ARM模式下创建Express Route
在Azure的ARM模式下,创建Express Route的命令和ASM模式下是有一些区别的。
本文将介绍在ARM模式下,如果创建Express Route的Circuit。
1. 查看支持的Service Provider
Get-AzureRmExpressRouteServiceProvider Name : Beijing Telecom Ethernet Id : /subscriptions//resourceGroups//providers/Microsoft.Network/expressRouteServiceProviders/ ProvisioningState : Succeeded Type : Microsoft.Network/expressRouteServiceProviders PeeringLocations : [ "Beijing" ] BandwidthsOffered : [ { "OfferName": "50Mbps", "ValueInMbps": 50 }, { "OfferName": "100Mbps", "ValueInMbps": 100 }, { "OfferName": "200Mbps", "ValueInMbps": 200 }, { "OfferName": "500Mbps", "ValueInMbps": 500 }, { "OfferName": "1Gbps", "ValueInMbps": 1000 }, { "OfferName": "2Gbps", "ValueInMbps": 2000 }, { "OfferName": "5Gbps", "ValueInMbps": 5000 }, { "OfferName": "10Gbps", "ValueInMbps": 10000 } ] Name : Shanghai Telecom Ethernet Id : /subscriptions//resourceGroups//providers/Microsoft.Network/expressRouteServiceProviders/ ProvisioningState : Succeeded Type : Microsoft.Network/expressRouteServiceProviders PeeringLocations : [ "Shanghai" ] BandwidthsOffered : [ { "OfferName": "50Mbps", "ValueInMbps": 50 }, { "OfferName": "100Mbps", "ValueInMbps": 100 }, { "OfferName": "200Mbps", "ValueInMbps": 200 }, { "OfferName": "500Mbps", "ValueInMbps": 500 }, { "OfferName": "1Gbps", "ValueInMbps": 1000 }, { "OfferName": "2Gbps", "ValueInMbps": 2000 }, { "OfferName": "5Gbps", "ValueInMbps": 5000 }, { "OfferName": "10Gbps", "ValueInMbps": 10000 } ]
可以看到,北京和上海两个可以提供Express Route的Peer Location。
2. 创建Express Route
New-AzureRmExpressRouteCircuit -Name hwarmer01 -ResourceGroupName hwarm01 -Location "China East" -SkuTier Standard -SkuFamily MeteredData -ServiceProviderName "Shanghai Telecom Ethernet" -BandwidthInMbps 50 -PeeringLocation Shanghai Name : hwarmer01 ResourceGroupName : hwarm01 Location : chinaeast Id : /subscriptions/42e8b20d-29ec-40a5-b020-b2229f3dda56/resourceGroups/hwarm01/providers/Microsoft .Network/expressRouteCircuits/hwarmer01 Etag : W/"b1115f44-1b41-452f-a799-a241f826a609" ProvisioningState : Succeeded Sku : { "Name": "Standard_MeteredData", "Tier": "Standard", "Family": "MeteredData" } CircuitProvisioningState : Enabled ServiceProviderProvisioningState : NotProvisioned ServiceProviderNotes : ServiceProviderProperties : { "ServiceProviderName": "Shanghai Telecom Ethernet", "PeeringLocation": "Shanghai", "BandwidthInMbps": 50 } ServiceKey : a3b8f231-2bb2-43ce-8db2-14475c317933 Peerings : [] Authorizations : []
此处的ServiceKey是和电信创建Express Route的凭证。需要把这个Key提供给电信。
其中状态是:ServiceProviderProvisioningState : NotProvisioned
当状态变成Provisioned状态时,电信的部署就完成了。
3. 创建BGP的private Peering关系
$er = Get-AzureRmExpressRouteCircuit Add-AzureRmExpressRouteCircuitPeeringConfig -Name "AzurePrivatePeering" -ExpressRouteCircuit $er -PeeringType AzurePrivatePeering -PeerASN 65525 -PrimaryPeerAddressPrefix "10.0.0.0/30" -SecondaryPeerAddressPrefix "10.0.0.4/30" -VlanId 666
更新配置:
Set-AzureRmExpressRouteCircuit -ExpressRouteCircuit $er
4. 创建BGP的public Peering关系
Add-AzureRmExpressRouteCircuitPeeringConfig -Name "AzurePublicPeering" -ExpressRouteCircuit $er -PeeringType AzurePublicPeering -PeerASN 65525 -PrimaryPeerAddressPrefix "192.168.201.0/30" -SecondaryPeerAddressPrefix "192.168.201.4/30" -VlanId 667 -SharedKey "A1B2C3D4"
5. 创建Vnet的ER Gateway
首先添加Gateway Subnet:
Add-AzureRmVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -AddressPrefix 172.17.253.0/27 -VirtualNetwork $vnet Set-AzureRmVirtualNetwork -VirtualNetwork $vnet
添加Local Network,此项配置可以不需要配置
New-AzureRmLocalNetworkGateway -Name hwmylocal01 -ResourceGroupName hwarm01 -Location 'China East' -GatewayIpAddress '1.1.1.1' -AddressPrefix '10.100.1.0/24'
创建Gateway的IPConfig:
$vnet = Get-AzureRmVirtualNetwork -Name hwarmvnet01 -ResourceGroupName hwarm01 $subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -VirtualNetwork $vnet $hwgwpip = New-AzureRmPublicIpAddress -Name hwgwpip1 -ResourceGroupName hwarm01 -Location "China East" -AllocationMethod Dynamic $hwgwipconfig = New-AzureRmVirtualNetworkGatewayIpConfig -Name hwgwipconfig -SubnetId $subnet.Id -PublicIpAddressId $hwgwpip.Id
创建ER的Gateway:
New-AzureRmVirtualNetworkGateway -Name hwergw01 -ResourceGroupName hwarm01 -Location "China East" -GatewayType ExpressRoute -VpnType RouteBased -GatewaySku Standard -IpConfigurations $hwgwipconfig -EnableBgp $true
6. 将VNET的Gateway与ExpressRoute的Circuit关联:
$cir = Get-AzureRmExpressRouteCircuit -Name hwarmer01 -ResourceGroupName hwarm01 $gw = Get-AzureRmVirtualNetworkGateway -Name hwergw01 -ResourceGroupName hwarm01 $conn = New-AzureRmVirtualNetworkGatewayConnection -Name "hwerc" -ResourceGroupName "hwarm01" -Location "China East" -VirtualNetworkGateway1 $gw -PeerId $circuit.Id -ConnectionType ExpressRoute
7. 如果VNET的Gateway与ExpressRoute的Circuit不在一个Subscription,需要做授权:
Add-AzureRmExpressRouteCircuitAuthorization -Name hwerau -ExpressRouteCircuit $cir
Set-AzureRmExpressRouteCircuit -ExpressRouteCircuit $cir
完成后,会得到一个Authorization-key,通过这个Key可以把其他订阅的Vnet Gateway和此Express Route Circuit关联。