What's New in Windows Server 2016 Technical Preview 5: Networking Features
This post will describe the networking features that are changed or new to Windows Server 2016 (WS2016), as featured in Technical Preview 5 (TP5).
It’s All About the Cloud
Windows Server 2016 has a very definite theme: running you own implementation of Azure that’s managed using the Microsoft Azure stack. Many of the new and improved features of WS2016 are intended to enable Azure to run in your data center. Nowhere can you see this more than in the networking features of the newest version of Microsoft’s server operating system.
A fabric in a cloud, such as networking, requires management. Microsoft has ported the network fabric controller of Azure to Windows Server and called it the Network Controller. Microsoft describes the Network Controller as a “centralized, programmable point of automation.” This means that there’s one point of central control of the network fabric across your entire Hyper-V cloud, and you can also interact with the Network Controller using PowerShell.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
However, the envisioned mechanism of manual control will be Azure Stack, which will allow you to deploy your software-defined networks.
Hyper-V Switch Improvements
There are a few improvements to note:
Converged NIC. You can converge networks in a host to as few as a single NIC and still have support for RDMA. In other words, RDMA can be enabled in a management OS virtual NIC, meaning that all SMB Direct enhanced roles (storage, Live Migration, Storage Replica, and more) can use the same physical NICs as virtual machines, and you can reduce your total CAPEX and OPEX spending on NICs and switch ports.
Packet Direct. Pretty soon, you’re going to see affordable 100 Gbps switches hitting the market. Packet Direct will improve throughput and reduce latency for networks up to this speed.
Switch Embedded Teaming (SET). Hyper-V hosts will no longer need a Hyper-V switch and a NIC team; the NIC team can be embedded into the virtual switch, effectively treating the physical NICs (up to 8) as uplinks of the virtual switch.
Network Function Virtualization (NFV)
As with Azure, you will have the ability to deploy network functions (gateways, load balancers, and firewalls) as virtual appliances or you can deploy these network functions within the network fabric provided by WS2016:
- A distributed firewall will allow you create ACLs — think of network security groups in Azure.
- A RAS gateway can route traffic between software-defined networks and physical networks, including site-to-site VPN.
- A software load balancer with network address translation is built into the fabric, just like it is in Azure v2 (Azure Resource Manager or ARM). You can finally consider dumping Windows Network Load Balancing.
Larger organizations will be interested in some of the advance and standardized approaches to management, that further the alignment with Azure:
- Representational State Transfer (REST)
- Open vSwitch Database Management Protocol (OVSDB)
Software-Defined Networking (SDN) Encapsulation
Microsoft be the farm on NVGRE when they added SDN to Windows Server 2012. There were a few issues, where everyone else went with VxLAN, and Microsoft decided to use System Center Virtual Machine Manager (SCVMM) as their point of SDN management and updates, which turned out to be a mistake. The new Microsoft is all about fitting in and acting on feedback, and this is why WS2016 will:
- Support both NVGRE and VxLAN to encapsulate tenant virtual networks.
- Use Network Controller to replace SCVMM as the SDN manager.
There are a few non-cloud updates too!
The DNS server has been updated as follows:
- DNS Policies: Use rules to determine how a DNS server responds to a client.
- Nano Server: File-based DNS can be hosted on Nano Server.
- Response Rate Limiting (RRL): Rate limiting allows you to avoid DOS attacks on a DNS client.
- DNA-based Authentication of Name Entities (DANE): A secure response can inform a DNS client what CA should have provided certificates for a specified domain name.
- Unknown Record Support: You can now add records which aren’t explicitly supported by Windows Server DNS.
- IPv6 Root Hints: Root hints for Internet-based IPv6 name resolution can be added.
- PowerShell: The cmdlets have been improved.
IP Address Management has some feature improvements as well:
- You can handle IPv4 and IPv6 subnets, as well as finding free subnets and ranges within an address block.
- DNS resource records, conditional forwarders, and DNS zone management are supported for file-based and AD-integrated domains.
- New management functions have been added to assist with general day-to-day management, such as visualizing all domain records for a given IP address.
- You can manage networking for multiple AD forests when there is a two-way trust between the IPAM forest and the to-be-managed forest.
- PowerShell can be used to enable role-based access control.