網路中的新功能What's New in Networking

適用於:Windows Server 2016Applies To: Windows Server 2016

以下是 Windows Server 2016 中的新的或美化網路技術。Following are the new or enhanced networking technologies in Windows Server 2016.

本主題包含下列各節。This topic contains the following sections.

新的網路功能和技術New Networking Features and Technologies

網路屬於基礎軟體定義 Datacenter (SDDC) 平台與 Windows Server 2016 提供新的和已改進軟體定義網路 (SDN) 技術,以協助您前往您的組織完全實現 SDDC 方案。Networking is a foundational part of the Software Defined Datacenter (SDDC) platform, and Windows Server 2016 provides new and improved Software Defined Networking (SDN) technologies to help you move to a fully realized SDDC solution for your organization.

當您軟體定義資源以管理網路時,您可以一次,描述應用程式的基礎結構需求,然後選擇位置的應用程式-場所或執行在雲端中。When you manage networks as a software defined resource, you can describe an application's infrastructure requirements one time, and then choose where the application runs - on premises or in the cloud. 這種一致性表示您的應用程式現在會更輕鬆地縮放,您可以順暢地進行執行的應用程式,隨時隨地周圍安全性效能、 服務及可用性品質相等信賴的。This consistency means that your applications are now easier to scale and you can seamlessly run applications , anywhere, with equal confidence around security, performance, quality of service, and availability.

下列章節包含資訊這些新的網路功能和技術。The following sections contain information about these new networking features and technologies.

軟體定義的網路基礎結構Software Defined Networking Infrastructure

以下是新的或改進 SDN 基礎結構技術。Following are the new or improved SDN infrastructure technologies.

  • 網路控制器Network Controller. 新的 Windows Server 2016 中 Network Controller 提供管理、 設定、 監視,以及疑難排解 virtual 和實體網路基礎結構,在您的資料中心自動化打造、 程式化的點。New in Windows Server 2016, Network Controller provides a centralized, programmable point of automation to manage, configure, monitor, and troubleshoot virtual and physical network infrastructure in your datacenter. 您可以使用網路控制器,請將網路基礎結構,而不是執行手動設定網路的裝置和服務的設定。Using Network Controller, you can automate the configuration of network infrastructure instead of performing manual configuration of network devices and services. 如需詳細資訊,請查看Network Controller部署軟體定義的網路使用指令碼For more information, see Network Controller and Deploy Software Defined Networks using scripts.

  • HYPER-V Virtual 開關切換至Hyper-V Virtual Switch. HYPER-V Virtual 開關切換至 HYPER-V 主機上執行,並且可讓您建立分散切換與路由原則執法層級,且對齊和 Microsoft Azure 相容。The Hyper-V Virtual Switch runs on Hyper-V hosts, and allows you to create distributed switching and routing, and a policy enforcement layer that is aligned and compatible with Microsoft Azure. 如需詳細資訊,請查看HYPER-V Virtual 切換For more information, see Hyper-V Virtual Switch.

  • 網路功能模擬 (NFV)Network Function Virtualization (NFV). 在今天的軟體定義的資料中心,硬體裝置 (例如負載平衡器、 防火牆、 路由器、 參數,等等) 來執行網路功能越來越正在為 virtual 設備部署。In today's software defined datacenters, network functions that are being performed by hardware appliances (such as load balancers, firewalls, routers, switches, and so on) are increasingly being deployed as virtual appliances. 這「網路功能模擬」是伺服器模擬和網路模擬自然進展。This "network function virtualization" is a natural progression of server virtualization and network virtualization. 快速新興,建立的全新市場 virtual 裝置。Virtual appliances are quickly emerging and creating a brand new market. 他們繼續產生興趣取得待發這兩個模擬平台和雲端服務。They continue to generate interest and gain momentum in both virtualization platforms and cloud services. Windows Server 2016 提供下列 NFV 技術。The following NFV technologies are available in Windows Server 2016.

    • Datacenter 防火牆Datacenter Firewall. 這個分散式的防火牆提供細微存取控制清單 (Acl),讓您用於防火牆原則,在 VM 介面層級或子網路層級。This distributed firewall provides granular access control lists (ACLs), enabling you to apply firewall policies at the VM interface level or at the subnet level.

      如需詳細資訊,請查看Datacenter 防火牆概觀For more information, see Datacenter Firewall Overview.

    • RAS 閘道RAS Gateway. 您可以使用 RAS 閘道路由之間的流量 virtual 網路和實體網路,包括-網站 VPN 來自雲端資料中心您 tenants' 遠端網站。You can use RAS Gateway for routing traffic between virtual networks and physical networks, including site-to-site VPN connections from your cloud datacenter to your tenants' remote sites. 具體而言,您可以部署網際網路金鑰交換版本 (IKEv2) 2-網站 virtual 私人網路 (Vpn)、 VPN 層級 3 (L3),和閘道一般路由封裝 (GRE)。Specifically, you can deploy Internet Key Exchange version 2 (IKEv2) site-to-site virtual private networks (VPNs), Layer 3 (L3) VPN, and Generic Routing Encapsulation (GRE) gateways. 此外,現在支援閘道集區與 M + N 冗餘的閘道;並邊境閘道通訊協定 (BGP) 路由反映功能提供動態路由之間網路所有閘道案例 (IKEv2 VPN、 GRE VPN、 和 L3 VPN)。In addition, gateway pools and M+N redundancy of gateways are now supported; and Border Gateway Protocol (BGP) with Route Reflector capabilities provides dynamic routing between networks for all gateway scenarios (IKEv2 VPN, GRE VPN, and L3 VPN).

      如需詳細資訊,請查看RAS 閘道] 中的新功能RAS 閘道 SDN 的For more information, see What's New in RAS Gateway and RAS Gateway for SDN.

    • 軟體負載平衡器 (SLB) 和網路位址轉譯 (NAT)Software Load Balancer (SLB) and Network Address Translation (NAT). 東西與北南層級 4 負載平衡器和 NAT 支援直接伺服器傳回,與退貨網路流量可以略過負載平衡多工器美化處理能力。The north-south and east-west layer 4 load balancer and NAT enhances throughput by supporting Direct Server Return, with which the return network traffic can bypass the Load Balancing multiplexer.
      如需詳細資訊,請查看軟體負載平衡和 #40;SLB 與 #41;適用於 SDNFor more information, see Software Load Balancing (SLB) for SDN.

    如需詳細資訊,請查看網路功能模擬For more information, see Network Function Virtualization.

  • 標準化通訊協定Standardized Protocols. Network Controller JavaScript 物件標記 (JSON) 裝載其 northbound 介面使用代表狀態傳輸 (其餘部分)。Network Controller uses Representational State Transfer (REST) on its northbound interface with JavaScript Object Notation (JSON) payloads. Network Controller southbound 介面使用開放 vSwitch 資料庫管理通訊協定 (OVSDB)。The Network Controller southbound interface uses Open vSwitch Database Management Protocol (OVSDB).

  • 封裝彈性技術Flexible encapsulation technologies. 這些技術運作資料平面,並支援 Virtual 最具擴充性的區域網路 (VxLAN),以及網路模擬一般路由封裝 (NVGRE)。These technologies operate at the data plane, and support both Virtual Extensible LAN (VxLAN) and Network Virtualization Generic Routing Encapsulation (NVGRE). 如需詳細資訊,請查看在 Windows Server 2016 的 GRE 通道For more information, see GRE Tunneling in Windows Server 2016.

如需 SDN 的詳細資訊,請查看軟體定義網路與 #40;SDN 與 #41;.For more information about SDN, see Software Defined Networking (SDN).

雲端縮放比例基本概念Cloud Scale Fundamentals

已可使用下列雲端縮放比例基本概念。The following cloud scale fundamentals are now available.

  • 匯集網路介面卡 (NIC)Converged Network Interface Card (NIC). 聚合型的而可讓您的單一網路介面卡用於管理,遠端直接記憶體存取 RDMA 式存放裝置及承租人傳輸。The converged NIC allows you to use a single network adapter for management, Remote Direct Memory Access (RDMA)-enabled storage, and tenant traffic. 這樣可以降低相關聯的資料中心的每個伺服器大寫費用,因為您需要管理不同類型的資料傳輸每個伺服器較少的網路介面卡。This reduces the capital expenditures that are associated with each server in your datacenter, because you need fewer network adapters to manage different types of traffic per server.

  • 封包直接Packet Direct. 封包直接提供了高網路流量輸送量和低延遲封包處理基礎結構。Packet Direct provides a high network traffic throughput and low-latency packet processing infrastructure.

  • 切換 Embedded 小組 (設定)Switch Embedded Teaming (SET). 設定為 HYPER-V Virtual 切換中整合的小組 NIC 方案。SET is a NIC Teaming solution that is integrated in the Hyper-V Virtual Switch. 設定可讓成單一設定團隊,這可以改善可用性和提供容錯移轉的最多按的實體 NIC 小組。SET allows the teaming of up to eight physical NICS into a single SET team, which improves availability and provides failover. 您可以在 Windows Server 2016 建立會限制使用 RDMA 伺服器訊息區 (SMB) 的設定團隊。In Windows Server 2016, you can create SET teams that are restricted to the use of Server Message Block (SMB) and RDMA. 此外,您可以將網路流量的 HYPER-V 網路模擬使用設定團隊。In addition, you can use SET teams to distribute network traffic for Hyper-V Network Virtualization. 如需詳細資訊,請查看遠端直接記憶體存取和 #40;RDMA 與 #41;切換 Embedded 小組與 #40; 以及設定與 #41;.For more information, see Remote Direct Memory Access (RDMA) and Switch Embedded Teaming (SET).

其他網路技術的新功能New Features for Additional Networking Technologies

本節中的新功能熟悉網路技術的相關資訊。This section contains information about new features for familiar networking technologies.

DHCPDHCP

DHCP 是設計用來減少的系統管理負擔和複雜的 TCP 型網路,例如私人內部網路設定主機網際網路工程設計工作推動 (IETF) 標準。DHCP is an Internet Engineering Task Force (IETF) standard that is designed to reduce the administrative burden and complexity of configuring hosts on a TCP/IP-based network, such as a private intranet. 使用 DHCP 伺服器服務,程序的 TCP/IP 設定戶端 DHCP 會自動執行。By using the DHCP Server service, the process of configuring TCP/IP on DHCP clients is automatic.

如需詳細資訊,請查看最新 dhcpFor more information, see What's New in DHCP.

DNSDNS

DNS 是使用適用於電腦與網路的服務命名 TCP/IP 網路中的系統。DNS is a system that is used in TCP/IP networks for naming computers and network services. DNS 命名找出電腦與服務,透過易記名稱。DNS naming locates computers and services through user-friendly names. 當使用者應用程式中,輸入 DNS 名稱時,DNS 服務可以該名稱解析為名稱,例如 IP 位址相關的其他資訊。When a user enters a DNS name in an application, DNS services can resolve the name to other information that is associated with the name, such as an IP address.

以下是 DNS Client 和 DNS 伺服器的資訊。Following is information about DNS Client and DNS Server.

DNS ClientDNS Client

以下是新的或改進 DNS client 技術。Following are the new or improved DNS client technologies.

  • DNS Client 服務繫結DNS Client service binding. 在 Windows 10 中,DNS Client 服務提供的電腦有多個網路介面美化的支援。In Windows 10, the DNS Client service offers enhanced support for computers with more than one network interface.

如需詳細資訊,請查看在 Windows Server 2016 DNS Client 中的新功能For more information, see What's New in DNS Client in Windows Server 2016

DNS 伺服器DNS Server

以下是新的或改進的 DNS 伺服器技術。Following are the new or improved DNS server technologies.

  • DNS 原則DNS Policies. 您可以設定 DNS 原則,若要指定 DNS 伺服器回應 DNS 查詢的方式。You can configure DNS policies to specify how a DNS server responds to DNS queries. DNS 回應可以根據 client IP 位址 (位置),以及幾個其他的參數時間。DNS responses can be based on client IP address (location), time of the day, and several other parameters. 定位感知 DNS、 流量管理、 負載平衡、 split-brain DNS 及其他案例,可讓 DNS 原則。DNS policies enable location-aware DNS, traffic management, load balancing, split-brain DNS, and other scenarios.

  • Nano Server 支援的檔案以 DNS,您可以將 DNS 伺服器 Windows Server 2016 中的 Nano Server 映像上部署。Nano Server support for file based DNS, You can deploy DNS server in Windows Server 2016 on a Nano Server image. 如果您使用此部署選項是可供您的檔案以 DNS。This deployment option is available to you if you are using file based DNS. Nano Server 映像上執行 DNS 伺服器,您可以減少的使用量、 與快速開機、 最小化修補執行您的 DNS 伺服器。By running DNS server on a Nano Server image, you can run your DNS servers with reduced footprint, quick boot up, and minimized patching.

    注意

    Active Directory 整合 DNS Nano Server 不支援。Active Directory integrated DNS is not supported on Nano Server.

  • 回應評等限制 (RRL)Response Rate Limiting (RRL). 您可以讓您的 DNS 伺服器上的回應速率限制。You can enable response rate limiting on your DNS servers. 執行此動作,您避免使用您的 DNS 伺服器起始阻斷服務 DNS client 攻擊惡意系統。By doing this, you avoid the possibility of malicious systems using your DNS servers to initiate a denial of service attack on a DNS client.

  • DNS 驗證的命名實體 (DANE)DNS-based Authentication of Named Entities (DANE). 您可以使用 TLSA (傳輸層級的安全性驗證) 記錄 DNS 用狀態哪些憑證授權單位它們應該預期會從您的網域名稱的憑證,以提供的資訊。You can use TLSA (Transport Layer Security Authentication) records to provide information to DNS clients that state what certification authority (CA) they should expect a certificate from for your domain name. 如此可防止位置某人可能會損壞 DNS 快取指向贏得他們的網站,並提供他們所發行的其他 CA 憑證在中央男人攻擊。This prevents man-in-the-middle attacks where someone might corrupt the DNS cache to point to their won website, and provide a certificate they issued from a different CA.

  • 無法辨識的記錄支援Unknown record support.
    您可以新增記錄明確不支援的 Windows DNS 伺服器使用未知的記錄功能。You can add records which are not explicitly supported by the Windows DNS server using the unknown record functionality.

  • IPv6 根提示IPv6 root hints.
    您可以使用的原生 IPV6 根提示支援執行網際網路名稱解析使用 IPV6 根伺服器。You can use the native IPV6 root hints support to perform internet name resolution using the IPV6 root servers.

  • 已改善 Windows PowerShell 支援Improved Windows PowerShell Support.
    新的 Windows PowerShell cmdlet 可用的 DNS 伺服器。New Windows PowerShell cmdlets are available for DNS Server.

如需詳細資訊,請查看在 Windows Server 2016 中的 DNS 伺服器的新功能For more information, see What's New in DNS Server in Windows Server 2016

GRE 通道GRE Tunneling

RAS 閘道現在支援網站連接和閘道的 M + N 冗餘的可用性一般路由封裝 (GRE) 的通道。RAS Gateway now supports high availability Generic Routing Encapsulation (GRE) tunnels for site to site connections and M+N redundancy of gateways. GRE 是可透過網際網路通訊協定網路封裝各種不同的網路通訊協定 virtual 點對點連結中的輕量型通道通訊協定。GRE is a lightweight tunneling protocol that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol internetwork.

如需詳細資訊,請查看在 Windows Server 2016 的 GRE 通道For more information, see GRE Tunneling in Windows Server 2016.

HYPER-V 網路模擬Hyper-V Network Virtualization

HYPER-V 網路模擬 (HNV) 引進了 Windows Server 2012 中,可模擬客戶網路共用實體網路基礎結構上方。Introduced in Windows Server 2012, Hyper-V Network Virtualization (HNV) enables virtualization of customer networks on top of a shared physical network infrastructure. 實體網路 fabric 需要變更降到最低,HNV 提供服務提供者部署及三 cloud 上任何位置點一下移轉承租人工作負載靈敏度:雲端服務提供者、私人雲端,或是公用 Microsoft Azure 雲端。With minimal changes necessary on the physical network fabric, HNV gives service providers the agility to deploy and migrate tenant workloads anywhere across the three clouds: the service provider cloud, the private cloud, or the Microsoft Azure public cloud.

如需詳細資訊,請查看在 Windows Server 2016 HYPER-V 網路模擬中的新功能For more information, see What's New in Hyper-V Network Virtualization in Windows Server 2016

IPAMIPAM

IPAM 提供組織網路的 IP 位址和 DNS 基礎結構高度自訂管理及監視功能。IPAM provides highly customizable administrative and monitoring capabilities for the IP address and DNS infrastructure on an organization network. 使用 IPAM,您可以監視、 稽核,以及管理執行動態主機設定通訊協定 」 (DHCP) 和網域名稱系統 」 (DNS) 伺服器。Using IPAM, you can monitor, audit, and manage servers that are running Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS).

  • 增強 IP 位址管理]Enhanced IP address management.
    IPAM 功能的改良處理 IPv4/32 和 IPv6 /128 子網路和 IP 位址封鎖中尋找免費 IP 位址子網路和範圍案例。IPAM capabilities are improved for scenarios such as handling IPv4 /32 and IPv6 /128 subnets and finding free IP address subnets and ranges in an IP address block.

  • 增強 DNS 服務管理Enhanced DNS service management.
    IPAM 支援 DNS 資源記錄、 條件轉寄,以及 DNS 區域管理這兩個加入網域的 Active Directory 整合和檔案備份 DNS 伺服器。IPAM supports DNS resource record, conditional forwarder, and DNS zone management for both domain-joined Active Directory-integrated and file-backed DNS servers.

  • 整合 DNS、 DHCP 及 IP 位址 (DDI) 管理Integrated DNS, DHCP, and IP address (DDI) management.
    幾個新體驗與整合式開發週期管理支援作業,例如視覺化所有 DNS 資源記錄屬於 IP 位址,自動清單的基礎 DNS 資源記錄及 IP 位址週期管理 DNS] 和 [DHCP 作業的 IP 位址。Several new experiences and integrated lifecycle management operations are enabled, such as visualizing all DNS resource records that pertain to an IP address, automated inventory of IP addresses based on DNS resource records, and IP address lifecycle management for both DNS and DHCP operations.

  • 多個 Active Directory 樹系支援Multiple Active Directory Forest support.
    您可以使用 IPAM 雙向信任關係樹系安裝 IPAM,與每個遠端森林之間時管理多個 Active Directory 樹系的 DNS 及 DHCP 伺服器。You can use IPAM to manage the DNS and DHCP servers of multiple Active Directory forests when there is a two-way trust relationship between the forest where IPAM is installed and each of the remote forests.

  • Windows PowerShell 角色根據存取控制支援Windows PowerShell support for Role Based Access Control.
    您可以使用 Windows PowerShell 來設定 IPAM 物件存取範圍。You can use Windows PowerShell to set access scopes on IPAM objects.

如需詳細資訊,請查看新 IPAM 在管理 IPAMFor more information, see What's New in IPAM and Manage IPAM.