What is the Windows Server Network Controller?

Another day, another element of Microsoft Azure makes it way to Windows Server. The latest introduction into Windows Server 2016 is the Windows Server Network Controller, a feature of the next generation Microsoft cloud that will manage networks in a large Hyper-V deployment.

What is Windows Server Network Controller?

Network controller is a concept from the Azure fabric; it is a centrally located and programmable point of automation and orchestration for deploying, managing, configuring, and troubleshooting both the physical and virtual networks of a private r hosted cloud deployment.

Managing physical and virtual networks with a network controller (Image Credit: Microsoft)
Managing physical and virtual networks with a network controller (Image Credit: Microsoft)

Network Controller serves as a critical element of any cloud, so it’s been designed to be scalable and fault tolerant. There are two APIs, referred to as Northbound and Southbound:

  • Southbound API: This is used by Network Controller to communicate with network devices, services, and other elements of the cloud.
  • Northbound API: This is the API that’s used to manage the network via Network Controller. You can use PowerShell, REST API, or a management solution. It appears that System Center 2016 Virtual Machine Manager (SCVMM 2016) and System Center 2016 Operations Manager (SCOM 2016) will be the graphical UI for Network Controller.

What can be managed using Network Controller?

You can manage the following pieces of physical and virtual networks in a cloud:

  • Hyper-V virtual machine connections (the ports in a virtual switch)
  • Virtual switches
  • Physical network routers
  • Firewall software
  • VPN gateways, including RRAS
  • Load balancers

Windows Server Network Controller Features and Benefits

Let’s talk about some real tangible features and benefits that Network Controller will offer:

Fabric Management

The Network Controller offers you a single point of management for all physical and virtual networks in the cloud. You can configure IP subnets, VLANs, Layer 2 and Layer 3 switches, and the physical NICs of your Hyper-V hosts.

Distributed Firewall

Windows Server 2012 R2 allows you to deploy Port ACLs to implement 5-tuple firewall rules that are implemented by the virtual switch, but Port ACLs is not a centrally managed solution. The distributed firewall functionality of Network Controller is centrally managed, and it allows you to control both east-west and north-south traffic. Using the Northbound API, you can also manage edge firewall rules.
In other words, you can control:

  • Traffic to/from the Internet to/from virtual machines
  • Traffic between virtual machines
  • Traffic between virtual machines and the compute cluster and the fabric of the cloud

Network Topology and Discovery Management

You can automatically discover elements of the data center network and uncover how physical and virtual devices are interconnected and dependent upon each other. This information is used for network monitoring.

Network Monitoring

You can monitor physical and virtual networks using Network Controller. There are two kinds of monitoring:

  • Active network data: This includes performance metrics, such as network loss and latency. A set of algorithms is used to determine important paths of data, and the nature of that data. If errors are detected, problems can be localized to identify devices that are causing outages or performance degradation.
  • Element data: This is the more traditional method of polling devices using SNMP. For example, link state data restarts and routing information is retrieved using industry standard MIBs.

A useful feature of network monitoring is impact analysis. Any issues in the physical network can be associated with virtual networks, thus the impact on tenants can be quickly determined. Network monitoring will integrate with SCOM, where historical data can be recorded and rolled up health can be displayed to operators.

Service Chaining Management

We can see in Azure how the role of virtual appliances is growing. This should be expected in Azure-consistent clouds that are deployed on-premises by hosting companies. Network Controller allows you to create rules that force traffic to be redirected by virtual network appliances, where that traffic might be inspected, audited, filtered, and so on.

Software Load Balancer Management

A software load balancer for scalable and fault tolerant services will be available in Windows Server 2016, where Network Controller will manage this functionality.

Network Virtualization Management

Network Controller will manage the deployment of virtual networks (VNETs), supporting both NVGRE (as used by WS2012 and WS2012 R2 Hyper-V Network Virtualization) and VXLAN (a creation of VMware, Arista Networks and Cisco that has other industry backers).

Windows Server Gateway Management

You can deploy, manage and reconfigure Hyper-V hosts and virtual machines that are used as a gateway cluster, bridging the gap between network virtualization, the physical network, and the Internet. The gateway connects a tenant in a VNET with the rest of the world. Functionality includes:

  • Adding and removing gateway VMs on a dedicated Hyper-V cluster
  • Site-to-site VPN connectivity using IPsec or GRE
  • Point-to-site VPN connections for tenant administrators
  • Layer 3 forwarding
  • BGP routing between tenant VNETs and remote locations

Final Thoughts on Network Controller

There’s little in the way of documentation on Network Controller, but what little there is indicates that Microsoft’s private and hosted cloud offering is maturing, drawing on Microsoft’s experience with Azure.