In the past month Azure platform has announced many improvements to their networking services.
One of the improvement that was announced was a release of High Performance network gateway.
You can read about High Performance Network Gateway here: http://azure.microsoft.com/blog/2014/12/02/azure-virtual-network-gateway-improvements/
Until this time the gateway network throughput was limited to 80 Mbps. New high performance gateway has network throughput of 200 Mbps. It also allows up to 30 Site to Site tunnels as compared to 10 tunnels allowed by default network gateway. I will create two virtual networks. I will add high performance network gateway to each of them. I will connect them to each other. I will create a virtual machine in each virtual network. I will test the network throughput of the high performance network gateway. I will provision the entire infrastructure with PowerShell based automation without any manual steps or logging into the Azure management portal.
Instructions to setup a VNet to VNet connection are posted here. There are a few manual steps required by these instructions but I will automate the entire provisioning and setup.
Virtual Network configuration can be defined in the portal or a configuration file. In my case I have no virtual networks defined in my Azure subscription. Configuration file schema is documented here:
As you can see below it has a root element NetworkConfiguration which has one child element called “VirtualNetworkConfiguration”
VirtualNetworkConfiguration has three child elements:
Dns: This is used to define DNS server names and their IP addresses
LocalNetworkSites: This is used to define Local networks which are connected to a virtual network
VirtualNetworkSites: This is where you define the virtual network configuration.
If you are not comfortable with working with this XML file you can use Azure management portal to define the two virtual networks. Here is the definition of Virtaul Network named: ANetwork
This network is located in Location “Central US”. It has a MainSubnet and a GatewaySubnet
The second network is called BNetwork. It is also located in “Central US”.
It has a MainSubnet and a GatewaySubnet.
If we need to connect these two networks you will need to define them as local networks. These local networks will have the exact same address space as the networks you previously defined.
VPNGatewayAddress element defines the IP address of the gateway. Since the gateway has not been created yet I have inserted a placeholder IP address in the two local networks.
If you want to connect ANetwork with BNetwork all you have to do is to insert the Gateway element after Subnets in the definition of the Virtual Network as shown below. In my example ANetwork is connected with BNetworkLocal
If you want to connect BNetwork with ANetwork all you have to do is to insert the Gateway element after subnets in the definition of the Virtual Network as shown below. In my example BNetwork is connected with ANetworkLocal
If your virtual network was connected to more than one virtual network you will have to define a separate LocalNetworkSiteRef element for each of the virtual networks.
Create the virtual network
We will use Set-AzureVNetConfig cmdlet to create the virtual network. If there are any errors in creating the virtual network this script will throw and error and abort.
I have no existing virtual networks in my subscription. If you have existing virtual network you have to export your current virtual network configuration for the portal or with Get-AzureVNetConfig and manually add your two new virtual networks. If you don’t do this your virtual network settings may be replaced.
Create the High Performance Virtual Network Gateway
Previously you had created the network configuration file. You had defined your local networks under element LocalNetworkSite. You had entered place holder IP address for network gateways VPNGatewayAddress. In this step we will create the high performance network gateway’s. We will get the IP address of the gateway and update the Network Configuration file. It will take 20-30 minutes to finish this step.
You can verify that your HighPerformance network gateways were created as shown below. Note the GatewaySKU of “HighPerformance”. It will be “Default” for standard gateway.
PS C:\projects\PowerShell\HighPerfGateway\HighPerfGateway> Get-AzureVNetGateway -VNetName ANetwork
PS C:\projects\PowerShell\HighPerfGateway\HighPerfGateway> Get-AzureVNetGateway -VNetName BNetwork
Update Virtual Network Configuration
Update the configuration of Virtual Network with the updated Network Configuration file. This file was updated in the previous step with actual IP addresses of the newly created network gateways.
Set the preshared keys for the two networks. After gateway key has been set it can take up to 5 minutes to verify that network connectivity has been established.
Here is the output of Get-AzureVnetConnection when connectivity has been established successfully.
You will notice that ConnectivityState now shows “Connected” for both the networks.
Until now we have not even logged into the Azure Management Portal and we have successfully created 2 Virtual networks, created 2 high performance gateways and connected these two virtual networks. For those of you who like to view things visually I have attached the following views of the portal that show virtual networks were successfully connected.
Create Virtual Machines
In this step we will create virtual machines in the two virtual networks. We plan to use these virtual machines to test the network bandwidth of your “HighPerformance” network gateway. The script below will create a VM in ANetwork. You can use the same script to create another VM in BNetwork. I created Medium VM’s instead of Small VM’s because I wanted to make sure these VM’s have enough network bandwidth to run my tests.
Test Network Bandwidth
In the final step we will log in to each virtual machine and download psping tool and use it to test network bandwidth.
psping can be downloaded from http://technet.microsoft.com/en-us/sysinternals
It is one of the easiest way to test network bandwidth, latency etc.
On VM anetworkvm1 that was created in ANetwork I run the following command. It opens the firewall ports for the duration of the test and is the server listening on the specified port. Here 172.16.100.4 is the internal IP address of this VM.
On VM bnetworkvm1 that was created in BNetwork I ran the following command. Here we are running a client that will end out 100K requests to the server 10000 times.
I ran these tests about 10 times and I was getting similar bandwidths. These results are in MB/s so I was seeing bandwidth close to 236 Mbps. This is higher than 200 Mbps that was mentioned in the specification of High Performance network gateway. Your actual results may vary.
In this blog post I hoped to demonstrate:
- How to provision virtual networks with PowerShell.
- How to create recently released high performance network gateway with PowerShell.
- How to connect two virtual networks with PowerShell
- How to create virtual machines with PowerShell
- How much bandwidth you can expect.
- You can automate most aspects of virtual network provisioning. I wanted to add a Point 2 site network but I was unable to do so because there is no PowerShell cmdlet that allows me to upload a client certificate. You can do this by invoking the Rest API.