issuhub.com

Mastering Windows Server 2016 Hyper-V

(Romina) #1

multitenant gateway solution; the gateway VMs can run on the same hosts as VMs in
a virtual network.


BGP and BGP transit routing are also supported. This solves the problem traditionally
associated with adding new subnets to a virtual network: Other networks would not
know how to get to the subnet without being manually configured. With BGP, as new
subnets are added, the BGP instance (the gateway) will notify all other BGP instances
of the new subnet and of the route to get to that subnet. Additionally, BGP transit
routing adds the capability for BGP instances not only to notify other routes that it can
be used to get to its subnets, but it can also notify routers of other networks that it can
be used to access. This means that if another part of the network loses its direct
connection to a network, it could use the BGP instance as an extra hop still to reach
the target.


BGP ROUTE   REFLECTOR

Ordinarily, all the BGP instances   form    a   mesh,   with    every   instance    talking to

every   other   to  enable  the full    synchronization of  routing.    To  avoid   the need    for

this    full-mesh   connectivity    and considerable    network traffic,    you can use a   BGP

route   reflector,  which   is  included    as  part    of  SDNv2.  With    a   BGP route   reflector,  all

BGP instances   communicate only    with    the route   reflector,  which   is  responsible

for the learning    of  all routes, calculating the best    routes, and then    distributing

those   routes  to  all BGP instances.  The first   gateway deployed    for each    tenant

becomes the BGP route   reflector.

When    using   BGP,    you can work    with    several useful  PowerShell  cmdlets.    You can

use Get-BgpRouter   to  view    the particular  BGP router  being   used    and its

configuration,  Get-BgpPeer to  see any BGP peers,  and Get-BgpRouteInformation

to  see known   routes.

A single gateway instance has the following capacity:


100 tenants

200 site-to-site    VPN tunnels

15,000  routes  learned via BGP

8Gbps   L3  forwarding  throughput

2.5Gbps GRE gateway throughput

300Mbps (one    core)   per IPsec   tunnel  (site-to-site   VPN)

Datacenter Firewall


Traditional network security focuses primarily on the network’s perimeter. Firewall
devices on the edge of the network allow certain types of traffic into a set of specific
hosts in a perimeter network (the DMZ), which has another set of firewalls allowing

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.