网络的新增功能What's new in networking

适用于:Windows Server 2016Applies to: Windows Server 2016

以下是 Windows Server 2016 中新增或增强的网络技术。Following are the new or enhanced networking technologies in Windows Server 2016.
Upd 本主题包含以下各节。Upd This topic contains the following sections.

新的联网功能和技术New Networking Features and Technologies

网络是软件定义数据中心 (SDDC) 平台的基础部分和 Windows Server 2016 提供了新的和改进软件定义网络 (SDN) 技术来帮助你为你的组织将移动到完全实现的 SDDC 解决方案。Networking is a foundational part of the Software Defined Datacenter (SDDC) platform, and Windows Server 2016 provides new and improved Software Defined Networking (SDN) technologies to help you move to a fully realized SDDC solution for your organization.

当您管理网络作为软件定义资源时,您可以描述应用程序的基础结构要求一次,然后选择应用程序运行所在的本地或云中。When you manage networks as a software defined resource, you can describe an application's infrastructure requirements one time, and then choose where the application runs - on premises or in the cloud. 这种一致性意味着,您的应用程序现在更容易进行缩放,并且可以无缝地运行应用程序,任何位置,且其安全性、 性能、 服务和可用性的质量。This consistency means that your applications are now easier to scale and you can seamlessly run applications , anywhere, with equal confidence around security, performance, quality of service, and availability.

以下部分包含有关这些信息的新增网络功能和技术。The following sections contain information about these new networking features and technologies.

软件定义的网络基础结构Software Defined Networking Infrastructure

以下是新的或改进 SDN 基础结构技术。Following are the new or improved SDN infrastructure technologies.

  • 网络控制器Network Controller. 新 Windows Server 2016 中,在网络控制器提供集中的可编程点,可用于管理、 配置、 监视和故障排除你的数据中心中的虚拟和物理网络基础结构自动。New in Windows Server 2016, Network Controller provides a centralized, programmable point of automation to manage, configure, monitor, and troubleshoot virtual and physical network infrastructure in your datacenter. 使用网络控制器可以自动配置网络基础结构,而无需手动执行网络设备和服务的配置。Using Network Controller, you can automate the configuration of network infrastructure instead of performing manual configuration of network devices and services. 有关详细信息,请参阅网络控制器部署软件定义的网络使用脚本For more information, see Network Controller and Deploy Software Defined Networks using scripts.

  • HYPER-V 虚拟交换机Hyper-V Virtual Switch. HYPER-V 虚拟交换机的 HYPER-V 主机上运行,并允许您创建分布式切换和路由、 策略强制层这也对齐且与 Microsoft Azure 兼容。The Hyper-V Virtual Switch runs on Hyper-V hosts, and allows you to create distributed switching and routing, and a policy enforcement layer that is aligned and compatible with Microsoft Azure. 有关详细信息,请参阅 Hyper-V 虚拟交换机For more information, see Hyper-V Virtual Switch.

  • 网络功能虚拟化 (NFV)Network Function Virtualization (NFV). 在当今的软件中定义的数据中心,由硬件设备 (如负载均衡器、 防火墙、 路由器、 交换机等) 正在执行的网络功能越来越多地被部署为虚拟设备。In today's software defined datacenters, network functions that are being performed by hardware appliances (such as load balancers, firewalls, routers, switches, and so on) are increasingly being deployed as virtual appliances. 服务器虚拟化和网络虚拟化自然而然地形成了这种“网络功能虚拟化”。This "network function virtualization" is a natural progression of server virtualization and network virtualization. 虚拟设备快速按新出现的和创建新的市场。Virtual appliances are quickly emerging and creating a brand new market. 它们继续生成感兴趣和获取这两个虚拟化平台中的动量和云服务。They continue to generate interest and gain momentum in both virtualization platforms and cloud services. Windows Server 2016 中提供了以下 NFV 技术。The following NFV technologies are available in Windows Server 2016.

    • 数据中心防火墙Datacenter Firewall. 此分布式的防火墙提供了精细的访问控制列表 (Acl),您可以将防火墙策略级别的 VM 的接口或子网级别应用。This distributed firewall provides granular access control lists (ACLs), enabling you to apply firewall policies at the VM interface level or at the subnet level.

      有关详细信息,请参阅数据中心防火墙概述For more information, see Datacenter Firewall Overview.

    • RAS 网关RAS Gateway. RAS 网关可用于虚拟网络与物理网络,包括从云数据中心的站点到站点 VPN 连接到租户的远程站点之间路由流量。You can use RAS Gateway for routing traffic between virtual networks and physical networks, including site-to-site VPN connections from your cloud datacenter to your tenants' remote sites. 具体而言,可以部署 Internet 密钥交换版本 2 (IKEv2) 站点到站点虚拟专用网络 (Vpn),第 3 层 (L3) VPN 和通用路由封装 (GRE) 网关。Specifically, you can deploy Internet Key Exchange version 2 (IKEv2) site-to-site virtual private networks (VPNs), Layer 3 (L3) VPN, and Generic Routing Encapsulation (GRE) gateways. 此外,现在支持网关池和 M + N 冗余的网关;和边界网关协议 (BGP) 路由反射器功能提供了适用于所有网关方案 (IKEv2 VPN、 GRE VPN 和 L3 VPN) 网络之间的动态路由。In addition, gateway pools and M+N redundancy of gateways are now supported; and Border Gateway Protocol (BGP) with Route Reflector capabilities provides dynamic routing between networks for all gateway scenarios (IKEv2 VPN, GRE VPN, and L3 VPN).

      有关详细信息,请参阅What's New in RAS 网关用于 SDN 的 RAS 网关For more information, see What's New in RAS Gateway and RAS Gateway for SDN.

    • 软件负载均衡器 (SLB) 和网络地址转换 (NAT)Software Load Balancer (SLB) and Network Address Translation (NAT). 北-南和东-西层 4 个负载均衡器和 NAT 支持直接服务器返回与返回的网络流量可以绕过负载均衡多路复用器,从而增强了吞吐量。The north-south and east-west layer 4 load balancer and NAT enhances throughput by supporting Direct Server Return, with which the return network traffic can bypass the Load Balancing multiplexer.
      有关详细信息,请参阅软件负载平衡(SLB)用于 SDNFor more information, see Software Load Balancing (SLB) for SDN.

    有关详细信息,请参阅网络功能虚拟化For more information, see Network Function Virtualization.

  • 标准化协议Standardized Protocols. 网络控制器使用 JavaScript 对象表示法 (JSON) 的有效负载其 northbound 接口上使用具象状态传输 (REST)。Network Controller uses Representational State Transfer (REST) on its northbound interface with JavaScript Object Notation (JSON) payloads. 网络控制器 southbound 接口使用打开 vSwitch 数据库管理协议 (OVSDB)。The Network Controller southbound interface uses Open vSwitch Database Management Protocol (OVSDB).

  • 灵活的封装技术Flexible encapsulation technologies. 这些技术在数据平面操作和支持虚拟可扩展 LAN (VxLAN) 和网络虚拟化通用路由封装 (NVGRE)。These technologies operate at the data plane, and support both Virtual Extensible LAN (VxLAN) and Network Virtualization Generic Routing Encapsulation (NVGRE). 有关详细信息,请参阅Windows Server 2016 中的 GRE 隧道For more information, see GRE Tunneling in Windows Server 2016.

SDN 的详细信息,请参阅软件定义的网络(SDN)For more information about SDN, see Software Defined Networking (SDN).

云规模基础知识Cloud Scale Fundamentals

以下云规模基础知识现已推出。The following cloud scale fundamentals are now available.

  • 聚合网络接口卡 (NIC)Converged Network Interface Card (NIC). 聚合的 NIC,可使用单个网络适配器进行管理,启用远程直接内存访问 RDMA 的存储和租户通信。The converged NIC allows you to use a single network adapter for management, Remote Direct Memory Access (RDMA)-enabled storage, and tenant traffic. 这可以减少与数据中心,每个服务器相关联的资本支出,因为需要更少的网络适配器,以管理不同类型的每个服务器的流量。This reduces the capital expenditures that are associated with each server in your datacenter, because you need fewer network adapters to manage different types of traffic per server.

  • Packet DirectPacket Direct. 数据包直接提供了高网络流量吞吐量和低延迟数据包处理基础结构。Packet Direct provides a high network traffic throughput and low-latency packet processing infrastructure.

  • 交换机嵌入式组合 (SET)Switch Embedded Teaming (SET). 集是在 HYPER-V 虚拟交换机中集成的 NIC 组合解决方案。SET is a NIC Teaming solution that is integrated in the Hyper-V Virtual Switch. 设置允许的最多八个物理 NIC 组合到单个集团队,这提高了可用性,并提供故障转移。SET allows the teaming of up to eight physical NICS into a single SET team, which improves availability and provides failover. 在 Windows Server 2016 中,可以创建仅限于使用服务器消息块 (SMB) 和 RDMA 的集团队。In Windows Server 2016, you can create SET teams that are restricted to the use of Server Message Block (SMB) and RDMA. 此外,可以使用组团队为 HYPER-V 网络虚拟化分配网络流量。In addition, you can use SET teams to distribute network traffic for Hyper-V Network Virtualization. 有关详细信息,请参阅远程直接内存访问(RDMA)和交换机嵌入式组合(设置)For more information, see Remote Direct Memory Access (RDMA) and Switch Embedded Teaming (SET).

其他网络技术的新功能New Features for Additional Networking Technologies

本部分包含有关熟悉网络技术的新功能的信息。This section contains information about new features for familiar networking technologies.

DHCPDHCP

DHCP 是一项 Internet 工程任务组 (IETF) 标准,旨在减轻在基于 TCP/IP 的网络(如私人内部网)上配置主机的管理负担并降低复杂度。DHCP is an Internet Engineering Task Force (IETF) standard that is designed to reduce the administrative burden and complexity of configuring hosts on a TCP/IP-based network, such as a private intranet. 使用 DHCP 服务器服务,在 DHCP 客户端上配置 TCP/IP 的过程是自动进行的。By using the DHCP Server service, the process of configuring TCP/IP on DHCP clients is automatic.

有关详细信息,请参阅What's New in DHCPFor more information, see What's New in DHCP.

DNSDNS

DNS 是 TCP/IP 网络中用于命名计算机和网络服务的系统。DNS is a system that is used in TCP/IP networks for naming computers and network services. DNS 命名通过用户友好的名称定位计算机和服务。DNS naming locates computers and services through user-friendly names. 当用户在应用程序中输入 DNS 名称时,DNS 服务可以将该名称解析为与此名称关联的其他信息,如 IP 地址。When a user enters a DNS name in an application, DNS services can resolve the name to other information that is associated with the name, such as an IP address.

下面是有关 DNS 客户端和 DNS 服务器的信息。Following is information about DNS Client and DNS Server.

DNS 客户端DNS Client

以下是新的或改进了 DNS 客户端技术。Following are the new or improved DNS client technologies.

  • DNS 客户端服务绑定DNS Client service binding. 在 Windows 10 中,DNS 客户端服务提供的增强的支持具有多个网络接口的计算机。In Windows 10, the DNS Client service offers enhanced support for computers with more than one network interface.

有关详细信息,请参阅What's New in Windows Server 2016 中 DNS 客户端For more information, see What's New in DNS Client in Windows Server 2016

DNS 服务器DNS Server

以下是新的或改进了 DNS 服务器技术。Following are the new or improved DNS server technologies.

  • DNS 策略DNS Policies. 可以配置 DNS 策略来指定 DNS 服务器响应 DNS 查询的方式。You can configure DNS policies to specify how a DNS server responds to DNS queries. DNS 响应可以在客户端 IP 地址 (位置) 上基于时间的天和几个其他参数。DNS responses can be based on client IP address (location), time of the day, and several other parameters. DNS 策略启用位置感知型 DNS、 流量管理、 负载平衡、 拆分式 DNS 和其他方案。DNS policies enable location-aware DNS, traffic management, load balancing, split-brain DNS, and other scenarios.

  • 对文件的 Nano Server 支持基于 DNS,可以部署在 Windows Server 2016 Nano Server 映像上的 DNS 服务器。Nano Server support for file based DNS, You can deploy DNS server in Windows Server 2016 on a Nano Server image. 此部署选项可供你如果使用的基于文件的 DNS。This deployment option is available to you if you are using file based DNS. 通过在 Nano Server 映像上的 DNS 服务器正在运行,可以使用减少占用空间、 快速启动,和最小化修补运行你的 DNS 服务器。By running DNS server on a Nano Server image, you can run your DNS servers with reduced footprint, quick boot up, and minimized patching.

    备注

    Active Directory 集成的 DNS 不支持 Nano Server 上。Active Directory integrated DNS is not supported on Nano Server.

  • 响应速率限制 (RRL)Response Rate Limiting (RRL). 可以让你的 DNS 服务器上的响应速率限制。You can enable response rate limiting on your DNS servers. 通过执行此操作,可以避免恶意使用你的 DNS 服务器来启动拒绝服务攻击,DNS 客户端上的系统中的可能性。By doing this, you avoid the possibility of malicious systems using your DNS servers to initiate a denial of service attack on a DNS client.

  • 基于 DNS 的身份验证的命名实体 (窗格会)DNS-based Authentication of Named Entities (DANE). 可以使用 TLSA (传输层安全身份验证) 记录向哪些证书颁发机构 (CA),它们应期望从你的域名的证书状态的 DNS 客户端提供的信息。You can use TLSA (Transport Layer Security Authentication) records to provide information to DNS clients that state what certification authority (CA) they should expect a certificate from for your domain name. 这样可以防止拦截的攻击,有人可能会损坏 DNS 缓存,以指向其自己的网站,并提供它们从不同的 CA 颁发的证书。This prevents man-in-the-middle attacks where someone might corrupt the DNS cache to point to their own website, and provide a certificate they issued from a different CA.

  • 未知的记录支持Unknown record support.
    您可以添加记录不显式支持的使用未知的记录功能的 Windows DNS 服务器。You can add records which are not explicitly supported by the Windows DNS server using the unknown record functionality.

  • IPv6 根提示IPv6 root hints.
    可以使用根提示支持执行使用 IPV6 根服务器的 internet 名称解析的本机 IPV6。You can use the native IPV6 root hints support to perform internet name resolution using the IPV6 root servers.

  • 改进了 Windows PowerShell 支持Improved Windows PowerShell Support.
    为 DNS 服务器提供了新的 Windows PowerShell cmdlet。New Windows PowerShell cmdlets are available for DNS Server.

有关详细信息,请参阅What's New in Windows Server 2016 中 DNS 服务器For more information, see What's New in DNS Server in Windows Server 2016

GRE 隧道GRE Tunneling

RAS 网关现在支持站点到站点连接和网关的 M + N 冗余的高可用性通用路由封装 (GRE) 隧道。RAS Gateway now supports high availability Generic Routing Encapsulation (GRE) tunnels for site to site connections and M+N redundancy of gateways. GRE 是一种轻型隧道协议,可以在 Internet 协议网间上的虚拟点对点链路内封装各种网络层协议。GRE is a lightweight tunneling protocol that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol internetwork.

有关详细信息,请参阅Windows Server 2016 中的 GRE 隧道For more information, see GRE Tunneling in Windows Server 2016.

HYPER-V 网络虚拟化Hyper-V Network Virtualization

在 Windows Server 2012 中引入的 HYPER-V 网络虚拟化 (HNV) 可以实现在共享物理网络基础结构之上的客户网络的虚拟化。Introduced in Windows Server 2012, Hyper-V Network Virtualization (HNV) enables virtualization of customer networks on top of a shared physical network infrastructure. 需在物理网络 fabric 上的最小更改,HNV 使服务提供商可以部署和任何位置跨三个云迁移的租户工作负荷的灵活性: 服务提供商云、 私有云或 Microsoft Azure 公有云。With minimal changes necessary on the physical network fabric, HNV gives service providers the agility to deploy and migrate tenant workloads anywhere across the three clouds: the service provider cloud, the private cloud, or the Microsoft Azure public cloud.

有关详细信息,请参阅What's New in Windows Server 2016 中的 HYPER-V 网络虚拟化For more information, see What's New in Hyper-V Network Virtualization in Windows Server 2016

IPAMIPAM

IPAM 提供组织网络上的 IP 地址和 DNS 基础结构的高度可自定义管理和监视能力。IPAM provides highly customizable administrative and monitoring capabilities for the IP address and DNS infrastructure on an organization network. 使用 IPAM,可以监视、 审核,并管理运行动态主机配置协议 (DHCP) 和域名系统 (DNS) 服务器。Using IPAM, you can monitor, audit, and manage servers that are running Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS).

  • 增强的 IP 地址管理Enhanced IP address management.
    IPAM 功能被改进的方案,例如处理/32 IPv4 和 IPv6 为/128 子网和 IP 地址块中查找可用的 IP 地址子网和范围。IPAM capabilities are improved for scenarios such as handling IPv4 /32 and IPv6 /128 subnets and finding free IP address subnets and ranges in an IP address block.

  • 增强的 DNS 服务管理Enhanced DNS service management.
    IPAM 支持 DNS 资源记录、 条件转发器和 DNS 区域管理这两个已加入域的 Active Directory 集成和支持文件的 DNS 服务器。IPAM supports DNS resource record, conditional forwarder, and DNS zone management for both domain-joined Active Directory-integrated and file-backed DNS servers.

  • 集成的 DNS、 DHCP 和 IP 地址 (DDI) 管理Integrated DNS, DHCP, and IP address (DDI) management.
    多个新体验和已启用集成的生命周期管理操作,例如可视化所有 DNS 资源记录适用于 IP 地址,基于 DNS 资源记录和 IP 地址生命周期管理的 IP 地址的自动化的清单有关 DNS 和 DHCP 的操作。Several new experiences and integrated lifecycle management operations are enabled, such as visualizing all DNS resource records that pertain to an IP address, automated inventory of IP addresses based on DNS resource records, and IP address lifecycle management for both DNS and DHCP operations.

  • 多个 Active Directory 林支持Multiple Active Directory Forest support.
    IPAM 可用于管理多个 Active Directory 林的 DNS 和 DHCP 服务器时安装 IPAM 的林和每个远程林之间具有双向信任关系。You can use IPAM to manage the DNS and DHCP servers of multiple Active Directory forests when there is a two-way trust relationship between the forest where IPAM is installed and each of the remote forests.

  • 基于角色的访问控制的 Windows PowerShell 支持Windows PowerShell support for Role Based Access Control.
    可以使用 Windows PowerShell IPAM 对象上设置访问作用域。You can use Windows PowerShell to set access scopes on IPAM objects.

有关详细信息,请参阅What's New in IPAM管理 IPAMFor more information, see What's New in IPAM and Manage IPAM.