Overview
In the past month Azure platform has announced many improvements to their networking services.
One of the improvement that was announced was a release of High Performance network gateway.
You can read about High Performance Network Gateway here: http://azure.microsoft.com/blog/2014/12/02/azure-virtual-network-gateway-improvements/
Until this time the gateway network throughput was limited to 80 Mbps. New high performance gateway has network throughput of 200 Mbps. It also allows up to 30 Site to Site tunnels as compared to 10 tunnels allowed by default network gateway. I will create two virtual networks. I will add high performance network gateway to each of them. I will connect them to each other. I will create a virtual machine in each virtual network. I will test the network throughput of the high performance network gateway. I will provision the entire infrastructure with PowerShell based automation without any manual steps or logging into the Azure management portal.
Instructions to setup a VNet to VNet connection are posted here. There are a few manual steps required by these instructions but I will automate the entire provisioning and setup.
http://msdn.microsoft.com/en-us/library/azure/dn690122.aspx
Setup
Virtual Network configuration can be defined in the portal or a configuration file. In my case I have no virtual networks defined in my Azure subscription. Configuration file schema is documented here:
http://msdn.microsoft.com/en-us/library/azure/jj157100.aspx
As you can see below it has a root element NetworkConfiguration which has one child element called “VirtualNetworkConfiguration”
VirtualNetworkConfiguration has three child elements:
Dns: This is used to define DNS server names and their IP addresses
LocalNetworkSites: This is used to define Local networks which are connected to a virtual network
VirtualNetworkSites: This is where you define the virtual network configuration.
If you are not comfortable with working with this XML file you can use Azure management portal to define the two virtual networks. Here is the definition of Virtaul Network named: ANetwork
This network is located in Location “Central US”. It has a MainSubnet and a GatewaySubnet
The second network is called BNetwork. It is also located in “Central US”.
It has a MainSubnet and a GatewaySubnet.
If we need to connect these two networks you will need to define them as local networks. These local networks will have the exact same address space as the networks you previously defined.
VPNGatewayAddress element defines the IP address of the gateway. Since the gateway has not been created yet I have inserted a placeholder IP address in the two local networks.
If you want to connect ANetwork with BNetwork all you have to do is to insert the Gateway element after Subnets in the definition of the Virtual Network as shown below. In my example ANetwork is connected with BNetworkLocal
If you want to connect BNetwork with ANetwork all you have to do is to insert the Gateway element after subnets in the definition of the Virtual Network as shown below. In my example BNetwork is connected with ANetworkLocal
If your virtual network was connected to more than one virtual network you will have to define a separate LocalNetworkSiteRef element for each of the virtual networks.
Create the virtual network
We will use Set-AzureVNetConfig cmdlet to create the virtual network. If there are any errors in creating the virtual network this script will throw and error and abort.
I have no existing virtual networks in my subscription. If you have existing virtual network you have to export your current virtual network configuration for the portal or with Get-AzureVNetConfig and manually add your two new virtual networks. If you don’t do this your virtual network settings may be replaced.
|
001
002 003 004 005 006 |
#create/update the network configuration file
Set-AzureVNetConfig -ConfigurationPath $vNetFilePath -ErrorAction SilentlyContinue -ErrorVariable errorVariable if (!($?)) { throw “Unable to set virtual network configuration included in config file: $vNetFilePath. Error detail is: $errorVariable” } |
Create the High Performance Virtual Network Gateway
Previously you had created the network configuration file. You had defined your local networks under element LocalNetworkSite. You had entered place holder IP address for network gateways VPNGatewayAddress. In this step we will create the high performance network gateway’s. We will get the IP address of the gateway and update the Network Configuration file. It will take 20-30 minutes to finish this step.
|
001
002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 022 023 024 025 026 027 028 029 030 031 032 033 034 035 036 037 038 039 040 041 042 043 044 045 046 047 048 049 050 051 052 053 054 055 056 057 058 059 060 061 062 063 064 065 066 067 068 |
Create-GatewayUpdateConfig $Network1Name $vNetFilePath “1.1.1.1” “DynamicRouting” “HighPerformance”
Create-GatewayUpdateConfig $Network2Name $vNetFilePath “2.2.2.2” “DynamicRouting” “HighPerformance” VPNGatewayAddress function Create-GatewayUpdateConfig { param ( # Virtual Network name [Parameter(Mandatory = $true)] [String] $NetworkName, # VNetConfig file that will be updated with the actual gateway IP address [Parameter(Mandatory = $true)] [string] $VNetConfigFile, # Placeholder IP address that will be replaced by actual gateway IP address # If this switch is not specified, then images from all possible publishers are considered. [Parameter(Mandatory = $true)] [string] $IPAddressToBeReplaced, # Gateway Type #Create the gateway for virtual networks if($null -eq $gateway1) New-AzureVNetGateway –VNetName $NetworkName -GatewayType $GatewayType -GatewaySKU $GatewaySKU -ErrorAction SilentlyContinue -ErrorVariable errorVariable $gateway1 = Get-AzureVNetGateway -VNetName $NetworkName if(($null -eq $gateway1IP) -or ($gateway1IP -eq “”)) #Get the IP address and replace the place holder IP address with actual gateway ip address
|
You can verify that your HighPerformance network gateways were created as shown below. Note the GatewaySKU of “HighPerformance”. It will be “Default” for standard gateway.
|
001
002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 022 023 024 025 026 027 028 029 030 031 |
PS C:\projects\PowerShell\HighPerfGateway\HighPerfGateway> Get-AzureVNetGateway -VNetName ANetwork
LastEventData : PS C:\projects\PowerShell\HighPerfGateway\HighPerfGateway> Get-AzureVNetGateway -VNetName BNetwork LastEventData : |
Update Virtual Network Configuration
Update the configuration of Virtual Network with the updated Network Configuration file. This file was updated in the previous step with actual IP addresses of the newly created network gateways.
|
001
002 003 004 005 006 007 008 009 |
#update the vnet config with newly updated config file
Set-AzureVNetConfig -ConfigurationPath $vNetFilePath -ErrorAction SilentlyContinue -ErrorVariable errorVariable if (!($?)) { throw “Unable to set virtual network configuration with updated config file: $vNetFilePath. Error detail is: $errorVariable” }
|
Set the preshared keys for the two networks. After gateway key has been set it can take up to 5 minutes to verify that network connectivity has been established.
|
001
002 003 004 005 006 007 008 |
#Update the virtual network configuration.
Set-AzureVNetGatewayKey -VNetName $Network1Name -LocalNetworkSiteName BNetworkLocal -SharedKey yoursharedkey Set-AzureVNetGatewayKey -VNetName $Network2Name -LocalNetworkSiteName ANetworkLocal -SharedKey yoursharedkey #get the status of the virtual network |
Here is the output of Get-AzureVnetConnection when connectivity has been established successfully.
You will notice that ConnectivityState now shows “Connected” for both the networks.
|
001
002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 022 023 024 025 026 027 028 029 030 031 032 033 |
PS C:\projects\PowerShell\HighPerfGateway\HighPerfGateway> get-azurevnetconnection -VNetName ANetwork
ConnectivityState : Connected PS C:\projects\PowerShell\HighPerfGateway\HighPerfGateway> get-azurevnetconnection -VNetName BNetwork ConnectivityState : Connected |
Until now we have not even logged into the Azure Management Portal and we have successfully created 2 Virtual networks, created 2 high performance gateways and connected these two virtual networks. For those of you who like to view things visually I have attached the following views of the portal that show virtual networks were successfully connected.
Create Virtual Machines
In this step we will create virtual machines in the two virtual networks. We plan to use these virtual machines to test the network bandwidth of your “HighPerformance” network gateway. The script below will create a VM in ANetwork. You can use the same script to create another VM in BNetwork. I created Medium VM’s instead of Small VM’s because I wanted to make sure these VM’s have enough network bandwidth to run my tests.
|
001
002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 022 023 024 025 |
Write-Verbose “Prompt user for admininstrator credentials to use when provisioning the virtual machine(s).”
$credential = Get-Credential Write-Verbose “Administrator credentials captured. Use these credentials to login to the virtual machine(s) when the script is complete.” $ImageName = “a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-R2-201411.01-en.us-127GB.vhd” #Configure the virtual machines to be created # Make an array of the virtual machine configuration so we can create them with 1 call # Create a new cloud service and Deploy Virtual Machines to Virtual Network |
Test Network Bandwidth
In the final step we will log in to each virtual machine and download psping tool and use it to test network bandwidth.
psping can be downloaded from http://technet.microsoft.com/en-us/sysinternals
It is one of the easiest way to test network bandwidth, latency etc.
On VM anetworkvm1 that was created in ANetwork I run the following command. It opens the firewall ports for the duration of the test and is the server listening on the specified port. Here 172.16.100.4 is the internal IP address of this VM.
On VM bnetworkvm1 that was created in BNetwork I ran the following command. Here we are running a client that will end out 100K requests to the server 10000 times.
|
001
002 003 004 005 006 007 008 009 010 011 012 |
C:\pstools>psping -b -l 100k -n 10000 172.16.100.4:5000
PsPing v2.01 – PsPing – ping, latency, bandwidth measurement utility TCP bandwidth test connecting to 172.16.100.4:5000: Connected TCP sender bandwidth statistics: |
I ran these tests about 10 times and I was getting similar bandwidths. These results are in MB/s so I was seeing bandwidth close to 236 Mbps. This is higher than 200 Mbps that was mentioned in the specification of High Performance network gateway. Your actual results may vary.
Summary
In this blog post I hoped to demonstrate:
- How to provision virtual networks with PowerShell.
- How to create recently released high performance network gateway with PowerShell.
- How to connect two virtual networks with PowerShell
- How to create virtual machines with PowerShell
- How much bandwidth you can expect.
- You can automate most aspects of virtual network provisioning. I wanted to add a Point 2 site network but I was unable to do so because there is no PowerShell cmdlet that allows me to upload a client certificate. You can do this by invoking the Rest API.
The post Taking new Azure High Performance Gateway for a Test Drive appeared first on Raj's Cloud Musings.