Save to My DOJO
In Windows Server 2012, Microsoft released the first version of SDN (Software Defined Networking) to address the challenges with non-centralized infrastructure management. This was based on their own interpretation of a standard protocol, NVGRE. Later, in Windows Server 2016, they introduced SDNv2, which was inspired by Azure and based on VMware’s VXLAN protocol.
What is Software-Defined Networking (SDN)?
The goal of SDN, in general, is to provide you with a method and UI to centrally configure and manage physical and virtual devices in your data center, including compute, routers, switches, gateways, etc. That helps to reduce overall infrastructure costs. Isn’t that what we all are looking for?
If you’re an old hand at networking you might bring up VLANs, after all, that’s how we’ve been dividing up networks on-premises for 20+ years. VLANs don’t work well in today’s software-defined world, each physical switch needs to be configured whenever you add or change one, the benefit of SDN is that it’s all handled in software, making reconfiguration quick and easy.
When it comes to Microsoft SDN, you can control the following networking components; virtual switching and routing, firewalling with micro-segmentation, third-party appliances, and load balancing. One common question is whether Microsoft SDN works on top of the existing network infrastructure or not!? It does. Every application has a different set of resource requirements and intertwined network dependencies. With SDN, we can reduce the complexity by creating a virtualization layer on top of the physical network. This makes your applications run more reliably and more securely.
The release of SDNv2 in Windows Server 2016 was a huge step, but it wasn’t easy to configure and manage it. You could deploy and manage SDN using PowerShell (SDN Express PowerShell module) or System Center Virtual Machine (SCVMM). If you ever installed and configured Microsoft SDN, you know it provides value to your data center, but it is challenging to work with it. And Microsoft was aware of that.
What’s New in Windows Server 2019 and 2022 SDN
Things got better in Windows Server 2019. Microsoft improved the SDN by releasing a new UI and supporting Windows Admin Center. Windows Admin Center is one of the most important and powerful tools in a system administrator’s toolbox. We at Altaro Software published an eBook about Windows Admin Center. You can download your free copy on this link How to Get the Most Out of Windows Admin Center.
Besides the Windows Admin Center support, Microsoft implemented a few other features into Windows Server 2019 and 2022. That includes the following:
Encrypted networks provide network traffic encryption between virtual machines that communicate within the same subnets. Furthermore, it utilizes DTLS (Datagram Transport Layer Security) to protect against malicious access.
Virtual network peering supports peering two virtual networks together. In other words, two connected virtual networks appear as one network.
Firewall auditing allows recording processed flows within the SDN infrastructure. You need to enable it.
Egress metering lets you keep an eye on usage meters for outbound data transfers.
High-performance gateways. In Windows Server 2016 the single connection throughput for IPsec was about 300 Mbps and for GRE about 2.5 Gbps. These numbers are increased in Windows Server 2019 and 2022 to 1.8 Gbps and 15 Gbps. Check here for more details on how to enable it.
How to Deploy Microsoft SDN
In order to deploy Microsoft SDN, you need to run Windows Server 2016, 2019, or 2022 Datacenter edition installed. Windows Servers Standard is not supported.
You don’t install it using standard procedure via Server Manager (installing roles or features). You execute the script and then configure it using Windows Admin Center or System Center Virtual Machine Manager (VMM). The procedure is equally applicable to Windows Server 2016, Windows Server 2019, Windows Server 2022, and Azure Stack HCI, versions 21H2 and 20H2.
There are two steps involved, planning and deploying. Let’s see what’s involved in each of them.
Step 1: Plan a Microsoft SDN infrastructure
In the first part, you need to plan SDN infrastructure properly. That includes preparing your data center, your compute resources, planning for physical and logical network configuration, network hardware, routing, gateways, etc. There is a huge list of preparation tasks you need to do. We’ll give just a brief overview and guide you through the Microsoft documentation.
Firstly you must perform some prerequisite configuration steps in your network. That includes the following:
- Allocate a block of static IP addresses from your management subnet for each Network Controller, Mux, and Gateway VM to be created.
- Allocate a subnet and VLAN for Hyper-V Network Virtualization Provider Addresses (HNV PA)
- Allocate a set of subnets for Private and public and GRE VIPs. Do not configure these on a VLAN, instead enable them to be advertised by SDN through BGP.
- Configure HNV PA network’s routers for BGP, with a 16-bit ASN for the router and one for SDN. SDN should peer with the loopback address of each router.
Physical switch configuration examples are available on Github.
You also need to provide the following:
- A set of Hyper-V hosts configured with a virtual switch.
- A virtual hard disk containing Windows Server 2016,2019 and 2022 Datacenter edition.
- An Active Directory domain to join and credentials with Domain join permission.
- Domain credentials with DNS update and host administrator privileges.
The Hyper-V hosts should be equipped with at least 4-Core 2.66 GHz CPU, 32 GB of RAM, 300 GB of Disk Space, 1 Gb/s (or faster) physical network adapter. The Hyper-V hosts need to run an appropriate operating system and virtual switch at least one physical network card connected to the management network. You can use any storage type (local or shared).
SDN consists of a few components: network controller, Software Load Balancer (SLB)/multiplexer (MUX), RAS gateway, and BGP. Each of them runs as a VM and needs the following resources.
|Role||vCPU requirements||Memory requirements||Disk requirements|
|Network Controller (three nodes)||4 vCPUs||4 GB minimum
(8 GB recommended)
|75 GB for operating system drive|
|SLB/MUX (three nodes)||8 vCPUs||8 GB recommended||75 GB for operating system drive|
(single pool of three nodes
gateways, two active, one passive)
|8 vCPUs||8 GB recommended||75 GB for operating system drive|
|RAS Gateway BGP router
for SLB/MUX peering
(alternatively use ToR switch
as BGP Router)
|2 vCPUs||2 GB||75 GB for operating system drive|
If you want to use System Center Virtual Machine Manager (VMM), you need to create and assign resources to that dedicated VM. You can read the details HERE.
As already mentioned, there is a huge list of preparation tasks you need to consider. I would recommend you check the details in official Microsoft documentation.
Step 2: Deploy an SDN Infrastructure
Once you are ready, you can proceed with the second step and deploy a SDN. The initial way presented in Windows Server 2016 and that still works in the newer version, is to use scripts. You can download scripts on Microsoft’s GitHub. You don’t have to deploy all SDN components. The script supports phased deployment, which means you can deploy a single component (e.g., Network Controller). Once you run the SDNExpress.ps1, it will guide you the rest of the way.
Title: SDN Express deployment wizard
The actual deployment takes from 30 – 60 minutes depending on the performance of your system and network. Once your SND is ready, you can configure and manage it using Windows Admin Center or System Center Virtual Machine Manager (VMM). Please note a hyper-converged cluster is required to use the SDN extension for the Windows Admin Center.
Title: Windows Admin Center
Microsoft documented the complete procedure of configuring and managing SDN using Windows Admin Center.
Note: To be able to create this article, I run my workloads on a powerful mini PC – Intel NUC powered with the CPU i7, the latest generation, 64 GB RAM DDR4, 256 M.2 SSD. Intel® NUC Mini PCs are fully complete and ready to work out of the box. You can learn more here Intel® NUC Products.
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!