Gallery.technet.microsoft.com
Windows Server 2012 R2 Routing and Remote Access Service (RRAS) Multitenant Gateway Deployment Guide
Microsoft Corporation
Published: March, 2014
Author: James McIllece
Technical contributors: Ramandeep Singh Dhillon, Uma Mahesh Mudigonda
Abstract
This guide demonstrates how to use Windows PowerShell to deploy RRAS as a virtual machine (VM)-based multitenant software gateway and Border Gateway Protocol (BGP) router that allows CSPs and Enterprises to enable datacenter and cloud network traffic routing between virtual and physical networks, including the Internet.
With the RRAS Multitenant Gateway, you can create site-to-site VPN connections between your tenants' physical locations and your cloud datacenter. You can also provide tenants with point-to-site VPN connections that allow tenant Administrators to access and manage their VM resources from anywhere. The RRAS Multitenant Gateway also allows you to configure Network Address Translation (NAT), so that tenant VMs can access the Internet, and you can deploy dynamic routing by configuring the gateway and tenant gateways with BGP.
Copyright Information for Windows Server Documentation
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
© 2009 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, OneApp, SQL Server, BranchCache, Windows, and Windows Server are trademarks of the Microsoft group of companies.
All other trademarks are property of their respective owners
Contents
Windows Server 2012 R2 RRAS Multitenant Gateway Deployment Guide 6
Who will be interested in this guide? 6
What this guide provides 7
RRAS Multitenant Gateway deployment requirements 7
RRAS Multitenant Gateway deployment overview 7
See Also 10
Configure the RRAS Multitenant Gateway for use with Hyper-V Network Virtualization 10
See Also 10
Configure the Hyper-V Network Virtualization Host and Tenant VMs 10
See Also 10
Configure the Hyper-V Network Virtualization Host 11
Windows PowerShell script explanation 11
Full Windows PowerShell script 12
Windows PowerShell command reference links 18
See Also 18
Configure the tenant VM Contoso App 1 18
Full Windows PowerShell script 19
See Also 20
Configure the tenant VM Contoso App 2 20
Full Windows PowerShell script 20
See Also 21
Configure the tenant VM Fabrikam App 1 21
Full Windows PowerShell script 22
See Also 22
Configure the tenant VM Fabrikam App 2 23
Full Windows PowerShell script 23
See Also 24
Configure the RRAS Multitenant Gateway Hyper-V Host and VM 24
See Also 24
Configure the RRAS Multitenant Gateway Hyper-V Host 24
Windows PowerShell script explanation 25
Full Windows PowerShell script 26
Windows PowerShell command reference links 30
See Also 31
Configure the RRAS Multitenant Gateway VM 31
RRAS installation Windows PowerShell script 32
MTGW Configuration Windows PowerShell script 33
Windows PowerShell command reference links 34
See Also 34
Configure the RRAS Multitenant Gateway for use with VLANs 34
See Also 35
Configure the Hyper-V VLAN Host and Tenant VMs 35
See Also 35
Configure the Hyper-V VLAN Host 35
Windows PowerShell script explanation 36
Full Windows PowerShell script 36
Windows PowerShell command reference links 42
See Also 43
Configure the VLAN tenant VM Contoso App 1 43
Full Windows PowerShell script 43
See Also 44
Configure the VLAN tenant VM Contoso App 2 44
Full Windows PowerShell script 45
See Also 46
Configure the VLAN tenant VM Fabrikam App 1 46
Full Windows PowerShell script 46
See Also 47
Configure the VLAN tenant VM Fabrikam App 2 47
Full Windows PowerShell script 48
See Also 49
Configure the RRAS MTGW Hyper-V Host for VLANs 49
Windows PowerShell script explanation 49
Full Windows PowerShell script 50
Windows PowerShell command reference links 54
See Also 55
Configure the RRAS Multitenant Gateway VM for VLANs 55
RRAS installation Windows PowerShell script 56
MTGW Configuration Windows PowerShell script 57
Windows PowerShell command reference links 58
See Also 58
Configure the RRAS Multitenant Gateway for Site-to-Site VPN Connections 59
Windows PowerShell script explanation 59
Full Windows PowerShell script 59
Windows PowerShell command reference links 60
See Also 60
Configure the RRAS Multitenant Gateway to Perform Network Address Translation for Tenant Computers 61
Prerequisites 61
To enable NAT on the public interface 61
Windows PowerShell command reference links 62
See Also 62
Configure the RRAS Multitenant Gateway for Dynamic Routing with BGP 62
Prerequisites 62
To enable BGP on the RRAS MTGW 62
Windows PowerShell command reference links 64
See Also 64
Additional Resources 64
Border Gateway Protocol (BGP) Overview 64
Router Versions in Windows Server 2012 R2 66
BGP Supported Deployment Topologies 66
RRAS VPN Site-to-Site Gateway with BGP at Enterprise site edge 67
Third party Gateway with BGP at Enterprise site edge 67
Multiple Enterprise sites with third party gateways 68
Separate termination points for BGP and VPN 69
BGP Features 70
See Also 71
Windows Server 2012 R2 RRAS Multitenant Gateway Deployment Guide
This guide is also available on the Web at .
This guide contains the following sections.
• Configure the RRAS Multitenant Gateway for use with Hyper-V Network Virtualization
• Configure the RRAS Multitenant Gateway for use with VLANs
• Configure the RRAS Multitenant Gateway for Site-to-Site VPN Connections
• Configure the RRAS Multitenant Gateway to Perform Network Address Translation for Tenant Computers
• Configure the RRAS Multitenant Gateway for Dynamic Routing with BGP
• Additional Resources
In Windows Server® 2012 R2, the Remote Access server role includes the Routing and Remote Access Service (RRAS) role service.
This guide demonstrates how to use Windows PowerShell to deploy RRAS as a virtual machine (VM)-based software gateway and router that allows Cloud Service Providers (CSPs) and Enterprises to enable datacenter and cloud network traffic routing between virtual and physical networks, including the Internet. You can deploy VM networks by using either Hyper-V Network Virtualization or Virtual Local Area Networks (VLANs).
RRAS is integrated with Hyper-V Network Virtualization, and is able to route network traffic effectively in circumstances where there are many different customers – or tenants – who have isolated virtual networks in the same datacenter.
Multi-tenancy is the ability of a cloud infrastructure to support the virtual machine workloads of multiple tenants, but isolate them from each other, while all of the workloads run on the same infrastructure. The multiple workloads of an individual tenant can interconnect and be managed remotely, but these systems do not interconnect with the workloads of other tenants, nor can other tenants remotely manage them.
[pic]Note
If you are using System Center 2012 R2 and Virtual Machine Manager, you can deploy Hyper-V Network Virtualization with Windows Server Gateway rather than deploying RRAS as a Multitenant Gateway using Windows PowerShell. If you are not using System Center, this guide provides instructions on how to deploy an RRAS Multitenant Gateway using only Windows PowerShell. For more information, see Windows Server Gateway.
Who will be interested in this guide?
Information Technology professionals that might be interested in this guide:
• Network administrators and architects who work for Cloud Service Providers
• Network administrators and architects who work for large organizations with Enterprise networks
• Other network and systems administrators who want to learn how to deploy virtual networking technologies by using Windows PowerShell
What this guide provides
This deployment guide allows you to deploy the RRAS Multitenant Gateway (MTGW) by using Windows PowerShell. Using the RRAS MTGW, you can:
• Provide your tenants with dial-in VPN access to their resources in your datacenter
• Use the RRAS Multitenant Gateway as an endpoint for multiple tenant site-to-site VPN connections to their remote sites
• Route traffic between Network Virtualization-based VM Networks and the Internet
• Route traffic between VLAN-based VM Networks and the Internet
In addition, you can configure the gateway with Network Address Translation (NAT) services so that your tenant VMs can access Internet resources.
RRAS Multitenant Gateway deployment requirements
Following are the requirements for deploying the RRAS MTGW by using this guide.
• You must have a minimum of two computers that are running Windows Server 2012 R2, one to use as the Hyper-V Network Virtualization host, and one to use as the Hyper-V host that runs the RRAS Multitenant Gateway VM.
• The Hyper-V host used for Network Virtualization or VM VLAN deployment must be running Windows Server 2012 R2 with a minimum of 16 GB RAM and at least one network adapter.
• The Hyper-V host used for the RRAS Multitenant Gateway must be running Windows Server 2012 R2 with a minimum of 8 GB RAM and at least two network adapters.
[pic]Important
For production environment deployments, requirements for the computer running Hyper-V with one or more VMs configured as a RRAS MTGW are the same as for Windows Server Gateway. For more information, see Windows Server Gateway Hardware and Configuration Requirements.
RRAS Multitenant Gateway deployment overview
The following illustration depicts the RRAS Multitenant Gateway and a Hyper-V Network Virtualization server and VMs that you can deploy by using this guide.
[pic]
For more information see either of the following sections:
• Configure the RRAS Multitenant Gateway for use with Hyper-V Network Virtualization
• Configure the RRAS Multitenant Gateway for use with VLANs
Site-to-site VPN connections
You can configure the RRAS Multitenant Gateway with site-to-site VPN connections to your tenants’ Enterprise network sites:
[pic]
For more information, see Configure the RRAS Multitenant Gateway for Site-to-Site VPN Connections.
Point-to-site VPN access
You can provide your tenants’ Administrators with point-to-site VPN access from anywhere on any device:
[pic]
Network Address Translation (NAT) for VM Internet access
You can configure Network Address Translation (NAT) to allow Internet access to tenant VMs for commerce-based and other applications running on the VMs:
[pic]
For more information, see Configure the RRAS Multitenant Gateway to Perform Network Address Translation for Tenant Computers.
Border Gateway Protocol (BGP) Routing
You can configure the RRAS Multitenant Gateway as a BGP router.
For more information, see Configure the RRAS Multitenant Gateway for Dynamic Routing with BGP.
See Also
Additional Resources
Configure the RRAS Multitenant Gateway for use with Hyper-V Network Virtualization
This section contains the following topics.
• Configure the Hyper-V Network Virtualization Host and Tenant VMs
• Configure the RRAS Multitenant Gateway Hyper-V Host and VM
See Also
Additional Resources
Configure the Hyper-V Network Virtualization Host and Tenant VMs
You can use the topics in this section to configure a Hyper-V Host with Network Virtualization. In addition, you can create tenant virtual machines (VMs). This section contains the following topics.
• Configure the Hyper-V Network Virtualization Host
• Configure the tenant VM Contoso App 1
• Configure the tenant VM Contoso App 2
• Configure the tenant VM Fabrikam App 1
• Configure the tenant VM Fabrikam App 2
See Also
Additional Resources
Configure the Hyper-V Network Virtualization Host
You can use this topic to configure a Hyper-V host with Network Virtualization, including two tenant VM networks with two VMs per network.
This topic contains the following sections.
• Windows PowerShell script explanation
• Full Windows PowerShell script
• Windows PowerShell command reference links
[pic]Important
Before you run the script that is provided in this topic, you must install the Hyper-V server role on the host computer. To install Hyper-V and restart the computer, open Windows PowerShell with Administrator privileges and run the following commands.
## Install Hyper-V ##
Get-WindowsFeature *hyper* | Install-WindowsFeature
## Restart the computer immediately ##
shutdown /r /t 0
Windows PowerShell script explanation
In the first section of the script, named “Macros for Multitenant (MT) Cloud Gateway (GW),” macros are used to define variables that are used throughout the script within the Windows PowerShell commands. For example, the following macro defines a VM name:
$CloudVM_ContosoVM1_Name = "ContosoApp1"
In script commands, the actual VM name of “ContosoApp1” is not used; instead the macro name is used, “$CloudVM_ContosoVM1_Name.” If needed, this allows you to change the values of macros one time rather than changing actual values throughout an entire script.
Ensure that you review all of the macro values in this section so that they are appropriate for your deployment.
In the second section of the script, “Create a virtual switch and create tenant VMs,” the Hyper-V host network adapter named “Ethernet” is renamed to “CloudNic,” and a new virtual switch is created. Next, four VMs are created – ContosoApp1, ContosoApp2, FabrikamApp1, and FabrikamApp2. All four VMs are allocated 2 GB of Random Access Memory (RAM) for a total of 8 GB. Ensure that your host computer has sufficient RAM to support this configuration.
In this same section, the VM network adapters are renamed and assigned Virtual Subnet IDs, or VSIDs.
In the third section of the script, named “Cleanup Cloud-VM Host,” any existing Network Virtualization settings are removed from the Hyper-V host, including Network Virtualization Lookup Records, Network Virtualization Customer Routes, and Network Virtualization Provider Addresses. Cleanup is verified by using the Get commands.
In the fourth section of the script, named “Configure Cloud-VM Host,” Network Virtualization Lookup Records, Network Virtualization Customer Routes, and Network Virtualization Provider Addresses are created for both tenants.
In the final section of the script, named “Retrieve Cloud VM Network Adapter configuration to verify correct settings,” Network Virtualization Lookup Records, Network Virtualization Customer Routes, and Network Virtualization Provider Addresses are obtained and displayed to verify that they are correctly configured.
Full Windows PowerShell script
Following is the full script that you can run on the Hyper-V host to configure the host with Network Virtualization and two VM networks with two VMS per VM network. Before you run the script, perform the following steps.
[pic]To run this script on a Hyper-V host
|1. Ensure that you replace all variables in the macro section at the beginning of the script with values that are |
|appropriate for your deployment. For example, if you have a tenant named Woodgrove but do not have a tenant named Contoso,|
|replace all instances of the company name Contoso with the name Woodgrove. |
|2. This script creates two VMs per tenant. If your tenants need more than two VMs, add the necessary code to create and |
|configure additional VMs. |
|3. If you have more than two tenants, add the necessary code to configure additional tenant VMs and VM networks. |
|4. Ensure that the value for the macro $CloudNIC matches the name of a network adapter on the Hyper-V host. If it doesn’t,|
|creation of the virtual switch and VM will fail when you run this script. If you want to change the name of an existing |
|network adapter to the new name CloudNic to match the script, you can run the following Windows PowerShell command after |
|adding values that match your network adapter configuration. |
|Rename-NetAdapter [-Name] [-NewName] CloudNic |
|5. Determine the Provider Addresses, Customer Addresses, Virtual Subnet ID’s, and other values that you prefer to use. You|
|can keep the values in the script or you can change them to suit your deployment. |
|6. If you change any values in this script or the other scripts provided in this document, ensure that the values are |
|changed in all of the scripts. For example, if you want to change the tenant name Contoso to the name Woodgrove (or to the|
|name of one of your actual tenants), ensure that you change Contoso to Woodgrove in all scripts before running them. |
|7. Copy the Windows PowerShell script below to the Multitenant Gateway Hyper-V host. |
|8. On the Hyper-V host, open Windows PowerShell with Administrator privileges. Run the script by typing the folder |
|location and file name of the script. For example, if the file name of the script is HNVHostConfig.ps1 and the folder |
|location is C:\Users\Administrator\Documents, type C:\Users\Administrator\Documents\HNVHostConfig.ps1, and then press |
|ENTER. |
##### Macros for Multitenant (MT) Cloud Gateway (GW) #####
$CloudVM_ContosoVM1_Name = "ContosoApp1"
$ContosoVM1_VHDPath = "C:\VMs\ContosoApp1\ContosoApp1.vhd"
$CloudVM_ContosoVM2_Name = "ContosoApp2"
$ContosoVM2_VHDPath = "C:\VMs\ContosoApp2\ContosoApp2.vhd "
$CloudVM_FabrikamVM1_Name = "FabrikamApp1"
$FabrikamVM1_VHDPath = "C:\VMs\FabrikamApp1\ FabrikamApp1.vhd"
$CloudVM_FabrikamVM2_Name = "FabrikamApp2"
$FabrikamVM2_VHDPath = "C:\VMs\FabrikamApp1\ FabrikamApp1.vhd"
$SwitchName = "CloudSwitch"
$CloudNIC = "CloudNic"
$MTNicMac = "00155DE20A00"
$Tenant1VM1Name = “ContosoVM1”
$Tenant1VM2Name = “ContosoVM2”
$Tenant2VM1Name = “FabrikamVM1”
$Tenant2VM2Name = “FabrikamVM2”
$Cloud_GW_ProviderAddress = "192.168.0.11"
$Cloud_VM_ProviderAddress = "192.168.0.22"
$Contoso_CloudGW_IP = "10.0.2.2"
$Contoso_CloudGW_DefaultGW = "10.0.2.1"
$Contoso_CloudGW_Subnet = "10.0.2.0/24"
$Contoso_CloudVM_IP = "10.0.1.101"
$Contoso_CloudVM2_IP = "10.0.1.111"
$Contoso_CloudVM_DefaultGW = "10.0.1.1"
$Contoso_CloudVM_Subnet = "10.0.1.0/24"
$ContosoVMNicMac = "00155DE2AB00"
$ContosoVM2NicMac = "00155DE2AB01"
$ContosoDefaultNicMac = "001122334455"
$ContosoRoutinGDomainGuid = "{12345678-1000-2000-3000-123456780001}"
$ContosoVSID_GW = "6001"
$ContosoVSID_VM = "6000"
$Fabrikam_CloudGW_IP = "10.0.2.2"
$Fabrikam_CloudGW_DefaultGW = "10.0.2.1"
$Fabrikam_CloudGW_Subnet = "10.0.2.0/24"
$Fabrikam_CloudVM_IP = "10.0.1.101"
$Fabrikam_CloudVM2_IP = "10.0.1.111"
$Fabrikam_CloudVM_DefaultGW = "10.0.1.1"
$Fabrikam_CloudVM_Subnet = "10.0.1.0/24"
$FabrikamVMNicMac = "00155DE2AB02"
$FabrikamVM2NicMac = "00155DE2AB03"
$FabrikamDefaultNicMac = "001122334466"
$FabrikamRoutinGDomainGuid = "{12345678-1000-2000-3000-123456780002}"
$FabrikamVSID_GW = "7001"
$FabrikamVSID_VM = "7000"
## Start on Cloud VM Host ##
##### Create a virtual switch and create tenant VMs #####
Rename-NetAdapter -Name Ethernet -NewName $CloudNic
New-VMSwitch "CloudSwitch" -NetAdapterName $CloudNic -AllowManagementOS $false
New-VM $CloudVM_ContosoVM1_Name -MemoryStartupBytes 2GB -VHDPath $ContosoVM1_VHDPath -SwitchName $SwitchName
New-VM $CloudVM_ContosoVM2_Name -MemoryStartupBytes 2GB -VHDPath $ContosoVM2_VHDPath -SwitchName $SwitchName
New-VM $CloudVM_FabrikamVM1_Name -MemoryStartupBytes 2GB -VHDPath $FabrikamVM1_VHDPath -SwitchName $SwitchName
New-VM $CloudVM_FabrikamVM2_Name -MemoryStartupBytes 2GB -VHDPath $FabrikamVM2_VHDPath -SwitchName $SwitchName
Rename-VMNetworkAdapter -VMName $CloudVM_ContosoVM1_Name -Name "Network Adapter" -NewName $CloudNic
Rename-VMNetworkAdapter -VMName $CloudVM_ContosoVM2_Name -Name "Network Adapter" -NewName $CloudNic
Rename-VMNetworkAdapter -VMName $CloudVM_FabrikamVM1_Name -Name "Network Adapter" -NewName $CloudNic
Rename-VMNetworkAdapter -VMName $CloudVM_FabrikamVM2_Name -Name "Network Adapter" -NewName $CloudNic
Set-VMNetworkAdapter -VMName $CloudVM_ContosoVM1_Name -VirtualSubnetId $ContosoVSID_VM
Set-VMNetworkAdapter -VMName $CloudVM_ContosoVM2_Name -VirtualSubnetId $ContosoVSID_VM
Set-VMNetworkAdapter -VMName $CloudVM_FabrikamVM1_Name -VirtualSubnetId $FabrikamVSID_VM
Set-VMNetworkAdapter -VMName $CloudVM_FabrikamVM2_Name -VirtualSubnetId $FabrikamVSID_VM
##### Cleanup Cloud-VM Host #####
Remove-NetVirtualizationCustomerRoute
Remove-NetVirtualizationLookupRecord
Remove-NetVirtualizationProviderAddress
Get-NetVirtualizationCustomerRoute
Get-NetVirtualizationLookupRecord
Get-NetVirtualizationProviderAddress
##### Configure Cloud-VM Host #####
#### Provider Address Configuration ####
$MTNic = Get-NetAdapter $CloudNIC
New-NetVirtualizationProviderAddress -ProviderAddress $Cloud_VM_ProviderAddress -InterfaceIndex $MTNic.InterfaceIndex -PrefixLength 24
#### Lookup and Customer Records Configuration ####
## Contoso Tenant ##
New-NetVirtualizationLookupRecord -CustomerAddress $Contoso_CloudVM_IP -VirtualSubnetID $ContosoVSID_VM -MACAddress $ContosoVMNicMac -ProviderAddress $Cloud_VM_ProviderAddress -Rule "TranslationMethodEncap" -Context $Tenant1VM1Name
New-NetVirtualizationLookupRecord -CustomerAddress $Contoso_CloudVM2_IP -VirtualSubnetID $ContosoVSID_VM -MACAddress $ContosoVM2NicMac -ProviderAddress $Cloud_VM_ProviderAddress -Rule "TranslationMethodEncap" -Context $Tenant1VM2Name
New-NetVirtualizationLookupRecord -CustomerAddress $Contoso_CloudVM_DefaultGW -VirtualSubnetID $ContosoVSID_VM -MACAddress $ContosoDefaultNicMac -ProviderAddress $Cloud_VM_ProviderAddress -Rule "TranslationMethodEncap" -Context "ContosoDefaultGW"
New-NetVirtualizationLookupRecord -CustomerAddress $Contoso_CloudGW_IP -VirtualSubnetID $ContosoVSID_GW -MACAddress $MTNicMac -ProviderAddress $Cloud_GW_ProviderAddress -Rule "TranslationMethodEncap" -Context "ContosoGWSubnet"
New-NetVirtualizationCustomerRoute -RoutingDomainID $ContosoRoutinGDomainGuid -VirtualSubnetID $ContosoVSID_VM -DestinationPrefix $Contoso_CloudVM_Subnet -NextHop 0.0.0.0
New-NetVirtualizationCustomerRoute -RoutingDomainID $ContosoRoutinGDomainGuid -VirtualSubnetID $ContosoVSID_GW -DestinationPrefix $Contoso_CloudGW_Subnet -NextHop 0.0.0.0
New-NetVirtualizationCustomerRoute -RoutingDomainID $ContosoRoutinGDomainGuid -VirtualSubnetID $ContosoVSID_GW -DestinationPrefix 0.0.0.0/0 -NextHop $Contoso_CloudGW_IP
## Fabrikam Tenant ##
New-NetVirtualizationLookupRecord -CustomerAddress $Fabrikam_CloudVM_IP -VirtualSubnetID $FabrikamVSID_VM -MACAddress $FabrikamVMNicMac -ProviderAddress $Cloud_VM_ProviderAddress -Rule "TranslationMethodEncap" -Context $Tenant2VM1Name
New-NetVirtualizationLookupRecord -CustomerAddress $Fabrikam_CloudVM2_IP -VirtualSubnetID $FabrikamVSID_VM -MACAddress $FabrikamVM2NicMac -ProviderAddress $Cloud_VM_ProviderAddress -Rule "TranslationMethodEncap" -Context $Tenant2VM2Name
New-NetVirtualizationLookupRecord -CustomerAddress $Fabrikam_CloudVM_DefaultGW -VirtualSubnetID $FabrikamVSID_VM -MACAddress $FabrikamDefaultNicMac -ProviderAddress $Cloud_VM_ProviderAddress -Rule "TranslationMethodEncap" -Context "FabrikamDefaultGW"
New-NetVirtualizationLookupRecord -CustomerAddress $Fabrikam_CloudGW_IP -VirtualSubnetID $FabrikamVSID_GW -MACAddress $MTNicMac -ProviderAddress $Cloud_GW_ProviderAddress -Rule "TranslationMethodEncap" -Context "FabrikamGWSubnet"
New-NetVirtualizationCustomerRoute -RoutingDomainID $FabrikamRoutinGDomainGuid -VirtualSubnetID $FabrikamVSID_VM -DestinationPrefix $Fabrikam_CloudVM_Subnet -NextHop 0.0.0.0
New-NetVirtualizationCustomerRoute -RoutingDomainID $FabrikamRoutinGDomainGuid -VirtualSubnetID $FabrikamVSID_GW -DestinationPrefix $Fabrikam_CloudGW_Subnet -NextHop 0.0.0.0
New-NetVirtualizationCustomerRoute -RoutingDomainID $FabrikamRoutinGDomainGuid -VirtualSubnetID $FabrikamVSID_GW -DestinationPrefix 0.0.0.0/0 -NextHop $Fabrikam_CloudGW_IP
## End of Cloud VM Host configuration ##
## Retrieve Cloud VM Network Adapter configuration to verify correct settings ##
Get-VMNetworkAdapter -VMName $CloudVM_ContosoVM1_Name, $CloudVM_ContosoVM2_Name, $CloudVM_FabrikamVM1_Name, $CloudVM_FabrikamVM2_Name | fl
Get-NetVirtualizationCustomerRoute
Get-NetVirtualizationLookupRecord
Get-NetVirtualizationProviderAddress
Windows PowerShell command reference links
The script in this topic uses the following Windows PowerShell commands. Click a link to open the help topic for the command.
• New-VMSwitch. Creates a new virtual switch on one or more virtual machine hosts.
• New-VM. Creates a new virtual machine.
• Rename-NetAdapter. Renames a network adapter.
• Rename-VMNetworkAdapter. Renames a virtual network adapter on a virtual machine or on the management operating system.
• Set-VMNetworkAdapter. Configures features of the virtual network adapter in a virtual machine or the management operating system.
• Remove-NetVirtualizationLookupRecord. Removes policy entries for IP addresses in a virtual network.
• Remove-NetVirtualizationProviderAddress. Deletes Provider Addresses.
• Get-NetVirtualizationCustomerRoute. Gets virtual network routes.
• Get-NetVirtualizationLookupRecord. Gets policy entries for VMs in a virtual network.
• Get-NetVirtualizationProviderAddress Gets Provider Addresses.
• New-NetVirtualizationProviderAddress. Assigns a Provider Address to a network interface.
• New-NetVirtualizationLookupRecord. Creates a policy entry for an IP address in a virtual network.
• New-NetVirtualizationCustomerRoute. Creates a virtual network route.
• Get-VMNetworkAdapter. Gets the virtual network adapters of a virtual machine, snapshot, management OS, or of a virtual machine and management OS.
See Also
Additional Resources
Configure the tenant VM Contoso App 1
You can use this topic to configure the virtual machine (VM) named ContosoApp1 on the Hyper-V Network Virtualization (HNV) host.
[pic]Important
The Windows PowerShell script that is provided in this topic must be run from within the VM named ContosoApp1. Do not run this script on the HNV host. In addition, you must replace variable values in the script with values that are appropriate for your deployment.
[pic]To configure the ContosoApp1 VM
|1. On the HNV host, open Hyper-V Manager, and then double-click the VM named ContosoApp1. The VM opens in a new window. |
|Start the VM. |
|2. During the operating system installation on the VM, create an Administrator password and provide other information as |
|required. |
|3. When installation is complete, log on to the VM. |
|4. Rename the computer and restart the VM by running the following Windows PowerShell commands. |
|Rename-Computer ContosoApp1 |
|Restart-Computer |
|5. After the computer is restarted, log on to the VM. |
|6. Copy the Windows PowerShell script below to the VM. |
|7. On the VM, open Windows PowerShell with Administrator privileges. Run the script by typing the folder location and file|
|name of the script. For example, if the file name of the script is ContosoApp1.ps1 and the folder location is |
|C:\Users\Administrator\Documents, type C:\Users\Administrator\Documents\ContosoApp1.ps1, and then press ENTER. |
Full Windows PowerShell script
Following is the full script that you can run on the VM ContosoApp1. This script configures the VM network adapter so that it will function correctly in the Contoso customer address space.
##### Macros for Cloud VM - ContosoApp1 #####
$Contoso_CloudVM_Address = "10.0.1.101"
$Contoso_CloudVM_DefaultGW = "10.0.1.1"
$Contoso_CloudVM_Subnet = "10.0.1.0/24"
$Contoso_CloudGW_Address = "10.0.2.2"
##### Configure Contoso Cloud VM #####
$iface = Get-NetAdapter -Name "Ethernet"
New-NetIPAddress $Contoso_CloudVM_Address -InterfaceIndex $iface.ifIndex -DefaultGateway $Contoso_CloudVM_DefaultGW -PrefixLength 24
Rename-NetAdapter -Name "Ethernet" -NewName "Cloud"
## End Cloud VM - Contoso Tenant Config ##
See Also
Additional Resources
Configure the tenant VM Contoso App 2
You can use this topic to configure the virtual machine (VM) named ContosoApp2 on the Hyper-V Network Virtualization (HNV) host.
[pic]Important
The Windows PowerShell script that is provided in this topic must be run from within the VM named ContosoApp2. Do not run this script on the HNV host. In addition, you must replace variable values in the script with values that are appropriate for your deployment.
[pic]To configure the ContosoApp2 VM
|1. On the HNV host, open Hyper-V Manager, and then double-click the VM named ContosoApp2. The VM opens in a new window. |
|Start the VM. |
|2. During the operating system installation on the VM, create an Administrator password and provide other information as |
|required. |
|3. When installation is complete, log on to the VM ContosoApp2. |
|4. Rename the computer and restart the VM by running the following Windows PowerShell commands. |
|Rename-Computer ContosoApp2 |
|Restart-Computer |
|5. After the computer is restarted, log on to the VM. |
|6. Copy the Windows PowerShell script below to the VM. |
|7. On the VM, open Windows PowerShell with Administrator privileges. Run the script by typing the folder location and file|
|name of the script. For example, if the file name of the script is ContosoApp2.ps1 and the folder location is |
|C:\Users\Administrator\Documents, type C:\Users\Administrator\Documents\ContosoApp2.ps1, and then press ENTER. |
Full Windows PowerShell script
Following is the full script that you can run on the VM ContosoApp2. This script configures the VM network adapter so that it will function correctly in the Contoso customer address space.
##### Macros for Cloud VM - ContosoApp2 #####
$Contoso_CloudVM2_Address = "10.0.1.111"
$Contoso_CloudVM_DefaultGW = "10.0.1.1"
$Contoso_CloudVM_Subnet = "10.0.1.0/24"
$Contoso_CloudGW_Address = "10.0.2.2"
##### Configure Contoso Cloud VM #####
$iface = Get-NetAdapter -Name "Ethernet"
New-NetIPAddress $Contoso_CloudVM2_Address -InterfaceIndex $iface.ifIndex -DefaultGateway $Contoso_CloudVM_DefaultGW -PrefixLength 24
Rename-NetAdapter -Name "Ethernet" -NewName "Cloud"
## End Cloud VM - Contoso Tenant Config ##
See Also
Additional Resources
Configure the tenant VM Fabrikam App 1
You can use this topic to configure the virtual machine (VM) named FabrikamApp1 on the Hyper-V Network Virtualization (HNV) host.
[pic]Important
The Windows PowerShell script that is provided in this topic must be run from within the VM named FabrikamApp1. Do not run this script on the HNV host. In addition, you must replace variable values in the script with values that are appropriate for your deployment.
[pic]To configure the FabrikamApp1 VM
|1. On the HNV host, open Hyper-V Manager, and then double-click the VM named FabrikamApp1. The VM opens in a new window. |
|Start the VM. |
|2. During the operating system installation on the VM, create an Administrator password and provide other information as |
|required. |
|3. When installation is complete, log on to the VM FabrikamApp1. |
|4. Rename the computer and restart the VM by running the following Windows PowerShell commands. |
|Rename-Computer FabrikamApp1 |
|Restart-Computer |
|5. After the computer is restarted, log on to the VM. |
|6. Copy the Windows PowerShell script below to the VM. |
|7. On the VM, open Windows PowerShell with Administrator privileges. Run the script by typing the folder location and file|
|name of the script. For example, if the file name of the script is FabrikamApp1.ps1 and the folder location is |
|C:\Users\Administrator\Documents, type C:\Users\Administrator\Documents\FabrikamApp1.ps1, and then press ENTER. |
Full Windows PowerShell script
Following is the full script that you can run on the VM FabrikamApp1. This script configures the VM network adapter so that it will function correctly in the Fabrikam customer address space.
##### Macros for Cloud VM - FabrikamApp1 #####
$Fabrikam_CloudVM_Address = "10.0.1.101"
$Fabrikam_CloudVM_DefaultGW = "10.0.1.1"
$Fabrikam_CloudVM_Subnet = "10.0.1.0/24"
$Fabrikam_CloudGW_Address = "10.0.2.2"
##### Configure FabrikamApp1 #####
$iface = Get-NetAdapter -Name "Ethernet"
New-NetIPAddress $Fabrikam_CloudVM_Address -InterfaceIndex $iface.ifIndex -DefaultGateway $Fabrikam_CloudVM_DefaultGW -PrefixLength 24
Rename-NetAdapter -Name "Ethernet" -NewName "Cloud"
## End Cloud VM - Fabrikam Tenant Config ##
See Also
Additional Resources
Configure the tenant VM Fabrikam App 2
You can use this topic to configure the virtual machine (VM) named FabrikamApp2 on the Hyper-V Network Virtualization (HNV) host.
[pic]Important
The Windows PowerShell script that is provided in this topic must be run from within the VM named FabrikamApp2. Do not run this script on the HNV host. In addition, you must replace variable values in the script with values that are appropriate for your deployment.
[pic]To configure the FabrikamApp2 VM
|1. On the HNV host, open Hyper-V Manager, and then double-click the VM named FabrikamApp2. The VM opens in a new window. |
|Start the VM. |
|2. During the operating system installation on the VM, create an Administrator password and provide other information as |
|required. |
|3. When installation is complete, log on to the VM. |
|4. Rename the computer and restart the VM by running the following Windows PowerShell commands. |
|Rename-Computer FabrikamApp2 |
|Restart-Computer |
|5. After the computer is restarted, log on to the VM. |
|6. Copy the Windows PowerShell script below to the VM. |
|7. On the VM, open Windows PowerShell with Administrator privileges. Run the script by typing the folder location and file|
|name of the script. For example, if the file name of the script is FabrikamApp2.ps1 and the folder location is |
|C:\Users\Administrator\Documents, type C:\Users\Administrator\Documents\FabrikamApp2.ps1, and then press ENTER. |
Full Windows PowerShell script
Following is the full script that you can run on the VM FabrikamApp2. This script configures the VM network adapter so that it will function correctly in the Fabrikam customer address space.
##### Macros for Cloud VM - FabrikamApp2 #####
$Fabrikam_CloudVM2_Address = "10.0.1.111"
$Fabrikam_CloudVM_DefaultGW = "10.0.1.1"
$Fabrikam_CloudVM_Subnet = "10.0.1.0/24"
$Fabrikam_CloudGW_Address = "10.0.2.2"
##### Configure FabrikamApp2 #####
$iface = Get-NetAdapter -Name "Ethernet"
New-NetIPAddress $Fabrikam_CloudVM2_Address -InterfaceIndex $iface.ifIndex -DefaultGateway $Fabrikam_CloudVM_DefaultGW -PrefixLength 24
Rename-NetAdapter -Name "Ethernet" -NewName "Cloud"
## End Cloud VM - FabrikamApp2 Tenant Configuration ##
See Also
Additional Resources
Configure the RRAS Multitenant Gateway Hyper-V Host and VM
You can use the topics in this section to configure a Hyper-V host with Network Virtualization settings and to create a new virtual machine (VM) that is the Remote Access Multitenant Gateway.
This section contains the following topics.
• Configure the RRAS Multitenant Gateway Hyper-V Host
• Configure the RRAS Multitenant Gateway VM
See Also
Additional Resources
Configure the RRAS Multitenant Gateway Hyper-V Host
You can use this topic to configure a Hyper-V host with Network Virtualization settings and a virtual machine (VM) that will be the Remote Access Multitenant Gateway.
[pic]Important
Before you run the script that is provided in this topic, you must install Hyper-V on the host computer. To install Hyper-V and restart the computer, open Windows PowerShell with Administrator privileges and run the following commands.
## Install Hyper-V ##
get-windowsfeature *hyper* | install-windowsfeature
## Restart the computer immediately ##
shutdown /r /t 0
This topic contains the following sections.
• Windows PowerShell script explanation
• Full Windows PowerShell script
• Windows PowerShell command reference links
Windows PowerShell script explanation
In the first section of the script, named “Macros for Multitenant (MT) Cloud Gateway (GW),” macros are used to define variables that are used throughout the script within the Windows PowerShell commands. For example, the following macro defines the name of the VM MTCloudGW:
$CloudGW_VM_Name = "MTCloudGW"
In script commands, the actual VM name of “MTCloudGW” is not used; instead the macro name is used, “$CloudGW_VM_Name.” If needed, this allows you to change the values of macros one time rather than changing actual values throughout an entire script.
Ensure that you review all of the macro values in this section so that they are appropriate for your deployment.
In the second section of the script, “Create virtual switch, VM, and routing domain mappings,” a new virtual switch is created, and the MT GW VM is created with 4 GB RAM and connected to the virtual switch. In addition, routing domain mappings for the Contoso and Fabrikam tenants are defined.
In the third section of the script, named “Cleanup Cloud-VM Host,” any existing Network Virtualization settings are removed from the Hyper-V host, including Network Virtualization Lookup Records, Network Virtualization Customer Routes, and Network Virtualization Provider Addresses. Cleanup is verified by using the Get commands.
In the fourth section of the script, named “Configure MTCloudGW Hyper-V Host,” Network Virtualization Lookup Records, Network Virtualization Customer Routes, and Network Virtualization Provider Addresses are created for both tenants.
Full Windows PowerShell script
Following is the full script that you can run on the Hyper-V host to configure the host with Network Virtualization and two VM networks with two VMS per VM network.
[pic]To run this script on a Hyper-V host
|1. Change the example company names, Contoso and Fabrikam, to names of your actual tenants. |
|2. Change other parameter values to match your deployment requirements and environment. |
|3. Ensure that the value for the macro $CloudNIC matches the name of a network adapter on the Hyper-V host. If it doesn’t,|
|creation of the virtual switch and VM will fail when you run this script. If you want to change the name of an existing |
|network adapter to the new name CloudNic to match the script, you can run the following Windows PowerShell command after |
|adding values that match your network adapter configuration. |
|Rename-NetAdapter [-Name] [-NewName] CloudNic |
|4. Determine the Provider Addresses, Customer Addresses, Virtual Subnet ID’s, and other values that you prefer to use. You|
|can keep the values in the script or you can change them to suit your deployment. |
|5. If you change any values in this script or the other scripts provided in this document, ensure that the values are |
|changed in all of the scripts. For example, if you want to change the tenant name Contoso to the name Woodgrove (or to the|
|name of one of your actual tenants), ensure that you change Contoso to Woodgrove in all scripts before running them. |
|6. Copy the Windows PowerShell script below to the Multitenant Gateway Hyper-V host. |
|7. On the Hyper-V host, open Windows PowerShell with Administrator privileges. Run the script by typing the folder |
|location and file name of the script. For example, if the file name of the script is MTGWHostConfig.ps1 and the folder |
|location is C:\Users\Administrator\Documents, type C:\Users\Administrator\Documents\MTGWHostConfig.ps1, and then press |
|ENTER. |
##### Macros for Multitenant (MT) Cloud Gateway (GW) Hyper-V Host Configuration #####
$CloudGW_VM_Name = "MTCloudGW"
$VHDPath = "C:\VMs\MTCloudGW\MTCloudGW.vhd"
$SwitchName = "CloudSwitch"
$CloudNIC = "CloudNic"
$Cloud_GW_ProviderAddress = "192.168.0.11"
$Cloud_VM_ProviderAddress = "192.168.0.22"
$Contoso_CloudGW_IP = "10.0.2.2"
$Fabrikam_CloudGW_IP = "10.0.2.2"
$Contoso_CloudGW_DefaultGW = "10.0.2.1"
$Fabrikam_CloudGW_DefaultGW = "10.0.2.1"
$Contoso_CloudGW_Subnet = "10.0.2.0/24"
$Fabrikam_CloudGW_Subnet = "10.0.2.0/24"
$Contoso_CloudVM_IP = "10.0.1.101"
$Contoso_CloudVM2_IP = "10.0.1.111"
$Fabrikam_CloudVM_IP = "10.0.1.101"
$Fabrikam_CloudVM2_IP = "10.0.1.111"
$Contoso_CloudVM_DefaultGW = "10.0.1.1"
$Fabrikam_CloudVM_DefaultGW = "10.0.1.1"
$Contoso_CloudVM_Subnet = "10.0.1.0/24"
$Fabrikam_CloudVM_Subnet = "10.0.1.0/24"
$ContosoVMNicMac = "00155DE2AB00"
$ContosoVM2NicMac = "00155DE2AB01"
$ContosoDefaultNicMac = "001122334455"
$ContosoRoutinGDomainGuid = "{12345678-1000-2000-3000-123456780001}"
$ContosoVSID_GW = "6001"
$ContosoVSID_VM = "6000"
$FabrikamVMNicMac = "00155DE2AB02"
$FabrikamVM2NicMac = "00155DE2AB03"
$FabrikamDefaultNicMac = "001122334466"
$FabrikamRoutinGDomainGuid = "{12345678-1000-2000-3000-123456780002}"
$FabrikamVSID_GW = "7001"
$FabrikamVSID_VM = "7000"
##### Create virtual switch, VM, and routing domain mappings #####
New-VMSwitch $SwitchName -NetAdapterName $CloudNIC -AllowManagementOS $false
New-VM $CloudGW_VM_Name -MemoryStartupBytes 4GB -VHDPath $VHDPath -SwitchName $SwitchName
Rename-VMNetworkAdapter -VMName $CloudGW_VM_Name -Name "Network Adapter" -NewName "CloudNic"
Set-VmNetworkAdapterIsolation –VMName $CloudGW_VM_Name –VMNetworkAdapterName “CloudNic” –MultiTenantStack on –IsolationMode NativeVirtualSubnet
Add-VmNetworkAdapterRoutingDomainMapping -VMName $CloudGW_VM_Name -VMNetworkAdapterName "CloudNic" -RoutingDomainId $ContosoRoutinGDomainGuid -RoutingDomainName "ContosoTenant" -IsolationId $ContosoVSID_GW -IsolationName "ContosoGWSubnet"
Add-VmNetworkAdapterRoutingDomainMapping -VMName $CloudGW_VM_Name -VMNetworkAdapterName "CloudNic" -RoutingDomainId $FabrikamRoutinGDomainGuid -RoutingDomainName "FabrikamTenant" -IsolationId $FabrikamVSID_GW -IsolationName "FabrikamGWSubnet"
##### Cleanup MTCloudGW Hyper-V Host #####
Remove-NetVirtualizationCustomerRoute
Remove-NetVirtualizationLookupRecord
Remove-NetVirtualizationProviderAddress
Get-NetVirtualizationCustomerRoute
Get-NetVirtualizationLookupRecord
Get-NetVirtualizationProviderAddress
##### Configure MTCloudGW Hyper-V Host #####
#### Provider Address Configuration ####
$MTNic = Get-NetAdapter $CloudNIC
New-NetVirtualizationProviderAddress -ProviderAddress $Cloud_GW_ProviderAddress -InterfaceIndex $MTNic.InterfaceIndex -PrefixLength 24
#### Lookup and Customer Records Configuration ####
$MTVMNic = Get-VMNetworkAdapter -VMName "MTCloudGW" -Name "CloudNic"
$MTNicMac = $MTVMNic.MacAddress
## Contoso Tenant lookup record configuration ##
New-NetVirtualizationLookupRecord -CustomerAddress $Contoso_CloudGW_IP -VirtualSubnetID $ContosoVSID_GW -MACAddress $MTNicMac -ProviderAddress $Cloud_GW_ProviderAddress -Rule "TranslationMethodEncap" -Context "ContosoSubnet"
New-NetVirtualizationLookupRecord -CustomerAddress $Contoso_CloudGW_DefaultGW -VirtualSubnetID $ContosoVSID_GW -MACAddress $ContosoDefaultNicMac -ProviderAddress $Cloud_GW_ProviderAddress -Rule "TranslationMethodEncap" -Context "ContosoDefaultGW"
New-NetVirtualizationLookupRecord -CustomerAddress 0.0.0.0 -VirtualSubnetID $ContosoVSID_GW -MACAddress $MTNicMac -ProviderAddress $Cloud_GW_ProviderAddress -Rule "TranslationMethodEncap" -Context "ContosoWildcard" -Type "GatewayWildcard"
New-NetVirtualizationLookupRecord -CustomerAddress $Contoso_CloudVM_IP -VirtualSubnetID $ContosoVSID_VM -MACAddress $ContosoVMNicMac -ProviderAddress $Cloud_VM_ProviderAddress -Rule "TranslationMethodEncap" -Context "ContosoVM1"
New-NetVirtualizationLookupRecord -CustomerAddress $Contoso_CloudVM2_IP -VirtualSubnetID $ContosoVSID_VM -MACAddress $ContosoVM2NicMac -ProviderAddress $Cloud_VM_ProviderAddress -Rule "TranslationMethodEncap" -Context "ContosoVM2"
New-NetVirtualizationCustomerRoute -RoutingDomainID $ContosoRoutinGDomainGuid -VirtualSubnetID $ContosoVSID_GW -DestinationPrefix $Contoso_CloudGW_Subnet -NextHop 0.0.0.0
New-NetVirtualizationCustomerRoute -RoutingDomainID $ContosoRoutinGDomainGuid -VirtualSubnetID $ContosoVSID_VM -DestinationPrefix $Contoso_CloudVM_Subnet -NextHop 0.0.0.0
## Fabrikam Tenant lookup record configuration ##
New-NetVirtualizationLookupRecord -CustomerAddress $Fabrikam_CloudGW_IP -VirtualSubnetID $FabrikamVSID_GW -MACAddress $MTNicMac -ProviderAddress $Cloud_GW_ProviderAddress -Rule "TranslationMethodEncap" -Context "FabrikamSubnet"
New-NetVirtualizationLookupRecord -CustomerAddress $Fabrikam_CloudGW_DefaultGW -VirtualSubnetID $FabrikamVSID_GW -MACAddress $FabrikamDefaultNicMac -ProviderAddress $Cloud_GW_ProviderAddress -Rule "TranslationMethodEncap" -Context "FabrikamDefaultGW"
New-NetVirtualizationLookupRecord -CustomerAddress 0.0.0.0 -VirtualSubnetID $FabrikamVSID_GW -MACAddress $MTNicMac -ProviderAddress $Cloud_GW_ProviderAddress -Rule "TranslationMethodEncap" -Context "FabrikamWildcard" -Type "GatewayWildcard"
New-NetVirtualizationLookupRecord -CustomerAddress $Fabrikam_CloudVM_IP -VirtualSubnetID $FabrikamVSID_VM -MACAddress $FabrikamVMNicMac -ProviderAddress $Cloud_VM_ProviderAddress -Rule "TranslationMethodEncap" -Context "FabrikamVM1"
New-NetVirtualizationLookupRecord -CustomerAddress $Fabrikam_CloudVM2_IP -VirtualSubnetID $FabrikamVSID_VM -MACAddress $FabrikamVM2NicMac -ProviderAddress $Cloud_VM_ProviderAddress -Rule "TranslationMethodEncap" -Context "FabrikamVM2"
New-NetVirtualizationCustomerRoute -RoutingDomainID $FabrikamRoutinGDomainGuid -VirtualSubnetID $FabrikamVSID_GW -DestinationPrefix $Fabrikam_CloudGW_Subnet -NextHop 0.0.0.0
New-NetVirtualizationCustomerRoute -RoutingDomainID $FabrikamRoutinGDomainGuid -VirtualSubnetID $FabrikamVSID_VM -DestinationPrefix $Fabrikam_CloudVM_Subnet -NextHop 0.0.0.0
Windows PowerShell command reference links
The script in this topic uses the following Windows PowerShell commands. Click a link to open the help topic for the command.
• New-VMSwitch. Creates a new virtual switch on one or more virtual machine hosts.
• New-VM. Creates a new virtual machine.
• Rename-VMNetworkAdapter. Renames a virtual network adapter on a virtual machine or on the management operating system.
• Set-VmNetworkAdapterIsolation. Modifies isolation settings for a virtual network adapter.
• Add-VmNetworkAdapterRoutingDomainMapping. Adds a routing domain and virtual subnets to a virtual network adapter.
• Remove-NetVirtualizationCustomerRoute. Removes virtual network routes.
• Remove-NetVirtualizationLookupRecord. Removes policy entries for IP addresses in a virtual network.
• Remove-NetVirtualizationProviderAddress. Deletes Provider Addresses.
• Get-NetVirtualizationCustomerRoute. Gets virtual network routes.
• Get-NetVirtualizationLookupRecord. Gets policy entries for VMs in a virtual network.
• Get-NetVirtualizationProviderAddress Gets Provider Addresses.
• New-NetVirtualizationProviderAddress. Assigns a Provider Address to a network interface.
• New-NetVirtualizationLookupRecord. Creates a policy entry for an IP address in a virtual network.
• New-NetVirtualizationCustomerRoute. Creates a virtual network route.
See Also
Additional Resources
Configure the RRAS Multitenant Gateway VM
You can use this topic to configure the virtual machine (VM) named MTCloudGW on the Hyper-V Multitenant Gateway host.
This topic contains the following sections.
• To configure the MTCloudGW VM
• RRAS installation Windows PowerShell script
• MTGW Configuration Windows PowerShell script
• Windows PowerShell command reference links
[pic]Important
The Windows PowerShell scripts that are provided in this topic must be run from within the VM named MTCloudGW. Do not run these scripts on the Hyper-V host. In addition, you must replace variable values in the script with values that are appropriate for your deployment.
[pic]To configure the MTCloudGW VM
|1. On the HNV host, open Hyper-V Manager, and then double-click the VM named MTCloudGW. The VM opens in a new window. |
|Start the VM. |
|2. During the operating system installation on the VM, create an Administrator password and provide other information as |
|required. |
|3. After operating system installation is complete, log on to the VM. |
|4. Rename the computer and restart the VM by running the following Windows PowerShell commands. |
|Rename-Computer MTCloudGW |
|Restart-Computer |
|5. After the computer is restarted, log on to the VM. |
|6. Copy the RRAS installation Windows PowerShell script below to the VM. |
|7. On the VM, open Windows PowerShell with Administrator privileges. Run the script by typing the folder location and file|
|name of the script. For example, if the file name of the script is RRASinstall.ps1 and the folder location is |
|C:\Users\Administrator\Documents, type C:\Users\Administrator\Documents\ RRASinstall.ps1, and then press ENTER. |
|8. Copy the MTGW Configuration Windows PowerShell script below to the VM. |
|9. On the VM, open Windows PowerShell with Administrator privileges. Run the script by typing the folder location and file|
|name of the script. For example, if the file name of the script is MTGWConfig.ps1 and the folder location is |
|C:\Users\Administrator\Documents, type C:\Users\Administrator\Documents\ MTGWConfig.ps1, and then press ENTER. |
RRAS installation Windows PowerShell script
Following is the full script that you can run on the VM MTCloudGW. This script installs RRAS on the MTGW VM.
[pic]Important
This installation script specifies the Remote Access features for each tenant by using the Enable-RemoteAccessRoutingDomain command. The –Type parameter specifies the remote access features that are allowed for the tenant. Following are the possible values you can use for this parameter.
• Vpn. If you specify this value, the Multitenant Gateway is configured to allow the tenant to connect to datacenter resources with a VPN dial-in connection. If you select this option, you must design and implement a solution to authorize and authenticate VPN connection requests.
• VpnS2S. If you specify this value, the Multitenant Gateway is configured to allow the tenant to establish site-to-site VPN connections between the tenant resources in your datacenter and their remote sites across the Internet.
• All. If you specify this value, the Multitenant Gateway is configured to allow the tenant to use the gateway for site-to-site VPN connections, to allow configuration of Border Gateway Protocol (BGP), and to allow point-to-site dial-in VPN connections from anywhere.
##### Macros for RRAS Configuration on MTCloudGW VM #####
$Contoso_RoutingDomain = "ContosoTenant"
$Contoso_IPv4Range = "11.11.11.1, 11.11.11.200"
$Fabrikam_RoutingDomain = "FabrikamTenant"
$Fabrikam_IPv4Range = "11.11.11.1, 11.11.11.200"
##### Install S2S VPN on MTCloudGW #####
Add-WindowsFeature -Name RemoteAccess -IncludeAllSubFeature -IncludeManagementTools
ipmo remoteaccess
#Install-RemoteAccess
Install-RemoteAccess -MultiTenancy
##### Enable and configure Routing Domains #####
Enable-RemoteAccessRoutingDomain -Name $Contoso_RoutingDomain -Type All -PassThru
Enable-RemoteAccessRoutingDomain -Name $Fabrikam_RoutingDomain -Type All -PassThru
Set-RemoteAccessRoutingDomain –Name $Contoso_RoutingDomain –IPAddressRange 11.11.11.1, 11.11.11.200 –TenantName “Contoso”
Set-RemoteAccessRoutingDomain –Name $Fabrikam_RoutingDomain –IPAddressRange 11.11.11.1, 11.11.11.200 –TenantName “Fabrikam”
MTGW Configuration Windows PowerShell script
Following is the full script that you can run on the VM MTCloudGW. This script configures the VM with tenant routing information.
##### Macros for MT Cloud GW VM #####
$Contoso_CloudGW_Address = "10.0.2.2"
$Fabrikam_CloudGW_Address = "10.0.2.2"
$Contoso_CloudVM_Subnet = "10.0.1.0/24"
$Fabrikam_CloudVM_Subnet = "10.0.1.0/24"
$Contoso_CloudVM_NextHop = "10.0.2.1"
$Fabrikam_CloudVM_NextHop = "10.0.2.1"
##### Configure Cloud GW VM #####
New-NetIPAddress $Contoso_CloudGW_Address -InterfaceAlias "ContosoGWSubnet"
New-NetIPAddress $Fabrikam_CloudGW_Address -InterfaceAlias "FabrikamGWSubnet"
New-NetRoute -InterfaceAlias "ContosoGWSubnet" -AddressFamily IPv4 -DestinationPrefix $Contoso_CloudVM_Subnet -NextHop $Contoso_CloudVM_NextHop
New-NetRoute -InterfaceAlias "FabrikamGWSubnet" -AddressFamily IPv4 -DestinationPrefix $Fabrikam_CloudVM_Subnet -NextHop $Fabrikam_CloudVM_NextHop
## End Cloud GW VM Config ##
You can also perform the additional steps of configuring Site-to-Site VPN connections, Network Address Translation (NAT), and configuring the gateway as a Border Gateway Protocol (BGP) router. For more information, see the following sections.
• Configure the RRAS Multitenant Gateway for Site-to-Site VPN Connections
• Configure the RRAS Multitenant Gateway to Perform Network Address Translation for Tenant Computers
• Configure the RRAS Multitenant Gateway for Dynamic Routing with BGP
Windows PowerShell command reference links
The scripts in this topic use the following Windows PowerShell commands. Click a link to open the help topic for the command.
• Add-WindowsFeature
• Install-RemoteAccess
• Enable-RemoteAccessRoutingDomain
• Set-RemoteAccessRoutingDomain
• New-NetIPAddress
• New-NetRoute
See Also
Additional Resources
Configure the RRAS Multitenant Gateway for use with VLANs
You can use the topics in this section to configure a Hyper-V host with virtual network settings for VLANs and to create a new virtual machine (VM) that is the Remote Access Multitenant Gateway.
This section contains the following topics.
• Configure the Hyper-V VLAN Host and Tenant VMs
• Configure the RRAS MTGW Hyper-V Host for VLANs
• Configure the RRAS Multitenant Gateway VM for VLANs
See Also
Additional Resources
Configure the Hyper-V VLAN Host and Tenant VMs
This section contains the following topics.
• Configure the Hyper-V VLAN Host
• Configure the VLAN tenant VM Contoso App 1
• Configure the VLAN tenant VM Contoso App 2
• Configure the VLAN tenant VM Fabrikam App 1
• Configure the VLAN tenant VM Fabrikam App 2
See Also
Additional Resources
Configure the Hyper-V VLAN Host
You can use this topic to configure a Hyper-V host for VLANs that are capable of using the multitenant gateway. This topic also allows you to configure two tenant VM networks with two VMs per network.
This topic contains the following sections.
• Windows PowerShell script explanation
• Full Windows PowerShell script
• Windows PowerShell command reference links
[pic]Important
Before you run the script that is provided in this topic, you must install the Hyper-V server role on the host computer. To install Hyper-V and restart the computer, open Windows PowerShell with Administrator privileges and run the following commands.
## Install Hyper-V ##
Get-WindowsFeature *hyper* | Install-WindowsFeature
## Restart the computer immediately ##
shutdown /r /t 0
Windows PowerShell script explanation
In the first section of the script, named “Macros for Multitenant (MT) Cloud Gateway (GW),” macros are used to define variables that are used throughout the script within the Windows PowerShell commands. For example, the following macro defines a VM name:
$CloudVM_ContosoVM1_Name = "ContosoApp1"
In script commands, the actual VM name of “ContosoApp1” is not used; instead the macro name is used, “$CloudVM_ContosoVM1_Name.” If needed, this allows you to change the values of macros one time rather than changing actual values throughout an entire script.
Ensure that you review all of the macro values in this section so that they are appropriate for your deployment, and change the values as needed.
In the second section of the script, “Create a virtual switch and create tenant VMs,” the Hyper-V host network adapter named “Ethernet” is renamed to “CloudNic,” and a new virtual switch is created. Next, four VMs are created – ContosoApp1, ContosoApp2, FabrikamApp1, and FabrikamApp2. All four VMs are allocated 2 GB of Random Access Memory (RAM) for a total of 8 GB. Ensure that your host computer has sufficient RAM to support this configuration.
In this same section, the VM network adapters are renamed and assigned Virtual Subnet IDs, or VSIDs.
In the third section of the script, named “Cleanup Cloud-VM Host,” any existing Network Virtualization settings are removed from the Hyper-V host, including Network Virtualization Lookup Records, Network Virtualization Customer Routes, and Network Virtualization Provider Addresses. Cleanup is verified by using the Get commands.
In the fourth section of the script, named “Configure Cloud-VM Host,” Network Virtualization Lookup Records, Network Virtualization Customer Routes, and Network Virtualization Provider Addresses are created for both tenants.
In the final section of the script, named “Retrieve Cloud VM Network Adapter configuration to verify correct settings,” Network Virtualization Lookup Records, Network Virtualization Customer Routes, and Network Virtualization Provider Addresses are obtained and displayed to verify that they are correctly configured.
Full Windows PowerShell script
Following is the full script that you can run on the Hyper-V host to configure the host with Network Virtualization and two VM networks with two VMS per VM network. Before you run the script, perform the following steps.
[pic]To run this script on a Hyper-V host
|1. Ensure that you replace all variables in the macro section at the beginning of the script with values that are |
|appropriate for your deployment. For example, if you have a tenant named Woodgrove but do not have a tenant named Contoso,|
|replace all instances of the company name Contoso with the name Woodgrove. |
|2. This script creates two VMs per tenant. If your tenants need more than two VMs, add the necessary code to create and |
|configure additional VMs. |
|3. If you have more than two tenants, add the necessary code to configure additional tenant VMs and VM networks. |
|4. Ensure that the value for the macro $CloudNIC matches the name of a network adapter on the Hyper-V host. If it doesn’t,|
|creation of the virtual switch and VM will fail when you run this script. If you want to change the name of an existing |
|network adapter to the new name CloudNic to match the script, you can run the following Windows PowerShell command after |
|adding values that match your network adapter configuration. |
|Rename-NetAdapter [-Name] [-NewName] CloudNic |
|5. Determine the Provider Addresses, Customer Addresses, Virtual Subnet ID’s, and other values that you prefer to use. You|
|can keep the values in the script or you can change them to suit your deployment. |
|[pic]Important |
|There are 4096 possible VLAN values (0-4095) for use as the virtual subnet identifier (VSID), some of which are reserved |
|(0, 1, 4095). Because of this, you must use VSIDs that are between 2 and 4094. For scalability it is recommended that you |
|use Hyper-V Network Virtualization instead of VLANs. |
|6. If you change any values in this script or the other scripts provided in this document, ensure that the values are |
|changed in all of the scripts. For example, if you want to change the tenant name Contoso to the name Woodgrove (or to the|
|name of one of your actual tenants), ensure that you change Contoso to Woodgrove in all scripts before running them. |
|7. Copy the Windows PowerShell script below to the Multitenant Gateway Hyper-V host. |
|8. On the Hyper-V host, open Windows PowerShell with Administrator privileges. Run the script by typing the folder |
|location and file name of the script. For example, if the file name of the script is HNVHostConfig.ps1 and the folder |
|location is C:\Users\Administrator\Documents, type C:\Users\Administrator\Documents\HNVHostConfig.ps1, and then press |
|ENTER. |
##### Macros for Multitenant (MT) Cloud Gateway (GW) #####
$CloudVM_ContosoVM1_Name = "ContosoApp1"
$ContosoVM1_VHDPath = "C:\VMs\ContosoApp1\ContosoApp1.vhd"
$CloudVM_ContosoVM2_Name = "ContosoApp2"
$ContosoVM2_VHDPath = "C:\VMs\ContosoApp2\ContosoApp2.vhd "
$CloudVM_FabrikamVM1_Name = "FabrikamApp1"
$FabrikamVM1_VHDPath = "C:\VMs\FabrikamApp1\ FabrikamApp1.vhd"
$CloudVM_FabrikamVM2_Name = "FabrikamApp2"
$FabrikamVM2_VHDPath = "C:\VMs\FabrikamApp1\ FabrikamApp1.vhd"
$SwitchName = "CloudSwitch"
$CloudNIC = "CloudNic"
$MTNicMac = "00155DE20A00"
$Cloud_GW_ProviderAddress = "192.168.0.11"
$Cloud_VM_ProviderAddress = "192.168.0.22"
$Contoso_CloudGW_IP = "10.0.2.2"
$Contoso_CloudGW_DefaultGW = "10.0.2.1"
$Contoso_CloudGW_Subnet = "10.0.2.0/24"
$Contoso_CloudVM_IP = "10.0.1.101"
$Contoso_CloudVM2_IP = "10.0.1.111"
$Contoso_CloudVM_DefaultGW = "10.0.1.1"
$Contoso_CloudVM_Subnet = "10.0.1.0/24"
$ContosoVMNicMac = "00155DE2AB00"
$ContosoVM2NicMac = "00155DE2AB01"
$ContosoDefaultNicMac = "001122334455"
$ContosoRoutinGDomainGuid = "{12345678-1000-2000-3000-123456780001}"
$ContosoVSID_GW = "3001"
$ContosoVSID_VM = "3000"
$Fabrikam_CloudGW_IP = "10.0.2.2"
$Fabrikam_CloudGW_DefaultGW = "10.0.2.1"
$Fabrikam_CloudGW_Subnet = "10.0.2.0/24"
$Fabrikam_CloudVM_IP = "10.0.1.101"
$Fabrikam_CloudVM2_IP = "10.0.1.111"
$Fabrikam_CloudVM_DefaultGW = "10.0.1.1"
$Fabrikam_CloudVM_Subnet = "10.0.1.0/24"
$FabrikamVMNicMac = "00155DE2AB02"
$FabrikamVM2NicMac = "00155DE2AB03"
$FabrikamDefaultNicMac = "001122334466"
$FabrikamRoutinGDomainGuid = "{12345678-1000-2000-3000-123456780002}"
$FabrikamVSID_GW = "4001"
$FabrikamVSID_VM = "4000"
## Start on Cloud VM Host ##
##### Create a virtual switch and create tenant VMs #####
Rename-NetAdapter -Name Ethernet -NewName CloudNic
New-VMSwitch "CloudSwitch" -NetAdapterName "CloudNic" -AllowManagementOS $false
New-VM $CloudVM_ContosoVM1_Name -MemoryStartupBytes 2GB -VHDPath $ContosoVM1_VHDPath -SwitchName $SwitchName
New-VM $CloudVM_ContosoVM2_Name -MemoryStartupBytes 2GB -VHDPath $ContosoVM2_VHDPath -SwitchName $SwitchName
New-VM $CloudVM_FabrikamVM1_Name -MemoryStartupBytes 2GB -VHDPath $FabrikamVM1_VHDPath -SwitchName $SwitchName
New-VM $CloudVM_FabrikamVM2_Name -MemoryStartupBytes 2GB -VHDPath $FabrikamVM2_VHDPath -SwitchName $SwitchName
Rename-VMNetworkAdapter -VMName $CloudVM_ContosoVM1_Name -Name "Network Adapter" -NewName "CloudNic"
Rename-VMNetworkAdapter -VMName $CloudVM_ContosoVM2_Name -Name "Network Adapter" -NewName "CloudNic"
Rename-VMNetworkAdapter -VMName $CloudVM_FabrikamVM1_Name -Name "Network Adapter" -NewName "CloudNic"
Rename-VMNetworkAdapter -VMName $CloudVM_FabrikamVM2_Name -Name "Network Adapter" -NewName "CloudNic"
Set-VMNetworkAdapter -VMName $CloudVM_ContosoVM1_Name -VirtualSubnetId $ContosoVSID_VM
Set-VMNetworkAdapter -VMName $CloudVM_ContosoVM2_Name -VirtualSubnetId $ContosoVSID_VM
Set-VMNetworkAdapter -VMName $CloudVM_FabrikamVM1_Name -VirtualSubnetId $FabrikamVSID_VM
Set-VMNetworkAdapter -VMName $CloudVM_FabrikamVM2_Name -VirtualSubnetId $FabrikamVSID_VM
##### Cleanup Cloud-VM Host #####
Remove-NetVirtualizationCustomerRoute
Remove-NetVirtualizationLookupRecord
Remove-NetVirtualizationProviderAddress
Get-NetVirtualizationCustomerRoute
Get-NetVirtualizationLookupRecord
Get-NetVirtualizationProviderAddress
##### Configure Cloud-VM Host #####
#### Provider Address Configuration ####
$MTNic = Get-NetAdapter $CloudNIC
New-NetVirtualizationProviderAddress -ProviderAddress $Cloud_VM_ProviderAddress -InterfaceIndex $MTNic.InterfaceIndex -PrefixLength 24
#### Lookup and Customer Records Configuration ####
## Contoso Tenant ##
New-NetVirtualizationLookupRecord -CustomerAddress $Contoso_CloudVM_IP -VirtualSubnetID $ContosoVSID_VM -MACAddress $ContosoVMNicMac -ProviderAddress $Cloud_VM_ProviderAddress -Rule "TranslationMethodEncap" -Context "ContosoVM1"
New-NetVirtualizationLookupRecord -CustomerAddress $Contoso_CloudVM2_IP -VirtualSubnetID $ContosoVSID_VM -MACAddress $ContosoVM2NicMac -ProviderAddress $Cloud_VM_ProviderAddress -Rule "TranslationMethodEncap" -Context "ContosoVM2"
New-NetVirtualizationLookupRecord -CustomerAddress $Contoso_CloudVM_DefaultGW -VirtualSubnetID $ContosoVSID_VM -MACAddress $ContosoDefaultNicMac -ProviderAddress $Cloud_VM_ProviderAddress -Rule "TranslationMethodEncap" -Context "ContosoDefaultGW"
New-NetVirtualizationLookupRecord -CustomerAddress $Contoso_CloudGW_IP -VirtualSubnetID $ContosoVSID_GW -MACAddress $MTNicMac -ProviderAddress $Cloud_GW_ProviderAddress -Rule "TranslationMethodEncap" -Context "ContosoGWSubnet"
New-NetVirtualizationCustomerRoute -RoutingDomainID $ContosoRoutinGDomainGuid -VirtualSubnetID $ContosoVSID_VM -DestinationPrefix $Contoso_CloudVM_Subnet -NextHop 0.0.0.0
New-NetVirtualizationCustomerRoute -RoutingDomainID $ContosoRoutinGDomainGuid -VirtualSubnetID $ContosoVSID_GW -DestinationPrefix $Contoso_CloudGW_Subnet -NextHop 0.0.0.0
New-NetVirtualizationCustomerRoute -RoutingDomainID $ContosoRoutinGDomainGuid -VirtualSubnetID $ContosoVSID_GW -DestinationPrefix 0.0.0.0/0 -NextHop $Contoso_CloudGW_IP
## Fabrikam Tenant ##
New-NetVirtualizationLookupRecord -CustomerAddress $Fabrikam_CloudVM_IP -VirtualSubnetID $FabrikamVSID_VM -MACAddress $FabrikamVMNicMac -ProviderAddress $Cloud_VM_ProviderAddress -Rule "TranslationMethodEncap" -Context "FabrikamVM1"
New-NetVirtualizationLookupRecord -CustomerAddress $Fabrikam_CloudVM2_IP -VirtualSubnetID $FabrikamVSID_VM -MACAddress $FabrikamVM2NicMac -ProviderAddress $Cloud_VM_ProviderAddress -Rule "TranslationMethodEncap" -Context "FabrikamVM2"
New-NetVirtualizationLookupRecord -CustomerAddress $Fabrikam_CloudVM_DefaultGW -VirtualSubnetID $FabrikamVSID_VM -MACAddress $FabrikamDefaultNicMac -ProviderAddress $Cloud_VM_ProviderAddress -Rule "TranslationMethodEncap" -Context "FabrikamDefaultGW"
New-NetVirtualizationLookupRecord -CustomerAddress $Fabrikam_CloudGW_IP -VirtualSubnetID $FabrikamVSID_GW -MACAddress $MTNicMac -ProviderAddress $Cloud_GW_ProviderAddress -Rule "TranslationMethodEncap" -Context "FabrikamGWSubnet"
New-NetVirtualizationCustomerRoute -RoutingDomainID $FabrikamRoutinGDomainGuid -VirtualSubnetID $FabrikamVSID_VM -DestinationPrefix $Fabrikam_CloudVM_Subnet -NextHop 0.0.0.0
New-NetVirtualizationCustomerRoute -RoutingDomainID $FabrikamRoutinGDomainGuid -VirtualSubnetID $FabrikamVSID_GW -DestinationPrefix $Fabrikam_CloudGW_Subnet -NextHop 0.0.0.0
New-NetVirtualizationCustomerRoute -RoutingDomainID $FabrikamRoutinGDomainGuid -VirtualSubnetID $FabrikamVSID_GW -DestinationPrefix 0.0.0.0/0 -NextHop $Fabrikam_CloudGW_IP
## End of Cloud VM Host configuration ##
## Retrieve Cloud VM Network Adapter configuration to verify correct settings ##
Get-VMNetworkAdapter -VMName $CloudVM_ContosoVM1_Name, $CloudVM_ContosoVM2_Name, $CloudVM_FabrikamVM1_Name, $CloudVM_FabrikamVM2_Name | fl
Get-NetVirtualizationCustomerRoute
Get-NetVirtualizationLookupRecord
Get-NetVirtualizationProviderAddress
Windows PowerShell command reference links
The script in this topic uses the following Windows PowerShell commands. Click a link to open the help topic for the command.
• New-VMSwitch. Creates a new virtual switch on one or more virtual machine hosts.
• New-VM. Creates a new virtual machine.
• Rename-NetAdapter. Renames a network adapter.
• Rename-VMNetworkAdapter. Renames a virtual network adapter on a virtual machine or on the management operating system.
• Set-VMNetworkAdapter. Configures features of the virtual network adapter in a virtual machine or the management operating system.
• Remove-NetVirtualizationLookupRecord. Removes policy entries for IP addresses in a virtual network.
• Remove-NetVirtualizationProviderAddress. Deletes Provider Addresses.
• Get-NetVirtualizationCustomerRoute. Gets virtual network routes.
• Get-NetVirtualizationLookupRecord. Gets policy entries for VMs in a virtual network.
• Get-NetVirtualizationProviderAddress Gets Provider Addresses.
• New-NetVirtualizationProviderAddress. Assigns a Provider Address to a network interface.
• New-NetVirtualizationLookupRecord. Creates a policy entry for an IP address in a virtual network.
• New-NetVirtualizationCustomerRoute. Creates a virtual network route.
• Get-VMNetworkAdapter. Gets the virtual network adapters of a virtual machine, snapshot, management OS, or of a virtual machine and management OS.
See Also
Additional Resources
Configure the VLAN tenant VM Contoso App 1
You can use this topic to configure the virtual machine (VM) named ContosoApp1 on the Hyper-V Network Virtualization (HNV) host.
[pic]Important
The Windows PowerShell script that is provided in this topic must be run from within the VM named ContosoApp1. Do not run this script on the HNV host. In addition, you must replace variable values in the script with values that are appropriate for your deployment.
[pic]To configure the ContosoApp1 VM
|1. On the HNV host, open Hyper-V Manager, and then double-click the VM named ContosoApp1. The VM opens in a new window. |
|Start the VM. |
|2. During the operating system installation on the VM, create an Administrator password and provide other information as |
|required. |
|3. When installation is complete, log on to the VM. |
|4. Rename the computer and restart the VM by running the following Windows PowerShell commands. |
|Rename-Computer ContosoApp1 |
|Restart-Computer |
|5. After the computer is restarted, log on to the VM. |
|6. Copy the Windows PowerShell script below to the VM. |
|7. On the VM, open Windows PowerShell with Administrator privileges. Run the script by typing the folder location and file|
|name of the script. For example, if the file name of the script is ContosoApp1.ps1 and the folder location is |
|C:\Users\Administrator\Documents, type C:\Users\Administrator\Documents\ContosoApp1.ps1, and then press ENTER. |
Full Windows PowerShell script
Following is the full script that you can run on the VM ContosoApp1. This script configures the VM network adapter so that it will function correctly in the Contoso customer address space.
################################### Macros for Cloud VM - ContosoApp1 ##############################
$Contoso_CloudVM_Address = "10.0.1.101"
$Contoso_CloudVM_DefaultGW = "10.0.1.1"
$Contoso_CloudVM_Subnet = "10.0.1.0/24"
$Contoso_CloudGW_Address = "10.0.2.2"
######################### Configure Contoso Cloud VM #########################
$iface = Get-NetAdapter -Name "Ethernet"
New-NetIPAddress $Contoso_CloudVM_Address -InterfaceIndex $iface.ifIndex -DefaultGateway $Contoso_CloudVM_DefaultGW -PrefixLength 24
Rename-NetAdapter -Name "Ethernet" -NewName "Cloud"
## End Cloud VM - Contoso Tenant Config ##
See Also
Additional Resources
Configure the VLAN tenant VM Contoso App 2
You can use this topic to configure the virtual machine (VM) named ContosoApp2 on the Hyper-V Network Virtualization (HNV) host.
[pic]Important
The Windows PowerShell script that is provided in this topic must be run from within the VM named ContosoApp2. Do not run this script on the HNV host. In addition, you must replace variable values in the script with values that are appropriate for your deployment.
[pic]To configure the ContosoApp2 VM
|1. On the HNV host, open Hyper-V Manager, and then double-click the VM named ContosoApp2. The VM opens in a new window. |
|Start the VM. |
|2. During the operating system installation on the VM, create an Administrator password and provide other information as |
|required. |
|3. When installation is complete, log on to the VM ContosoApp2. |
|4. Rename the computer and restart the VM by running the following Windows PowerShell commands. |
|Rename-Computer ContosoApp2 |
|Restart-Computer |
|5. After the computer is restarted, log on to the VM. |
|6. Copy the Windows PowerShell script below to the VM. |
|7. On the VM, open Windows PowerShell with Administrator privileges. Run the script by typing the folder location and file|
|name of the script. For example, if the file name of the script is ContosoApp2.ps1 and the folder location is |
|C:\Users\Administrator\Documents, type C:\Users\Administrator\Documents\ContosoApp2.ps1, and then press ENTER. |
Full Windows PowerShell script
Following is the full script that you can run on the VM ContosoApp2. This script configures the VM network adapter so that it will function correctly in the Contoso customer address space.
################################### Macros for Cloud VM - ContosoApp2 ##############################
$Contoso_CloudVM2_Address = "10.0.1.111"
$Contoso_CloudVM_DefaultGW = "10.0.1.1"
$Contoso_CloudVM_Subnet = "10.0.1.0/24"
$Contoso_CloudGW_Address = "10.0.2.2"
######################### Configure Contoso Cloud VM #########################
$iface = Get-NetAdapter -Name "Ethernet"
New-NetIPAddress $Contoso_CloudVM2_Address -InterfaceIndex $iface.ifIndex -DefaultGateway $Contoso_CloudVM_DefaultGW -PrefixLength 24
Rename-NetAdapter -Name "Ethernet" -NewName "Cloud"
## End Cloud VM - Contoso Tenant Config ##
See Also
Additional Resources
Configure the VLAN tenant VM Fabrikam App 1
You can use this topic to configure the virtual machine (VM) named FabrikamApp1 on the Hyper-V Network Virtualization (HNV) host.
[pic]Important
The Windows PowerShell script that is provided in this topic must be run from within the VM named FabrikamApp1. Do not run this script on the HNV host. In addition, you must replace variable values in the script with values that are appropriate for your deployment.
[pic]To configure the FabrikamApp1 VM
|1. On the HNV host, open Hyper-V Manager, and then double-click the VM named FabrikamApp1. The VM opens in a new window. |
|Start the VM. |
|2. During the operating system installation on the VM, create an Administrator password and provide other information as |
|required. |
|3. When installation is complete, log on to the VM FabrikamApp1. |
|4. Rename the computer and restart the VM by running the following Windows PowerShell commands. |
|Rename-Computer FabrikamApp1 |
|Restart-Computer |
|5. After the computer is restarted, log on to the VM. |
|6. Copy the Windows PowerShell script below to the VM. |
|7. On the VM, open Windows PowerShell with Administrator privileges. Run the script by typing the folder location and file|
|name of the script. For example, if the file name of the script is FabrikamApp1.ps1 and the folder location is |
|C:\Users\Administrator\Documents, type C:\Users\Administrator\Documents\FabrikamApp1.ps1, and then press ENTER. |
Full Windows PowerShell script
Following is the full script that you can run on the VM FabrikamApp1. This script configures the VM network adapter so that it will function correctly in the Fabrikam customer address space.
################################### Macros for Cloud VM - FabrikamApp1 ##############################
$Fabrikam_CloudVM_Address = "10.0.1.101"
$Fabrikam_CloudVM_DefaultGW = "10.0.1.1"
$Fabrikam_CloudVM_Subnet = "10.0.1.0/24"
$Fabrikam_CloudGW_Address = "10.0.2.2"
######################### Configure FabrikamApp1 #########################
$iface = Get-NetAdapter -Name "Ethernet"
New-NetIPAddress $Fabrikam_CloudVM_Address -InterfaceIndex $iface.ifIndex -DefaultGateway $Fabrikam_CloudVM_DefaultGW -PrefixLength 24
Rename-NetAdapter -Name "Ethernet" -NewName "Cloud"
## End Cloud VM - Fabrikam Tenant Config ##
See Also
Additional Resources
Configure the VLAN tenant VM Fabrikam App 2
You can use this topic to configure the virtual machine (VM) named FabrikamApp2 on the Hyper-V Network Virtualization (HNV) host.
[pic]Important
The Windows PowerShell script that is provided in this topic must be run from within the VM named FabrikamApp2. Do not run this script on the HNV host. In addition, you must replace variable values in the script with values that are appropriate for your deployment.
[pic]To configure the FabrikamApp2 VM
|1. On the HNV host, open Hyper-V Manager, and then double-click the VM named FabrikamApp2. The VM opens in a new window. |
|Start the VM. |
|2. During the operating system installation on the VM, create an Administrator password and provide other information as |
|required. |
|3. When installation is complete, log on to the VM. |
|4. Rename the computer and restart the VM by running the following Windows PowerShell commands. |
|Rename-Computer FabrikamApp2 |
|Restart-Computer |
|5. After the computer is restarted, log on to the VM. |
|6. Copy the Windows PowerShell script below to the VM. |
|7. On the VM, open Windows PowerShell with Administrator privileges. Run the script by typing the folder location and file|
|name of the script. For example, if the file name of the script is FabrikamApp2.ps1 and the folder location is |
|C:\Users\Administrator\Documents, type C:\Users\Administrator\Documents\FabrikamApp2.ps1, and then press ENTER. |
Full Windows PowerShell script
Following is the full script that you can run on the VM FabrikamApp2. This script configures the VM network adapter so that it will function correctly in the Fabrikam customer address space.
################################### Macros for Cloud VM - FabrikamApp2 ##############################
$Fabrikam_CloudVM2_Address = "10.0.1.111"
$Fabrikam_CloudVM_DefaultGW = "10.0.1.1"
$Fabrikam_CloudVM_Subnet = "10.0.1.0/24"
$Fabrikam_CloudGW_Address = "10.0.2.2"
######################### Configure FabrikamApp2 #########################
$iface = Get-NetAdapter -Name "Ethernet"
New-NetIPAddress $Fabrikam_CloudVM2_Address -InterfaceIndex $iface.ifIndex -DefaultGateway $Fabrikam_CloudVM_DefaultGW -PrefixLength 24
Rename-NetAdapter -Name "Ethernet" -NewName "Cloud"
## End Cloud VM - FabrikamApp2 Tenant Configuration ##
See Also
Additional Resources
Configure the RRAS MTGW Hyper-V Host for VLANs
You can use this topic to configure a Hyper-V host with virtual network settings and a virtual machine (VM) that will be the Remote Access Multitenant Gateway.
[pic]Important
Before you run the script that is provided in this topic, you must install Hyper-V on the host computer. To install Hyper-V and restart the computer, open Windows PowerShell with Administrator privileges and run the following commands.
## Install Hyper-V ##
get-windowsfeature *hyper* | install-windowsfeature
## Restart the computer immediately ##
shutdown /r /t 0
This topic contains the following sections.
• Windows PowerShell script explanation
• Full Windows PowerShell script
• Windows PowerShell command reference links
Windows PowerShell script explanation
In the first section of the script, named “Macros for Multitenant (MT) Cloud Gateway (GW),” macros are used to define variables that are used throughout the script within the Windows PowerShell commands. For example, the following macro defines the name of the VM MTCloudGW:
$CloudGW_VM_Name = "MTCloudGW"
In script commands, the actual VM name of “MTCloudGW” is not used; instead the macro name is used, “$CloudGW_VM_Name.” If needed, this allows you to change the values of macros one time rather than changing actual values throughout an entire script.
Ensure that you review all of the macro values in this section so that they are appropriate for your deployment.
In the second section of the script, “Create virtual switch, VM, and routing domain mappings,” a new virtual switch is created, and the MT GW VM is created with 4 GB RAM and connected to the virtual switch. In addition, routing domain mappings for the Contoso and Fabrikam tenants are defined.
In the third section of the script, named “Cleanup Cloud-VM Host,” any existing Network Virtualization settings are removed from the Hyper-V host, including Network Virtualization Lookup Records, Network Virtualization Customer Routes, and Network Virtualization Provider Addresses. Cleanup is verified by using the Get commands.
In the fourth section of the script, named “Configure MTCloudGW Hyper-V Host,” Network Virtualization Lookup Records, Network Virtualization Customer Routes, and Network Virtualization Provider Addresses are created for both tenants.
Full Windows PowerShell script
Following is the full script that you can run on the Hyper-V host to configure the host with Network Virtualization and two VM networks with two VMS per VM network.
[pic]To run this script on a Hyper-V host
|1. Change the example company names, Contoso and Fabrikam, to names of your actual tenants. |
|2. Change other parameter values to match your deployment requirements and environment. |
|3. Ensure that the value for the macro $CloudNIC matches the name of a network adapter on the Hyper-V host. If it doesn’t,|
|creation of the virtual switch and VM will fail when you run this script. If you want to change the name of an existing |
|network adapter to the new name CloudNic to match the script, you can run the following Windows PowerShell command after |
|adding values that match your network adapter configuration. |
|Rename-NetAdapter [-Name] [-NewName] CloudNic |
|4. Determine the Provider Addresses, Customer Addresses, Virtual Subnet ID’s, and other values that you prefer to use. You|
|can keep the values in the script or you can change them to suit your deployment. |
|5. If you change any values in this script or the other scripts provided in this document, ensure that the values are |
|changed in all of the scripts. For example, if you want to change the tenant name Contoso to the name Woodgrove (or to the|
|name of one of your actual tenants), ensure that you change Contoso to Woodgrove in all scripts before running them. |
|6. Copy the Windows PowerShell script below to the Multitenant Gateway Hyper-V host. |
|7. On the Hyper-V host, open Windows PowerShell with Administrator privileges. Run the script by typing the folder |
|location and file name of the script. For example, if the file name of the script is MTGWHostConfig.ps1 and the folder |
|location is C:\Users\Administrator\Documents, type C:\Users\Administrator\Documents\MTGWHostConfig.ps1, and then press |
|ENTER. |
##### Macros for Multitenant (MT) Cloud Gateway (GW) Hyper-V Host Configuration #####
$CloudGW_VM_Name = "MTCloudGW"
$VHDPath = "C:\VMs\MTCloudGW\MTCloudGW.vhd"
$SwitchName = "CloudSwitch"
$CloudNIC = "CloudNic"
$Cloud_GW_ProviderAddress = "192.168.0.11"
$Cloud_VM_ProviderAddress = "192.168.0.22"
$Contoso_CloudGW_IP = "10.0.2.2"
$Fabrikam_CloudGW_IP = "10.0.2.2"
$Contoso_CloudGW_DefaultGW = "10.0.2.1"
$Fabrikam_CloudGW_DefaultGW = "10.0.2.1"
$Contoso_CloudGW_Subnet = "10.0.2.0/24"
$Fabrikam_CloudGW_Subnet = "10.0.2.0/24"
$Contoso_CloudVM_IP = "10.0.1.101"
$Contoso_CloudVM2_IP = "10.0.1.111"
$Fabrikam_CloudVM_IP = "10.0.1.101"
$Fabrikam_CloudVM2_IP = "10.0.1.111"
$Contoso_CloudVM_DefaultGW = "10.0.1.1"
$Fabrikam_CloudVM_DefaultGW = "10.0.1.1"
$Contoso_CloudVM_Subnet = "10.0.1.0/24"
$Fabrikam_CloudVM_Subnet = "10.0.1.0/24"
$ContosoVMNicMac = "00155DE2AB00"
$ContosoVM2NicMac = "00155DE2AB01"
$ContosoDefaultNicMac = "001122334455"
$ContosoRoutinGDomainGuid = "{12345678-1000-2000-3000-123456780001}"
$ContosoVSID_GW = "3001"
$ContosoVSID_VM = "3000"
$FabrikamVMNicMac = "00155DE2AB02"
$FabrikamVM2NicMac = "00155DE2AB03"
$FabrikamDefaultNicMac = "001122334466"
$FabrikamRoutinGDomainGuid = "{12345678-1000-2000-3000-123456780002}"
$FabrikamVSID_GW = "4001"
$FabrikamVSID_VM = "4000"
##### Create virtual switch, VM, and routing domain mappings #####
New-VMSwitch $SwitchName -NetAdapterName $CloudNIC -AllowManagementOS $false
New-VM $CloudGW_VM_Name -MemoryStartupBytes 4GB -VHDPath $VHDPath -SwitchName $SwitchName
Rename-VMNetworkAdapter -VMName $CloudGW_VM_Name -Name "Network Adapter" -NewName "CloudNic"
Set-VmNetworkAdapterIsolation –VMName $CloudGW_VM_Name –VMNetworkAdapterName “CloudNic” –MultiTenantStack on –IsolationMode VLAN
Add-VmNetworkAdapterRoutingDomainMapping -VMName $CloudGW_VM_Name -VMNetworkAdapterName "CloudNic" -RoutingDomainId $ContosoRoutinGDomainGuid -RoutingDomainName "ContosoTenant" -IsolationId $ContosoVSID_GW -IsolationName "ContosoGWSubnet"
Add-VmNetworkAdapterRoutingDomainMapping -VMName $CloudGW_VM_Name -VMNetworkAdapterName "CloudNic" -RoutingDomainId $FabrikamRoutinGDomainGuid -RoutingDomainName "FabrikamTenant" -IsolationId $FabrikamVSID_GW -IsolationName "FabrikamGWSubnet"
##### Cleanup MTCloudGW Hyper-V Host #####
Remove-NetVirtualizationCustomerRoute
Remove-NetVirtualizationLookupRecord
Remove-NetVirtualizationProviderAddress
Get-NetVirtualizationCustomerRoute
Get-NetVirtualizationLookupRecord
Get-NetVirtualizationProviderAddress
##### Configure MTCloudGW Hyper-V Host #####
#### Provider Address Configuration ####
$MTNic = Get-NetAdapter $CloudNIC
New-NetVirtualizationProviderAddress -ProviderAddress $Cloud_GW_ProviderAddress -InterfaceIndex $MTNic.InterfaceIndex -PrefixLength 24
#### Lookup and Customer Records Configuration ####
$MTVMNic = Get-VMNetworkAdapter -VMName "MTCloudGW" -Name "CloudNic"
$MTNicMac = $MTVMNic.MacAddress
## Contoso Tenant lookup record configuration ##
New-NetVirtualizationLookupRecord -CustomerAddress $Contoso_CloudGW_IP -VirtualSubnetID $ContosoVSID_GW -MACAddress $MTNicMac -ProviderAddress $Cloud_GW_ProviderAddress -Rule "TranslationMethodEncap" -Context "ContosoSubnet"
New-NetVirtualizationLookupRecord -CustomerAddress $Contoso_CloudGW_DefaultGW -VirtualSubnetID $ContosoVSID_GW -MACAddress $ContosoDefaultNicMac -ProviderAddress $Cloud_GW_ProviderAddress -Rule "TranslationMethodEncap" -Context "ContosoDefaultGW"
New-NetVirtualizationLookupRecord -CustomerAddress 0.0.0.0 -VirtualSubnetID $ContosoVSID_GW -MACAddress $MTNicMac -ProviderAddress $Cloud_GW_ProviderAddress -Rule "TranslationMethodEncap" -Context "ContosoWildcard" -Type "GatewayWildcard"
New-NetVirtualizationLookupRecord -CustomerAddress $Contoso_CloudVM_IP -VirtualSubnetID $ContosoVSID_VM -MACAddress $ContosoVMNicMac -ProviderAddress $Cloud_VM_ProviderAddress -Rule "TranslationMethodEncap" -Context "ContosoVM1"
New-NetVirtualizationLookupRecord -CustomerAddress $Contoso_CloudVM2_IP -VirtualSubnetID $ContosoVSID_VM -MACAddress $ContosoVM2NicMac -ProviderAddress $Cloud_VM_ProviderAddress -Rule "TranslationMethodEncap" -Context "ContosoVM2"
New-NetVirtualizationCustomerRoute -RoutingDomainID $ContosoRoutinGDomainGuid -VirtualSubnetID $ContosoVSID_GW -DestinationPrefix $Contoso_CloudGW_Subnet -NextHop 0.0.0.0
New-NetVirtualizationCustomerRoute -RoutingDomainID $ContosoRoutinGDomainGuid -VirtualSubnetID $ContosoVSID_VM -DestinationPrefix $Contoso_CloudVM_Subnet -NextHop 0.0.0.0
## Fabrikam Tenant lookup record configuration ##
New-NetVirtualizationLookupRecord -CustomerAddress $Fabrikam_CloudGW_IP -VirtualSubnetID $FabrikamVSID_GW -MACAddress $MTNicMac -ProviderAddress $Cloud_GW_ProviderAddress -Rule "TranslationMethodEncap" -Context "FabrikamSubnet"
New-NetVirtualizationLookupRecord -CustomerAddress $Fabrikam_CloudGW_DefaultGW -VirtualSubnetID $FabrikamVSID_GW -MACAddress $FabrikamDefaultNicMac -ProviderAddress $Cloud_GW_ProviderAddress -Rule "TranslationMethodEncap" -Context "FabrikamDefaultGW"
New-NetVirtualizationLookupRecord -CustomerAddress 0.0.0.0 -VirtualSubnetID $FabrikamVSID_GW -MACAddress $MTNicMac -ProviderAddress $Cloud_GW_ProviderAddress -Rule "TranslationMethodEncap" -Context "FabrikamWildcard" -Type "GatewayWildcard"
New-NetVirtualizationLookupRecord -CustomerAddress $Fabrikam_CloudVM_IP -VirtualSubnetID $FabrikamVSID_VM -MACAddress $FabrikamVMNicMac -ProviderAddress $Cloud_VM_ProviderAddress -Rule "TranslationMethodEncap" -Context "FabrikamVM1"
New-NetVirtualizationLookupRecord -CustomerAddress $Fabrikam_CloudVM2_IP -VirtualSubnetID $FabrikamVSID_VM -MACAddress $FabrikamVM2NicMac -ProviderAddress $Cloud_VM_ProviderAddress -Rule "TranslationMethodEncap" -Context "FabrikamVM2"
New-NetVirtualizationCustomerRoute -RoutingDomainID $FabrikamRoutinGDomainGuid -VirtualSubnetID $FabrikamVSID_GW -DestinationPrefix $Fabrikam_CloudGW_Subnet -NextHop 0.0.0.0
New-NetVirtualizationCustomerRoute -RoutingDomainID $FabrikamRoutinGDomainGuid -VirtualSubnetID $FabrikamVSID_VM -DestinationPrefix $Fabrikam_CloudVM_Subnet -NextHop 0.0.0.0
Windows PowerShell command reference links
The script in this topic uses the following Windows PowerShell commands. Click a link to open the help topic for the command.
• New-VMSwitch. Creates a new virtual switch on one or more virtual machine hosts.
• New-VM. Creates a new virtual machine.
• Rename-VMNetworkAdapter. Renames a virtual network adapter on a virtual machine or on the management operating system.
• Set-VmNetworkAdapterIsolation. Modifies isolation settings for a virtual network adapter.
• Add-VmNetworkAdapterRoutingDomainMapping. Adds a routing domain and virtual subnets to a virtual network adapter.
• Remove-NetVirtualizationCustomerRoute. Removes virtual network routes.
• Remove-NetVirtualizationLookupRecord. Removes policy entries for IP addresses in a virtual network.
• Remove-NetVirtualizationProviderAddress. Deletes Provider Addresses.
• Get-NetVirtualizationCustomerRoute. Gets virtual network routes.
• Get-NetVirtualizationLookupRecord. Gets policy entries for VMs in a virtual network.
• Get-NetVirtualizationProviderAddress Gets Provider Addresses.
• New-NetVirtualizationProviderAddress. Assigns a Provider Address to a network interface.
• New-NetVirtualizationLookupRecord. Creates a policy entry for an IP address in a virtual network.
• New-NetVirtualizationCustomerRoute. Creates a virtual network route.
See Also
Additional Resources
Configure the RRAS Multitenant Gateway VM for VLANs
You can use this topic to configure the virtual machine (VM) named MTCloudGW on the Hyper-V Multitenant Gateway host.
This topic contains the following sections.
• To configure the MTCloudGW VM
• RRAS installation Windows PowerShell script
• MTGW Configuration Windows PowerShell script
• Windows PowerShell command reference links
[pic]Important
The Windows PowerShell scripts that are provided in this topic must be run from within the VM named MTCloudGW. Do not run these scripts on the Hyper-V host. In addition, you must replace variable values in the script with values that are appropriate for your deployment.
[pic]To configure the MTCloudGW VM
|1. On the HNV host, open Hyper-V Manager, and then double-click the VM named MTCloudGW. The VM opens in a new window. |
|Start the VM. |
|2. During the operating system installation on the VM, create an Administrator password and provide other information as |
|required. |
|3. After operating system installation is complete, log on to the VM. |
|4. Rename the computer and restart the VM by running the following Windows PowerShell commands. |
|Rename-Computer MTCloudGW |
|Restart-Computer |
|5. After the computer is restarted, log on to the VM. |
|6. Copy the RRAS installation Windows PowerShell script below to the VM. |
|7. On the VM, open Windows PowerShell with Administrator privileges. Run the script by typing the folder location and file|
|name of the script. For example, if the file name of the script is RRASinstall.ps1 and the folder location is |
|C:\Users\Administrator\Documents, type C:\Users\Administrator\Documents\ RRASinstall.ps1, and then press ENTER. |
|8. Copy the MTGW Configuration Windows PowerShell script below to the VM. |
|9. On the VM, open Windows PowerShell with Administrator privileges. Run the script by typing the folder location and file|
|name of the script. For example, if the file name of the script is MTGWConfig.ps1 and the folder location is |
|C:\Users\Administrator\Documents, type C:\Users\Administrator\Documents\ MTGWConfig.ps1, and then press ENTER. |
RRAS installation Windows PowerShell script
Following is the full script that you can run on the VM MTCloudGW. This script installs RRAS on the MTGW VM.
[pic]Important
This installation script specifies the Remote Access features for each tenant by using the Enable-RemoteAccessRoutingDomain command. The –Type parameter specifies the remote access features that are allowed for the tenant. Following are the possible values you can use for this parameter.
• Vpn. If you specify this value, the Multitenant Gateway is configured to allow the tenant to connect to datacenter resources with a VPN dial-in connection. If you select this option, you must design and implement a solution to authorize and authenticate VPN connection requests.
• VpnS2S. If you specify this value, the Multitenant Gateway is configured to allow the tenant to establish site-to-site VPN connections between the tenant resources in your datacenter and their remote sites across the Internet. In addition, the Multitenant Gateway can be configured with Border Gateway Protocol (BGP).
• All. If you specify this value, the Multitenant Gateway is configured to allow the tenant to use the gateway for site-to-site VPN connections, to allow configuration of BGP, and to allow dial-in VPN connections.
##### Macros for RRAS Configuration on MTCloudGW VM #####
$Contoso_RoutingDomain = "ContosoTenant"
$Contoso_IPv4Range = "11.11.11.1, 11.11.11.200"
$Fabrikam_RoutingDomain = "FabrikamTenant"
$Fabrikam_IPv4Range = "11.11.11.1, 11.11.11.200"
##### Install S2S VPN on MTCloudGW #####
Add-WindowsFeature -Name RemoteAccess -IncludeAllSubFeature -IncludeManagementTools
ipmo remoteaccess
#Install-RemoteAccess
Install-RemoteAccess -MultiTenancy
Enable-RemoteAccessRoutingDomain -Name $Contoso_RoutingDomain -Type All -PassThru
Enable-RemoteAccessRoutingDomain -Name $Fabrikam_RoutingDomain -Type All -PassThru
Set-RemoteAccessRoutingDomain –Name $Contoso_RoutingDomain –IPAddressRange 11.11.11.1, 11.11.11.200 –TenantName “Contoso”
Set-RemoteAccessRoutingDomain –Name $Fabrikam_RoutingDomain –IPAddressRange 11.11.11.1, 11.11.11.200 –TenantName “Fabrikam”
MTGW Configuration Windows PowerShell script
Following is the full script that you can run on the VM MTCloudGW. This script configures the VM with tenant routing information.
##### Macros for MT Cloud GW VM #####
$Contoso_CloudGW_Address = "10.0.2.2"
$Fabrikam_CloudGW_Address = "10.0.2.2"
$Contoso_CloudVM_Subnet = "10.0.1.0/24"
$Fabrikam_CloudVM_Subnet = "10.0.1.0/24"
$Contoso_CloudVM_NextHop = "10.0.2.1"
$Fabrikam_CloudVM_NextHop = "10.0.2.1"
##### Configure Cloud GW VM #####
New-NetIPAddress $Contoso_CloudGW_Address -InterfaceAlias "ContosoGWSubnet"
New-NetIPAddress $Fabrikam_CloudGW_Address -InterfaceAlias "FabrikamGWSubnet"
New-NetRoute -InterfaceAlias "ContosoGWSubnet" -AddressFamily IPv4 -DestinationPrefix $Contoso_CloudVM_Subnet -NextHop $Contoso_CloudVM_NextHop
New-NetRoute -InterfaceAlias "FabrikamGWSubnet" -AddressFamily IPv4 -DestinationPrefix $Fabrikam_CloudVM_Subnet -NextHop $Fabrikam_CloudVM_NextHop
## End Cloud GW VM Config ##
You can also perform the additional steps of configuring Site-to-Site VPN connections, Network Address Translation (NAT), and configuring the gateway as a Border Gateway Protocol (BGP) router. For more information, see the following sections.
• Configure the RRAS Multitenant Gateway for Site-to-Site VPN Connections
• Configure the RRAS Multitenant Gateway to Perform Network Address Translation for Tenant Computers
• Configure the RRAS Multitenant Gateway for Dynamic Routing with BGP
Windows PowerShell command reference links
The scripts in this topic use the following Windows PowerShell commands. Click a link to open the help topic for the command.
• Add-WindowsFeature
• Install-RemoteAccess
• Enable-RemoteAccessRoutingDomain
• Set-RemoteAccessRoutingDomain
• New-NetIPAddress
• New-NetRoute
See Also
Additional Resources
Configure the RRAS Multitenant Gateway for Site-to-Site VPN Connections
You can use this topic to configure site-to-site VPN connections for each tenant.
This topic contains the following sections.
• Windows PowerShell script explanation
• Full Windows PowerShell script
• Windows PowerShell command reference links
Windows PowerShell script explanation
The first section of this script, named “Macros for Multitenant (MT) Cloud Gateway (GW) Hyper-V Host Configuration,” provides values for macros that are used in the script.
The second section of this script, named “Configure S2S VPN on MTCloudGW,” creates two site-to-site VPN interfaces, one each for the Contoso and Fabrikam tenants. The script then connects the site-to-site VPN interfaces and retrieves connection information, which is displayed in the Windows PowerShell window.
Full Windows PowerShell script
Following is the full script that you can run on the Hyper-V host to configure the host with Network Virtualization and two VM networks with two VMS per VM network.
[pic]To run this script on a Hyper-V host
|1. Change the example company names, Contoso and Fabrikam, to names of your actual tenants. |
|2. Change other parameter values or fill in blank values to match your deployment requirements and environment. For |
|example, add the valid IP address of a remote router for the $Contoso_S2SDestination and $Fabrikam_S2SDestination macros |
|in the first section of the script. |
|3. Copy the Windows PowerShell script below to the RRAS Multitenant Gateway Hyper-V host. |
|4. On the Hyper-V host, open Windows PowerShell with Administrator privileges. Run the script by typing the folder |
|location and file name of the script. For example, if the file name of the script is AddVPNS2S.ps1 and the folder location|
|is C:\Users\Administrator\Documents, type C:\Users\Administrator\Documents\AddVPNS2S.ps1, and then press ENTER. |
##### Macros for Multitenant (MT) Cloud Gateway (GW) Hyper-V Host Configuration #####
$Contoso_RoutingDomain = ContosoTenant
$Contoso_S2SDestination = ContosoDestinationIPAddress
$Contoso_IPv4Subnet = ContosoSubnetIPAddress
$Fabrikam_RoutingDomain = FabrikamTenant
$Fabrikam_S2SDestination = FabrikamDestinationIPAddress
$Fabrikam_IPv4Subnet = FabrikamSubnetIPAddress
##### Configure S2S VPN on MTCloudGW #####
Add-VpnS2SInterface -RoutingDomain $Contoso_RoutingDomain -Name "ContosoSite1" -Protocol IKEv2 -Destination $Contoso_S2SDestination -AuthenticationMethod PSKOnly -SharedSecret "111_aaa" -Persistent -IPv4Subnet $Contoso_IPv4Subnet -NumberOfTries 0
Add-VpnS2SInterface -RoutingDomain $Fabrikam_RoutingDomain -Name "FabrikamSite1" -Protocol IKEv2 -Destination $Fabrikam_S2SDestination -AuthenticationMethod PSKOnly -SharedSecret "111_aaa" -Persistent -IPv4Subnet $Fabrikam_IPv4Subnet -NumberOfTries 0
Connect-VpnS2SInterface -Name "ContosoSite1"
Connect-VpnS2SInterface -Name "FabrikamSite1"
Get-VpnS2SInterface -Name "ContosoSite1"
Get-VpnS2SInterface -Name "FabrikamSite1"
Windows PowerShell command reference links
The script in this topic uses the following Windows PowerShell commands. Click a link to open the help topic for the command.
• Add-VpnS2SInterface. Creates a site-to-site (S2S) interface with the specified parameters.
• Connect-VpnS2SInterface. Connects a site-to-site (S2S) interface that is currently not connected.
• Get-VpnS2SInterface. Retrieves configuration details for a site-to-site (S2S) interface.
See Also
Additional Resources
Configure the RRAS Multitenant Gateway to Perform Network Address Translation for Tenant Computers
You can use this topic to enable Network Address Translation (NAT) on the public interface of the RRAS Multitenant Gateway virtual machine (VM).
This topic has the following sections.
• Prerequisites
• To enable NAT on the public interface
• Windows PowerShell command reference links
Prerequisites
Before you perform this procedure, you must do the following.
• Either rename the public interface network adapter to “Internet” or change the Windows PowerShell command in the procedure below to use the actual name of the network adapter. If the network adapter name on the computer and the network adapter name in the command do not match, the command will fail.
• Ensure that your multitenant gateway VM is named “MTCloudGW.” If this is not the name of your VM, you must change the Windows PowerShell command below to use the correct VM name.
• Ensure that the RRAS Multitenant Gateway VM is not running.
• Obtain the external IP interface address range for the network adapter that is the public interface, and use the actual address range as the value for the parameter –ExternalIPInterfaceAddress of the New-NetNat command in the procedure below.
To enable NAT on the public interface
[pic]
|1. On the Hyper-V host where the RRAS Mulitenant Gateway VM is configured, open Windows PowerShell with Administrator |
|privileges. |
|2. Create a virtual switch, add a virtual network adapter to connect the VM to the switch, and enable NAT on the network |
|adapter that has the public interface by typing the following commands and pressing ENTER. |
|New-VMSwitch "InternetSwitch" -NetAdapterName "Internet" |
|Add-VMNetworkAdapter -VMName MTCloudGW -Name ExtNic -SwitchName InternetSwitch |
|New-NetNat -Name "AllTenants" -ExternalIPInterfaceAddress "a.b.c.0/24" |
Windows PowerShell command reference links
The script in this topic uses the following Windows PowerShell commands. Click a link to open the help topic for the command.
• New-VMSwitch. Creates a new virtual switch on one or more virtual machine hosts.
• Add-VMNetworkAdapter. Adds a virtual network adapter to a virtual machine.
• New-NetNat. Creates a new NAT object.
See Also
Additional Resources
Configure the RRAS Multitenant Gateway for Dynamic Routing with BGP
You can use this topic to enable Border Gateway Protocol (BGP) for each of your tenants on the Routing and Remote Access Service (RRAS) Multitenant Gateway (MTGW). When you enable BGP on the MTGW and on tenant routers, routes are dynamically exchanged between peers, eliminating the need for constant manual route updates and providing automatic rerouting of network traffic if a peer becomes unavailable due to hardware or other failure.
This topic contains the following sections.
• Prerequisites
• To enable BGP on the RRAS MTGW
• Windows PowerShell command reference links
Prerequisites
Following are the prerequisites for adding BGP routers for tenants.
• You must replace the Autonomous Systems Number (ASN) in the Windows PowerShell commands below with values that are suitable for your deployment. The values that are provided in this topic are examples only.
To enable BGP on the RRAS MTGW
[pic]Note
If your tenants' remote routers are also running Windows Server 2012 R2 Routing and Remote Access (RRAS) configured as a BGP router, your tenants can configure their routers by using the commands in this section. If tenants are using third party BGP routers instead, refer to the router documentation for configuration instructions.
[pic]
|1. On the RRAS MTGW Hyper-V host, open Windows PowerShell with Administrator privileges. For each tenant that has |
|site-to-site VPN connections established to remote tenant resources, add a BGP router using the following command. |
|Add-BgpRouter -RoutingDomain $Contoso_RoutingDomain -BgpIdentifier $Contoso_BGPAddress -LocalASN $Contoso_BGP_LocalASN |
|Add-BgpRouter -RoutingDomain $Fabrikam_RoutingDomain -BgpIdentifier $Fabrikam_BGPAddress -LocalASN $Fabrikam_BGP_LocalASN |
| |
|2. Add BGP peers to the BGP router for each of the tenant’s remote sites. The –PeeringMode value of Automatic in the |
|command below allows BGP to automatically initiate connections to peers and receive connections from peers. |
|Add-BgpPeer -RoutingDomain $Contoso_RoutingDomain -Name "ContosoTenantSite1" -LocalIPAddress $Contoso_BGPAddress |
|-PeerIPAddress $Contoso_BGPPeerAddress -PeerASN $Contoso_BGP_PeerASN |
|Add-BgpPeer -RoutingDomain $Fabrikam_RoutingDomain -Name "FabrikamTenantSite1" -LocalIPAddress $Fabrikam_BGPAddress |
|-PeerIPAddress $Fabrikam_BGPPeerAddress -PeerASN $Fabrikam_BGP_PeerASN |
| |
|3. Configure the remote tenant routers with BGP and matching BGP peers and routes. |
|4. To allow the triggering of site-to-site VPN connections from the BGP router to the remote tenant sites, add the |
|host-specific route of the remote BGP peer to the site-to-site VPN interface in the tenant compartment on the MTGW. |
|Set-VpnS2SInterface -Name -IPv4Subnet |
|5. Add custom networks for advertisements to peers. |
|Add-BgpCustomRoute -RoutingDomain $Contoso_RoutingDomain -Interface $Contoso_MTInterface |
|Add-BgpCustomRoute -RoutingDomain $Fabrikam_RoutingDomain -Interface $Fabrikam_MTInterface |
[pic]Note
After you add routes, the BGP router automatically begins to advertise them to peers.
Windows PowerShell command reference links
The script in this topic uses the following Windows PowerShell commands. Click a link to open the help topic for the command.
• Add-BgpRouter. Adds a BGP router.
• Add-BgpPeer. Adds a BGP peer to the current router.
• Set-VpnS2SInterface. Modifies parameters for a site-to-site (S2S) interface.
• Add-BgpCustomRoute. Adds custom routes to the BGP routing table.
See Also
Microsoft BGP Router configuration automation
Multi-tenant Site-to-Site (S2S) VPN Gateway with Windows Server 2012 R2
Additional Resources
Additional Resources
For more information about the technologies that are discussed in this guide, see the following resources:
• Multi-Tenant VPN with Windows Server 2012 R2
• Multi-tenant Site-to-Site (S2S) VPN Gateway with Windows Server 2012 R2
• Border Gateway Protocol (BGP) with Windows Server 2012 R2
• Microsoft BGP Router configuration automation
• Windows Server Gateway Hardware and Configuration Requirements
• Hyper-V Cmdlets in Windows PowerShell
• Network Adapter Cmdlets
• Network Address Translation (NAT) Cmdlets in Windows PowerShell
• Network Virtualization Cmdlets
• Remote Access Cmdlets in Windows PowerShell
• Server Manager Cmdlets in Windows PowerShell
Border Gateway Protocol (BGP) Overview
You can use this topic to gain an understanding of Border Gateway Protocol (BGP), including BGP supported deployment topologies and BGP features and capabilities.
This topic contains the following sections.
• Router Versions in Windows Server 2012 R2
• BGP Supported Deployment Topologies
• BGP Features
When configured on a Windows Server® 2012 R2 Routing and Remote Access Service (RRAS) Multitenant Gateway, Border Gateway Protocol (BGP) provides you with the ability to manage the routing of network traffic between your tenants’ VM networks and their remote sites.
BGP reduces the need for manual route configuration on routers because it is a dynamic routing protocol, and automatically learns routes between sites that are connected by using site-to-site VPN connections.
To use BGP routing, you must install the RRAS role service of the Remote Access server role on a computer or virtual machine (VM) – the type of system you use depends on whether or not you have a multitenant deployment:
• For a multitenant deployment, it is recommended that you install the RRAS Multitenant Gateway on a VM. The RRAS Multitenant Gateway is capable of handling multiple connections from multiple tenants, and consists of a Hyper-V host and a virtual machine (VM) that is actually configured as the gateway. This gateway is configured with site-to-site VPN connections as a multitenant BGP router to exchange tenant and CSP subnet routes.
• For a non-multitenant deployment, you can install the RRAS Gateway on either a physical computer or a VM.
[pic]Important
When you install RRAS as an RRAS Multitenant Gateway, you must specify whether BGP is enabled for each tenant by using the Enable-RemoteAccessRoutingDomain Windows PowerShell command with the –Type parameter value of All. The following example code illustrates how to install RRAS in Multitenancy mode with all RRAS features (point-to-site VPN, site-to-site VPN, and BGP routing) enabled for two tenants, Contoso and Fabrikam.
$Contoso_RoutingDomain = "ContosoTenant"
$Fabrikam_RoutingDomain = “FabrikamTenant”
Install-RemoteAccess -MultiTenancy
Enable-RemoteAccessRoutingDomain -Name $Contoso_RoutingDomain -Type All -PassThru
Enable-RemoteAccessRoutingDomain -Name $Fabrikam_RoutingDomain -Type All -PassThru
Router Versions in Windows Server 2012 R2
Two different versions of the BGP router are available in Windows Server 2012 R2 – the RRAS Multitenant Gateway and Windows Server Gateway. Although the routers have the same functionality and capabilities, you can use different methods to manage each router, depending on whether you are using System Center 2012 R2.
RRAS Multitenant Gateway. The RRAS Multitenant Gateway BGP router can be used for multitenant or non-multitenant deployments, and is a full featured BGP router. To deploy an RRAS Multitenant Gateway BGP Router, you must use Windows PowerShell commands. For more information, see Remote Access Cmdlets in Windows PowerShell and Windows Server 2012 R2 RRAS Multitenant Gateway Deployment Guide.
Windows Server Gateway. To deploy Windows Server Gateway, you must use System Center 2012 R2 and Virtual Machine Manager (VMM). The Windows Server Gateway BGP router is designed for use with multitenant deployments. With the System Center 2012 R2 VMM Windows Server Gateway router, only a very limited set of configuration options are available in the VMM software interface, including Local BGP IP Address and Autonomous System Numbers (ASN), List of BGP Peer IP Addresses, and ASN, values. You can, however, use Remote Access Windows PowerShell BGP commands to configure all other features of Windows Server Gateway. For more information, see Windows Server Gateway and Virtual Machine Manager.
BGP Supported Deployment Topologies
Listed below are the supported deployment topologies where Enterprise sites are connected to a Cloud Service Provider (CSP) datacenter.
In all scenarios, the CSP gateway is a Windows Server® 2012 R2 RRAS Multitenant Gateway at the edge. The RRAS Multitenant Gateway, which is capable of handling multiple connections from multiple tenants, consists of a Hyper-V host and a virtual machine (VM) that is actually configured as the gateway. This edge gateway is configured with site-to-site VPN connections as a multitenant BGP router to exchange Enterprise and CSP subnet routes.
Tenants connect to their resources at the CSP datacenter by using a site-to-site (S2S) VPN connection. In addition, the BGP routing protocol is deployed for dynamic routing information exchange between the Enterprise and CSP gateways.
The following deployment topologies are supported.
• RRAS VPN Site-to-Site Gateway with BGP at Enterprise site edge
• Third party Gateway with BGP at Enterprise site edge
• Multiple Enterprise sites with third party gateways
• Separate termination points for BGP and VPN
The following sections contain additional information on each supported BGP topology.
RRAS VPN Site-to-Site Gateway with BGP at Enterprise site edge
This topology depicts an Enterprise site connected to a CSP. The Enterprise routing topology includes an internal router, a Windows Server 2012 R2 RRAS Multitenant Gateway configured for VPN site-to-site connections with the CSP, and an edge firewall device. The RRAS gateway terminates the S2S VPN and BGP connections.
[pic]
Both sites are connected using External Border Gateway Protocol (eBGP), which can transmit information between BGP-enabled routers in separate autonomous systems (AS). This requires that both the Enterprise and the CSP have distinct Autonomous System Numbers (ASN), which is a parameter that is integral to the BGP protocol.
In this scenario, BGP works in the following way.
• The Enterprise site edge device learns the virtualized subnet routes (10.2.1.0/24) hosted in the cloud by using BGP. This device also advertises the on-premises subnet routes (10.1.1.0/24) to the CSP RRAS Multitenant Gateway.
• The customer edge router learns on-premises internal routes through one of the following mechanisms:
• The edge device runs BGP with an internal router and learns internal routes (in this example, 10.1.1.0/24). Meanwhile, the internal router learns external routes (such as 10.2.1.0/24) from the edge device, and the internal router must distribute these routes to other on-premises routers using an Interior Gateway Protocol (IGP) such as Open Shortest Path First (OSPF) or Routing Information Protocol (RIP).
• The edge device can be configured with static routes or interfaces to select routes for advertisement by using BGP. The edge device also distributes the external routes to other on-premises routers using an IGP.
Third party Gateway with BGP at Enterprise site edge
This topology depicts an Enterprise site using a third party edge router to connect to a CSP. The edge router also serves as a site-to-site VPN gateway.
[pic]
The Enterprise edge router learns on-premises internal routes through one of the following mechanisms:
• The edge device runs BGP with an internal router and learns internal routes (in this case, 10.1.1.0/24)
• The edge device implements an Interior Gateway Protocol (IGP) and participates directly in internal routing.
Multiple Enterprise sites with third party gateways
This topology depicts multiple Enterprise sites that use third party gateways to connect to a CSP. The third party edge devices serve as site-to-site VPN gateways and as BGP routers.
[pic]
The customer edge routers learn on-premises internal routes through one of the following mechanisms:
• The edge device runs BGP with an internal router and learns internal routes (in this case, 10.1.1.0/24)
• The edge device implements an Interior Gateway Protocol (IGP) and participates directly in internal routing.
Each Enterprise site learns the routes from the other site over the direct eBGP connectivity.
Each Enterprise site learns the hosted network routes directly and by using the other Enterprise site, but selects the best route based on the cost of the route.
If the BGP router at Enterprise Site 1 cannot connect with the CSP datacenter BGP router because connectivity has failed, the Site 1 BGP router dynamically begins to learn the routes to the CSP network by using the other Enterprise site (Site 2), and the traffic is seamlessly rerouted from Site 1 to Site 2 to the CSP.
[pic]Notes
The RRAS Multitenant Gateway BGP router does not support eBGP paired with eBGP transit routing, so this scenario is only supported by using an Enterprise edge that uses a third party BGP solution.
The RRAS Multitenant Gateway BGP router supports Internal BGP (iBGP) paired with iBGP, iBGP paired with eBGP, and eBGP paired with iBGP transit routing.
Separate termination points for BGP and VPN
This topology depicts an Enterprise that uses two different routers as the BGP and site-to-site VPN endpoints. Site-to-site VPN is terminated on the Windows Server 2012 R2 RRAS Gateway, while BGP is terminated on an internal router. At the CSP side of the connections, the CSP terminates both the VPN and BGP connections with the RRAS Multitenant Gateway. With this configuration, the internal third party router hardware must support redistribution of IGP routes to BGP, as well as redistributing BGP routes to IGP.
[pic]
The internal router learns Enterprise routes through one of the following mechanisms:
• BGP
• An Interior Gateway Protocol (IGP) such as OSPF or RIP.
• Static route configuration
When any IGP is used at the Enterprise site, the internal router must redistribute IGP routes into BGP - as well as redistribute BGP routes into IGP routes - for maintaining the subnet connectivity between CSP virtual networks and local Enterprise subnets.
With this deployment, the Enterprise RRAS Gateway has a site-to-site VPN connection with the CSP RRAS Multitenant Gateway, which provides the Enterprise RRAS Gateway with the routes to the CSP gateway. The Enterprise internal router then learns this route to the CSP gateway by using iBGP with the Enterprise RRAS Gateway. Because of this, the Enterprise internal router is then able to establish a peering session with the CSP RRAS Multitenant Gateway BGP Router.
From this point forward, the Enterprise internal router and the CSP RRAS Multitenant Gateway exchange routing information. And the Enterprise RRAS BGP router learns the CSP routes and Enterprise routes to physically route packets between the networks.
BGP Features
Following are the features of the RRAS Multitenant Gateway BGP Router.
BGP Statistics (Message counters, Route counters). The BGP Router supports displaying the message and route statistics, if required, by using the Get-BgpStatistics Windows PowerShell command.
Equal Cost Multi Path Routing (ECMP) support. The BGP Router supports ECMP and can have more than one equal cost routes plumbed into the BGP routing table and stack. The BGP router selection of the route for transmitting data packets is random with ECMP enabled.
HoldTime configuration. The BGP Router supports configuration of the HoldTimer value according to your network requirements. This timer can be dynamically changed to accommodate interoperability with third party devices or to maintain a specific maximum time for BGP peering session timeout.
Internal BGP and External BGP support. The BGP router supports both iBGP and eBGP peering. To configure either, you must ensure that the appropriate ASNs are assigned to the local and remote BGP Routers. All four BGP deployment topologies employ the use of eBGP peering, and the fourth topology uses iBGP peering as well.
Interoperability with 3rd party solutions. The BGP Router is based on the latest BGP version 4 specification, and has been tested for interoperability with most of the major third party BGP routing devices. For more information, see Request for Comments (RFC) 4271, A Border Gateway Protocol 4 (BGP-4).
IPv4 and IPv6 transport peering support. The BGP Router supports both IPv4 and IPv6 peering. However, you must configure the BGP Identifier as the IPv4 address of the BGP Router. For all of the BGP router deployment topologies, either of the two peering types (IPV4 / IPv6) can be used.
IPv4 and IPv6 unicast route learning and advertisement capability (Multiprotocol Network Layer Reachability Information [NLRI]). No matter what transport you use, the BGP Router can exchange IPv4 and IPv6 routes if the appropriate capability is announced by other BGP routers while establishing the session. To configure IPv6 routing, parameter IPv6Routing must be enabled, and a Local Global IPv6 address must be configured at the router level.
Mixed mode and Passive mode peering. You can configure BGP peering sessions in either mixed mode – where the BGP router acts as both initiator and responder - or passive mode, where the BGP router does not initiate peering, but does respond to incoming requests. Mixed mode is the default, and is recommended for BGP peering. This is true unless you want to use passive mode for debugging or diagnostic purposes. For all of the BGP router deployment topologies, mixed mode peering is required to enable automatic restarts in case of failure events.
[pic]Note
eBGP to eBGP transit routing support is not available on the BGP router.
Route Attribute rewrite capability. You can add, modify, or remove the following attributes from the BGP router ingress and egress route advertisements by using the BGP Routing policies Next-Hop, MED, Local-Pref, and Community.
Route filtering. The BGP router supports filtering ingress or egress route advertisements based on multiple route attributes such as Prefix, ASN-Range, Community, and Next-Hop.
Route-Reflector (RR) client. The BGP Router can act as a Route-Reflector client; however it cannot be used as a Route-Reflector itself. This is useful in cases where a new BGP Router needs to be introduced in complex topologies using third party BGP Routers deployed in RR mode.
Route-Refresh support. The BGP Router supports Route-Refresh and advertises this capability on peering by default. It is capable of sending a fresh set of route updates when requested by a peer via route-refresh message.
Static route configuration support. You can configure static routes or interfaces on the BGP Router by using the Add-BgpCustomRoute Windows PowerShell command. The static routes that you configure can be the prefixes or the name of the interfaces from which the routes must be chosen. However, only the routes with resolvable next-hops are plumbed into the BGP routing tables and advertised to peers.
Transit routing support. The BGP Router supports transit routing for both iBGP to iBGP connections and iBGP to eBGP connections. iBGP eBGP transit routing is evident in all of the scenarios discussed in previous section.
For additional information, see the Networking blog Border Gateway Protocol (BGP) with Windows Server 2012 R2.
See Also
Routing and Remote Access Service (RRAS)
Windows Server 2012 R2 RRAS Multitenant Gateway Deployment Guide
Windows Server Gateway
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- desktop gadgets gallery windows 7
- the gallery of cosmetic surgery
- desktop gadgets gallery windows 10
- desktop gadget gallery download
- microsoft free clip art gallery microsoft word
- kansas city art gallery guide
- microsoft clip art gallery free
- desktop gadget gallery windows 10
- windows 10 desktop gallery gadgets
- microsoft 365 com setup
- free photo gallery html code
- simple html photo gallery code