > “网络服务”以显示已安装的网络服务列表。Click Fabric > Network Service to display the list of network services installed. 右键单击“网络控制器”服务 >“属性”。Right-click the network controller service > Properties.

  2. 单击“服务”选项卡,并选择“网关管理器角色”。Click the Services tab, and select the Gateway Manager Role.

  3. 在“服务信息”下查找“关联服务”字段,然后单击“浏览”。Find the Associated Service field under Service information, and click Browse. 选择之前创建的网关服务实例,然后单击“确定”。Select the gateway service instance you created earlier, and click OK.

  4. 选择“运行方式帐户”****,网络控制器将使用此账户访问网关虚拟机。Select the Run As account that will be used by network controller to access the gateway virtual machines.

    注意:运行方式帐户必须具有网关 VM 的管理员特权。Note: The Run as account must have Administrator privileges on the gateway VMs.

  5. 在“GRE VIP 子网”**** 中,选择先前创建的 VIP 子网。In GRE VIP subnet, select the VIP subnet that you created previously.

  1. 在“公共 IPv4 池”中,选择 SLB 部署期间配置的池。In Public IPv4 pool, select the pool you configured during SLB deployment. 在“公共 IPv4 地址”中,提供来自于上一个池的 IP 地址,并确保你不会选择从该范围寻址的三个初始 IP 地址。In Public IPv4 address, provide an IP address from the previous pool, and ensure you don't select the initial three IP addresses from the range.
  1. 若要启用 IPv4 地址,请在“公共 IPv4 池”中,选择在 SLB 部署期间配置的池。To enable IPv4 support, in Public IPv4 pool, select the pool you configured during SLB deployment. 在“公共 IPv4 地址”中,提供来自于上一个池的 IP 地址,并确保你不会选择从该范围寻址的三个初始 IP 地址。In Public IPv4 address, provide an IP address from the previous pool, and ensure you don't select the initial three IP addresses from the range.

  2. 若要启用 IPv6 支持,请从“网络控制器属性” > “服务”中,选中“启用 IPv6”复选框,然后选择之前创建的 IPv6 GRE VIP 子网,并分别输入公共 IPv6 池和公共 IPv6 地址。To enable IPv6 support, from Network Controller Properties > Services, select Enable IPv6’ checkbox, select the IPv6 GRE VIP subnet that you have created previously, and input the public IPv6 pool and public IPv6 address respectively. 此外,选择将分配给网关 VM 的 IPv6 前端子网。Also, select IPv6 frontend subnet that will be assigned to Gateway VMs.

    启用 IPv6

  3. 在“网关容量”中,配置容量设置。In Gateway Capacity, configure the capacity settings.

    网关容量 (Mbps) 表示网关 VM 外预期的正常 TCP 带宽。The gateway capacity (Mbps) denotes the normal TCP bandwidth that is expected out of the gateway VM. 必须根据所使用的基础网络速度来设置此参数。You must set this parameter based on the underlying network speed you use.

    IPsec 隧道带宽限制为 (3/20) 的网关容量。IPsec tunnel bandwidth is limited to (3/20) of the gateway capacity. 这意味着,如果设置的网关容量为 1000 Mbps,则等效 IPsec 隧道容量可限制为 150 Mbps。Which means, if the gateway capacity is set to 1000 Mbps, the equivalent IPsec tunnel capacity would be limited to 150 Mbps.

    备注

    带宽限制是入站带宽值和出站带宽值的总和。The bandwidth limit is the total value of inbound bandwidth and outbound bandwidth.

    GRE 和 L3 隧道的等比分别为 1/5 和 1/2。The equivalent ratios For GRE, and L3 tunnels are 1/5 and 1/2 respectively.

  4. 在“为故障保留的节点”字段**** 中,配置为进行备份而保留的节点数。Configure the number of reserved nodes for back-up in Nodes for reserved for failures field.

  5. 若要配置单个网关 VM,单击每个 VM 并选择 IPv4 前端子网,指定本地 ASN,并根据需要添加 BGP 对等的对等互连设备信息。To configure individual gateway VMs, click each VM and select the IPv4 frontend subnet, specify the local ASN, and optionally add the peering device information for the BGP peer.

注意:如果计划使用 GRE 连接,则必须配置网关 BGP 对等节点。Note: You must configure the gateway BGP peers, if you plan to use GRE connections.

部署的服务实例现与网关管理器角色关联。The service instance you deployed is now associated with the gateway Manager role. 应看到它下面列出的网关 VM 实例。You should see the gateway VM instance listed under it.

  1. 在“网关容量”中,配置容量设置。In Gateway Capacity, configure the capacity settings.

    网关容量 (Mbps) 表示网关 VM 外预期的正常 TCP 带宽。The gateway capacity (Mbps) denotes the normal TCP bandwidth that is expected out of the gateway VM. 必须根据所使用的基础网络速度来设置此参数。You must set this parameter based on the underlying network speed you use.

    IPsec 隧道带宽限制为 (3/20) 的网关容量。IPsec tunnel bandwidth is limited to (3/20) of the gateway capacity. 这意味着,如果设置的网关容量为 1000 Mbps,则等效 IPsec 隧道容量可限制为 150 Mbps。Which means, if the gateway capacity is set to 1000 Mbps, the equivalent IPsec tunnel capacity would be limited to 150 Mbps.

    备注

    带宽限制是入站带宽值和出站带宽值的总和。The bandwidth limit is the total value of inbound bandwidth and outbound bandwidth.

    GRE 和 L3 隧道的等比分别为 1/5 和 1/2。The equivalent ratios For GRE, and L3 tunnels are 1/5 and 1/2 respectively.

  2. 在“为故障保留的节点”字段**** 中,配置为进行备份而保留的节点数。Configure the number of reserved nodes for back-up in Nodes for reserved for failures field.

  3. 若要配置单个网关 VM,单击每个 VM 并选择 IPv4 前端子网,指定本地 ASN,并根据需要添加 BGP 对等的对等互连设备信息。To configure individual gateway VMs, click each VM and select the IPv4 frontend subnet, specify the local ASN, and optionally add the peering device information for the BGP peer.

注意:如果计划使用 GRE 连接,则必须配置网关 BGP 对等节点。Note: You must configure the gateway BGP peers, if you plan to use GRE connections.

部署的服务实例现与网关管理器角色关联。The service instance you deployed is now associated with the gateway Manager role. 应看到它下面列出的网关 VM 实例。You should see the gateway VM instance listed under it.

验证部署Validate the deployment

部署网关后,可以配置 S2S GRE、S2S IPSec 或 L3 连接类型,并进行验证。After you deploy the gateway, you can configure S2S GRE, S2S IPSec, or L3 connection types, and validate them. 有关其他信息,请参阅下列内容:For additional information, see the following contents:

有关连接类型的详细信息,请参阅这篇文章For more information on connection types, see this article.

通过 PowerShell 设置流量选择器Set up the traffic selector from PowerShell

下面是使用 VMM PowerShell 设置流量选择器的过程。Here is the procedure to setup the traffic selector by using the VMM PowerShell.

  1. 使用以下参数创建流量选择器。Create the traffic selector by using the following parameters.

    注意:所用值仅用作示例。Note: Values used are examples only.

    $t= new-object Microsoft.VirtualManager.Remoting.TrafficSelector
    
    $t.Type=7 // IPV4=7, IPV6=8
    
    $t.ProtocolId=6 // TCP =6, reference: https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers
    
    $t.PortEnd=5090
    
    $t.PortStart=5080
    
    $t.IpAddressStart=10.100.101.10
    
    $t.IpAddressEnd=10.100.101.100
    
  2. 通过使用 Add-SCVPNConnectionSet-SCVPNConnection-LocalTrafficSelectors 参数配置上述流量选择器。Configure the above traffic selector by using -LocalTrafficSelectors parameter of Add-SCVPNConnection or Set-SCVPNConnection.

从 SDN 构造中删除网关Remove the gateway from the SDN fabric

使用这些步骤从 SDN 结构中删除网关。Use these steps to remove the gateway from the SDN fabric.