在Azure的ARM模式下,建立Express Route的命令和ASM模式下是有一些區別的。
本文將介紹在ARM模式下,如果建立Express Route的Circuit。
1. 檢視支援的Service Provider
Get-AzureRmExpressRouteServiceProvider Name : Beijing Telecom Ethernet Id : /subscriptions//resourceGroups//providers/Microsoft.Network/expressRouteServiceProviders/ ProvisioningState : Succeeded Type : Microsoft.Network/expressRouteServiceProviders PeeringLocations : [ "Beijing" ] BandwidthsOffered : [ { "OfferName": "50Mbps", "ValueInMbps": 50 }, { "OfferName": "100Mbps", "ValueInMbps": 100 }, { "OfferName": "200Mbps", "ValueInMbps": 200 }, { "OfferName": "500Mbps", "ValueInMbps": 500 }, { "OfferName": "1Gbps", "ValueInMbps": 1000 }, { "OfferName": "2Gbps", "ValueInMbps": 2000 }, { "OfferName": "5Gbps", "ValueInMbps": 5000 }, { "OfferName": "10Gbps", "ValueInMbps": 10000 } ] Name : Shanghai Telecom Ethernet Id : /subscriptions//resourceGroups//providers/Microsoft.Network/expressRouteServiceProviders/ ProvisioningState : Succeeded Type : Microsoft.Network/expressRouteServiceProviders PeeringLocations : [ "Shanghai" ] BandwidthsOffered : [ { "OfferName": "50Mbps", "ValueInMbps": 50 }, { "OfferName": "100Mbps", "ValueInMbps": 100 }, { "OfferName": "200Mbps", "ValueInMbps": 200 }, { "OfferName": "500Mbps", "ValueInMbps": 500 }, { "OfferName": "1Gbps", "ValueInMbps": 1000 }, { "OfferName": "2Gbps", "ValueInMbps": 2000 }, { "OfferName": "5Gbps", "ValueInMbps": 5000 }, { "OfferName": "10Gbps", "ValueInMbps": 10000 } ]
可以看到,北京和上海兩個可以提供Express Route的Peer Location。
2. 建立Express Route
New-AzureRmExpressRouteCircuit -Name hwarmer01 -ResourceGroupName hwarm01 -Location "China East" -SkuTier Standard -SkuFamily MeteredData -ServiceProviderName "Shanghai Telecom Ethernet" -BandwidthInMbps 50 -PeeringLocation Shanghai Name : hwarmer01 ResourceGroupName : hwarm01 Location : chinaeast Id : /subscriptions/42e8b20d-29ec-40a5-b020-b2229f3dda56/resourceGroups/hwarm01/providers/Microsoft .Network/expressRouteCircuits/hwarmer01 Etag : W/"b1115f44-1b41-452f-a799-a241f826a609" ProvisioningState : Succeeded Sku : { "Name": "Standard_MeteredData", "Tier": "Standard", "Family": "MeteredData" } CircuitProvisioningState : Enabled ServiceProviderProvisioningState : NotProvisioned ServiceProviderNotes : ServiceProviderProperties : { "ServiceProviderName": "Shanghai Telecom Ethernet", "PeeringLocation": "Shanghai", "BandwidthInMbps": 50 } ServiceKey : a3b8f231-2bb2-43ce-8db2-14475c317933 Peerings : [] Authorizations : []
此處的ServiceKey是和電信建立Express Route的憑證。需要把這個Key提供給電信。
其中狀態是:ServiceProviderProvisioningState : NotProvisioned
當狀態變成Provisioned狀態時,電信的部署就完成了。
3. 建立BGP的private Peering關係
$er = Get-AzureRmExpressRouteCircuit Add-AzureRmExpressRouteCircuitPeeringConfig -Name "AzurePrivatePeering" -ExpressRouteCircuit $er -PeeringType AzurePrivatePeering -PeerASN 65525 -PrimaryPeerAddressPrefix "10.0.0.0/30" -SecondaryPeerAddressPrefix "10.0.0.4/30" -VlanId 666
更新配置:
Set-AzureRmExpressRouteCircuit -ExpressRouteCircuit $er
4. 建立BGP的public Peering關係
Add-AzureRmExpressRouteCircuitPeeringConfig -Name "AzurePublicPeering" -ExpressRouteCircuit $er -PeeringType AzurePublicPeering -PeerASN 65525 -PrimaryPeerAddressPrefix "192.168.201.0/30" -SecondaryPeerAddressPrefix "192.168.201.4/30" -VlanId 667 -SharedKey "A1B2C3D4"
5. 建立Vnet的ER Gateway
首先新增Gateway Subnet:
Add-AzureRmVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -AddressPrefix 172.17.253.0/27 -VirtualNetwork $vnet Set-AzureRmVirtualNetwork -VirtualNetwork $vnet
新增Local Network,此項配置可以不需要配置
New-AzureRmLocalNetworkGateway -Name hwmylocal01 -ResourceGroupName hwarm01 -Location 'China East' -GatewayIpAddress '1.1.1.1' -AddressPrefix '10.100.1.0/24'
建立Gateway的IPConfig:
$vnet = Get-AzureRmVirtualNetwork -Name hwarmvnet01 -ResourceGroupName hwarm01 $subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -VirtualNetwork $vnet $hwgwpip = New-AzureRmPublicIpAddress -Name hwgwpip1 -ResourceGroupName hwarm01 -Location "China East" -AllocationMethod Dynamic $hwgwipconfig = New-AzureRmVirtualNetworkGatewayIpConfig -Name hwgwipconfig -SubnetId $subnet.Id -PublicIpAddressId $hwgwpip.Id
建立ER的Gateway:
New-AzureRmVirtualNetworkGateway -Name hwergw01 -ResourceGroupName hwarm01 -Location "China East" -GatewayType ExpressRoute -VpnType RouteBased -GatewaySku Standard -IpConfigurations $hwgwipconfig -EnableBgp $true
6. 將VNET的Gateway與ExpressRoute的Circuit關聯:
$cir = Get-AzureRmExpressRouteCircuit -Name hwarmer01 -ResourceGroupName hwarm01 $gw = Get-AzureRmVirtualNetworkGateway -Name hwergw01 -ResourceGroupName hwarm01 $conn = New-AzureRmVirtualNetworkGatewayConnection -Name "hwerc" -ResourceGroupName "hwarm01" -Location "China East" -VirtualNetworkGateway1 $gw -PeerId $circuit.Id -ConnectionType ExpressRoute
7. 如果VNET的Gateway與ExpressRoute的Circuit不在一個Subscription,需要做授權:
Add-AzureRmExpressRouteCircuitAuthorization -Name hwerau -ExpressRouteCircuit $cir
Set-AzureRmExpressRouteCircuit -ExpressRouteCircuit $cir
完成後,會得到一個Authorization-key,通過這個Key可以把其他訂閱的Vnet Gateway和此Express Route Circuit關聯。