Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
20221129 Azure Route Exchange: 以 Azure VMware S...
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Phil Huang
November 29, 2022
Technology
0
300
20221129 Azure Route Exchange: 以 Azure VMware Solution 為例
#avs #azure #networking
YouTube:
https://www.youtube.com/watch?v=F9voykz0Brs
Phil Huang
November 29, 2022
Tweet
Share
More Decks by Phil Huang
See All by Phil Huang
20251119 如果是勇者欣美爾的話, 他會怎麼做? 東海資工
pichuang
0
170
20250924 零信任下的容器安全供應鏈:從隔離到信任
pichuang
0
51
20250705 Headlamp: 專注可擴展性的 Kubernetes 用戶界面
pichuang
0
380
20250307 雲端原生:引領數位轉型與永續的雙贏之道
pichuang
0
84
20250116 When Windows Meets Kubernetes…
pichuang
0
560
20241217-Azure Red Hat OpenShift 於 Azure TaiwanNorth 上之雲原生異地備援架構設計
pichuang
0
120
20241112 Real AVS Migration Experience Sharing
pichuang
0
89
Active/Passive HA FortiGate Pair with External and Internal Azure Load Balancer
pichuang
0
430
20240814-採用 Azure VMware Solution 啟動你的 Azure 雲端服務
pichuang
0
140
Other Decks in Technology
See All in Technology
Agent Skils
dip_tech
PRO
0
120
Amazon Bedrock Knowledge Basesチャンキング解説!
aoinoguchi
0
160
AIと新時代を切り拓く。これからのSREとメルカリIBISの挑戦
0gm
2
3.1k
StrandsとNeptuneを使ってナレッジグラフを構築する
yakumo
1
120
Frontier Agents (Kiro autonomous agent / AWS Security Agent / AWS DevOps Agent) の紹介
msysh
3
180
[CV勉強会@関東 World Model 読み会] Orbis: Overcoming Challenges of Long-Horizon Prediction in Driving World Models (Mousakhan+, NeurIPS 2025)
abemii
0
150
マネージャー視点で考えるプロダクトエンジニアの評価 / Evaluating Product Engineers from a Manager's Perspective
hiro_torii
0
100
SREのプラクティスを用いた3領域同時 マネジメントへの挑戦 〜SRE・情シス・セキュリティを統合した チーム運営術〜
coconala_engineer
2
740
Context Engineeringが企業で不可欠になる理由
hirosatogamo
PRO
3
650
Bedrock PolicyでAmazon Bedrock Guardrails利用を強制してみた
yuu551
0
260
1,000 にも届く AWS Organizations 組織のポリシー運用をちゃんとしたい、という話
kazzpapa3
0
110
ファインディの横断SREがTakumi byGMOと取り組む、セキュリティと開発スピードの両立
rvirus0817
1
1.6k
Featured
See All Featured
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
21
1.4k
Kristin Tynski - Automating Marketing Tasks With AI
techseoconnect
PRO
0
150
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
baasie
0
230
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.3k
Rebuilding a faster, lazier Slack
samanthasiow
85
9.4k
A better future with KSS
kneath
240
18k
DevOps and Value Stream Thinking: Enabling flow, efficiency and business value
helenjbeal
1
110
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
740
Exploring the relationship between traditional SERPs and Gen AI search
raygrieselhuber
PRO
2
3.6k
Faster Mobile Websites
deanohume
310
31k
Avoiding the “Bad Training, Faster” Trap in the Age of AI
tmiket
0
79
Paper Plane
katiecoart
PRO
0
46k
Transcript
Azure Route Exchange Phil Huang <
[email protected]
> Sr. Cloud Solution Architect
2022/11/29 以 Azure VMware Solution 為例
Challenge Azure Networking
FortiGate 60E wan1 Public IP: x.x.x.x internal1 192.168.100.254/24 Surface 192.168.100.6/24
Azure VMware Solution 10.7.0.0/22 D-MSEE
On-premise Source IP: 192.168.100.6 vCenter IP of Azure VMware Solution
in Canada Central : 10.7.0.2
Hint Azure Networking
Azure VMware Solution 連線特性 Already enable VMware NSX-T Edge •
一座 Azure VMware Solution 提供 2 種 Peering 方式 1. Azure ExpressRoute 2. Azure ExpressRoute Global Reach (對方也須具備 ExpressRoute 才能用) • 預設狀況下,AVS BGP Peering 是由 Azure 所自動設定 • AS Path: 64513 (AVS BGP ASN) -> 65100 -> ... -> 398656 -> 12076 -> Customer Managed ASN
Azure ExpressRoute 連線特性 Private Connection to Microsoft Cloud Ref: https://learn.microsoft.com/en-us/azure/route-server/expressroute-vpn-support
• 若已具備 ExpressRoute 且須連到指定 Azure VNet, 則需在該 Azure VNet 使用 Virtual Network Gateway (VNG) 並採用 ExpressRoute Type 接入網 路 • 若有需要跟其他線路進行路由,則需要在該 Azure VNet 使用 Azure Route Server,並啟用 Branch-to- Branch 協助路由宣告 (Route Propagate)
Virtual Network Gateway 使用特性 Access to Azure virtual network •
Virtual Network Gateway 提供 2 種 Gateway Type,可共存 同一個 Azure VNet 1. VPN 2. ExpressRoute • 若需與 Azure Route Server 交換路由,則需要滿足下列條件
觀察 BGP Peer 及 Learned Routes 狀態 Virtual Network Gateway
• 選擇 VPN Gateway > Monitoring > BGP Peers
Azure Route Server 使用特性 Enables exchange route information with Azure
virtual networks • 預設狀況下,Azure Route Server 會啟用 BGP,且 ASN 為 65515 • 無需額外進行 BGP Peer 操作,預設自動跟所在 Azure VNet 之 GatewaySubnet 進行路由交換
Route Exchange with Static Route between ExpressRoute and S2S VPN
Case 1 Common Use Case!!!
Ref: FortiGate 60E wan1 Public IP: x.x.x.x internal1 192.168.100.254/24 Surface
192.168.100.6/24 • No BGP • Static Route Only Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute vnet-hub 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 65515 Solution - Create VNet - Create ExpressRoute Gateway (Basic SKU) - Create VPN Gateway - Active-Active Mode - Enable BGP - ASN: 65515 - Create Azure Route Server - Enable branch-to-branch
Ref: FortiGate 60E wan1 Public IP: x.x.x.x internal1 192.168.100.254/24 Surface
192.168.100.6/24 • No BGP • Static Route Only vWAN 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 65515 Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute Solution - Create vWAN - Create vHub
Case 1 Azure VMware Solution NSX-T T0 BGP ASN: 64513
10.7.0.0/22
Route Exchange with eBGP between ExpressRoute and S2S VPN Case
2
Ref: FortiGate 60E ASN: 65533 wan1 Public IP: x.x.x.x internal1
192.168.100.254/24 Surface 192.168.100.6/24 • BGP ASN: 65533 Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute vnet-hub 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 65515 Solution - Create VNet - Create ExpressRoute Gateway (Basic SKU) - Create VPN Gateway - Active-Active Mode - Enable BGP - ASN: 65515 - Create Azure Route Server - Enable branch-to-branch
Case 2: Route Traffic Azure VMware Solution NSX-T T0 BGP
ASN: 64513 10.7.0.0/22 ASN: 65533
Route Exchange with multi eBGP between ExpressRoute and S2S VPN
Case 3
Ref: FortiGate 60E ASN: 65533 wan1 Public IP: x.x.x.x internal1
192.168.100.254/24 Surface 192.168.100.6/24 Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute vnet-hub 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 300 Solution - Create VNet - Create ExpressRoute Gateway (Basic SKU) - Create VPN Gateway - Active-Active Mode - Enable BGP - ASN: 300 - Create Azure Route Server - Enable branch-to-branch
Case 3: Route Traffic ASN: 300 Azure VMware Solution NSX-T
T0 BGP ASN: 64513 10.7.0.0/22
Conclusion Azure Networking • 若於地端並無配置 BGP 設計,僅具有 Static Route /
Policy Route,則可以透過 Case 1 方式將路由接入 至 Azure • 若地端有 BGP 設定,則可透過 Case 2 與 Azure Private ASN 65515 進行路由交換 • 若有特殊架構規劃需求,則可透過 Case 3 或額外建立 NVA (如 FRRouting on Azure VM / 3rd party SD- WAN / vRouter 等) 實踐
Invent with purpose.
pichuang
dip_tech
aoinoguchi
0gm
yakumo
msysh
abemii
.jpg){kind=avatar}
hiro_torii
coconala_engineer
hirosatogamo
yuu551
kazzpapa3
rvirus0817
sergeychernyshev
techseoconnect
baasie
tammyeverts
samanthasiow
kneath
.png){kind=avatar}
helenjbeal
aleyda
raygrieselhuber
deanohume
tmiket
katiecoart
![Azure Route Exchange Phil Huang <[email protected]> Sr. Cloud Solution Architect](https://files.speakerdeck.com/presentations/504828ed55344123aebde572d7a8961b/slide_0.jpg){kind=link}
