Review SDN considerations for network reference patterns
Applies to: Azure Stack HCI, versions 23H2 and 22H2
In this article, you'll review considerations when deploying Software Defined Networking (SDN) in your Azure Stack HCI cluster.
SDN hardware requirements
When using SDN, you must ensure that the physical switches used in your Azure Stack HCI cluster support a set of capabilities that are documented at Plan a Software Defined Network infrastructure.
If you are using SDN Software Load Balancers (SLB) or Gateway Generic Routing Encapsulation (GRE) gateways, you must also configure Border Gateway Protocol (BGP) peering with the top of rack (ToR) switches so that the SLB and GRE Virtual IP addresses (VIPs) can be advertised. For more information, see Switches and routers.
SDN Network Controller
SDN Network Controller is the centralized control plane to provision and manage networking services for your Azure Stack HCI workloads. It provides virtual network management, microsegmentation through Network Security Groups (NSGs), management of Quality of Service (QoS) policies, virtual appliance chaining to allow you to bring in third-party appliances, and is also responsible for managing SLB and GRE. SLBs leverage virtual first-party appliances to provide high availability to applications, while and Gateways are used to provide external network connectivity to workloads.
For more information about Network Controller, see What is Network Controller.
SDN configuration options
Based on your requirements, you may need to deploy a subset of the SDN infrastructure. For example, if you want to only host customer workloads in your datacenter, and external communication is not required, you can deploy Network Controller and skip deploying SLB/MUX and gateway VMs. The following describes networking feature infrastructure requirements for a phased deployment of the SDN infrastructure.
| Feature | Deployment requirements | Network requirements |
|---|---|---|
| Logical Network management NSGs for VLAN-based network QoS for VLAN-based networks |
Network Controller | None |
| Virtual Networking User Defined Routing ACLs for virtual network Encrypted subnets QoS for virtual networks Virtual network peering |
Network Controller | HNV PA VLAN, subnet, router |
| Inbound/Outbound NAT Load Balancing |
Network Controller SLB/MUX |
BGP on HNV PA network Private and public VIP subnets |
| GRE gateway connections | Network Controller SLB/MUX Gateway |
BGP on HNV PA network Private and public VIP subnets GRE VIP subnet |
| IPSec gateway connections | Network Controller SLB/MUX Gateway |
BGP on HNV PA network Private and public VIP subnets |
| L3 gateway connections | Network Controller SLB/MUX Gateway |
BGP on HNV PA network Private and public VIP subnets Tenant VLAN, subnet, router BGP on tenant VLAN optional |
Next steps
- Choose a network pattern to review.