Azure Stack networking overview and use of BGP and VXLAN

Now after been dabling with Azure Stack for some time since the preview, there has been one thing that has been bugging me, which is the networking flow. Hence I decided to create an overview of the network topology and how things are connected and how traffic flow is.

Important to remember that Azure Stack is using much of the features in 2016 including SLB, BGP, VXLAN and so on.
Most of the management machines in the Azure Stack POC is placed in the vEthernet 1001 connection on the Hyper-V host, and is connected to the vSwitch CCI_External.
The mangement machines are located on scopes.
Now with this updated chart, we can see that each tenant has its own /32 BGP route which is attached to the MuxVM which acts as an load balancer


When traffic goes from the clientIP it is encapsulated using VXLAN and then goes to the MuxVM (Using its public IP address) In my case its (Which is part of the PAHostvNIC which is then routed to the MuxVM using VXLAN encapsulation (Which uses UDP) and then forwarded to the BGPVM and then out the NatVM and out to the world.


On the other hand we have NATVM and the CLIENTVM which are placed on the 192.168.200 scope. The network can communicate via the BGPVM which has two-armed configuration. Which acts as the gateway between 192.168.100 network and the network. Now the funny thig is that NATVM just acts like a gateway for the external network in, it has RRAS installed and since it is directly connected to both networks it allows access from externally. Now BGPVM also has RRAS installed, but we cannot see that using the RRAS console, we need to see it in PowerShell, and also BGPVM (as stated) has a BGP route setup to the MuxVM. The MuxVM acts as an load balancer for the BGVM using BGP to advertise the VIP to the router using a /32 route.

So for instance on the ClientVM if we open a connection to Portal.Azurestack.local (Which has an IP of The traffic flow will go like this.

ClientVM –> NATVM –> BGPVM –> (BGP ROUTE PEER) –> MuxVM –> PortalVM

Now remember that the configuration of BGP and LB and the host is done by the network controller

SLB infrastructure
For a virtual switch to be compatible with SLB, you must use Hyper-V Virtual Switch Manager or Windows PowerShell commands to create the switch, and then we must have the Azure Virtual Filtering Platform (VFP) for the virtual switch enabled.

So for those that are looking into Windows Server 2016, Look into the networking stack of 2016 its bloody HUGE!

#azure, #azure-stack

Running Azure Stack on Vmware workstation nested

Well, Since the release of Azure Stack preview earlier today, I’ve been quite the busy bee… The only problem is that I didn’t have the adequate hardware to play around with it… Or so I thought.. I setup a virtual 2016 server on my Vmware Workstation.

Added some SATA based disks since I know this is “recommended hardware” as part of the PoC


Also remember to set it to Hyper-V (Unsupported)


After that I had to change some parameters in some of the scripts, since there is a PowerShell script which basically checks if the host has enough memory installed. This I changed within the Invoke-AzureStackDeploymentPreCheck.ps1


Now when you run the first AzureDeploy script it will mount the PoC install as a readonly VHD, and since the Invoke-AzureStackDeploymentPreCheck.ps1 is stored on the read only VHD you cannot do any changes to it. So you first need to change the DeployAzureStack script to mount the disk as read/write


You should also change the PoCFabric.xml which is located under AzureStackInstaller\PoCFabricInstaller and change the CPU and memory settings or else you won’t be able to complete the setup


After that, just look at it go!


#azure-stack, #vmware-workstation

Windows Azure Stack–What about the infrastructure Story?

There is no denying that Microsoft Azure is a success story, from being the lame silverlight portal with limited capabilities that it was to become a global force to be reckoned with in the cloud marketspace.

Later today Microsoft is releasing their first tech preview of their Azure Stack. Which allow us to bring the power of Azure platform to our pwn datacenters. It brings the same consistent UI and feature set of Azure resource manager which allows us to use the same tools and resource we have used in Azure against our own local cloud.

This of course will allow large customers and hosting providers to deliver Azure platform from their own datacenter. The idea seems pretty good thou. But what is actually Azure Stack ? It only deliver half of the promise of a Cloud like infrastructure. So I would place Azure stack within the category of cloud management platform. Since it is giving us the framework and portal experience

Now when we eventually have this setup and configured, we are given some of the benefits of the cloud which are

  • Automation
  • Self-Service
  • A common framework and platform to work with

Now if we look at the picture above there are some important things we need to think about in terms of fitting within the cloud aspect which is the computer fabric / network fabric and storage fabric which is missing from the Microsoft story. Of course Microsoft is a software company, but they are moving forward with their CPS solution with Dell and moving a bit towards the hardware space, but no where close yet.

When I think about Azure I also think about the resources which are beneath, they are always available, non-silo based and can scale up and down as I need to. Now if we think about the way that Microsoft has built their own datacenters there are no SAN archietecture at all, just a bunch of single machines with local storage with using software as the way to connect all this storage and compute into a large pool of resources, which is the way it should be since the SAN architecture just cannot fit into a full cloud solution. This is also the way it should be for an on-premises solution. If we were to deploy a Azure CloudStack to deliver the benefits of a cloud solution, the infrastructure should reflect that. As of right now Microsoft cannot give a good enough storage/compute solution with Storage Spaces in 2012 R2 since there are limits to the scale, and points of failure which a public cloud does not have.

Now Nutanix are one of the few providers which deliver support for Hyper-V and SMB 3.0 and does not have any scale limits and have the same properties as a public cloud solution. It agreegates all storage on local drives within each node into a pool of storage and with redundancy in all layers including an REST API which can easily integrate into Azure Stack, I can easily see that as the best way to deliver an on-premises cloud solution and a killer-combination.

#azure, #azure-stack, #hci, #nutanix, #windows-server-2016

What new at Ignite! Nano Server, Containers, Azure Stack, OMS, ATA and so on

So this is my recap on what has happend at Ignite, sorted by subject of course but the focus and strategy at Microsoft is clear! “MOVE TO OUR CLOUD” of course they did not leave out the guys on the floor as well.

Microsoft announced numerous changes to their Azure platform, including more of an architechtural change to their IaaS platform (Which is due time) so to sum up Azure changes happening over the last two weeks.

  • User defined routes (Which allow us finally define a routing table for each subnet)
  • Reserved IP addresses (Allow us to move reserved IP addresses between services now!)
  • Instance level public IP
  • Multiple VIPs per Cloud Service
  • Azure DNS (Which allows us to manage our DNS zones from Azure, whic also will eventually support DNSSEC and integrate with Traffic Manager)
  • Networking support for resource manager
  • Bring in BGP routes if you are using ExpressRoute
  • 16 vNICs pr virtual machine
  • Azure Automation with support for Graphical Authoring and integration with on-premises
  • Azure Resource Manager which will allos us to build total services based upon JSON files, this will also play a huge role in Azure Stack
  • IP forwarding on virtual appliances
  • Announced a bunch of different virtual appliance partners which will arrive in the marketplace soon (For instance Citrix Netscaler, CheckPoint and so on)
  • Role Based Access
  • Exchange supported on Premium Storage in Azure

So as you can see there is much on Azure happening, specifically on networking which has been lacking for quite some time. So what about Office365 and EMS?

  • Sway (Will be available to all later this month)
  • New Office2016 Public Preview
  • Skype for Buisness Broadcast meetings
  • Announced one Sync client for OneDrive
  • Mobile offline files IOS and Android OneDrive
  • Save to OneDrive from OWA
  • 20,000 file limit and 10GB max file site will be gone
  • You can see more about the OneDrive Roadmap here
  • Intune announced support for Mac OSX
  • Intune app wrapping for Android
  • Support for Apple Volume Purchage Program
  • Support for MAM in Outlook app
  • Multi-identity
  • Restrict Access to Outlook based upon compliance of device
  • Windows 10 support for Intune
  • Document Tracking with Azure RMS
  • Cloud App Discovery GA
  • Priviliged Identity Managment
  • Also heard that eventually Intune will merge into Azure Active Directory

Other then these news Microsoft also announced a new bundle which is called OMS (Operations Management Suite) which consists of

  • Azure Automation
  • Azure Backup
  • Azure Site Recovery
  • Azure Operational Insights ( Which will later get support for components like networking logging, syslog tracking and CMDB options.

This suite can be tried now! Microsoft also announced that they will be opening for partners to add their own intelligence packs for their own monitoring solutions. Which means that more data moving to the cloud.

So what did Microsoft annonunce for the guys on the floor ? Well alot! For instance a lot of new capabiliteis in Server 2016.

  • Microsoft Advanced Threat Analytics (Which is currently in preview is a combination of networking and log based monitoring to be able to detect attacks like Pass the Hash, accounts that have been comprimised and so on) This will become more advanced with capabilities like networking monitoring and be able to take action if there is an attack.
  • PowerShell DSC support for Linux (Which just came out of nowhere!)
  • Nano Server (Which is a newly created fashin of Windows Server, which is designed for delivering the next generation cloud services with a very low footprint in terms of RAM, DISK and CPU where Microsoft stripped most of the tradisional solutions away. ill be writing more about Nano Server but it essence it now looks more like ESX.
  • Containers, Containers, Containers! (Also something I will be writing more about)
  • Storage Spaced Direct (Shared Nothing File Cluster can also be combined with Hyper-V to deliver HCI)
  • Storage Replica which is not like DFS-R.. Which allow us to Async or Syncronous replicate any volume.
  • Storage QoS on a scale out file server
  • Windows Defender not installed and enabled by default (even i Nano)
  • Rolling Cluster Upgrades
  • RDS support for OpenGL 4.4, OpenCL 1.1 + Support for GEN2 VMs and RemoteFX,
  • Web Application Proxy, preauth for HTTP Basic, HTTP to HTTPS redirect
  • Windows Server 2016 will support VXLAN
  • Software loadbalancing capabilities
  • Production Checkpoints and integration with VSS
  • Linux SecureBoot
  • Connected Standby
  • Hyper-V manager and alternate Credetials
  • ReFS more used in centralized SOFS
  • Binary virtual machine configuration VMCX
  • Hot Add and remove of memory and network adapters
  • SMB 3.1.1 (Pre authentication integrity check, encryption improvements,
  • The Network Controller which will allow central management of virtual and physical network devices
  • Shielded VMs and Host Guardian Service
  • JEA (Just Enough Administration
  • Converged NIC across tenant and RDMA traffic
  • Server Side Support for HTTP/2 including header compression and connecrtion multiplexing on IIS
  • Online Resizing support for Shared VDHX
  • PowerShell Direct to a virtual machine.

Now with all these capabilities in place in the fabric, there is only missing one thing. Which is something they announced in the Keynote which is Azure Stack, now Microsoft means buisness. They are moving in and competing with the likes of OpenStack and Cloudplatform and so on. Now many wondered if this was the new version of Azure Pack ( and it its! its the evolution of Azure Pack) Microsoft will continue to support Azure Pack for a while but the main development will be into Azure Stack. Now unlike Azure Pack, Stack is not so deeply dependant on System Center. Now of course you would still use this to manage the infrastructure, but the fabric connection between Azure Stack Providers would be against Hyper-V or clusters.

The Azure Stack will consist of an Azure like fabric controller and will also have the option to communicate with the network controller to manage the fysical and virtual network layer. Stack will also look and feel like the new portal which is currently in use in the preview portal and will come with a set of different provides to deliver specific services.

With the support of VXLAN in the fabric and some support for Vmware with DPM maybe Microsoft is moving with the Azure Stack and support for Vmware ?

Time will tell, and stay tuned for more.

#ata, #azure-stack, #containers, #nano-server, #oms