Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
20221129 Azure Route Exchange: 以 Azure VMware S...
Search
Phil Huang
November 29, 2022
Technology
0
240
20221129 Azure Route Exchange: 以 Azure VMware Solution 為例
#avs #azure #networking
YouTube:
https://www.youtube.com/watch?v=F9voykz0Brs
Phil Huang
November 29, 2022
Tweet
Share
More Decks by Phil Huang
See All by Phil Huang
20250307 雲端原生:引領數位轉型與永續的雙贏之道
pichuang
0
16
When Windows Meets Kubernetes…
pichuang
0
390
20241217-Azure Red Hat OpenShift 於 Azure TaiwanNorth 上之雲原生異地備援架構設計
pichuang
0
54
20241112 Real AVS Migration Experience Sharing
pichuang
0
47
Active/Passive HA FortiGate Pair with External and Internal Azure Load Balancer
pichuang
0
110
20240814-採用 Azure VMware Solution 啟動你的 Azure 雲端服務
pichuang
0
76
20240612 如果是勇者欣美爾的話, 他會怎麼做?
pichuang
0
25
20240425 Play and Discuss the game “K8S LAN Party”
pichuang
0
150
20231210 Azure Kubernetes Services 永續性軟體工程設計方針
pichuang
1
160
Other Decks in Technology
See All in Technology
C++26アップデート 2025-03
faithandbrave
0
970
AWSの新機能検証をやる時こそ、Amazon Qでプロンプトエンジニアリングを駆使しよう
duelist2020jp
1
270
Рекомендации с нуля: как мы в Lamoda превратили главную страницу в ключевую точку входа для персонализированного шоппинга. Данил Комаров, Data Scientist, Lamoda Tech
lamodatech
0
770
Conquering PDFs: document understanding beyond plain text
inesmontani
PRO
0
210
持続可能なドキュメント運用のリアル: 1年間の成果とこれから
akitok_
1
210
エンジニアリングで組織のアウトカムを最速で最大化する!
ham0215
1
140
SnowflakeとDatabricks両方でRAGを構築してみた
kameitomohiro
1
440
AWSで作るセキュアな認証基盤with OAuth mTLS / Secure Authentication Infrastructure with OAuth mTLS on AWS
kaminashi
0
180
バクラクの認証基盤の成長と現在地 / bakuraku-authn-platform
convto
4
650
Dynamic Reteaming And Self Organization
miholovesq
3
610
勝手に!深堀り!Cloud Run worker pools / Deep dive Cloud Run worker pools
iselegant
3
470
コスト最適重視でAurora PostgreSQLのログ分析基盤を作ってみた #jawsug_tokyo
non97
1
540
Featured
See All Featured
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
60k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
31
1.1k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
52
2.4k
Side Projects
sachag
452
42k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
How STYLIGHT went responsive
nonsquared
99
5.5k
Done Done
chrislema
183
16k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.2k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.6k
Code Reviewing Like a Champion
maltzj
522
40k
We Have a Design System, Now What?
morganepeng
52
7.5k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
2.9k
Transcript
Azure Route Exchange Phil Huang <
[email protected]
> Sr. Cloud Solution Architect
2022/11/29 以 Azure VMware Solution 為例
Challenge Azure Networking
FortiGate 60E wan1 Public IP: x.x.x.x internal1 192.168.100.254/24 Surface 192.168.100.6/24
Azure VMware Solution 10.7.0.0/22 D-MSEE
On-premise Source IP: 192.168.100.6 vCenter IP of Azure VMware Solution
in Canada Central : 10.7.0.2
Hint Azure Networking
Azure VMware Solution 連線特性 Already enable VMware NSX-T Edge •
一座 Azure VMware Solution 提供 2 種 Peering 方式 1. Azure ExpressRoute 2. Azure ExpressRoute Global Reach (對方也須具備 ExpressRoute 才能用) • 預設狀況下,AVS BGP Peering 是由 Azure 所自動設定 • AS Path: 64513 (AVS BGP ASN) -> 65100 -> ... -> 398656 -> 12076 -> Customer Managed ASN
Azure ExpressRoute 連線特性 Private Connection to Microsoft Cloud Ref: https://learn.microsoft.com/en-us/azure/route-server/expressroute-vpn-support
• 若已具備 ExpressRoute 且須連到指定 Azure VNet, 則需在該 Azure VNet 使用 Virtual Network Gateway (VNG) 並採用 ExpressRoute Type 接入網 路 • 若有需要跟其他線路進行路由,則需要在該 Azure VNet 使用 Azure Route Server,並啟用 Branch-to- Branch 協助路由宣告 (Route Propagate)
Virtual Network Gateway 使用特性 Access to Azure virtual network •
Virtual Network Gateway 提供 2 種 Gateway Type,可共存 同一個 Azure VNet 1. VPN 2. ExpressRoute • 若需與 Azure Route Server 交換路由,則需要滿足下列條件
觀察 BGP Peer 及 Learned Routes 狀態 Virtual Network Gateway
• 選擇 VPN Gateway > Monitoring > BGP Peers
Azure Route Server 使用特性 Enables exchange route information with Azure
virtual networks • 預設狀況下,Azure Route Server 會啟用 BGP,且 ASN 為 65515 • 無需額外進行 BGP Peer 操作,預設自動跟所在 Azure VNet 之 GatewaySubnet 進行路由交換
Route Exchange with Static Route between ExpressRoute and S2S VPN
Case 1 Common Use Case!!!
Ref: FortiGate 60E wan1 Public IP: x.x.x.x internal1 192.168.100.254/24 Surface
192.168.100.6/24 • No BGP • Static Route Only Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute vnet-hub 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 65515 Solution - Create VNet - Create ExpressRoute Gateway (Basic SKU) - Create VPN Gateway - Active-Active Mode - Enable BGP - ASN: 65515 - Create Azure Route Server - Enable branch-to-branch
Ref: FortiGate 60E wan1 Public IP: x.x.x.x internal1 192.168.100.254/24 Surface
192.168.100.6/24 • No BGP • Static Route Only vWAN 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 65515 Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute Solution - Create vWAN - Create vHub
Case 1 Azure VMware Solution NSX-T T0 BGP ASN: 64513
10.7.0.0/22
Route Exchange with eBGP between ExpressRoute and S2S VPN Case
2
Ref: FortiGate 60E ASN: 65533 wan1 Public IP: x.x.x.x internal1
192.168.100.254/24 Surface 192.168.100.6/24 • BGP ASN: 65533 Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute vnet-hub 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 65515 Solution - Create VNet - Create ExpressRoute Gateway (Basic SKU) - Create VPN Gateway - Active-Active Mode - Enable BGP - ASN: 65515 - Create Azure Route Server - Enable branch-to-branch
Case 2: Route Traffic Azure VMware Solution NSX-T T0 BGP
ASN: 64513 10.7.0.0/22 ASN: 65533
Route Exchange with multi eBGP between ExpressRoute and S2S VPN
Case 3
Ref: FortiGate 60E ASN: 65533 wan1 Public IP: x.x.x.x internal1
192.168.100.254/24 Surface 192.168.100.6/24 Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute vnet-hub 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 300 Solution - Create VNet - Create ExpressRoute Gateway (Basic SKU) - Create VPN Gateway - Active-Active Mode - Enable BGP - ASN: 300 - Create Azure Route Server - Enable branch-to-branch
Case 3: Route Traffic ASN: 300 Azure VMware Solution NSX-T
T0 BGP ASN: 64513 10.7.0.0/22
Conclusion Azure Networking • 若於地端並無配置 BGP 設計,僅具有 Static Route /
Policy Route,則可以透過 Case 1 方式將路由接入 至 Azure • 若地端有 BGP 設定,則可透過 Case 2 與 Azure Private ASN 65515 進行路由交換 • 若有特殊架構規劃需求,則可透過 Case 3 或額外建立 NVA (如 FRRouting on Azure VM / 3rd party SD- WAN / vRouter 等) 實踐
Invent with purpose.
pichuang
faithandbrave
duelist2020jp
lamodatech
inesmontani
akitok_
ham0215
kameitomohiro
kaminashi
convto
miholovesq
iselegant
non97
lemiorhan
garrettdimon
tammyeverts
sachag
sugarenia
nonsquared
chrislema
thoeni
bluesmoon
maltzj
morganepeng
rmw
![Azure Route Exchange Phil Huang <[email protected]> Sr. Cloud Solution Architect](https://files.speakerdeck.com/presentations/504828ed55344123aebde572d7a8961b/slide_0.jpg){kind=link}
