部署軟體定義的網路基礎結構使用指令碼,Deploy a Software Defined Network Infrastructure Using Scripts

適用於:Windows Server(以每年次管道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

本主題涵蓋如何部署 Microsoft 軟體定義網路 (SDN) 基礎結構使用指令碼。This topic covers how to deploy a Microsoft Software Defined Network (SDN) infrastructure using scripts. 基礎結構包含可用性 (HA) 網路控制器,哈軟體負載平衡器 (SLB) 日 MUX,virtual 網路和相關存取控制清單 (Acl)。The infrastructure includes a highly available (HA) network controller, an HA Software Load Balancer (SLB)/MUX, virtual networks, and associated Access Control Lists (ACLs). 此外,另一個指令碼部署承租人工作負載驗證您的 SDN 基礎結構。Additionally, another script deploys a tenant workload for you to validate your SDN infrastructure.

如果您想外他們 virtual 網路通訊您承租人工作負載,您可以設定 SLB NAT 規則、網站-閘道的通道,或層級 3 轉寄 virtual 與實體工作負載之間傳送。If you want your tenant workloads to communicate outside their virtual networks, you can setup SLB NAT rules, Site-to-Site Gateway tunnels, or Layer-3 Forwarding to route between virtual and physical workloads.

您也可以將使用一樣 Manager (VMM) SDN 基礎結構部署。You can also deploy an SDN infrastructure using Virtual Machine Manager (VMM). 如需詳細資訊,請查看設定中 VMM fabric 軟體定義網路 (SDN) 基礎架構For more information, see Set up a Software Defined Network (SDN) infrastructure in the VMM fabric.

預先部署Pre-deployment

重要

部署在您開始之前,您必須計畫並設定您的主機和實體網路基礎結構。Before you begin deployment, you must plan and configure your hosts and physical network infrastructure. 如需詳細資訊,請查看計劃軟體定義網路基礎架構For more information, see Plan a Software Defined Network Infrastructure.

所有 HYPER-V 主機必須都已安裝 Windows Server 2016。All Hyper-V hosts must have Windows Server 2016 installed.

部署步驟Deployment Steps

開始設定 HYPER-V 主機(實體伺服器)HYPER-V virtual 切換及 IP 位址設定。Start by configuring the Hyper-V host's (physical servers) Hyper-V virtual switch and IP address assignment. 可使用任何相容於 HYPER-V,共用或本機存放裝置類型。Any storage type that is compatible with Hyper-V, shared or local may be used.

安裝主機的網路Install host networking

  1. 安裝最新的網路驅動程式可供您 NIC 的硬體。Install the latest network drivers available for your NIC hardware.
  2. 在所有主機上安裝 HYPER-V 角色 (如需詳細資訊,請查看開始使用 Windows Server 2016 上 HYPER-VInstall the Hyper-V role on all hosts (For more information, see Get started with Hyper-V on Windows Server 2016.

    從 Windows PowerShellcommand 提升權限提示:From an elevated Windows PowerShellcommand prompt:
    Install-WindowsFeature -Name Hyper-V -ComputerName <computer_name> -IncludeManagementTools -Restart

    a。a. 建立 HYPER-V virtual 切換(使用相同的所有主機切換名稱。Create the Hyper-V virtual switch (use the same switch name for all hosts. For example: sdnSwitch)。For example: sdnSwitch). 設定一個以上的網路介面卡,或使用切換 Embedded 小組,如果設定至少兩部網路介面卡。Configure at least one network adapter or, if using Switch Embedded Teaming, configure at least two network adapters. 使用兩個 Nic 時,最大值輸入分配就會發生。Maximum inbound spreading occurs when using two NICs.
    New-VMSwitch "<switch name>" -NetAdapterName "<NetAdapter1>" [, "<NetAdapter2>" -EnableEmbeddedTeaming $True] -AllowManagementOS $True

    注意

    如果您有不同管理 Nic,您可以跳過步驟 3、4。You can skip steps 3 and 4 if you have separate Management NICs.

  3. 規劃主題參考 (計劃軟體定義網路基礎結構),可以使用您的網路管理員以取得 VLAN ID 管理 VLAN。Refer to the planning topic (Plan a Software Defined Network Infrastructure) and work with your network administrator to obtain the VLAN ID of the Management VLAN. 管理 VLAN 附加管理但 vNIC 的新建立的 Virtual 切換。Attach the Management vNIC of the newly created Virtual Switch to the Management VLAN. 如果您的環境並不會使用 VLAN 標記可以忽略此步驟。This step can be omitted if your environment does not use VLAN tags.
    Set-VMNetworkAdapterIsolation -ManagementOS -IsolationMode Vlan -DefaultIsolationID <Management VLAN> -AllowUntaggedTraffic $True

  4. 規劃主題參考 (計劃軟體定義網路基礎結構),可以使用您的網路系統管理員使用「DHCP 或將 IP 位址指派給新建立的 vSwitch 的管理但 vNIC 靜態 IP 設定。Refer to the planning topic (Plan a Software Defined Network Infrastructure) and work with your network administrator to use either DHCP or static IP assignments to assign an IP address to the Management vNIC of the newly created vSwitch. 下例示範如何建立靜態 IP 位址,並將它指派給的 vSwitch 管理但 vNIC:The following example shows how to create a static IP address and assign it to the Management vNIC of the vSwitch:
    New-NetIPAddress -InterfaceAlias "vEthernet (<switch name>)" -IPAddress <IP> -DefaultGateway <Gateway IP> -AddressFamily IPv4 -PrefixLength <Length of Subnet Mask - for example: 24>

  5. [選擇性]部署一樣主機 Active Directory Domain Services (安裝 Active Directory Domain Services (層級 100)和 [DNS 伺服器。[Optional] Deploy a virtual machine to host Active Directory Domain Services (Install Active Directory Domain Services (Level 100) and a DNS Server.

    a。a. 若要管理 VLAN 連接 Active Directory 日 DNS 伺服器一樣:Connect the Active Directory/DNS Server virtual machine to the Management VLAN:

         Set-VMNetworkAdapterIsolation -VMName "<VM Name>" -Access -VlanId <Management VLAN> -AllowUntaggedTraffic $True  
    

    b。b. Active Directory Domain Services 和 DNS 安裝。Install Active Directory Domain Services and DNS.

    注意

    網路控制器驗證支援 X.509 和 Kerberos 憑證。The network controller supports both Kerberos and X.509 certificates for authentication. 本指南會針對不同用途使用這兩個驗證機制(但只能有一個是必要的)。This guide uses both authentication mechanisms for different purposes (although only one is required).

  6. 加入網域的所有 HYPER-V 主機。Join all Hyper-V hosts to the domain. 確定已指派給管理網路點可以網域名稱解析 DNS 伺服器的 IP 位址的網路介面卡的 DNS 伺服器項目。Ensure the DNS server entry for the network adapter that has an IP address assigned to the Management network points to a DNS server that can resolve the domain name. 例如:For example:

     Set-DnsClientServerAddress -InterfaceAlias "vEthernet (<switch name>)" -ServerAddresses <DNS Server IP>  
    

    a。a. 以滑鼠右鍵按一下[開始],按一下 [系統,然後按一下 [變更設定Right-click Start, click System, and then click Change Settings.
    b。b. 按一下變更Click Change.
    c。c. 按一下網域,然後指定的網域名稱。Click Domain and specify the domain name.
    d。d. 按一下[確定]Click OK.
    e。e. 輸入使用者名稱和密碼認證出現提示時。Type the user name and password credentials when prompted.
    f。f. 重新開機伺服器。Restart the server.

驗證Validation

使用下列步驟,以驗證網路該主機設定正確。Use the following steps to validate that host networking is setup correctly.

  1. 確定已順利建立 VM 切換:Ensure the VM Switch was created successfully:

    Get-VMSwitch "<switch name>"

  2. 確認上 VM 開關切換至管理但 vNIC 連接至管理 VLAN:Verify that the Management vNIC on the VM Switch is connected to the Management VLAN:

    注意

    只有當管理和承租人流量共用相同 NIC 相關Relevant only if Management and Tenant traffic share the same NIC.

    Get-VMNetworkAdapterIsolation -ManagementOS

  3. 驗證您的所有 HYPER-V 主機 (和外部管理資源,例如:DNS 伺服器) 可透過 ping 使用他們管理 IP 位址和/或完整的網域名稱 (FQDN)。Validate that all Hyper-V hosts (and external management resources, for example: DNS servers) are accessible via ping using their Management IP address and/or fully qualified domain name (FQDN).

    ping <Hyper-V Host IP>
    ping <Hyper-V Host FQDN>

  4. 執行下列命令部署主機上,然後指定以確定用 Kerberos 認證每個 HYPER-V 主機的 FQDN 可讓您存取所有伺服器。Run the following command on the deployment host and specify the FQDN of each Hyper-V host to ensure the Kerberos credentials used provides access to all the servers.

    winrm id -r:<Hyper-V Host FQDN>

Nano 安裝需求和筆記Nano installation requirements and notes

如果您使用 Nano 為您的 HYPER-V 主機(實體伺服器)部署,以下的額外需求:If you use Nano as your Hyper-V hosts (physical servers) for the deployment, the following are additional requirements:

  1. 所有 Nano 節點都需要 DSC 套件安裝語言套件:All Nano nodes need to have the DSC package installed with the language pack:

    • Microsoft-NanoServer-DSC-Package.cabMicrosoft-NanoServer-DSC-Package.cab
    • Microsoft-NanoServer-DSC-Package_en-us.cabMicrosoft-NanoServer-DSC-Package_en-us.cab

      dism /online /add-package /packagepath:<Path> /loglevel:4

  2. 必須非 Nano 主機(Windows Server Core 或 GUI 與 Windows Server)上執行的 SDN 快速指令碼。The SDN Express scripts must be run from a non-Nano host (Windows Server Core or Windows Server w/ GUI). Nano 不支援 PowerShell 工作流程。PowerShell Workflows are not supported on Nano.
  3. 網路控制器 NorthBound API 叫用使用 PowerShell 或 NC 其餘包裝函式(依賴 Invoke-WebRequest 和 Invoke-RestMethod),必須完成從非 Nano 主機。Invoking the Network Controller NorthBound API using PowerShell or NC REST Wrappers (which rely on Invoke-WebRequest and Invoke-RestMethod) must be done from a non-Nano host.

執行 SDN 快速指令碼Run SDN Express Scripts

  1. GitHub 上位於將安裝檔案。The installation files are located on GitHub. 下載 zip 檔案從Microsoft SDN GitHub 存放庫Download the zip file from the Microsoft SDN GitHub Repository. 在 Microsoft SDN 存放庫頁面上,按一下 [複製或下載,然後按一下 [下載 ZIPOn the Microsoft SDN repository page, click Clone or download and then click Download ZIP.

  2. 為您的部署電腦指定一部電腦。Designate one computer as your deployment computer. 這台電腦必須執行 Windows Server 2016。This computer must be running Windows Server 2016. 展開 [zip 檔案和複製SDNExpress資料夾,以部署電腦的C:\資料夾。Expand the zip file and copy the SDNExpress folder to the deployment computer's C:\ folder.

  3. 分享C:\SDNExpress資料夾]SDNExpress」的權限每個人都讀取/寫入Share the C:\SDNExpress folder as "SDNExpress" with permission for Everyone to Read/Write.

  4. 瀏覽至C:\SDNExpress資料夾。Navigate to the C:\SDNExpress folder.

    您會看到下列資料夾:You will see the following folders:

資料夾名稱Folder Name 描述Description
AgentConfAgentConf 保留 OVSDB 結構描述 SDN 主機代理程式網路原則每個 Windows Server 2016 HYPER-V 主機上所使用的全新複本。Holds fresh copies of OVSDB schemas used by the SDN Host Agent on each Windows Server 2016 Hyper-V host to program network policy.
憑證Certs 暫時共用的 NC 憑證檔案的位置。Temporary shared location for the NC certificate file.
影像Images 清空、以下放入您的 Windows Server 2016 vhdx 影像Empty, place your Windows Server 2016 vhdx image here
工具Tools 疑難排解與 windows 偵錯的公用程式。Utilities for troubleshooting and debugging. 複製到主機和虛擬的電腦。Copied to the hosts and virtual machines. 我們建議您將網路監視器或 Wireshark 以下,並視需要使用。We recommend you place Network Monitor or Wireshark here so it is available if needed.
指令碼Scripts 部署指令碼。Deployment scripts.

- SDNExpress.ps1- SDNExpress.ps1
部署,並設定 fabric,包括網路控制器虛擬電腦、SLB Mux 虛擬電腦、閘道集區與 HNV 閘道虛擬機器對應至集區。Deploys and configures the fabric, including the Network controller virtual machines, SLB Mux virtual machines, gateway pool(s) and the HNV gateway virtual machine(s) corresponding to the pool(s) .
- FabricConfig.psd1- FabricConfig.psd1
設定檔範本 SDNExpress 指令碼。A configuration file template for the SDNExpress script. 您將會為您的環境自訂此設定。You will customize this for your environment.
- SDNExpressTenant.ps1- SDNExpressTenant.ps1
部署 virtual 負載平衡 VIP 與網路上的範例承租人工作負載。Deploys a sample tenant workload on a virtual network with a load balanced VIP.
也在連接到先前建立的承租人工作負載的服務提供者 edge 閘道 provisions 一或多個網路連接 IPSec S2S VPN、GRE(L3)。Also provisions one or more network connections (IPSec S2S VPN, GRE, L3) on the service provider edge gateways which are connected to the previously created tenant workload. IPSec 和 GRE 閘道可供連接到對應的 VIP IP 位址,以及 L3 轉接閘道到對應的地址集區。The IPSec and GRE gateways are available for connectivity over the corresponding VIP IP Address, and the L3 forwarding gateway over the corresponding address pool.
此指令碼,可以用於也 delete 相對應的組態的復原選項。This script can be used to delete the corresponding configuration with an Undo option as well.
- TenantConfig.psd1- TenantConfig.psd1
範本組態承租人工作負載和 S2S 閘道設定檔。A template configuration file for tenant workload and S2S gateway configuration.
- SDNExpressUndo.ps1- SDNExpressUndo.ps1
清除 fabric 環境並將它重設開始狀態。Cleans up the fabric environment and resets it to a starting state.
- SDNExpressEnterpriseExample.ps1- SDNExpressEnterpriseExample.ps1
Provisions 一或多個企業網站環境一個遠端存取閘道與(選擇性)一個對應企業一樣每個網站。Provisions one or more enterprise site environments with one Remote Access Gateway and (optionally) one corresponding enterprise virtual machine per site. IPSec 或 GRE 企業閘道器連接至建立 S2S 可愛的服務提供者閘道對應的 VIP IP 位址。The IPSec or GRE enterprise gateways connects to the corresponding VIP IP address of the service provider gateway to establish the S2S tunnels. L3 轉寄閘道器連接到對應的 IP 位址等。The L3 Forwarding Gateway connects over the corresponding Peer IP Address.
此指令碼,可以用於也 delete 相對應的組態的復原選項。This script can be used to delete the corresponding configuration with an Undo option as well.
- EnterpriseConfig.psd1- EnterpriseConfig.psd1
適用於企業網站-閘道和 Client VM 設定範本設定檔。A template configuration file for the Enterprise site-to-site gateway and Client VM configuration.
TenantAppsTenantApps 用來部署範例承租人工作負載的檔案。Files used to deploy example tenant workloads.
  1. 確認 Windows Server 2016 VHDX 檔案影像資料夾。Verify the Windows Server 2016 VHDX file is in the Images folder.

  2. 變更來自訂 SDNExpress\scripts\FabricConfig.psd1 檔案<< 取代 >>標籤與特定值,可符合您 lab 的基礎結構包括主機名稱、網域名稱、使用者名稱和密碼,以及網路資訊的網路列出規劃網路主題中。Customize the SDNExpress\scripts\FabricConfig.psd1 file by changing the << Replace >> tags with specific values to fit your lab infrastructure including host names, domain names, usernames and passwords, and network information for the networks listed in the Planning Network topic.

  3. 建立 NetworkControllerRestIP NetworkControllerRestName (FQDN) 和 DNS 主機 A 記錄。Create a Host A record in DNS for the NetworkControllerRestName (FQDN) and NetworkControllerRestIP.
  4. 網域系統管理員認證的使用者身分執行指令碼:Run the script as a user with domain administrator credentials:

    SDNExpress\scripts\SDNExpress.ps1 -ConfigurationDataFile FabricConfig.psd1 -Verbose

  5. 若要復原所有作業,請執行下列命令:To undo all operations, run the following command:

    SDNExpress\scripts\SDNExpressUndo.ps1 -ConfigurationDataFile FabricConfig.psd1 -Verbose

驗證Validation

假設 SDN 快速指令碼執行完成不報告出現任何錯誤,您可以執行下列步驟來確保正確部署及可供部署承租人 fabric 資源。Assuming that the SDN Express script ran to completion without reporting any errors, you can perform the following step to ensure the fabric resources have been deployed correctly and are available for tenant deployment.

  • 使用診斷工具以確定您不有任何錯誤任何 fabric 資源網路控制器。Use Diagnostic Tools to ensure there are no errors on any fabric resources in the network controller.

    Debug-NetworkControllerConfigurationState -NetworkController <FQDN of Network Controller Rest Name>

部署範例承租人工作負載的軟體負載平衡器Deploy a sample tenant workload with the software load balancer

既然已部署 fabric 資源,您可以藉由部署範例承租人工作負載驗證您 SDN 部署的端點。Now that fabric resources have been deployed, you can validate your SDN deployment end-to-end by deploying a sample tenant workload. 這個承租人工作負載包含兩個 virtual 子網路(web 層和資料庫層)使用 SDN 散發防火牆存取控制清單 (ACL) 規則透過受保護。This tenant workload consists of two virtual subnets (web tier and database tier) protected via Access Control List (ACL) rules using the SDN distributed firewall. 透過使用 Virtual IP (VIP) 位址 SLB 日 MUX 存取的網頁層 virtual 子網路。The web tier's virtual subnet is accessible through the SLB/MUX using a Virtual IP (VIP) address. 指令碼自動部署兩個 web 層虛擬電腦和一個資料庫層一樣,並連接這些 virtual 子網路。The script automatically deploys two web tier virtual machines and one database tier virtual machine and connects these to the virtual subnets.

  1. 變更來自訂 SDNExpress\scripts\TenantConfig.psd1 檔案<< 取代 >>標籤使用特定的值 (例如:VHD 影像名稱、控制器其餘的網路名稱、vSwitch 名稱、等上文所述 FabricConfig.psd1 檔案)Customize the SDNExpress\scripts\TenantConfig.psd1 file by changing the << Replace >> tags with specific values (for example: VHD image name, network controller REST name, vSwitch Name, etc. as previously defined in the FabricConfig.psd1 file)
  2. 執行指令碼。Run the script. 例如:For example:
    SDNExpress\scripts\SDNExpressTenant.ps1 -ConfigurationDataFile TenantConfig.psd1 -Verbose
  3. 復原設定,來執行相同的指令碼的復原的參數。To undo the configuration, run the same script with the undo parameter. 例如:For example:
    SDNExpress\scripts\SDNExpressTenant.ps1 -Undo -ConfigurationDataFile TenantConfig.psd1 -Verbose

驗證Validation

若要驗證承租人部署成功,執行下列動作:To validate that the tenant deployment was successful, do the following:

  1. 登入資料庫層一樣,然後嘗試 ping 一個(確保 web 層虛擬電腦中為關閉 Windows 防火牆)的網頁層虛擬電腦的 IP 位址。Log into the database tier virtual machine and try to ping the IP address of one of the web tier virtual machines (ensure Windows Firewall is turned off in web tier virtual machines).
  2. 檢查有任何錯誤網路控制器承租人資源。Check the network controller tenant resources for any errors. 從執行下列任何 HYPER-V 主機的層級 3 連接至網路控制器:Run the following from any Hyper-V host with Layer-3 connectivity to the network controller:

    Debug-NetworkControllerConfigurationState -NetworkController <FQDN of Network Controller REST Name>

  3. 若要確認正確執行負載平衡器,執行下列命令從任何 HYPER-V 主機:To verify that the load balancer is running correctly, run the following from any Hyper-V host:

     wget <VIP IP address>/unique.htm -disablekeepalive -usebasicparsing
    

    其中<VIP IP address>是 web 層您設定在 TenantConfig.psd1 檔案 VIP IP 位址。where <VIP IP address> is the web tier VIP IP address you configured in the TenantConfig.psd1 file. 搜尋VIPIP在 TenantConfig.psd1 變數。Search for the VIPIP variable in TenantConfig.psd1.

    執行這個 muliple 次看到負載平衡器提供 DIPs 之間切換。Run this muliple times to see the load balancer switch between the available DIPs. 您也可以觀察使用網頁瀏覽器此行為。You can also observe this behavior using a web browser. 瀏覽] <VIP IP address>/unique.htmBrowse to <VIP IP address>/unique.htm. 關閉瀏覽器開放新執行個體並再試一次瀏覽。Close the brower and open a new instance and browse again. 您將會看到藍色頁面替代,除了在瀏覽器快取網頁快取逾時前遺漏頁面。You will see the blue page and the green page alternate, except when the browser caches the page before the cache times out.