Taking new Azure High Performance Gateway for a Test Drive

Overview

In the past month Azure platform has announced many improvements to their networking services.

One of the improvement that was announced was a release of High Performance network gateway.

You can read about High Performance Network Gateway here: http://azure.microsoft.com/blog/2014/12/02/azure-virtual-network-gateway-improvements/

Until this time the gateway network throughput was limited to 80 Mbps. New high performance gateway has network throughput of 200 Mbps. It also allows up to 30 Site to Site tunnels as compared to 10 tunnels allowed by default network gateway. I will create two virtual networks. I will add high performance network gateway to each of them. I will connect them to each other. I will create a virtual machine in each virtual network. I will test the network throughput of the high performance network gateway. I will provision the entire infrastructure with PowerShell based automation without any manual steps or logging into the Azure management portal.

Instructions to setup a VNet to VNet connection are posted here. There are a few manual steps required by these instructions but I will automate the entire provisioning and setup.

http://msdn.microsoft.com/en-us/library/azure/dn690122.aspx

Setup

Virtual Network configuration can be defined in the portal or a configuration file. In my case I have no virtual networks defined in my Azure subscription. Configuration file schema is documented here:

http://msdn.microsoft.com/en-us/library/azure/jj157100.aspx

As you can see below it has a root element NetworkConfiguration which has one child element called “VirtualNetworkConfiguration”

VirtualNetworkConfiguration has three child elements:

Dns: This is used to define DNS server names and their IP addresses

LocalNetworkSites: This is used to define Local networks which are connected to a virtual network

VirtualNetworkSites: This is where you define the virtual network configuration.

image

If you  are not comfortable with working with this XML file you can use Azure management portal to define the two virtual networks. Here is the definition of Virtaul Network named: ANetwork

This network is located in Location “Central US”. It has a MainSubnet and a GatewaySubnet

image

The second network is called BNetwork. It is also located in “Central US”.

It has a MainSubnet and a GatewaySubnet.

image

If we need to connect these two networks you will need to define them as local networks. These local networks will have the exact same address space as the networks you previously defined.

VPNGatewayAddress element defines the IP address of the gateway. Since the gateway has not been created yet I have inserted a placeholder IP address in the two local networks.

image

If you want to connect ANetwork with BNetwork all you have to do is to insert the Gateway element after Subnets in the definition of the Virtual Network as shown below. In my example ANetwork is connected with BNetworkLocal

image

If you want to connect BNetwork with ANetwork all you have to do is to insert the Gateway element after subnets in the definition of the Virtual Network as shown below. In my example BNetwork is connected with ANetworkLocal

image

If your virtual network was connected to more than one virtual network you will have to define a separate LocalNetworkSiteRef element for each of the virtual networks.

Create the virtual network

We  will use Set-AzureVNetConfig cmdlet to create the virtual network. If there are any errors in creating the virtual network this script will throw and error and abort.

I have no existing virtual networks in my subscription. If you have existing virtual network you have to export your current virtual network configuration for the portal or with Get-AzureVNetConfig and manually add your two new virtual networks. If you don’t do this your virtual network settings may be replaced.

001
002
003
004
005
006
#create/update the network configuration file
Set-AzureVNetConfig  -ConfigurationPath $vNetFilePath -ErrorAction SilentlyContinue -ErrorVariable errorVariable
if (!($?))
{
throw “Unable to set virtual network configuration included in config file: $vNetFilePath. Error detail is: $errorVariable” 
}

 

Create the High Performance Virtual Network Gateway

Previously you had created the network configuration file. You had defined your local networks under element LocalNetworkSite. You had entered place holder IP address for network gateways VPNGatewayAddress. In this step we will create the high performance network gateway’s. We will get the IP address of the gateway and update the Network Configuration file. It will take 20-30 minutes to finish this step.

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
041
042
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
063
064
065
066
067
068
Create-GatewayUpdateConfig $Network1Name $vNetFilePath “1.1.1.1” “DynamicRouting” “HighPerformance”
Create-GatewayUpdateConfig $Network2Name $vNetFilePath “2.2.2.2” “DynamicRouting” “HighPerformance”
VPNGatewayAddress
function Create-GatewayUpdateConfig 
{ 
    param 
    ( 
        # Virtual Network name
        [Parameter(Mandatory = $true)] 
        [String] 
        $NetworkName, 
 
        # VNetConfig file that will be updated with the actual gateway IP address
        [Parameter(Mandatory = $true)] 
        [string] 
        $VNetConfigFile,

    # Placeholder IP address that will be replaced by actual gateway IP address
        # If this switch is not specified, then images from all possible publishers are considered.
        [Parameter(Mandatory = $true)] 
        [string] 
        $IPAddressToBeReplaced,

# Gateway Type
[Parameter(Mandatory = $true)] 
[ValidateSet(“StaticRouting”, “DynamicRouting”)]
[string]
$GatewayType,
 
# Gateway Size
[Parameter(Mandatory = $true)] 
[ValidateSet(“Default”, “HighPerformance”)]
[string]
$GatewaySKU
 
    ) 

#Create the gateway for virtual networks
#Gateway sku values are Default or HighPerformance
$gateway1 = Get-AzureVNetGateway -VNetName  $NetworkName -ErrorVariable errorVariable -ErrorAction SilentlyContinue | Out-Null

if($null -eq $gateway1)
{
Write-Host “Creating new gatewary for network: $NetworkName”

New-AzureVNetGateway –VNetName $NetworkName -GatewayType $GatewayType -GatewaySKU $GatewaySKU -ErrorAction SilentlyContinue -ErrorVariable errorVariable
if (!($?)) 
{ 
throw “Unable to create new AzureNetGateway for $NetworkName. Error detail is: $errorVariable” 
} 
}

$gateway1 = Get-AzureVNetGateway -VNetName  $NetworkName
$gateway1IP = $gateway1.VIPAddress
Write-Host “Gateway VIP Address for $NetworkName is $gateway1IP”

if(($null -eq $gateway1IP) -or ($gateway1IP -eq “”))
{
throw “Unable to get VIP for AzureVNetGateway for $NetworkName. Error detail is: $errorVariable” 
} 

#Get the IP address and replace the place holder IP address with actual gateway ip address
$con = Get-Content $VNetConfigFile
$con | % { $_.Replace($IPAddressToBeReplaced, $gateway1IP) } | Set-Content $VNetConfigFile
} # end of function Create-Gateway…

 

 

You can verify that your HighPerformance network gateways were created as shown below. Note the GatewaySKU of “HighPerformance”. It will be “Default” for standard gateway.

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
PS C:\projects\PowerShell\HighPerfGateway\HighPerfGateway> Get-AzureVNetGateway -VNetName ANetwork

LastEventData        :
LastEventTimeStamp   : 12/5/2014 9:40:56 AM
LastEventMessage     : Successfully configured the gateway.
LastEventID          : 23005
State                : Provisioned
VIPAddress           : 23.101.120.180
DefaultSite          :
GatewaySKU           : HighPerformance
OperationDescription : Get-AzureVNetGateway
OperationId          : ba3b506b-902a-301b-b791-dcce9a90c530
OperationStatus      : Succeeded

PS C:\projects\PowerShell\HighPerfGateway\HighPerfGateway> Get-AzureVNetGateway -VNetName BNetwork

LastEventData        :
LastEventTimeStamp   : 12/5/2014 9:40:54 AM
LastEventMessage     : Successfully configured the gateway.
LastEventID          : 23005
State                : Provisioned
VIPAddress           : 23.101.116.231
DefaultSite          :
GatewaySKU           : HighPerformance
OperationDescription : Get-AzureVNetGateway
OperationId          : 8e5e15a4-873e-314c-943b-55e6e1e83cc7
OperationStatus      : Succeeded

 

Update Virtual Network Configuration

Update the configuration of Virtual Network with the updated Network Configuration file. This file was updated in the previous step with actual IP addresses of the newly created network gateways.

001
002
003
004
005
006
007
008
009
#update the vnet config with newly updated config file
Set-AzureVNetConfig  -ConfigurationPath $vNetFilePath -ErrorAction SilentlyContinue -ErrorVariable errorVariable
if (!($?))
{
throw “Unable to set virtual network configuration with updated config file: $vNetFilePath. Error detail is: $errorVariable” 
} 

 

Set the preshared keys for the two networks. After gateway key has been set it can take up to 5 minutes to verify that network connectivity has been established.

001
002
003
004
005
006
007
008
#Update the virtual network configuration.
Set-AzureVNetGatewayKey -VNetName $Network1Name -LocalNetworkSiteName BNetworkLocal -SharedKey yoursharedkey
Set-AzureVNetGatewayKey -VNetName $Network2Name -LocalNetworkSiteName ANetworkLocal -SharedKey yoursharedkey

#get the status of the virtual network
Get-AzureVnetConnection -VNetName $Network1Name
Get-AzureVnetConnection -VNetName $Network2Name

 

Here is the output of Get-AzureVnetConnection when connectivity has been established successfully.

You will notice that ConnectivityState now shows “Connected” for both the networks.

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
PS C:\projects\PowerShell\HighPerfGateway\HighPerfGateway> get-azurevnetconnection -VNetName ANetwork

ConnectivityState         : Connected
EgressBytesTransferred    : 392
IngressBytesTransferred   : 6976
LastConnectionEstablished : 12/5/2014 9:44:22 AM
LastEventID               : 24401
LastEventMessage          : The connectivity state for the local network site ‘BNetworkLocal’ changed from Not
                            Connected to Connected.
LastEventTimeStamp        : 12/5/2014 9:44:22 AM
LocalNetworkSiteName      : BNetworkLocal
OperationDescription      :
OperationId               :
OperationStatus           :

PS C:\projects\PowerShell\HighPerfGateway\HighPerfGateway> get-azurevnetconnection -VNetName BNetwork

ConnectivityState         : Connected
EgressBytesTransferred    : 9529
IngressBytesTransferred   : 440
LastConnectionEstablished : 12/5/2014 9:45:52 AM
LastEventID               : 24401
LastEventMessage          : The connectivity state for the local network site ‘ANetworkLocal’ changed from Not
                            Connected to Connected.
LastEventTimeStamp        : 12/5/2014 9:45:52 AM
LocalNetworkSiteName      : ANetworkLocal
OperationDescription      :
OperationId               :
OperationStatus           :

 

Until now we have not even logged into the Azure Management Portal and we have successfully created 2 Virtual networks, created 2 high performance gateways and connected these two virtual networks. For those of you who like to view things visually I have attached the following views of the portal that show virtual networks were successfully connected.

image

image

Create Virtual Machines

In this step we will create virtual machines in the two virtual networks. We plan to use these virtual machines to test the network bandwidth of your “HighPerformance” network gateway. The script below will create a VM in ANetwork. You can use the same script to create another VM in BNetwork. I created Medium VM’s instead of Small VM’s because I wanted to make sure these VM’s have enough network bandwidth to run my tests.

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
Write-Verbose “Prompt user for admininstrator credentials to use when provisioning the virtual machine(s).” 
$credential = Get-Credential 
Write-Verbose “Administrator credentials captured. Use these credentials to login to the virtual machine(s) when the script is complete.” 

$ImageName = “a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-R2-201411.01-en.us-127GB.vhd”

#Configure the virtual machines to be created
$vm11 = New-AzureVMConfig -Name “anetworkvm1” -InstanceSize “Medium” -ImageName $ImageName |  `
                Set-AzureSubnet “MainSubnet” | `
                Add-AzureProvisioningConfig -Windows -AdminUsername $credential.GetNetworkCredential().username -Password $credential.GetNetworkCredential().password 

# Make an array of the virtual machine configuration so we can create them with 1 call
$vms = @($vm11) 

# Create a new cloud service and Deploy Virtual Machines to Virtual Network
New-AzureVM -ServiceName “anetworksvc” -Location “Central US” -VMs $vms -VNetName “ANetwork” -ErrorVariable errorVariable -ErrorAction SilentlyContinue | Out-Null
 
if (!($?)) 
{ 
    throw “Unable to create virtual machine anetowrkvm1. Error detail is: $errorVariable” 
} 
else
{
    Write-Verbose “Successfully created virtual machine anetworkvm1” 
}

 

Test Network Bandwidth

In the final step we will log in to each virtual machine and download psping tool and use it to test network bandwidth.

psping can be downloaded from http://technet.microsoft.com/en-us/sysinternals

It is one of the easiest way to test network bandwidth, latency etc.

On VM anetworkvm1 that was created in ANetwork I run the following command. It opens the firewall ports for the duration of the test and is the server listening on the specified port. Here 172.16.100.4 is the internal IP address of this VM.

On VM bnetworkvm1 that was created in BNetwork I ran the following command. Here we are running a client that will end out 100K requests to the server 10000 times.

001
002
003
004
005
006
007
008
009
010
011
012
C:\pstools>psping -b -l 100k -n 10000 172.16.100.4:5000

PsPing v2.01  PsPing  ping, latency, bandwidth measurement utility
Copyright (C) 2012-2014 Mark Russinovich
Sysinternals  www.sysinternals.com

TCP bandwidth test connecting to 172.16.100.4:5000: Connected
10005 iterations (5 warmup) sending 102400 bytes TCP bandwidth test: 100%

TCP sender bandwidth statistics:
  Sent = 10000, Size = 102400, Total Bytes: 1024307200,
  Minimum = 22.32 MB/s, Maximum = 33.11 MB/s, Average = 29.51 MB/s

 

I ran these tests about 10 times and I was getting similar bandwidths. These results are in MB/s so I was seeing bandwidth close to 236 Mbps. This is higher than 200 Mbps that was mentioned in the specification of High Performance network gateway. Your actual results may vary.

Summary

In this blog post I hoped to demonstrate:

  1. How to provision virtual networks with PowerShell.
  2. How to create recently released high performance network gateway with PowerShell.
  3. How to connect two virtual networks with PowerShell
  4. How to create virtual machines with PowerShell
  5. How much bandwidth you can expect.
  6. You can automate most aspects of virtual network provisioning. I wanted to add a Point 2 site network but I was unable to do so because there is no PowerShell cmdlet that allows me to upload a client certificate. You can do this by invoking the Rest API.
This entry was posted in Azure, DevOps, Virtual Machines, Virtual Networks and tagged . Bookmark the permalink.