Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
20221129 Azure Route Exchange: 以 Azure VMware S...
Search
Phil Huang
November 29, 2022
Technology
0
300
20221129 Azure Route Exchange: 以 Azure VMware Solution 為例
#avs #azure #networking
YouTube:
https://www.youtube.com/watch?v=F9voykz0Brs
Phil Huang
November 29, 2022
Tweet
Share
More Decks by Phil Huang
See All by Phil Huang
20251119 如果是勇者欣美爾的話, 他會怎麼做? 東海資工
pichuang
0
160
20250924 零信任下的容器安全供應鏈:從隔離到信任
pichuang
0
46
20250705 Headlamp: 專注可擴展性的 Kubernetes 用戶界面
pichuang
0
380
20250307 雲端原生:引領數位轉型與永續的雙贏之道
pichuang
0
80
20250116 When Windows Meets Kubernetes…
pichuang
0
550
20241217-Azure Red Hat OpenShift 於 Azure TaiwanNorth 上之雲原生異地備援架構設計
pichuang
0
120
20241112 Real AVS Migration Experience Sharing
pichuang
0
86
Active/Passive HA FortiGate Pair with External and Internal Azure Load Balancer
pichuang
0
410
20240814-採用 Azure VMware Solution 啟動你的 Azure 雲端服務
pichuang
0
130
Other Decks in Technology
See All in Technology
「アウトプット脳からユーザー価値脳へ」がそんなに簡単にできたら苦労しない #RSGT2026
aki_iinuma
11
5.5k
WebDriver BiDi 2025年のふりかえり
yotahada3
1
160
SES向け、生成AI時代におけるエンジニアリングとセキュリティ
longbowxxx
0
320
AI Agent Agentic Workflow の可観測性 / Observability of AI Agent Agentic Workflow
yuzujoe
4
2.1k
AWS Amplify Conference 2026 - 仕様からリリースまで一気通貫 生成 AI 時代のフルスタック開発
inariku
1
200
Databricks Free Editionで始めるLakeflow SDP
taka_aki
0
130
Introduction to Sansan for Engineers / エンジニア向け会社紹介
sansan33
PRO
6
63k
ALB「証明書上限問題」からの脱却
nishiokashinji
0
210
AWSと生成AIで学ぶ!実行計画の読み解き方とSQLチューニングの実践
yakumo
2
580
形式手法特論:コンパイラの「正しさ」は証明できるか? #burikaigi / BuriKaigi 2026
ytaka23
17
6.2k
新米スクラムマスターの4ヶ月 -「スクラムイベントを回しているのに手応えがない」からの脱出 / Four Months as a New Scrum Master — When Scrum Events Were Running, but Nothing Felt Right
owata
0
170
Oracle Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
1
930
Featured
See All Featured
Bash Introduction
62gerente
615
210k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
Google's AI Overviews - The New Search
badams
0
890
Marketing Yourself as an Engineer | Alaka | Gurzu
gurzu
0
110
What does AI have to do with Human Rights?
axbom
PRO
0
1.9k
Digital Ethics as a Driver of Design Innovation
axbom
PRO
0
140
The AI Search Optimization Roadmap by Aleyda Solis
aleyda
1
5.1k
Impact Scores and Hybrid Strategies: The future of link building
tamaranovitovic
0
190
Pawsitive SEO: Lessons from My Dog (and Many Mistakes) on Thriving as a Consultant in the Age of AI
davidcarrasco
0
47
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
25
1.7k
Chasing Engaging Ingredients in Design
codingconduct
0
97
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.7k
Transcript
Azure Route Exchange Phil Huang <
[email protected]
> Sr. Cloud Solution Architect
2022/11/29 以 Azure VMware Solution 為例
Challenge Azure Networking
FortiGate 60E wan1 Public IP: x.x.x.x internal1 192.168.100.254/24 Surface 192.168.100.6/24
Azure VMware Solution 10.7.0.0/22 D-MSEE
On-premise Source IP: 192.168.100.6 vCenter IP of Azure VMware Solution
in Canada Central : 10.7.0.2
Hint Azure Networking
Azure VMware Solution 連線特性 Already enable VMware NSX-T Edge •
一座 Azure VMware Solution 提供 2 種 Peering 方式 1. Azure ExpressRoute 2. Azure ExpressRoute Global Reach (對方也須具備 ExpressRoute 才能用) • 預設狀況下,AVS BGP Peering 是由 Azure 所自動設定 • AS Path: 64513 (AVS BGP ASN) -> 65100 -> ... -> 398656 -> 12076 -> Customer Managed ASN
Azure ExpressRoute 連線特性 Private Connection to Microsoft Cloud Ref: https://learn.microsoft.com/en-us/azure/route-server/expressroute-vpn-support
• 若已具備 ExpressRoute 且須連到指定 Azure VNet, 則需在該 Azure VNet 使用 Virtual Network Gateway (VNG) 並採用 ExpressRoute Type 接入網 路 • 若有需要跟其他線路進行路由,則需要在該 Azure VNet 使用 Azure Route Server,並啟用 Branch-to- Branch 協助路由宣告 (Route Propagate)
Virtual Network Gateway 使用特性 Access to Azure virtual network •
Virtual Network Gateway 提供 2 種 Gateway Type,可共存 同一個 Azure VNet 1. VPN 2. ExpressRoute • 若需與 Azure Route Server 交換路由,則需要滿足下列條件
觀察 BGP Peer 及 Learned Routes 狀態 Virtual Network Gateway
• 選擇 VPN Gateway > Monitoring > BGP Peers
Azure Route Server 使用特性 Enables exchange route information with Azure
virtual networks • 預設狀況下,Azure Route Server 會啟用 BGP,且 ASN 為 65515 • 無需額外進行 BGP Peer 操作,預設自動跟所在 Azure VNet 之 GatewaySubnet 進行路由交換
Route Exchange with Static Route between ExpressRoute and S2S VPN
Case 1 Common Use Case!!!
Ref: FortiGate 60E wan1 Public IP: x.x.x.x internal1 192.168.100.254/24 Surface
192.168.100.6/24 • No BGP • Static Route Only Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute vnet-hub 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 65515 Solution - Create VNet - Create ExpressRoute Gateway (Basic SKU) - Create VPN Gateway - Active-Active Mode - Enable BGP - ASN: 65515 - Create Azure Route Server - Enable branch-to-branch
Ref: FortiGate 60E wan1 Public IP: x.x.x.x internal1 192.168.100.254/24 Surface
192.168.100.6/24 • No BGP • Static Route Only vWAN 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 65515 Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute Solution - Create vWAN - Create vHub
Case 1 Azure VMware Solution NSX-T T0 BGP ASN: 64513
10.7.0.0/22
Route Exchange with eBGP between ExpressRoute and S2S VPN Case
2
Ref: FortiGate 60E ASN: 65533 wan1 Public IP: x.x.x.x internal1
192.168.100.254/24 Surface 192.168.100.6/24 • BGP ASN: 65533 Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute vnet-hub 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 65515 Solution - Create VNet - Create ExpressRoute Gateway (Basic SKU) - Create VPN Gateway - Active-Active Mode - Enable BGP - ASN: 65515 - Create Azure Route Server - Enable branch-to-branch
Case 2: Route Traffic Azure VMware Solution NSX-T T0 BGP
ASN: 64513 10.7.0.0/22 ASN: 65533
Route Exchange with multi eBGP between ExpressRoute and S2S VPN
Case 3
Ref: FortiGate 60E ASN: 65533 wan1 Public IP: x.x.x.x internal1
192.168.100.254/24 Surface 192.168.100.6/24 Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute vnet-hub 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 300 Solution - Create VNet - Create ExpressRoute Gateway (Basic SKU) - Create VPN Gateway - Active-Active Mode - Enable BGP - ASN: 300 - Create Azure Route Server - Enable branch-to-branch
Case 3: Route Traffic ASN: 300 Azure VMware Solution NSX-T
T0 BGP ASN: 64513 10.7.0.0/22
Conclusion Azure Networking • 若於地端並無配置 BGP 設計,僅具有 Static Route /
Policy Route,則可以透過 Case 1 方式將路由接入 至 Azure • 若地端有 BGP 設定,則可透過 Case 2 與 Azure Private ASN 65515 進行路由交換 • 若有特殊架構規劃需求,則可透過 Case 3 或額外建立 NVA (如 FRRouting on Azure VM / 3rd party SD- WAN / vRouter 等) 實踐
Invent with purpose.
pichuang
aki_iinuma
yotahada3
longbowxxx
yuzujoe
inariku
taka_aki
sansan33
nishiokashinji
yakumo
ytaka23
owata
oracle4engineer
62gerente
tanoku
badams
gurzu
axbom
aleyda
tamaranovitovic
davidcarrasco
honnibal
codingconduct
marktimemedia
![Azure Route Exchange Phil Huang <[email protected]> Sr. Cloud Solution Architect](https://files.speakerdeck.com/presentations/504828ed55344123aebde572d7a8961b/slide_0.jpg){kind=link}
