SDN Troubleshooting: Find the Local SDN RAS Gateway Server IP Address

  • Article

In his second guest appearance on this blog, Microsoft Senior Program Manager Anirban Paul provides the following advice on how to discover the IP address of the local Software Defined Networking (SDN) RAS Gateway, which you need to know in a couple of different situations when you've deployed SDN with Windows Server 2016 Datacenter.

Note

To enlarge the graphic in Anirban's post below, click on the image.

*****

A few days back, I wrote a blog post about some issues being faced by Software Defined Networking (SDN) customers. The issue was specific to changing VPN bandwidth settings in Windows Server 2016. You can read more about that issue and the solution in the post Troubleshoot Configuring SDN RAS Gateway VPN Bandwidth Settings in Virtual Machine Manager.

Another area where we have seen customers struggle is finding out the local RAS gateway server address. The local RAS gateway server address is required for the following reasons:

  • When you configure the remote VPN endpoint (in your enterprise or your local datacenter), you need to provide the local RAS gateway server address as the destination IP. This is the IP advertised by the gateway for external connectivity.
  • If you are using BGP for learning dynamic routes over VPN, you will need the local RAS gateway server address to configure the BGP peering information. Note that this address will be different from the destination IP I have mentioned above, since this is the IP address of the internal interface of the VPN server.

Finding the external address of the RAS gateway

This address will be used as the destination IP address when you configure the on-premise VPN server - or a Generic Routing Encapsulation (GRE) endpoint in the same datacenter. This address might be different for different tenants because the RAS gateway is a multitenant server.

This address is displayed in the System Center Virtual Machine Manager (SCVMM) console when you configure the connection, as depicted in the illustration below.

ras-gateway-ip

Finding the BGP router IP address of the RAS gateway

If you are using Border Gateway Protocol (BGP) with your tenant IPsec, GRE, or L3 connections for dynamically learning remote routes, you need to know the BGP router IP address so that you can configure the address as the peer address on the remote router.

When you configure the VPN connections through SCVMM, SCVMM automatically assigns an IP address from the gateway routing subnet to the tenant compartment of the gateway VM. SCVMM also uses this IP address as the BGP router IP address. Because this router is tenant-specific, the router address is different for each tenant.

Use Windows PowerShell to identify the BGP Router IP for tenant connections

First, run the following Windows Powershell commands on a Network Controller node or a node that is configured as a Network Controller client:

$gateway = Get-NetworkControllerVirtualGateway -ConnectionUri <connection uri of your deployment>
$gateway.Properties.NetworkConnections.Properties.DestinationAddress

The results of this command can display multiple virtual gateways, depending on how many tenants have configured gateway connections.

Also, each virtual gateway can have multiple connections (IPSec, GRE, L3). Because you already know the destination address of the connection, you can identify the correct connection based on the destination address. After you have the correct network connection, run the following command (on the corresponding virtual gateway) to get the BGP router IP address of the virtual gateway.

$gateway.Properties.BgpRouters.Properties.RouterIp

The result of this command provides the IP address that you must configure on the remote router as the peer IP address.

BGP router IP address for a GRE RAS gateway

If you are using GRE connectivity in your SDN deployment, you must create a GRE VIP logical network and advertise the GRE VIPs from your RAS gateways to the physical network using internal BGP peering. For more information, see Plan a Software Defined Network Infrastructure.

You need to create a BGP peer on the Top of Rack router (ToR) that is used by your SDN infrastructure to receive routes for the GRE VIP logical network advertised by the RAS Gateways. BGP peering only needs to occur one way (from RAS Gateway to the external BGP peer). To configure the BGP peer, you will need to provide the peer IP address - i.e. the BGP router IP of the RAS gateways.

To get the BGP router IP of the RAS gateway, runthe following Windows PowerShell commands on a Network Controller node or a node that is configured as a Network Controller client:

$gateway = Get-NetworkControllerGateway -ConnectionUri <connection uri of your deployment>
$gateway.Properties.BgpConfig.RouterIp

The result of this command provides the IP address that you must configure on the remote router as the peer IP address.

*****

To plan your SDN deployment, see Plan a Software Defined Network Infrastructure.

To deploy SDN by using SCVMM, see Set up a Software Defined Network (SDN) infrastructure in the VMM fabric.