New in Windows Server Technical Preview, Network Controller provides a centralized, programmable point of automation to manage, configure, monitor, and troubleshoot virtual and physical network infrastructure in your datacenter. Using Network Controller, you can automate the configuration of network infrastructure instead of performing manual configuration of network devices and services.
Network Controller Features
The following Network Controller features allow you to configure and manage virtual and physical network devices and services.
- Fabric Network Management
- Firewall Management
- Network Monitoring
- Network Topology and Discovery Management
- Service Chaining Management
- Software Load Balancer Management
- Virtual Network Management
- Windows Server Gateway Management
Fabric Network Management
This Network Controller feature allows you to easily manage the fabric, or physical network, for your datacenter stamp or cluster. Using this feature, you can configure IP subnets, virtual Local Area Networks (VLANs), Layer 2 and Layer 3 switches, and network adapters installed in host computers.
Fabric network management includes planning, designing, implementation, and auditing of the fabric network resources and network infrastructure services.
This Network Controller feature allows you to configure and manage allow/deny firewall Access Control rules for your workload VMs for both East/West and North/South network traffic in your datacenter. The firewall rules are plumbed in the vSwitch port of workload VMs, and so they are distributed across your workload in the datacenter. Using the Northbound API, you can define the firewall rules for both incoming and outgoing traffic from the workload VM. You can also configure each firewall rule to log the traffic that was allowed or denied by the rule.
This Network Controller feature allows you to monitor the physical and virtual network in your datacenter stamp or cluster. The Network Monitoring service uses the network object model, provided by the topology service, to determine the network devices and links to be monitored. Physical network monitoring is performed using both active network and element data.
Active network data, such as network loss and latency, is detected by sending network traffic and measuring round-trip time. The Network Monitoring service automatically determines the network points between which traffic must be sent, the quantum of traffic to be sent in order to cover all network paths, and also the loss/latency baseline and deviations over a period of time. A key aspect of this solution is fault localization. The Network Monitoring service attempts to localize devices that are causing network loss and latency. The solution leverages advanced algorithms to identify both network paths and devices in the paths that are causing performance degradation.
Element data is collected using Simple Network Management Protocol (SNMP) polling and traps. The monitoring service collects a limited set of critical data available through public management information bases (MIBs). For example, the service monitors link state, system restarts, and Border Gateway Protocol (BGP) peer status.
The monitoring system reports health of both devices and device groups. Health is reported based on both active and element data. Devices are, for example, physical switches and routers. Device groups are a combination of physical devices which has some relevance within the datacenter. For instance, device groups can be racks or subnets or simply host groups. In addition to providing health information, the monitoring service also reports vital statistics such as network loss, latency, device CPU/memory usages, link utilization, and packet drops.
The Network Monitoring service also performs impact analysis. Impact analysis is the process of identifying overlay networks affected by the underlying faulty physical networks. The service uses topology information to determine virtual network footprint and to report the health of impacted virtual networks. For example, if a host loses network connectivity, the system marks all virtual networks on this host and that are connected to the faulty network as impacted. Similarly, if a rack loses uplink connectivity to the core network, the system determines the logical network affected and marks all virtual networks in this rack and connected to the affected logical network as impacted.
Finally, the system integrates with the SCOM server to report both health and statistics data. Health is reported in an aggregated manner making it easy to traverse and understand key issues.
Network Topology and Discovery Management
This Network Controller feature allows you to automatically discover network elements in the cloud datacenter network. Network Topology and Discovery also determines how network devices are interconnected to build a topology and dependency map.
Service Chaining Management
This Network Controller feature allows you to create rules that redirect network traffic to one or more VMs that are configured as virtual appliances. There are many types of virtual appliances, such as firewall appliances, security appliances that perform deep packet inspection, and antivirus appliances. You can obtain these VM-based virtual appliances from a wide variety of independent software vendors (ISVs).
Software Load Balancer Management
This Network Controller feature allows you to enable multiple servers to host the same workload, providing high availability and scalability.
Virtual Network Management
This Network Controller feature allows you to deploy and configure Hyper-V Network Virtualization, including the Hyper-V Virtual Switch and virtual network adapters on individual VMs, and to store and distribute virtual network policies.
Network Controller supports both Network Virtualization Generic Routing Encapsulation (NVGRE) and Virtual Extensible Local Area Network (VXLAN).
Windows Server Gateway Management
This Network Controller feature allows you to deploy, configure, and manage Hyper-V hosts and virtual machines (VMs) that are members of a Windows Server Gateway cluster, providing gateway services to your tenants. Network Controller allows you to automatically deploy VMs running Windows Server Gateway, which is also called the Routing and Remote Access Service (RRAS) Multitenant Gateway, with the following gateway features:
- Add and remove gateway VMs from the cluster and specify the level of backup required.
- Site-to-site virtual private network (VPN) gateway connectivity between remote tenant networks and your datacenter using IPsec.
- Site-to-site VPN gateway connectivity between remote tenant networks and your datacenter using Generic Routing Encapsulation (GRE).
- Point-to-site VPN gateway connectivity so that your tenants’ administrators can access their resources on your datacenter from anywhere.
- Layer 3 forwarding capability.
- Border Gateway Protocol (BGP) routing, which allows you to manage the routing of network traffic between your tenants’ VM networks and their remote sites.
Network Controller is capable of dual-tunnel configuration of site-to-site VPN gateways and the automatic placement of tunnel end-points on separate gateways. In addition, Network Controller can load balance site-to-site and point-to-site VPN connections between gateway VMS, as well as logging configuration and state changes by using logging services.
For more information on BGP, see Border Gateway Protocol (BGP) Overview.
For more information on the RRAS Multitenant Gateway, see Windows Server 2012 R2 RRAS Multitenant Gateway Deployment Guide.
For more information on Windows Server Gateway, see Windows Server Gateway