在 VMM 網狀架構中設定 SDN RAS 閘道Set up an SDN RAS gateway in the VMM fabric

重要

已不再支援此版本的 Virtual Machine Manager (VMM),建議升級至 VMM 2019This version of Virtual Machine Manager (VMM) has reached the end of support, we recommend you to upgrade to VMM 2019.

本文說明如何在 System Center - Virtual Machine Manager (VMM) 網狀架構中,設定軟體定義網路功能 (SDN) RAS 閘道。This article describes how to set up a Software Defined Networking (SDN) RAS gateway in the System Center - Virtual Machine Manager (VMM) fabric.

SDN RAS 閘道是 SDN 中的一個資料路徑元素,允許兩個自發系統之間的站對站連線。An SDN RAS gateway is a data path element in SDN that enables site-to-site connectivity between two autonomous systems. 具體來說,RAS 閘道允許遠端租用戶網路與您資料中心之間,使用 IPSec、Generic Routing Encapsulation (GRE) 或 Layer 3 Forwarding 的站對站連線。Specifically, a RAS gateway enables site-to-site connectivity between remote tenant networks and your datacenter using IPSec, Generic Routing Encapsulation (GRE) or Layer 3 Forwarding. 進一步瞭解Learn more.

注意

  • 從 VMM 2019 UR1 起,單一連線網路類型已變更為連線的網路From VMM 2019 UR1, One Connected network type is changed to Connected Network.
  • VMM 2019 UR2 和更新版本支援 IPv6。VMM 2019 UR2 and later supports IPv6.

開始之前Before you start

在開始之前,請確認下列事項:Ensure the following before you start:

  • 規劃:在文件中,閱讀規劃軟體定義網路的相關資訊,並檢閱規劃拓撲。Planning: Read about planning a software defined network, and review the planning topology in this document. 下圖顯示 4 節點設定的範例。The diagram shows a sample 4-node setup. 這是一個具有三個網路控制卡節點 (VM) 及三個 SLB/MUX 節點的高可用性設定。The setup is highly available with Three network controller nodes (VM), and Three SLB/MUX nodes. 它所顯示的兩個租用戶是由一個虛擬網路分成兩個虛擬子網路,以模擬 Web 層和資料庫層。It shows Two tenants with One virtual network broken into Two virtual subnets to simulate a web tier and a database tier. 基礎結構和租用戶虛擬機器都可以在任何實體主機上重新散發。Both the infrastructure and tenant virtual machines can be redistributed across any physical host.
  • 網路控制站︰部署 RAS 閘道之前,您必須先部署網路控制站。Network controller: You should deploy the network controller before you deploy the RAS gateway.
  • SLB︰若要確保正確處理相依性,設定閘道之前,您還必須部署 SLB。SLB: To ensure that dependencies are handled correctly, you should also deploy the SLB before setting up the gateway. 如果已設定 SLB 和閘道,就可以使用並驗證 IPsec 連線。If an SLB and a gateway are configured, you can use and validate an IPsec connection.
  • 服務範本:VMM 使用服務範本來自動化 GW 部署。Service template: VMM uses a service template to automate GW deployment. 服務範本支援在第 1 代和第 2 代 VM 上進行多節點部署。Service templates support multi-node deployment on generation 1 and generation 2 VMs.

部署步驟Deployment steps

若要設定 RAS 閘道,請執行下列作業:To set up a RAS gateway, do the following:

  1. 下載服務範本︰下載部署 GW 所需的服務範本。Download the service template: Download the service template that you need to deploy the GW.
  2. 建立 VIP 邏輯網路︰建立 GRE VIP 邏輯網路。Create the VIP logical network: Create a GRE VIP logical network. 需要 IP 位址集區供私人 VIP 使用,並且將 VIP 指派給 GRE 端點。It needs an IP address pool for private VIPs, and to assign VIPs to GRE endpoints. 此網路是為了要定義 VIP 以指派給在 SDN 網狀架構上執行的閘道 VM,供站對站 GRE 連線之用。The network exists to define VIPs that are assigned to gateway VMs running on the SDN fabric for a site-to-site GRE connection.
  3. 匯入服務範本︰匯入 RAS 閘道服務範本。Import the service template: Import the RAS gateway service template.
  4. 部署閘道︰部署閘道服務執行個體,並設定其屬性。Deploy the gateway: Deploy a gateway service instance, and configure its properties.
  5. 驗證部署︰設定站台對站台 GRE、IPSec 或 L3,並驗證該部署。Validate the deployment: Configure site-to-site GRE, IPSec, or L3, and validate the deployment.

下載服務範本Download the service template

  1. Microsoft SDN GitHub 存放庫下載 SDN 資料夾,並將 [VMM]**** >[範本]**** > [GW]**** 中的範本複製到 VMM 伺服器上的本機路徑。Download the SDN folder from the Microsoft SDN GitHub repository and copy the templates from VMM >Templates > GW to a local path on the VMM server.
  2. 將內容解壓縮至本機電腦上的資料夾。Extract the contents to a folder on a local computer. 稍後您將匯入資源庫。You'll import them to the library later.

此下載包含兩個範本:The download contains Two templates:

  • EdgeServiceTemplate_Generation 1 VM.xml 範本是用來部署第 1 代虛擬機器上的 GW 服務。The EdgeServiceTemplate_Generation 1 VM.xml template is for deploying the GW Service on generation 1 virtual machines.
  • EdgeServiceTemplate_Generation 2 VM.xml 是用來部署第 2 代虛擬機器上的 GW 服務。The EdgeServiceTemplate_Generation 2 VM.xml is for deploying the GW Service on Generation 2 virtual machines.

這兩個範本預設都有三部虛擬機器,您可以在服務範本設計工具中變更此計數。Both the templates have a default count of three virtual machines which can be changed in the service template designer.

建立 GRE VIP 邏輯網路Create the GRE VIP logical network

  1. 在 VMM 主控台中,執行「建立邏輯網路精靈」。In the VMM console, run the Create Logical Network Wizard. 鍵入 [名稱]**** 並選擇性地提供描述,然後按一下 [下一步]****。Type a Name, optionally provide a description, and click Next.
  2. 在 [設定] 中,選取 [一個已連線的網路]。In Settings, select One Connected Network. 您可以選擇性地選取 [建立有相同名稱的 VM 網路]****。Optionally you can select Create a VM network with the same name. 此設定可讓 VM 直接存取此邏輯網路。This setting allows VMs to access this logical network directly. 選取 [由網路控制卡管理]****,然後按一下 [下一步]****。Select Managed by the Network Controller, and click Next.
  • 針對 VMM 2019 UR1 和更新版本,請在設定中,選取 [連線的網路],然後選取 [由網路控制卡管理],再按一下 [下一步]。For VMM 2019 UR1 and later, in Settings, select Connected Network, and select Managed by the Network Controller, and click Next.
  1. 在 [網站]**** 中,指定下列設定︰In Network Site, specify the settings:

    以下是範例值︰Here are the sample values:

    • 網路名稱:GRE VIPNetwork name: GRE VIP
    • 子網路:31.30.30.0Subnet: 31.30.30.0
    • 遮罩:24Mask: 24
    • 主幹上的 VLAN 識別碼:無VLAN ID on trunk: NA
    • 閘道:31.30.30.1Gateway: 31.30.30.1
  1. 在 [摘要]**** 中檢閱設定,然後完成精靈。In Summary, review the settings and finish the wizard.
  1. 若要使用 IPv6,請將 IPv4 和 IPV6 子網路新增至網站。To use IPv6, add both IPv4 and IPV6 subnet to the network site. 以下是範例值︰Here are the sample values:

    • 網路名稱:GRE VIPNetwork name: GRE VIP
    • 子網路:FD4A:293D:184F:382C::Subnet: FD4A:293D:184F:382C::
    • 遮罩:64Mask: 64
    • 主幹上的 VLAN 識別碼:無VLAN ID on trunk: NA
    • 閘道:FD4A:293D:184F:382C::1Gateway: FD4A:293D:184F:382C::1
  2. 在 [摘要]**** 中檢閱設定,然後完成精靈。In Summary, review the settings and finish the wizard.

建立 GRE VIP 位址的 IP 位址集區Create an IP address pool for GRE VIP addresses

注意

從 VMM 2019 UR1 起,您可以使用建立邏輯網路精靈來建立 IP 位址集區。From VMM 2019 UR1, you can create IP address pool using Create Logical Network wizard.

  1. 以滑鼠右鍵按一下 GRE VIP 邏輯網路 > [建立 IP 集區]****。Right-click the GRE VIP logical network > Create IP Pool.
  2. 輸入集區的 [名稱]**** 和選擇性描述,並確認已選取 VIP 網路。Type a Name and optional description for the pool, and check that the VIP network is selected. 按 [下一步] 。Click Next.
  3. 接受預設的網站,然後按一下 [下一步]****。Accept the default network site and click Next.
  1. 為您的範圍選擇開始和結束 IP 位址。Choose a starting and ending IP address for your range. 在可用子網路的第二個位址開始範圍。Start the range on the second address of your available subnet. 例如,如果您可用的子網路是從 .1 到 .254,請讓範圍從 .2 開始。For example, if your available subnet is from .1 to .254, start the range at .2.
  2. 在 [保留給負載平衡器 VIP 的 IP 位址]**** 方塊中,輸入子網路中的 IP 位址範圍。In the IP addresses reserved for load balancer VIPs box, type the IP addresses range in the subnet. 這應該符合您用於開始和結束 IP 位址的範圍。This should match the range you used for starting and ending IP addresses.
  3. 您不需要提供閘道、DNS 或 WINS 資訊,因為此集區僅用來透過網路控制卡配置 VIP 的 IP 位址。You don't need to provide gateway, DNS or WINS information as this pool is used to allocate IP addresses for VIPs through the network controller only. 按一下 [下一步]**** 以跳過這些畫面。Click Next to skip these screens.
  4. 在 [摘要]**** 中檢閱設定,然後完成精靈。In Summary, review the settings and finish the wizard.
  1. 如果已建立 IPv6 子網路,請另外建立 IPv6 GRE VIP 位址集區。If you had created IPv6 subnet, create a separate IPv6 GRE VIP address pool.
  2. 為您的範圍選擇開始和結束 IP 位址。Choose a starting and ending IP address for your range. 在可用子網路的第二個位址開始範圍。Start the range on the second address of your available subnet. 例如,如果您可用的子網路是從 .1 到 .254,請讓範圍從 .2 開始。For example, if your available subnet is from .1 to .254, start the range at .2. 若要指定 VIP 範圍,請不要使用縮寫的 IPv6 位址格式:請使用 2001:db8:0:200:0:0:0:7 格式,而不要使用 2001:db8:0:200::7For specifying VIP range, don’t use the shortened form of IPv6 address; Use 2001:db8:0:200:0:0:0:7 format instead of 2001:db8:0:200::7
  3. 在 [保留給負載平衡器 VIP 的 IP 位址]**** 方塊中,輸入子網路中的 IP 位址範圍。In the IP addresses reserved for load balancer VIPs box, type the IP addresses range in the subnet. 這應該符合您用於開始和結束 IP 位址的範圍。This should match the range you used for starting and ending IP addresses.
  4. 您不需要提供閘道、DNS 或 WINS 資訊,因為此集區僅用來透過網路控制卡配置 VIP 的 IP 位址。You don't need to provide gateway, DNS or WINS information as this pool is used to allocate IP addresses for VIPs through the network controller only. 按一下 [下一步]**** 以跳過這些畫面。Click Next to skip these screens.
  5. 在 [摘要]**** 中檢閱設定,然後完成精靈。In Summary, review the settings and finish the wizard.

匯入服務範本Import the service template

  1. 按一下 [程式庫] > [匯入範本]。Click Library > Import Template.

  2. 瀏覽至您的服務範本資料夾。Browse to your service template folder. 例如,選取 EdgeServiceTemplate Generation 2.xml 檔案。As an example, select the EdgeServiceTemplate Generation 2.xml file.

  3. 當您匯入服務範本時,請更新您環境的參數。Update the parameters for your environment as you import the service template. 請注意,資源庫資源已在網路控制站部署期間匯入。Note that the library resources were imported during network controller deployment.

    • WinServer.vhdx:選取您稍早在網路控制卡部署期間準備並匯入的虛擬硬碟映像。WinServer.vhdx: Select the virtual hard drive image that you prepared and imported earlier, during the network controller deployment.
    • EdgeDeployment.CR:對應至 VMM 程式庫中的 EdgeDeployment.cr 程式庫資源。EdgeDeployment.CR: Map to the EdgeDeployment.cr library resource in the VMM library.
  4. 檢閱 [摘要]**** 頁面上的詳細資料,然後按一下 [匯入]****。On the Summary page, review the details and click Import.

    注意︰您可以自訂服務範本。Note: You can customize the service template. 深入了解Learn more.

部署閘道服務Deploy the gateway service

此範例使用第 2 代範本。This example uses the generation 2 template.

  1. 選取 EdgeServiceTemplate Generation2.xml 服務範本,然後按一下 [設定部署]****。Select the EdgeServiceTemplate Generation2.xml service template, and click Configure Deployment.

  2. 輸入服務執行個體的 [名稱]**** 並選擇目的地。Type a Name and choose a destination for the service instance. 目的地必須對應至主機群組,其中包含先前針對閘道部署而設定的主機。The destination must map to a host group that contains the hosts configured previously for gateway deployment.

  3. 在 [網路設定]**** 中,將管理網路對應至管理 VM 網路。In Network Settings, map the management network to the management VM network.

    注意:對應完成之後,就會出現 [部署服務]**** 對話方塊。Note: The Deploy Service dialog appears after mapping is complete. VM 執行個體一開始為紅色是正常的。It's normal for the VM instances to be initially Red. 按一下 [重新整理預覽]****,自動為 VM 尋找適合的主機。Click Refresh Preview to automatically find suitable hosts for the VM.

  4. 在 [設定部署]**** 視窗的左側,進行下列設定:On the left of the Configure Deployment window, configure the following settings:

    • AdminAccountAdminAccount. 必要。Required. 選取將會在閘道 VM 上作為本機系統管理員使用的執行身分帳戶。Select a RunAs account that will be used as the local administrator on the gateway VMs.
    • 管理網路Management Network. 必要。Required. 選擇您為主機管理所建立的管理 VM 網路。Choose the Management VM network that you created for host management.
    • 管理帳戶Management Account. 必要。Required. 選取有權限將閘道加入與網路控制卡建立關聯之 Active Directory 網域的執行身分帳戶。Select a Run as account with permissions to add the gateway to the Active Directory domain associated with the network controller. 此帳戶可與您在部署網路控制卡時用於 MgmtDomainAccount 的帳戶相同。This can be the same account used for MgmtDomainAccount while deploying the network controller.
    • FQDNFQDN. 必要。Required. 閘道之 Active Directory 網域的 FQDN。FQDN for the Active directory domain for the gateway.
  5. 按一下 [部署服務]**** 以開始服務部署工作。Click Deploy Service to begin the service deployment job.

    注意Note:

    • 部署時間將會視您的硬體而定,但是通常介於 30 到 60 分鐘之間。Deployment times will vary depending on your hardware but are typically between 30 and 60 minutes. 如果閘道部署失敗,請刪除 [所有主機] > [服務] 中失敗的服務執行個體,再重試部署。If gateway deployment fails, delete the failed service instance in All Hosts > Services before you retry the deployment.

    • 如果您並非使用大量授權的 VHDX (或者不是使用回應檔案提供產品金鑰),則部署將會在 VM 佈建期間停在 [產品金鑰]**** 頁面。If you aren't using a volume licensed VHDX (or the product key isn't supplied using an answer file), then deployment will stop at the Product Key page during VM provisioning. 您必須手動存取 VM 桌面,然後輸入金鑰或略過。You need to manually access the VM desktop, and either enter the key, or skip it.

    • 如果您想要相應縮小或擴充部署的 SLB 執行個體,請閱讀此部落格If you want to scale-in or scale-out a deployed SLB instance, read this blog.

閘道限制Gateway limits

下列是 NC 受管理閘道的預設限制:The following are the default limits for NC managed gateway:

  • MaxVMNetworksSupported= 50MaxVMNetworksSupported= 50
  • MaxVPNConnectionsPerVMNetwork= 10MaxVPNConnectionsPerVMNetwork= 10
  • MaxVMSubnetsSupported= 550MaxVMSubnetsSupported= 550
  • MaxVPNConnectionsSupported= 250MaxVPNConnectionsSupported= 250

覆寫閘道限制Override the gateway limits

若要覆寫預設限制,請附加覆寫字串到網路控制卡服務連接字串並在 VMM 中更新。To override the default limits, append the override string to the network controller service connection string and update in VMM.

  • MaxVMNetworksSupported= 並在後方輸入可搭配此閘道使用的 VM 網路數目。MaxVMNetworksSupported= followed by the number of VM networks that can be used with this gateway.
  • MaxVPNConnectionsPerVMNetwork= 並在後方輸入搭配此閘道使用時每個 VM 網路可建立的 VPN 連線數目。MaxVPNConnectionsPerVMNetwork= followed by the number of VPN Connections that can be created per VM network with this gateway.
  • MaxVMSubnetsSupported= 並在後方輸入可搭配此閘道使用的 VM 子網路數目。MaxVMSubnetsSupported= followed by the number of VM network subnets that can be used with this gateway.
  • MaxVPNConnectionsSupported= 並在後方輸入可搭配此閘道使用的 VPN 連線數目。MaxVPNConnectionsSupported= followed by the number of VPN Connections that can be used with this gateway.

範例Example:

若要將可搭配閘道使用的 VM 網路數目上限覆寫為 100,請更新連接字串,如下所示:To override the maximum number of VM networks that can be used with the gateway to 100, update the connection string as follows:

serverurl=https://NCCluster.contoso.com;servicename=NC_VMM_RTM; MaxVMNetworksSupported==100

設定閘道管理員角色Configure the gateway manager role

閘道服務部署好之後,您可以設定屬性,並將服務與網路控制卡服務產生關聯。Now that the gateway service is deployed, you can configure the properties, and associate it with the network controller service.

  1. 按一下 [網狀架構] > 以顯示安裝的網路服務清單。Click Fabric > Network Service to display the list of network services installed. 以滑鼠右鍵按一下網路控制站服務 > [屬性]****。Right-click the network controller service > Properties.

  2. 按一下 [服務]**** 索引標籤,選取 [閘道管理員角色]****。Click the Services tab, and select the Gateway Manager Role.

  3. 尋找 [服務資訊]**** 底下的 [相關聯的服務]**** 欄位,然後按一下 [瀏覽]****。Find the Associated Service field under Service information, and click Browse. 選取您稍早建立的閘道服務執行個體,然後按一下 [確定]****。Select the gateway service instance you created earlier, and click OK.

  4. 選取 [執行身分帳戶]****,網路控制卡將會使用此帳戶存取閘道虛擬機器。Select the Run As account that will be used by network controller to access the gateway virtual machines.

    注意:執行身分帳戶必須具有閘道 VM 的系統管理員權限。Note: The Run as account must have Administrator privileges on the gateway VMs.

  5. 在 [GRE VIP 子網路]**** 中,選取您先前建立的 VIP 子網路。In GRE VIP subnet, select the VIP subnet that you created previously.

  1. 在 [公用 IPv4 集區]**** 中,選取您在 SLB 部署期間所設定的集區。In Public IPv4 pool, select the pool you configured during SLB deployment. 在 [公用 IPv4 位址]**** 中,提供來自先前集區的 IP 位址,並確保您沒有選取範圍中的最初三個 IP 位址。In Public IPv4 address, provide an IP address from the previous pool, and ensure you don't select the initial three IP addresses from the range.
  1. 若要啟用 IPv4 支援,在 [公用 IPv4 集區] 中,選取您在 SLB 部署期間所設定的集區。To enable IPv4 support, in Public IPv4 pool, select the pool you configured during SLB deployment. 在 [公用 IPv4 位址]**** 中,提供來自先前集區的 IP 位址,並確保您沒有選取範圍中的最初三個 IP 位址。In Public IPv4 address, provide an IP address from the previous pool, and ensure you don't select the initial three IP addresses from the range.

  2. 若要啟用 IPv6 支援,請從網路控制卡屬性 > 服務中,選取 [啟用 IPv6] 核取方塊,選取您先前建立的 IPv6 GRE VIP 子網路,然後分別輸入公用 IPv6 集區和公用 IPv6 位址。To enable IPv6 support, from Network Controller Properties > Services, select Enable IPv6’ checkbox, select the IPv6 GRE VIP subnet that you have created previously, and input the public IPv6 pool and public IPv6 address respectively. 此外,選取將指派給閘道 VM 的 IPv6 前端子網路。Also, select IPv6 frontend subnet that will be assigned to Gateway VMs.

    IPv6 啟用

  3. 在 [閘道容量]**** 中,進行容量設定。In Gateway Capacity, configure the capacity settings.

    閘道容量 (Mbps) 代表超出閘道 VM 預期的一般 TCP 頻寬。The gateway capacity (Mbps) denotes the normal TCP bandwidth that is expected out of the gateway VM. 您必須根據您使用的基礎網路速度設定此參數。You must set this parameter based on the underlying network speed you use.

    IPsec 通道頻寬限於閘道容量的 (3/20)。IPsec tunnel bandwidth is limited to (3/20) of the gateway capacity. 這表示,如果閘道容量設為 1000 Mbps,則對等的 IPsec 通道容量會限制在 150 Mbps。Which means, if the gateway capacity is set to 1000 Mbps, the equivalent IPsec tunnel capacity would be limited to 150 Mbps.

    注意

    頻寬限制是輸入頻寬與輸出頻寬的總值。The bandwidth limit is the total value of inbound bandwidth and outbound bandwidth.

    GRE 和 L3 通道的對等比例分別為 1/5 和 1/2。The equivalent ratios For GRE, and L3 tunnels are 1/5 and 1/2 respectively.

  4. 在 [針對失敗保留的節點]**** 欄位中,設定保留的節點數目,以供備份使用。Configure the number of reserved nodes for back-up in Nodes for reserved for failures field.

  5. 若要設定個別閘道 VM,請按一下每個 VM 並選取 IPv4 前端子網路、指定本機 ASN,然後選擇性地新增 BGP 對等的對等互連裝置資訊。To configure individual gateway VMs, click each VM and select the IPv4 frontend subnet, specify the local ASN, and optionally add the peering device information for the BGP peer.

注意:如果您想要使用 GRE 連線,則必須設定閘道 BGP 對等。Note: You must configure the gateway BGP peers, if you plan to use GRE connections.

您部署的服務執行個體現在已經與閘道管理員角色相關聯。The service instance you deployed is now associated with the gateway Manager role. 您應該會在角色下面看到閘道 VM 執行個體。You should see the gateway VM instance listed under it.

  1. 在 [閘道容量]**** 中,進行容量設定。In Gateway Capacity, configure the capacity settings.

    閘道容量 (Mbps) 代表超出閘道 VM 預期的一般 TCP 頻寬。The gateway capacity (Mbps) denotes the normal TCP bandwidth that is expected out of the gateway VM. 您必須根據您使用的基礎網路速度設定此參數。You must set this parameter based on the underlying network speed you use.

    IPsec 通道頻寬限於閘道容量的 (3/20)。IPsec tunnel bandwidth is limited to (3/20) of the gateway capacity. 這表示,如果閘道容量設為 1000 Mbps,則對等的 IPsec 通道容量會限制在 150 Mbps。Which means, if the gateway capacity is set to 1000 Mbps, the equivalent IPsec tunnel capacity would be limited to 150 Mbps.

    注意

    頻寬限制是輸入頻寬與輸出頻寬的總值。The bandwidth limit is the total value of inbound bandwidth and outbound bandwidth.

    GRE 和 L3 通道的對等比例分別為 1/5 和 1/2。The equivalent ratios For GRE, and L3 tunnels are 1/5 and 1/2 respectively.

  2. 在 [針對失敗保留的節點]**** 欄位中,設定保留的節點數目,以供備份使用。Configure the number of reserved nodes for back-up in Nodes for reserved for failures field.

  3. 若要設定個別閘道 VM,請按一下每個 VM 並選取 IPv4 前端子網路、指定本機 ASN,然後選擇性地新增 BGP 對等的對等互連裝置資訊。To configure individual gateway VMs, click each VM and select the IPv4 frontend subnet, specify the local ASN, and optionally add the peering device information for the BGP peer.

注意:如果您想要使用 GRE 連線,則必須設定閘道 BGP 對等。Note: You must configure the gateway BGP peers, if you plan to use GRE connections.

您部署的服務執行個體現在已經與閘道管理員角色相關聯。The service instance you deployed is now associated with the gateway Manager role. 您應該會在角色下面看到閘道 VM 執行個體。You should see the gateway VM instance listed under it.

驗證部署Validate the deployment

部署閘道之後,您可以設定 S2S GRE、S2S IPSec 或 L3 連線類型,然後驗證閘道。After you deploy the gateway, you can configure S2S GRE, S2S IPSec, or L3 connection types, and validate them. 如需其他資訊,請參閱下列內容:For additional information, see the following contents:

如需連線類型的詳細資訊,請參閱此文章For more information on connection types, see this article.

從 PowerShell 設定流量選取器Set up the traffic selector from PowerShell

以下是透過 VMM PowerShell 設定流量選取器的程序。Here is the procedure to setup the traffic selector by using the VMM PowerShell.

  1. 使用下列參數建立流量選取器。Create the traffic selector by using the following parameters.

    請注意︰使用的值只是範例。Note: Values used are examples only.

    $t= new-object Microsoft.VirtualManager.Remoting.TrafficSelector
    
    $t.Type=7 // IPV4=7, IPV6=8
    
    $t.ProtocolId=6 // TCP =6, reference: https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers
    
    $t.PortEnd=5090
    
    $t.PortStart=5080
    
    $t.IpAddressStart=10.100.101.10
    
    $t.IpAddressEnd=10.100.101.100
    
  2. 使用 Add-SCVPNConnectionSet-SCVPNConnection-LocalTrafficSelectors 參數設定上述流量選取器。Configure the above traffic selector by using -LocalTrafficSelectors parameter of Add-SCVPNConnection or Set-SCVPNConnection.

從 SDN 網狀架構中移除閘道Remove the gateway from the SDN fabric

使用這些步驟,以從 SDN 網狀架構中移除閘道。Use these steps to remove the gateway from the SDN fabric.