# Software-Defined Network (SDN) Overview A software-defined network (SDN) abstract physical hardware network infrastructure into virtual networks on System Center VMM using Hybr. This document describes the following network configuration capabilities using Hybr * Configure Network Virtualization * Configure NAT * Configure gateway * Site to Site VPN and DNS configuration ## Set up VM networks in the VMM fabric from Hybr In a virtualized network environment, we want to abstract virtual machines from the underlying logical network. VM networks help you to do this. VM networks are abstract objects that act as an interface to logical networks. ### Create a VM Network (Network Virtualization) 1. Click **Virtual Machines > Virtual Networks > Create Virtual Network**. 2. In **Create Virtual Network** Wizard > Choose **Subscription** and **Connection** from the drop down list and Click **Save** button. 3. In **Create Network** Wizard > **Name**, type in a name and description and select a logical network on which to base the VM network. 4. In **Add Subnets** click **Add Subnet** and specify subnets for the VM network using CIDR notation and provide the starting IP address from the specified subnet and the number of IPs to be managed by this pool. You can add multiple subnets. 5. Click **Save**. Verify the network in **Virtual Networks** Tab. *Image: Configuring Network:* ![](/files/881k0YKyhnekJ3cTiVQz) ![](/files/QBomaViSdpvsrOoKJXUc) ![](/files/p5E9gjGDpxPJKr6Xg3Ee) ### Update a VM Network (Network Virtualization) 1. Click **Virtual Machines > Virtual Networks.** 2. Click **Edit Network** Button against the VM Network that you want to update. 3. In **Update Network** Wizard, make necessary changes and Click **Save**. ![](/files/UWEHMZ4ofBgmF9sHgMyd) ![](/files/FjA7aiZASLlnWomAgUuy) ### Delete a VM Network (Network Virtualization) 1. Click **Virtual Machines > Virtual Networks.** 2. Click **Delete Network** Button against the VM Network that you want to delete. ![](/files/qf1rryvcAGEt9CSFbX3j) ## VM Network Dashboard 1. Click **Virtual Machines > Virtual Networks.** 2. Drill down the **VM Network**. This will give a brief information about the VM Network, say * * VM Network Name * VM Network Description * Network ID * Logical Network * Connection Type * Resource Group * VM Subnets ![](/files/3sfg15dPciVYbHVig693) ## VM Network Configuration ### Set up NAT for traffic forwarding in the SDN infrastructure NAT allows virtual machines in an isolated SDN virtual network to obtain external connectivity. VMM configures a Virtual IP (VIP) to forward the traffic to and from an external network. Two types of NAT supported by VMM, **Inbound** NAT and **Outbound** NAT. * **Outbound NAT** - Forwards the VM network traffic from a virtual network to external destinations. * **Inbound NAT** - Forwards the external traffic to a specific VM in a virtual network. ### Create a NAT Connection 1. Click **Virtual Machines > Virtual Networks.** 2. Drill down the **VM Network**. 3. Click on **Configure** Tab > Select **Enable direct internet access using NAT** option. 4. Provide **Gateway Subnet** for routing packets out of the VM Network. 5. Click **Save**. A NAT connection will be created for this VM network. Note**:** **Along with the NAT connection, this procedure also creates a default Outbound NAT rule that enables the outbound connectivity for the VM network.** **To enable Inbound connectivity and forward an external traffic to a specific VM, you must add NAT rules to the NAT connection.** ![](/files/-M5fLLOtr01ssJx7GYlj) #### Add NAT Rules to a NAT Connection 1. Click **Virtual Machines > Virtual Networks.** 2. Drill down the **VM Network**. 3. Click on **Rules** > **Add Rule**. 4. In the **Add Rule** Wizard, type the following details as appropriate, * **Rule Name** – Name for the inbound NAT rule. * **Protocol** – Inbound network traffic protocol. TCP/UDP are supported. * **Source Port** – Port number that you want to use along with the VIP to access the VM. * **Destination IP Address**– IP address of the VM to which you want to direct the external traffic. * **Destination Port** – Port number on the VM, the external traffic should be forwarded to. 1. Click **Save**. **Note:** Multiple NAT rules can be created to forward the external traffic to multiple VMs that are part of the VM network. ![](/files/-M5fLLOucaXsx9Nylxw6) #### Delete NAT Rules from a NAT Connection 1. Click **Virtual Machines > Virtual Networks.** 2. Drill down the **VM Network**. 3. Click on **Rules**. 4. Click on **Delete Rule** Button against the NAT Rule that you want to delete. ![](/files/-M5fLLOv-7faFiS0Ypw9) ### Remove a NAT Connection 1. Click **Virtual Machines > Virtual Networks.** 2. Drill down the **VM Network**. 3. Click on **Configure** Tab > Clear **Enable direct internet access using NAT** option. 4. Click **Save**. **Note:** On removing a NAT Connection from a VM Network, all the NAT Rules created as part of this VM Network will be deleted. **Highlights:** A search-first experience helps you to quickly find the Inbound NAT Rules that you are looking for. ![](/files/-M5fLLOw8ht1-p8lYiLG) ## 4. Site-to-Site VPN A site-to-site VPN connection allows you to securely connect two networks at different physical locations by using Internet. ### Configure Site-to-Site VPN Connection via IPSec Tunnel 1. Click **Virtual Machines > Virtual Networks.** 2. Drill down the **VM Network**. 3. Click on **Configure** Tab > Select **Enable Gateway** option. 4. Provide **Gateway Subnet** for routing packets out of the VM Network. Optionally, to enable BGP (Border Gateway Protocol) peering in your datacenter, select **Enable BGP for automatic address space.** ![](/files/-M5fLLOxl3wE9YPCDDCC) 1. If you have selected **Enable BGP for automatic address space**, then you can fill out your ASN (Autonomous System Number) , peer BGP IP, and its ASN as shown below: ![](/files/-M5fLLOyTfpyYSXlyh4h) 1. Click **Save**. 2. Now, Click on **Site-to-Site VPN** Tab **> Create VPN**. 3. Type a **name** for the connection, IP address of the **remote endpoint** and **Shared Key** (Password of the **Run As** Account respective to this Site-to-Site VPN Connection). Optionally, configure the **bandwidth**. 4. In **Address Space**, type all the remote subnets that you want to connect to. ![](/files/-M5fLLOzNg8-x1xdqQfZ) ![](/files/-M5fLLP-w1B1UGtg2eMD) 1. Click **Save**. Verify the Site-to-Site VPN Connection in the Site-to-Site VPN Tab. ![](/files/-M5fLLP0Yuws4j4wBW6K) **Note:** To validate the connection, try to ping the remote endpoint IP address from one of the virtual machines on your VM network. ### Update Site-to-Site VPN Connection 1. Click **Virtual Machines > Virtual Networks.** 2. Drill down the **VM Network**. 3. Click on **Site-to-Site VPN**. 4. Click **Edit VPN** Button against the VPN Connection that you want to update. ![](/files/-M5fLLP1xnUv2jaboQto) 1. In the Edit VPN Wizard, make necessary changes and Click **Save**. ![](/files/-M5fLLP2QlHA6KV6AbsV) ### Update Shared Key used for Run As Account respective to Site-to-Site VPN Connection 1. Click **Virtual Machines > Virtual Networks.** 2. Drill down the **VM Network**. 3. Click on **Site-to-Site VPN**. 4. Click **Set Key** Button against the VPN Connection to update the **Shared Key** for the respective VPN Connection. ![](/files/-M5fLLP3P6hmMD-6rhgw) ![](/files/-M5fLLP4sQPh3BYmqHdz) 1. Provide **Shared Key** and click **Save**. ### Delete Site-to-Site VPN Connection 1. Click **Virtual Machines > Virtual Networks.** 2. Drill down the **VM Network**. 3. Click on **Site-to-Site VPN**. 4. Click on **Delete VPN** Button against the Site-to-Site VPN Connection that you want to delete. ![](/files/-M5fLLP5xBFN40c1KKDd) ![](/files/-M5fLLP63hRyVKZEqK6M) ### Enable/Disable Site-to-Site VPN Connection 1. Click **Virtual Machines > Virtual Networks.** 2. Drill down the **VM Network**. 3. Click on **Site-to-Site VPN**. 4. Click on **Enable/Disbale VPN** Button against the Site-to-Site VPN Connection that you want to enable/disable. **Note:** By default, on Site-to-Site VPN Connection creation results in ‘Enabled’ status when Site-to-Site VPN is created successfully. ![](/files/-M5fLLP7_yWL-xGsXK5_) ![](/files/-M5fLLP8n2fQDokTBrrv) **Highlights:** A search-first experience helps you to quickly find the Site-to-Site VPN Connections that you are looking for. ![](/files/-M5fLLP9ml_K2sCLXk-i) ### Remove VM Network Gateway 1. Click **Virtual Machines > Virtual Networks.** 2. Drill down the **VM Network**. 3. Click on **Configure** Tab > Clear **Enable Gateway** option. 4. Click **Save**. **Note:** On removing a VM Network Gateway from a VM Network, all the Site-to-Site VPN and BGP Settings will be removed. ## DNS Servers Configuration DNS Servers Configuration is an optional setting. You can add DNS Servers to your VM network for name resolution. If you want to have name resolution between this VM network and your on-premise network, you should specify the DNS Server that is used for your on-premises name resolution. You can also specify public DNS Server. 1. Click **Virtual Machines > Virtual Networks.** 2. Drill down the **VM Network**. 3. Click on **Configure** Tab > **DNS Servers** > Provide DNS Servers. 4. Click **Save**. ![](/files/-M5fLLPA63OCoI1CzD4y) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cloudassert.com/hybr/features/tenant/software-defined-network-sdn.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.