Interact 2018：PowerShell of Microsoft SDN v2 101 for Interact 2018 in Japan

1. Interact 2018
2018/06/30
System Center User Group Japan
後藤 諭史（Satoshi GOTO）

2.  後藤 諭史（ Satoshi GOTO ）
 外資系になってしまった某 ISP 所属。
 仮想化製品が主な専門分野です。
が、基本的には雑用係
 Microsoft MVP - Cloud and Datacenter Management
（Jul.2012 - Jun.2017）
 TwitterとBlogはこちら
◦ Twitter：@wind06106／Blog：Tech Notes（http://www.dob1.info ：廃止予定です）
2

3. 本セッション資料ですが、個人で準備した環境において、個人的に実施した検証／結果を基に記載しています。
あくまで個人の意見／見解であり、所属する会社／組織及びマイクロソフト社とは『まったく／なにも／全
然』関係がございません。
所属する会社／組織／マイクロソフト社の正式な回答／見解ではない事に留意してください。
また、本資料を閲覧した事により問題が生じた場合、または問題が発生しかけた場合、または生じた一切の不
利益について、発表者は一切の責任を負う事はできませんのでご了承ください。
3

4.  Showing the most basic knowledge about a subject
 要するに入門/基礎編
 以下のような疑問にお答えします
◦ SDN の概要はわかんだけど、結局どうやって操作するの？
◦ やっぱり GUI がないとわからん
◦ 結局のところ、SCVMMとかが必要なんじゃないの？
4

5. 5
HENTAI Sessionでひとつよろしく

6.  PowerShell によるネットワーク操作の基礎
 よくある設定をデモを交えて
◦ 仮想ネットワークの作成と追加
◦ 仮想マシンの追加
◦ ルーティングの追加 いろいろ
 まとめ
6

7. 本セッションは、 Windows Server 2019 Preview （ Build 17692 ）を使用しています。
Windows Server 2016 も基本的な考え方、設定はほぼ同一のものとなりますが、Windows Server 2019 ないし
は Windows Server Ver.1709 以降で実装されている機能を含む場合がありますこと、ご了承ください。
また、Windows Server 2019 は現在 Preview であり、仕様変更がなされる可能性がありますこと、ご了承くだ
さい。
7

8. 8

9. 9
 Windows Server 2016 で実装された Software Defined Network 機能
→ Ver.1は、というと、Windows Server 2012 で実装された SDN 機能
 Windows Server の標準機能で構築可能（Datacenter Edition 限定ですが、標準機能）
 Microsoft Azure 生まれの機能。スケーラビリティーはクラウドを前提として設計
 コアコンポーネントは以下の通り
◦ Network Controller
◦ Software Load Balancer MUltipleXer (SLBMUX)
◦ Gateway
◦ Windows Azure VFP Switch Extension （ Hyper-V ホストのコンポーネント）

10. 10
Management Plane .
SDN
Host
Agent Tenant A
VM
Tenant A
VM
SDN
Host
Agent Tenant A
VM
Tenant A
VM
VM Switch VM Switch
Control Plane .

11. 11
 Network Virtualization
◦ Virtual network
◦ Virtual subnet
◦ Internal DNS Service
 Network function virtualization
◦ Software Load Balancer (SLB) and Network Address Translation (NAT)
 External NAT
 Load balancer (with/without health monitor)
◦ Access Control List(ACL)
◦ Network QoS
◦ RAS Gateway
 IPSec(with/without BGP)
 GRE (with/without BGP)
 L3 Routing(with/without BGP)
◦ User defined route(UDR)

12. 12
 Module 名は『 NetworkController 』
 59 種類 155 個の cmdlet （ build17677 ）
 基本の接頭詞は『 New- 』『 Get- 』『 Remove- 』
→ Network Controller そのもののセットアップ系のみ『 Install- 』『 Uninstall- 』
 これらの PowerShell Cmdlet で、ほぼ仮想ネットワークを構築可能

13. 13
① オブジェクトの作成
② プロパティーの設定
③ PowerShell Cmdlet の実行

14. 14
コンテナーのIP
 Type Name は 『 Microsoft.Windows.NetworkController 』
 適切なオブジェクトを選択し、『 New-Object 』 Cmdlet でオブジェクト（器）を作成
 PowerShell Cmdlet の分だけ存在するイメージ（ build17677 で 213 オブジェクト）
PS C:Usersadministrator.CONTOSO> $VNetProperties = New-Object Microsoft.Windows.NetworkController.VirtualSubnetProperties
PS C:Usersadministrator.CONTOSO> $VNetProperties | Get-Member
TypeName: Microsoft.Windows.NetworkController.VirtualSubnetProperties
Name MemberType Definition
---- ---------- ----------
Equals Method bool Equals(System.Object obj)
GetHashCode Method int GetHashCode()
GetType Method type GetType()
ToString Method string ToString()
AccessControlList Property Microsoft.Windows.NetworkController.AccessControlList AccessControlList {get;set;}
AddressPrefix Property string AddressPrefix {get;set;}
BilledEgressBytes Property long BilledEgressBytes {get;set;}
DualStackSubnet Property Microsoft.Windows.NetworkController.VirtualSubnet DualStackSubnet {get;set;}
EncryptionEnabled Property bool EncryptionEnabled {get;set;}
IpConfigurations Property Microsoft.Windows.NetworkController.IpConfiguration[] IpConfigurations {get;set;}
ProvisioningState Property string ProvisioningState {get;set;}
RouteTable Property Microsoft.Windows.NetworkController.RouteTable RouteTable {get;set;}
ServiceInsertion Property Microsoft.Windows.NetworkController.ServiceInsertion ServiceInsertion {get;set;}
UnbilledEgressBytes Property long UnbilledEgressBytes {get;set;}
VirtualSubnetId Property string VirtualSubnetId {get;set;}

15. 15
 オブジェクトに対して、各種プロパティーを設定
PS C:Usersadministrator.CONTOSO> $vsubnet = new-object Microsoft.Windows.NetworkController.VirtualSubnet
PS C:Usersadministrator.CONTOSO> $vsubnet.ResourceId = "RedCorpSubnet_01"
PS C:Usersadministrator.CONTOSO> $vsubnet.Properties = new-object Microsoft.Windows.NetworkController.VirtualSubnetProperties
PS C:Usersadministrator.CONTOSO> $vsubnet.Properties.AccessControlList = $acllist
PS C:Usersadministrator.CONTOSO> $vsubnet.Properties.AddressPrefix = "192.168.11.0/24"
PS C:Usersadministrator.CONTOSO> $vnetproperties = new-object Microsoft.Windows.NetworkController.VirtualNetworkProperties
PS C:Usersadministrator.CONTOSO> $vnetproperties.AddressSpace = new-object Microsoft.Windows.NetworkController.AddressSpace
PS C:Usersadministrator.CONTOSO> $vnetproperties.AddressSpace.AddressPrefixes = @("192.168.11.0/24")
PS C:Usersadministrator.CONTOSO> $vnetproperties.LogicalNetwork = $HNVProviderLogicalNetwork
PS C:Usersadministrator.CONTOSO> $vnetproperties.Subnets = @($vsubnet)
PS C:Usersadministrator.CONTOSO>
PS C:Usersadministrator.CONTOSO> $VNetProperties
AddressSpace : Microsoft.Windows.NetworkController.AddressSpace
DhcpOptions :
UnbilledAddressRanges :
ConfigurationState :
ProvisioningState :
Subnets : {00000000-0000-0000-0000-000000000000}
VirtualNetworkPeerings :
EncryptionCredential :
LogicalNetwork : Microsoft.Windows.NetworkController.LogicalNetwork
PS C:Usersadministrator.CONTOSO> $VNetProperties.AddressSpace
AddressPrefixes
---------------
{192.168.11.0/24}

16. 16
使用可能なネットワークドライバー
 設定したプロパティーを引数として設定し、実行
その際、設定を投入する親のリソースIDを指定しなければならない
→ 例えば、VirtualSubnetの追加ならそのSubnetが所属するVirtual Network
 更新処理も基本的に「上書き更新」のため、一部を除き「 New-NetworkController xxx 」
cmdlet を実行することによって実施
PS C:Usersadministrator.CONTOSO> New-NetworkControllerVirtualNetwork -ResourceId "RedCorp_VNet01" -ConnectionUri $uri -Properties $vnetproperties
Confirm
Performing the operation 'New-NetworkControllerVirtualNetwork' on entities of type
'Microsoft.Windows.NetworkController.VirtualNetwork' via
'https://vnext-nc.contoso.com/networking/v3/virtualNetworks/RedCorp_VNet01'. Are you sure you want to continue?
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): y
Tags :
ResourceRef : /virtualNetworks/RedCorp_VNet01
InstanceId : 9f80f55e-59f9-4ecf-85d6-de151085c79c
Etag : W/"acfcc395-f48a-4333-b552-e29754d4c660"
ResourceMetadata :
ResourceId : RedCorp_VNet01
Properties : Microsoft.Windows.NetworkController.VirtualNetworkProperties

17. 17
使用可能なネットワークドライバー
 ちなみに、削除は「 Remove-NetworkController xxx 」
 Network Controller に投入された設定は、 Hyper-V ホストに即時配信され、反映される
 ただし、一部機能は仮想マシンのセッション状況や設定方法によって即時反映されない点
に注意

18. 18
使用可能なネットワークドライバー
 「 Get-NetworkController xxx 」を使用し、オブジェクトを取得
 「 ConvertTo-Json 」Cmdlet にて、オブジェクトを json 形式に変換して出力
PS C:Usersadministrator.CONTOSO> Get-NetworkControllerVirtualNetwork -ConnectionUri $uri -ResourceId RedCorp_VNet01 | ConvertTo-Json -Depth 10
{
"Tags": null,
"ResourceRef": "/virtualNetworks/RedCorp_VNet01",
"InstanceId": "11b91d8f-fe29-403b-ac2c-9e2f69671190",
"Etag": "W/"082e5078-b6bf-426a-a398-879cfdb4e544"",
"ResourceMetadata": null,
"ResourceId": "RedCorp_VNet01",
"Properties": {
"AddressSpace": {
"AddressPrefixes": [
"192.168.11.0/24",
"192.168.19.0/24"
]
},
"DhcpOptions": null,
"UnbilledAddressRanges": null,
"ConfigurationState": null,
"ProvisioningState": "Succeeded",
"Subnets": [
{
"ResourceMetadata": null,
"ResourceRef": "/virtualNetworks/RedCorp_VNet01/subnets/RedCorpSubnet_01",
"InstanceId": "632939e5-be01-44d4-8bae-18aebd5dbea6",

19. 19
使用可能なネットワークドライバー
 ブラウザで、直接 REST Interface の URI を叩くことで、 json ファイルを取得可能

20. 20

21. 21
 4node の Hyper-V ホストにて構成（ Nested Hyper-V で作っています）
 SDN環境を簡単に展開できる「 SDNExpress.ps1 」を使用して構築
→ Script は以下のページから入手可能（ Github です）
https://github.com/Microsoft/SDN
 2018/06/01 現在、Windows Server 2016 のみ正常終了します
Windows Server Ver.1709 や Ver.1803 、Windows Server 2019 Preview で使用する場合、
Script を数か所弄る必要があります（ Feedback 済み）
→ 興味のある方は後ほど聞きに来てください
 ホストの性能にも依存しますが、ざっくり2時間程度で環境が構築できます
→ BGP Routerとか必要になりますが、コツさえ掴めばお手軽に構築できます

22. 22
Microsoft SDN v2
192.168.254.0/24
.1.1
.1
.1
192.168.101.0/24
10.254.254.0/28
192.168.11.0/24
.101
Router
Router
Red Corp Network Blue Corp Network

23. 23
$uri = "https://vnext-nc.contoso.com"
#Find the HNV Provider Logical Network
$logicalnetworks = Get-NetworkControllerLogicalNetwork -ConnectionUri $uri
foreach ($ln in $logicalnetworks) {
if ($ln.Properties.NetworkVirtualizationEnabled -eq "True") {
$HNVProviderLogicalNetwork = $ln
break
}
}
#Create the Virtual Subnet
$vsubnet = new-object Microsoft.Windows.NetworkController.VirtualSubnet
$vsubnet.ResourceId = “BlueCorpSubnet_01"
$vsubnet.Properties = new-object Microsoft.Windows.NetworkController.VirtualSubnetProperties
$vsubnet.Properties.AddressPrefix = “192.168.101.0/24"
#Create the Virtual Network
$vnetproperties = new-object Microsoft.Windows.NetworkController.VirtualNetworkProperties
$vnetproperties.AddressSpace = new-object Microsoft.Windows.NetworkController.AddressSpace
$vnetproperties.AddressSpace.AddressPrefixes = @("192.168.101.0/24")
$vnetproperties.LogicalNetwork = $HNVProviderLogicalNetwork
$vnetproperties.Subnets = @($vsubnet)
New-NetworkControllerVirtualNetwork -ResourceId “BlueCorp_VNet01" -ConnectionUri $uri -Properties $vnetproperties

24. 24
Microsoft SDN v2
192.168.254.0/24
.1.1
.1
.1
192.168.101.0/24
.1
192.168.119.0/24
10.254.254.0/28
192.168.11.0/24
.101
Router
Router
Red Corp Network Blue Corp Network

25. 25
$uri = "https://vnext-nc.contoso.com"
# Get the existing Virtual Network and add new virtual subnet address to AddressSpace
$Vnet = Get-NetworkControllerVirtualNetwork -ConnectionUri $uri -ResourceId “BlueCorp_Vnet01"
$Vnet.Properties.AddressSpace.AddressPrefixes += "192.168.119.0/24"
# Update the existing Virtual Network
New-NetworkControllerVirtualNetwork -ConnectionUri $uri -ResourceId “BlueCorp_VNet01" -Properties $Vnet.Properties
# Add the new virtual subnet to existing Virtual Network
$vsubnet = new-object Microsoft.Windows.NetworkController.VirtualSubnetProperties
$vsubnet.AddressPrefix = "192.168.119.0/24"
New-NetworkControllerVirtualSubnet -ConnectionUri $uri -ResourceId “BlueCorpSubnet_02" -VirtualNetworkId “BlueCorp_VNet01" -Properties $vsubnet

26. 26
Microsoft SDN v2
192.168.254.0/24
.1.1
.1
.1
.1
192.168.101.0/24
192.168.119.0/24
10.254.254.0/28
192.168.11.0/24
.101
.101
Router
Router
Red Corp Network Blue Corp Network

27. 27
$uri = "https://vnext-nc.contoso.com"
# Get the existing Virtual Subnet
$BlueCorp_vsubnet = Get-NetworkControllerVirtualSubnet -VirtualNetworkId "BlueCorp_VNet01" -ResourceId "BlueCorpSubnet_01" -ConnectionUri $uri
# Create VM network interface
$vmnicproperties = new-object Microsoft.Windows.NetworkController.NetworkInterfaceProperties
$vmnicproperties.PrivateMacAddress = "00155D144A00"
$vmnicproperties.PrivateMacAllocationMethod = "Static"
$vmnicproperties.IsHostVirtualNetworkInterface = $false
$ipconfiguration = new-object Microsoft.Windows.NetworkController.NetworkInterfaceIpConfiguration
$ipconfiguration.ResourceId = “Blue_Corp_IP_192_168_201_101"
$ipconfiguration.Properties = new-object Microsoft.Windows.NetworkController.NetworkInterfaceIpConfigurationProperties
$ipconfiguration.Properties.PrivateIPAddress = "192.168.201.101"
$ipconfiguration.Properties.PrivateIPAllocationMethod = "Static"
$ipconfiguration.Properties.Subnet = new-object Microsoft.Windows.NetworkController.Subnet
$ipconfiguration.Properties.Subnet.ResourceRef = $BlueCorp_vsubnet.ResourceRef
$vmnicproperties.IpConfigurations = @($ipconfiguration)
New-NetworkControllerNetworkInterface -ResourceId "Blue_VM01_NIC1" -Properties $vmnicproperties -ConnectionUri $uri

28. 28
$uri = "https://vnext-nc.contoso.com"
# Get GUID of VM Network Interface
(Get-NetworkControllerNetworkInterface -ResourceId “Blue_VM01_NIC1" -ConnectionUri $uri).InstanceId
Guid
----
1a58b3ae-2348-405b-9432-11295530ce91
# Remote PowerShell
Enter-PSSession -ComputerName vnext04
[vnext04]: $PortProfileFeatureId = "9940cd46-8b06-43bb-b9d5-93d50381fd56"
[vnext04]: $NcVendorId = "{1FA41B39-B444-4E43-B35A-E1F7985FD548}"
[vnext04]: $portProfileDefaultSetting = Get-VMSystemSwitchExtensionPortFeature -FeatureId $PortProfileFeatureId
[vnext04]: $portProfileDefaultSetting.SettingData.ProfileId = "{1a58b3ae-2348-405b-9432-11295530ce91}"
[vnext04]: $portProfileDefaultSetting.SettingData.NetCfgInstanceId = "{56785678-a0e5-4a26-bc9b-c0cba27311a3}"
[vnext04]: $portProfileDefaultSetting.SettingData.CdnLabelString = "TestCdn"
[vnext04]: $portProfileDefaultSetting.SettingData.CdnLabelId = 1111
[vnext04]: $portProfileDefaultSetting.SettingData.ProfileName = "Testprofile"
[vnext04]: $portProfileDefaultSetting.SettingData.VendorId = $NcVendorId
[vnext04]: $portProfileDefaultSetting.SettingData.VendorName = "NetworkController"
[vnext04]: $portProfileDefaultSetting.SettingData.ProfileData = "1"
[vnext04]: Get-VMNetworkAdapter -VMName "Blue-VM01" | Where-Object {$_.SwitchName -match "SDNvSwitch"}
[vnext04]: Add-VMSwitchExtensionPortFeature -VMSwitchExtensionFeature $portProfileDefaultSetting -VMNetworkAdapter $vmnic | out-null

29. 29
Microsoft SDN v2
192.168.254.0/24
.1.1
.1
.1
.1
192.168.101.0/24
192.168.119.0/24
10.254.254.0/28
192.168.11.0/24
.101
.101
172.31.40.0/24
C841
.250
Router
Router
Red Corp Network Blue Corp Network
IPSec
.2
Virtual Gateway

30. 30
$uri = "https://vnext-nc.contoso.com"
$VirtualGWProperties = New-Object Microsoft.Windows.NetworkController.VirtualGatewayProperties
$RoutingSubnet = Get-NetworkControllerVirtualSubnet -ConnectionUri $URI -VirtualNetworkId "RedCorp_VNet01" -ResourceId "RedCorpSubnet_GW"
$VirtualGWProperties.GatewaySubnets = @()
$VirtualGWProperties.GatewaySubnets += $RoutingSubnet
$VirtualGatewayId = "RedCorp_IPSec"
$gwPool = Get-NetworkControllerGatewayPool -ConnectionUri $URI -ResourceId "MyIPSecPool"
$VirtualGWProperties.GatewayPools = @()
$VirtualGWProperties.GatewayPools += $gwPool
$VirtualGWProperties.RoutingType = "Dynamic"
$VirtualGWProperties.NetworkConnections = @()
$VirtualGWProperties.BgpRouters = @()
New-NetworkControllerVirtualGateway -ConnectionUri $uri -ResourceId $VirtualGatewayId -Properties $VirtualGWProperties

31. 31
$uri = "https://vnext-nc.contoso.com"
$nwConnectionProperties = New-Object Microsoft.Windows.NetworkController.NetworkConnectionProperties
$nwConnectionProperties.ConnectionType = "IPSec"
$nwConnectionProperties.OutboundKiloBitsPerSecond = 750
$nwConnectionProperties.InboundKiloBitsPerSecond = 750
# Update specific properties depending on the connection type
$nwConnectionProperties.IpSecConfiguration = New-Object Microsoft.Windows.NetworkController.IpSecConfiguration
$nwConnectionProperties.IpSecConfiguration.AuthenticationMethod = "PSK"
$nwConnectionProperties.IpSecConfiguration.SharedSecret = “P@ssword"
$nwConnectionProperties.IpSecConfiguration.QuickMode = New-Object Microsoft.Windows.NetworkController.QuickMode
$nwConnectionProperties.IpSecConfiguration.QuickMode.PerfectForwardSecrecy = "PFS2048"
$nwConnectionProperties.IpSecConfiguration.QuickMode.AuthenticationTransformationConstant = "GCMAES256"
$nwConnectionProperties.IpSecConfiguration.QuickMode.CipherTransformationConstant = "GCMAES256"
$nwConnectionProperties.IpSecConfiguration.QuickMode.SALifeTimeSeconds = 3600
$nwConnectionProperties.IpSecConfiguration.QuickMode.IdleDisconnectSeconds = 300
$nwConnectionProperties.IpSecConfiguration.QuickMode.SALifeTimeKiloBytes = 2000
$nwConnectionProperties.IpSecConfiguration.MainMode = New-Object Microsoft.Windows.NetworkController.MainMode
$nwConnectionProperties.IpSecConfiguration.MainMode.DiffieHellmanGroup = "Group2"
$nwConnectionProperties.IpSecConfiguration.MainMode.IntegrityAlgorithm = "SHA256"
$nwConnectionProperties.IpSecConfiguration.MainMode.EncryptionAlgorithm = "AES256"
$nwConnectionProperties.IpSecConfiguration.MainMode.SALifeTimeSeconds = 28800
$nwConnectionProperties.IpSecConfiguration.MainMode.SALifeTimeKiloBytes = 2000

32. 32
$nwConnectionProperties.IPAddresses = @()
$nwConnectionProperties.PeerIPAddresses = @()
$nwConnectionProperties.Routes = @()
$ipv4Route = New-Object Microsoft.Windows.NetworkController.RouteInfo
$ipv4Route.DestinationPrefix = "172.31.250.0/24"
$ipv4Route.metric = 10
$nwConnectionProperties.Routes += $ipv4Route
$nwConnectionProperties.DestinationIPAddress = "10.200.1.141"
New-NetworkControllerVirtualGatewayNetworkConnection -ConnectionUri $URI -VirtualGatewayId $VirtualGatewayId -ResourceId "RedCorp_IPSec_GW" -
Properties $nwConnectionProperties -Force
※ PowerShell 実行後、実際の通信が可能になるまで、若干のタイムラグがある点に注意

33. 33
Microsoft SDN v2
172.16.0.0/16172.31.40.0/24
C841
192.168.254.0/24
.1.1
.1
.1
.1
192.168.101.0/24
192.168.119.0/24
10.254.254.0/28
192.168.11.0/24
.2
.101
.101
.250
Router
Router
Red Corp Network Blue Corp Network
Virtual Gateway
IPSec
VyOS
+NAT
.250

34. 34
$uri = "https://vnext-nc.contoso.com"
$routetableproperties = new-object Microsoft.Windows.NetworkController.RouteTableProperties
$route = new-object Microsoft.Windows.NetworkController.Route
$route.ResourceID = "RedCorp_VyOS"
$route.properties = new-object Microsoft.Windows.NetworkController.RouteProperties
$route.properties.AddressPrefix = "172.16.20.0/24"
$route.properties.nextHopType = "VirtualAppliance"
$route.properties.nextHopIpAddress = "192.168.19.250"
$routetableproperties.routes += $route
New-NetworkControllerRouteTable -ConnectionUri $uri -ResourceId "RedCorp_Route01" -Properties $routetableproperties
$Routetable = Get-NetworkControllerRouteTable -ConnectionUri $uri -ResourceId "RedCorp_Route01"
$vnet = Get-NetworkControllerVirtualNetwork -ConnectionUri $uri -ResourceId "RedCorp_VNet01"
$vnet.properties.subnets[0].properties.RouteTable = $routetable
$vnet.properties.subnets[1].properties.RouteTable = $routetable
new-networkcontrollervirtualnetwork -connectionuri $uri -properties $vnet.properties -resourceId $vnet.resourceid

35. 35
Microsoft SDN v2
VyOS
+NAT
172.16.0.0/16172.31.40.0/24
C841
192.168.254.0/24
.250
.1.1
.1
.1
.1
192.168.101.0/24
192.168.119.0/24
10.254.254.0/28
192.168.11.0/24
.2
.101
.101
.250
Unnumbered
Router
Router
Red Corp Network Blue Corp Network
Virtual Gateway
IPSec
New

36. 36
$uri = "https://vnext-nc.contoso.com"
$peeringProperties = New-Object Microsoft.Windows.NetworkController.VirtualNetworkPeeringProperties
$vnet2 = Get-NetworkControllerVirtualNetwork -ConnectionUri $uri -ResourceId "BlueCorp_VNet01"
$peeringProperties.remoteVirtualNetwork = $vnet2
# Indicates whether communication between the two virtual networks is allowed
$peeringProperties.allowVirtualnetworkAccess = $true
# Indicates whether forwarded traffic will be allowed across the vnets
$peeringProperties.allowForwardedTraffic = $true
# Indicates whether the peer virtual network can access this virtual network’s gateway
$peeringProperties.allowGatewayTransit = $true
# Indicates whether this virtual network will use peer virtual network’s gateway
$peeringProperties.useRemoteGateways = $false
New-NetworkControllerVirtualNetworkPeering -ConnectionUri $uri -VirtualNetworkId "RedCorp_VNet01" -ResourceId "RedCorptoBlueCorp" -Properties $peeringProperties
New

37. 37
$uri = "https://vnext-nc.contoso.com"
$peeringProperties = New-Object Microsoft.Windows.NetworkController.VirtualNetworkPeeringProperties
$vnet2 = Get-NetworkControllerVirtualNetwork -ConnectionUri $uri -ResourceId "RedCorp_VNet01"
$peeringProperties.remoteVirtualNetwork = $vnet2
# Indicates whether communication between the two virtual networks is allowed
$peeringProperties.allowVirtualnetworkAccess = $true
# Indicates whether forwarded traffic will be allowed across the vnets
$peeringProperties.allowForwardedTraffic = $true
# Indicates whether the peer virtual network can access this virtual network’s gateway
$peeringProperties.allowGatewayTransit = $false
# Indicates whether this virtual network will use peer virtual network’s gateway
$peeringProperties.useRemoteGateways = $true
New-NetworkControllerVirtualNetworkPeering -ConnectionUri $uri -VirtualNetworkId "BlueCorp_VNet01" -ResourceId "BlueCorptoRedCorp" -Properties $peeringProperties
New

38. 38
Microsoft SDN v2
VyOS
+NAT
172.16.0.0/16172.31.40.0/24
C841
192.168.254.0/24
.250
.1.1
.1
.1
.1
192.168.101.0/24
192.168.119.0/24
10.254.254.0/28
192.168.11.0/24
.2
.101
.101
.250
Unnumbered
Router
Router
Red Corp Network Blue Corp Network
Virtual Gateway
IPSec
New

39. 39
$uri = "https://vnext-nc.contoso.com"
$Routetable = Get-NetworkControllerRouteTable -ConnectionUri $uri -ResourceId "RedCorp_Route01"
$vnet = Get-NetworkControllerVirtualNetwork -ConnectionUri $uri -ResourceId “BlueCorp_VNet01"
$vnet.properties.subnets[0].properties.RouteTable = $routetable
$vnet.properties.subnets[1].properties.RouteTable = $routetable
new-networkcontrollervirtualnetwork -connectionuri $uri -properties $vnet.properties -resourceId $vnet.resourceid
New

40. 40

41. 41
 System Center 2016 Virtual Machine Manager

42. 42

43. 43
 PowerShell で Microsoft SDN v2 の管理は可能です（ GUI 不要です）
 基本さえ押さえれば、それほど難しくはありません
ポイントはオブジェクトとプロパティ
 いろいろできます。いろいろ
 とりあえず、ためしてガッテンしてください
 Windows Admin Center もお試しください。便利ですよ
でも VMM のことも思い出してやってください……（競合関係ではない、とのこと）

44. 44
 Software Defined Networking (SDN)
https://docs.microsoft.com/en-us/windows-server/networking/sdn/software-defined-networking
 NetworkController Cmdlet
https://docs.microsoft.com/en-us/powershell/module/networkcontroller/?view=win10-ps
 Azure から生まれた Windows Server 2016 SDN ～アップデート版～
https://www.slideshare.net/TechSummit2016/cld019-azure-windowsserver201
 github
https://github.com/Microsoft/SDN

45. 45