Upgrade to Pro — share decks privately, control downloads, hide ads and more …

20221129 Azure Route Exchange: 以 Azure VMware S...

Phil Huang
November 29, 2022
Technology
0
210

20221129 Azure Route Exchange: 以 Azure VMware Solution 為例

#avs #azure #networking

YouTube: https://www.youtube.com/watch?v=F9voykz0Brs

Phil Huang

November 29, 2022
Tweet

More Decks by Phil Huang

See All by Phil Huang
20241217-Azure Red Hat OpenShift 於 Azure TaiwanNorth 上之雲原生異地備援架構設計
pichuang
0
13
20241112 Real AVS Migration Experience Sharing
pichuang
0
23
Active/Passive HA FortiGate Pair with External and Internal Azure Load Balancer
pichuang
0
17
20240814-採用 Azure VMware Solution 啟動你的 Azure 雲端服務
pichuang
0
42
20240425 Play and Discuss the game “K8S LAN Party”
pichuang
0
140
20231210 Azure Kubernetes Services 永續性軟體工程設計方針
pichuang
1
120
20231129 如何選擇適當的 CNCF Project 來使用
pichuang
0
130
Cloud Native Taiwan User Group: Governance of Open-Source Communities in Non-English Region
pichuang
0
42
20231024 CNSW Lightning Talk: TAG Environmental Sustainability
pichuang
0
150

Other Decks in Technology

See All in Technology
社内イベント管理システムを1週間でAKSからACAに移行した話し
shingo_kawahara
0
180
終了の危機にあった15年続くWebサービスを全力で存続させる - phpcon2024
yositosi
5
6.1k
NilAway による静的解析で「10 億ドル」を節約する #kyotogo / Kyoto Go 56th
ytaka23
3
380
KubeCon NA 2024 Recap: How to Move from Ingress to Gateway API with Minimal Hassle
ysakotch
0
200
なぜCodeceptJSを選んだか
goataka
0
160
株式会社ログラス − エンジニア向け会社説明資料 / Loglass Comapany Deck for Engineer
loglass2019
3
32k
20241214_WACATE2024冬_テスト設計技法をチョット俯瞰してみよう
kzsuzuki
3
450
AI時代のデータセンターネットワーク
lycorptech_jp
PRO
1
280
Wvlet: A New Flow-Style Query Language For Functional Data Modeling and Interactive Data Analysis - Trino Summit 2024
xerial
1
120
生成AIをより賢く エンジニアのための RAG入門 - Oracle AI Jam Session #20
kutsushitaneko
4
220
サービスでLLMを採用したばっかりに振り回され続けたこの一年のあれやこれや
segavvy
2
410
LINEヤフーのフロントエンド組織・体制の紹介【24年12月】
lycorp_recruit_jp
0
530

Featured

See All Featured
The Pragmatic Product Professional
lauravandoore
32
6.3k
Faster Mobile Websites
deanohume
305
30k
Intergalactic Javascript Robots from Outer Space
tanoku
270
27k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
The Art of Programming - Codeland 2020
erikaheidi
53
13k
YesSQL, Process and Tooling at Scale
rocio
169
14k
Scaling GitHub
holman
458
140k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
59k
A designer walks into a library…
pauljervisheath
204
24k
Adopting Sorbet at Scale
ufuk
73
9.1k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
8.3k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.3k

Transcript

  1. Azure Route Exchange Phil Huang <[email protected]> Sr. Cloud Solution Architect

    2022/11/29 以 Azure VMware Solution 為例

  2. Challenge Azure Networking

  3. FortiGate 60E wan1 Public IP: x.x.x.x internal1 192.168.100.254/24 Surface 192.168.100.6/24

    Azure VMware Solution 10.7.0.0/22 D-MSEE

  4. On-premise Source IP: 192.168.100.6 vCenter IP of Azure VMware Solution

    in Canada Central : 10.7.0.2

  5. Hint Azure Networking

  6. Azure VMware Solution 連線特性 Already enable VMware NSX-T Edge •

    一座 Azure VMware Solution 提供 2 種 Peering 方式 1. Azure ExpressRoute 2. Azure ExpressRoute Global Reach (對方也須具備 ExpressRoute 才能用) • 預設狀況下,AVS BGP Peering 是由 Azure 所自動設定 • AS Path: 64513 (AVS BGP ASN) -> 65100 -> ... -> 398656 -> 12076 -> Customer Managed ASN

  7. Azure ExpressRoute 連線特性 Private Connection to Microsoft Cloud Ref: https://learn.microsoft.com/en-us/azure/route-server/expressroute-vpn-support

    • 若已具備 ExpressRoute 且須連到指定 Azure VNet, 則需在該 Azure VNet 使用 Virtual Network Gateway (VNG) 並採用 ExpressRoute Type 接入網 路 • 若有需要跟其他線路進行路由,則需要在該 Azure VNet 使用 Azure Route Server,並啟用 Branch-to- Branch 協助路由宣告 (Route Propagate)

  8. Virtual Network Gateway 使用特性 Access to Azure virtual network •

    Virtual Network Gateway 提供 2 種 Gateway Type,可共存 同一個 Azure VNet 1. VPN 2. ExpressRoute • 若需與 Azure Route Server 交換路由,則需要滿足下列條件

  9. 觀察 BGP Peer 及 Learned Routes 狀態 Virtual Network Gateway

    • 選擇 VPN Gateway > Monitoring > BGP Peers

  10. Azure Route Server 使用特性 Enables exchange route information with Azure

    virtual networks • 預設狀況下,Azure Route Server 會啟用 BGP,且 ASN 為 65515 • 無需額外進行 BGP Peer 操作,預設自動跟所在 Azure VNet 之 GatewaySubnet 進行路由交換

  11. Route Exchange with Static Route between ExpressRoute and S2S VPN

    Case 1 Common Use Case!!!

  12. Ref: FortiGate 60E wan1 Public IP: x.x.x.x internal1 192.168.100.254/24 Surface

    192.168.100.6/24 • No BGP • Static Route Only Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute vnet-hub 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 65515 Solution - Create VNet - Create ExpressRoute Gateway (Basic SKU) - Create VPN Gateway - Active-Active Mode - Enable BGP - ASN: 65515 - Create Azure Route Server - Enable branch-to-branch

  13. Ref: FortiGate 60E wan1 Public IP: x.x.x.x internal1 192.168.100.254/24 Surface

    192.168.100.6/24 • No BGP • Static Route Only vWAN 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 65515 Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute Solution - Create vWAN - Create vHub

  14. Case 1 Azure VMware Solution NSX-T T0 BGP ASN: 64513

    10.7.0.0/22

  15. Route Exchange with eBGP between ExpressRoute and S2S VPN Case

    2

  16. Ref: FortiGate 60E ASN: 65533 wan1 Public IP: x.x.x.x internal1

    192.168.100.254/24 Surface 192.168.100.6/24 • BGP ASN: 65533 Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute vnet-hub 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 65515 Solution - Create VNet - Create ExpressRoute Gateway (Basic SKU) - Create VPN Gateway - Active-Active Mode - Enable BGP - ASN: 65515 - Create Azure Route Server - Enable branch-to-branch

  17. Case 2: Route Traffic Azure VMware Solution NSX-T T0 BGP

    ASN: 64513 10.7.0.0/22 ASN: 65533

  18. Route Exchange with multi eBGP between ExpressRoute and S2S VPN

    Case 3

  19. Ref: FortiGate 60E ASN: 65533 wan1 Public IP: x.x.x.x internal1

    192.168.100.254/24 Surface 192.168.100.6/24 Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute vnet-hub 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 300 Solution - Create VNet - Create ExpressRoute Gateway (Basic SKU) - Create VPN Gateway - Active-Active Mode - Enable BGP - ASN: 300 - Create Azure Route Server - Enable branch-to-branch

  20. Case 3: Route Traffic ASN: 300 Azure VMware Solution NSX-T

    T0 BGP ASN: 64513 10.7.0.0/22

  21. Conclusion Azure Networking • 若於地端並無配置 BGP 設計,僅具有 Static Route /

    Policy Route,則可以透過 Case 1 方式將路由接入 至 Azure • 若地端有 BGP 設定,則可透過 Case 2 與 Azure Private ASN 65515 進行路由交換 • 若有特殊架構規劃需求,則可透過 Case 3 或額外建立 NVA (如 FRRouting on Azure VM / 3rd party SD- WAN / vRouter 等) 實踐

  22. Invent with purpose.