Software-Defined Network (SDN)

Overview

A software-defined network (SDN) abstract physical hardware network infrastructure into virtual networks on System Center VMM using Hybr.

This document describes the following network configuration capabilities using Hybr

• Configure Network Virtualization

• Configure NAT

• Configure gateway

• Site to Site VPN and DNS configuration

Set up VM networks in the VMM fabric from Hybr

In a virtualized network environment, we want to abstract virtual machines from the underlying logical network. VM networks help you to do this. VM networks are abstract objects that act as an interface to logical networks.

Create a VM Network (Network Virtualization)

1. Click Virtual Machines > Virtual Networks > Create Virtual Network.

2. In Create Virtual Network Wizard > Choose Subscription and Connection from the drop down list and Click Save button.

3. In Create Network Wizard > Name, type in a name and description and select a logical network on which to base the VM network.

4. In Add Subnets click Add Subnet and specify subnets for the VM network using CIDR notation and provide the starting IP address from the specified subnet and the number of IPs to be managed by this pool. You can add multiple subnets.

5. Click Save. Verify the network in Virtual Networks Tab.

Image: Configuring Network:

Update a VM Network (Network Virtualization)

1. Click Virtual Machines > Virtual Networks.

2. Click Edit Network Button against the VM Network that you want to update.

3. In Update Network Wizard, make necessary changes and Click Save.

Delete a VM Network (Network Virtualization)

1. Click Virtual Machines > Virtual Networks.

2. Click Delete Network Button against the VM Network that you want to delete.

VM Network Dashboard

1. Click Virtual Machines > Virtual Networks.

2. Drill down the VM Network.

This will give a brief information about the VM Network, say

• • VM Network Name

  • VM Network Description

  • Network ID

  • Logical Network

  • Connection Type

  • Resource Group

  • VM Subnets

VM Network Configuration

Set up NAT for traffic forwarding in the SDN infrastructure

NAT allows virtual machines in an isolated SDN virtual network to obtain external connectivity. VMM configures a Virtual IP (VIP) to forward the traffic to and from an external network. Two types of NAT supported by VMM, Inbound NAT and Outbound NAT.

• Outbound NAT - Forwards the VM network traffic from a virtual network to external destinations.

• Inbound NAT - Forwards the external traffic to a specific VM in a virtual network.

Create a NAT Connection

1. Click Virtual Machines > Virtual Networks.

2. Drill down the VM Network.

3. Click on Configure Tab > Select Enable direct internet access using NAT option.

4. Provide Gateway Subnet for routing packets out of the VM Network.

5. Click Save.

A NAT connection will be created for this VM network.

Note:

Along with the NAT connection, this procedure also creates a default Outbound NAT rule that enables the outbound connectivity for the VM network.

To enable Inbound connectivity and forward an external traffic to a specific VM, you must add NAT rules to the NAT connection.

Add NAT Rules to a NAT Connection

1. Click Virtual Machines > Virtual Networks.

2. Drill down the VM Network.

3. Click on Rules > Add Rule.

4. In the Add Rule Wizard, type the following details as appropriate,

• Rule Name – Name for the inbound NAT rule.

• Protocol – Inbound network traffic protocol. TCP/UDP are supported.

• Source Port – Port number that you want to use along with the VIP to access the VM.

• Destination IP Address– IP address of the VM to which you want to direct the external traffic.

• Destination Port – Port number on the VM, the external traffic should be forwarded to.

1. Click Save.

Note:

Multiple NAT rules can be created to forward the external traffic to multiple VMs that are part of the VM network.

Delete NAT Rules from a NAT Connection

1. Click Virtual Machines > Virtual Networks.

2. Drill down the VM Network.

3. Click on Rules.

4. Click on Delete Rule Button against the NAT Rule that you want to delete.

Remove a NAT Connection

1. Click Virtual Machines > Virtual Networks.

2. Drill down the VM Network.

3. Click on Configure Tab > Clear Enable direct internet access using NAT option.

4. Click Save.

Note:

On removing a NAT Connection from a VM Network, all the NAT Rules created as part of this VM Network will be deleted.

Highlights:

A search-first experience helps you to quickly find the Inbound NAT Rules that you are looking for.

4. Site-to-Site VPN

A site-to-site VPN connection allows you to securely connect two networks at different physical locations by using Internet.

Configure Site-to-Site VPN Connection via IPSec Tunnel

1. Click Virtual Machines > Virtual Networks.

2. Drill down the VM Network.

3. Click on Configure Tab > Select Enable Gateway option.

4. Provide Gateway Subnet for routing packets out of the VM Network. Optionally, to enable BGP (Border Gateway Protocol) peering in your datacenter, select Enable BGP for automatic address space.

1. If you have selected Enable BGP for automatic address space, then you can fill out your ASN (Autonomous System Number) , peer BGP IP, and its ASN as shown below:

1. Click Save.

2. Now, Click on Site-to-Site VPN Tab > Create VPN.

3. Type a name for the connection, IP address of the remote endpoint and Shared Key (Password of the Run As Account respective to this Site-to-Site VPN Connection). Optionally, configure the bandwidth.

4. In Address Space, type all the remote subnets that you want to connect to.

1. Click Save. Verify the Site-to-Site VPN Connection in the Site-to-Site VPN Tab.

Note:

To validate the connection, try to ping the remote endpoint IP address from one of the virtual machines on your VM network.

Update Site-to-Site VPN Connection

1. Click Virtual Machines > Virtual Networks.

2. Drill down the VM Network.

3. Click on Site-to-Site VPN.

4. Click Edit VPN Button against the VPN Connection that you want to update.

1. In the Edit VPN Wizard, make necessary changes and Click Save.

Update Shared Key used for Run As Account respective to Site-to-Site VPN Connection

1. Click Virtual Machines > Virtual Networks.

2. Drill down the VM Network.

3. Click on Site-to-Site VPN.

4. Click Set Key Button against the VPN Connection to update the Shared Key for the respective VPN Connection.

1. Provide Shared Key and click Save.

Delete Site-to-Site VPN Connection

1. Click Virtual Machines > Virtual Networks.

2. Drill down the VM Network.

3. Click on Site-to-Site VPN.

4. Click on Delete VPN Button against the Site-to-Site VPN Connection that you want to delete.

Enable/Disable Site-to-Site VPN Connection

1. Click Virtual Machines > Virtual Networks.

2. Drill down the VM Network.

3. Click on Site-to-Site VPN.

4. Click on Enable/Disbale VPN Button against the Site-to-Site VPN Connection that you want to enable/disable.

Note:

By default, on Site-to-Site VPN Connection creation results in ‘Enabled’ status when Site-to-Site VPN is created successfully.

Highlights:

A search-first experience helps you to quickly find the Site-to-Site VPN Connections that you are looking for.

Remove VM Network Gateway

1. Click Virtual Machines > Virtual Networks.

2. Drill down the VM Network.

3. Click on Configure Tab > Clear Enable Gateway option.

4. Click Save.

Note:

On removing a VM Network Gateway from a VM Network, all the Site-to-Site VPN and BGP Settings will be removed.

DNS Servers Configuration

DNS Servers Configuration is an optional setting. You can add DNS Servers to your VM network for name resolution. If you want to have name resolution between this VM network and your on-premise network, you should specify the DNS Server that is used for your on-premises name resolution. You can also specify public DNS Server.

1. Click Virtual Machines > Virtual Networks.

2. Drill down the VM Network.

3. Click on Configure Tab > DNS Servers > Provide DNS Servers.

4. Click Save.