什麼是軟體定義網路的 RAS 閘道?What is RAS Gateway for Software Defined Networking?

適用于 Azure Stack HCI,版本 20H2;Windows Server 2019Applies to Azure Stack HCI, version 20H2; Windows Server 2019

遠端存取服務 (RAS) 閘道是以軟體為基礎邊界閘道協定 (BGP) 支援的路由器,它是針對雲端服務提供者所設計, (Csp) 和使用 Hyper-v 網路虛擬化 (HNV) 裝載多租使用者虛擬網路的企業。Remote Access Service (RAS) Gateway is a software-based Border Gateway Protocol (BGP) capable router designed for cloud service providers (CSPs) and enterprises that host multitenant virtual networks using Hyper-V Network Virtualization (HNV). 您可以使用 RAS 閘道,在虛擬網路與另一個網路(本機或遠端)之間路由傳送網路流量。You can use RAS Gateway to route network traffic between a virtual network and another network, either local or remote.

RAS 閘道需要 網路控制站,它會執行閘道集區的部署、設定每個閘道上的租使用者連線,並在閘道失敗時,將網路流量切換到待命閘道。RAS Gateway requires Network Controller, which performs the deployment of gateway pools, configures tenant connections on each gateway, and switches network traffic flows to a standby gateway in the event of a gateway failure.

注意

多組織使用者共用是雲端基礎結構支援虛擬機器的能力, (VM) 多個租使用者的工作負載,但卻彼此隔離,而所有的工作負載都在相同的基礎結構上執行。Multitenancy is the ability of a cloud infrastructure to support the virtual machine (VM) workloads of multiple tenants, yet isolate them from each other, while all of the workloads run on the same infrastructure. 個別租用戶的多個工作負載可以互連並從遠端管理,但是這些系統不會與其他租用戶的工作負載互連,其他租用戶也無法從遠端管理它們。The multiple workloads of an individual tenant can interconnect and be managed remotely, but these systems do not interconnect with the workloads of other tenants, nor can other tenants remotely manage them.

RAS 閘道功能RAS Gateway features

RAS 閘道為虛擬私人網路提供許多功能, (VPN) 、通道、轉送和動態路由。RAS Gateway offers a number of features for virtual private network (VPN), tunneling, forwarding, and dynamic routing.

站對站 IPsec VPNSite-to-Site IPsec VPN

此 RAS 閘道功能可讓您使用站對站 (S2S) 虛擬私人網路 (VPN) 連線,將兩個網路連線到網際網路上不同的實體位置。This RAS Gateway feature allows you to connect two networks at different physical locations across the Internet by using a Site-to-Site (S2S) virtual private network (VPN) connection. 這是使用 IKEv2 VPN 通訊協定的加密連接。This is an encrypted connection, using IKEv2 VPN protocol.

對於在其資料中心裝載許多租使用者的 Csp,RAS 閘道提供多租使用者閘道解決方案,可讓租使用者透過來自遠端網站的站對站 VPN 連線來存取和管理其資源。For CSPs that host many tenants in their datacenter, RAS Gateway provides a multitenant gateway solution that allows tenants to access and manage their resources over site-to-site VPN connections from remote sites. RAS 閘道可讓您資料中心內的虛擬資源與其實體網路之間的網路流量流動。RAS Gateway allows network traffic flow between virtual resources in your datacenter and their physical network.

站對站 GRE 通道Site-to-Site GRE tunnels

(GRE) 型通道的一般路由封裝可讓租使用者虛擬網路與外部網路之間的連線。Generic Routing Encapsulation (GRE)-based tunnels enable connectivity between tenant virtual networks and external networks. 因為 GRE 通訊協定是輕量的,且大部分的網路裝置都有支援 GRE,所以這是不需要加密資料的通道的理想選擇。Because the GRE protocol is lightweight and support for GRE is available on most network devices, it is an ideal choice for tunneling where encryption of data is not required.

S2S 通道中的 GRE 支援可解決租使用者虛擬網路與使用多租使用者閘道的租使用者外部網路之間的轉送問題。GRE support in S2S tunnels solves the problem of forwarding between tenant virtual networks and tenant external networks using a multitenant gateway.

第三層轉送Layer 3 forwarding

第 3 層 (L3) 轉寄能在資料中心實體基礎結構與 Hyper-V 網路虛擬雲端虛擬基礎結構之間建立連線。Layer 3 (L3) forwarding enables connectivity between the physical infrastructure in the datacenter and the virtualized infrastructure in the Hyper-V network virtualization cloud. 使用 L3 轉送連線,租使用者網路 Vm 可以透過 SDN 閘道連接到實體網路,此閘道已在軟體定義網路 (SDN) 環境中設定。Using L3 forwarding connection, tenant network VMs can connect to a physical network through the SDN gateway, which is already configured in a software defined networking (SDN) environment. 在這種情況下,SDN 閘道的作用是虛擬網路和實體網路之間的路由器。In this case, the SDN gateway acts as a router between the virtualized network and the physical network.

使用 BGP 的動態路由Dynamic routing with BGP

BGP 可以降低在路由器上手動路由設定的需求,因為它是動態路由通訊協定,並且會自動學習使用站台對站台 VPN 連線來連接的網站之間的路由。BGP reduces the need for manual route configuration on routers because it is a dynamic routing protocol, and automatically learns routes between sites that are connected by using site-to-site VPN connections. 如果您的組織有多個使用啟用 BGP 的路由器(例如 RAS 閘道)連線的網站,BGP 可讓路由器在發生網路中斷或失敗時,自動計算和使用有效的路由。If your organization has multiple sites that are connected using BGP-enabled routers such as RAS Gateway, BGP allows the routers to automatically calculate and use valid routes to each other in the event of network disruption or failure.

RAS 閘道隨附的 BGP 路由反映程式,提供在路由器之間路由同步處理所需的 BGP 完整網狀拓撲的替代方案。The BGP Route Reflector included with RAS Gateway provides an alternative to BGP full mesh topology that is required for route synchronization between routers. 如需詳細資訊,請參閱 什麼是路由反映程式?For more information, see What Is Route Reflector?

RAS 閘道的運作方式How RAS Gateway works

RAS 閘道會在實體網路與 VM 網路資源之間路由傳送網路流量,而不論其位置為何。RAS Gateway routes network traffic between the physical network and VM network resources, regardless of the location. 您可以在相同的實體位置或許多不同的位置,路由傳送網路流量。You can route the network traffic at the same physical location or many different locations.

您可以在高可用性集區中部署 RAS 閘道,同時使用多個功能。You can deploy RAS Gateway in high availability pools that use multiple features at once. 閘道集區包含多個 RAS 閘道實例,以提供高可用性及容錯移轉。Gateway pools contain multiple instances of RAS Gateway for high availability and failover.

您可以藉由新增或移除集區中的閘道 Vm,輕鬆地相應增加或減少閘道集區。You can easily scale a gateway pool up or down by adding or removing gateway VMs in the pool. 移除或新增閘道不會中斷集區所提供的服務。Removal or addition of gateways does not disrupt the services that are provided by a pool. 您也可以新增和移除整個閘道集區。You can also add and remove entire pools of gateways. 如需詳細資訊,請參閱 RAS 閘道高可用性For more information, see RAS Gateway High Availability.

每個閘道集區都提供 M + N 個冗余。Every gateway pool provides M+N redundancy. 這表示,「作用中閘道 Vm」的數目是由「N」個待命閘道 Vm 的數目所備份。This means that 'M' number of active gateway VMs are backed up by 'N' number of standby gateway VMs. 當您部署 RAS 閘道時,M + N 冗余可讓您更有彈性地判斷所需的可靠性層級。M+N redundancy provides you with more flexibility in determining the level of reliability that you require when you deploy RAS Gateway.

您可以將單一公用 IP 位址指派給所有集區,或指派給集區的子集。You can assign a single public IP address to all pools or to a subset of pools. 這麼做可大幅減少您必須使用的公用 IP 位址數目,因為所有租使用者都可以在單一 IP 位址上連接到雲端。Doing so greatly reduces the number of public IP addresses that you must use, because it is possible to have all tenants connect to the cloud on a single IP address.

後續步驟Next steps

如需相關資訊,另請參閱:For related information, see also: