Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
20221129 Azure Route Exchange: 以 Azure VMware S...
Search
Phil Huang
November 29, 2022
Technology
0
200
20221129 Azure Route Exchange: 以 Azure VMware Solution 為例
#avs #azure #networking
YouTube:
https://www.youtube.com/watch?v=F9voykz0Brs
Phil Huang
November 29, 2022
Tweet
Share
More Decks by Phil Huang
See All by Phil Huang
20241112 Real AVS Migration Experience Sharing
pichuang
0
5
Active/Passive HA FortiGate Pair with External and Internal Azure Load Balancer
pichuang
0
8
20240814-採用 Azure VMware Solution 啟動你的 Azure 雲端服務
pichuang
0
32
20240425 Play and Discuss the game “K8S LAN Party”
pichuang
0
130
20231210 Azure Kubernetes Services 永續性軟體工程設計方針
pichuang
1
100
20231129 如何選擇適當的 CNCF Project 來使用
pichuang
0
120
Cloud Native Taiwan User Group: Governance of Open-Source Communities in Non-English Region
pichuang
0
34
20231024 CNSW Lightning Talk: TAG Environmental Sustainability
pichuang
0
140
20230913_採用 Azure OpenAI 和 Azure Kubernetes Service 來建構您自己的 AI 應用程式
pichuang
1
150
Other Decks in Technology
See All in Technology
TypeScript、上達の瞬間
sadnessojisan
46
13k
Introduction to Works of ML Engineer in LY Corporation
lycorp_recruit_jp
0
120
Making your applications cross-environment - OSCG 2024 NA
salaboy
0
190
ドメインの本質を掴む / Get the essence of the domain
sinsoku
2
150
iOSチームとAndroidチームでブランチ運用が違ったので整理してます
sansantech
PRO
0
140
【Startup CTO of the Year 2024 / Audience Award】アセンド取締役CTO 丹羽健
niwatakeru
0
1k
The Rise of LLMOps
asei
7
1.5k
いざ、BSC討伐の旅
nikinusu
2
780
AIチャットボット開発への生成AI活用
ryomrt
0
170
rootlessコンテナのすゝめ - 研究室サーバーでもできる安全なコンテナ管理
kitsuya0828
3
380
データプロダクトの定義からはじめる、データコントラクト駆動なデータ基盤
chanyou0311
2
310
社内で最大の技術的負債のリファクタリングに取り組んだお話し
kidooonn
1
550
Featured
See All Featured
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k
Testing 201, or: Great Expectations
jmmastey
38
7.1k
Building a Modern Day E-commerce SEO Strategy
aleyda
38
6.9k
Typedesign – Prime Four
hannesfritz
40
2.4k
Docker and Python
trallard
40
3.1k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
How to train your dragon (web standard)
notwaldorf
88
5.7k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k
How GitHub (no longer) Works
holman
310
140k
Designing for Performance
lara
604
68k
Mobile First: as difficult as doing things right
swwweet
222
8.9k
RailsConf 2023
tenderlove
29
900
Transcript
Azure Route Exchange Phil Huang <
[email protected]
> Sr. Cloud Solution Architect
2022/11/29 以 Azure VMware Solution 為例
Challenge Azure Networking
FortiGate 60E wan1 Public IP: x.x.x.x internal1 192.168.100.254/24 Surface 192.168.100.6/24
Azure VMware Solution 10.7.0.0/22 D-MSEE
On-premise Source IP: 192.168.100.6 vCenter IP of Azure VMware Solution
in Canada Central : 10.7.0.2
Hint Azure Networking
Azure VMware Solution 連線特性 Already enable VMware NSX-T Edge •
一座 Azure VMware Solution 提供 2 種 Peering 方式 1. Azure ExpressRoute 2. Azure ExpressRoute Global Reach (對方也須具備 ExpressRoute 才能用) • 預設狀況下,AVS BGP Peering 是由 Azure 所自動設定 • AS Path: 64513 (AVS BGP ASN) -> 65100 -> ... -> 398656 -> 12076 -> Customer Managed ASN
Azure ExpressRoute 連線特性 Private Connection to Microsoft Cloud Ref: https://learn.microsoft.com/en-us/azure/route-server/expressroute-vpn-support
• 若已具備 ExpressRoute 且須連到指定 Azure VNet, 則需在該 Azure VNet 使用 Virtual Network Gateway (VNG) 並採用 ExpressRoute Type 接入網 路 • 若有需要跟其他線路進行路由,則需要在該 Azure VNet 使用 Azure Route Server,並啟用 Branch-to- Branch 協助路由宣告 (Route Propagate)
Virtual Network Gateway 使用特性 Access to Azure virtual network •
Virtual Network Gateway 提供 2 種 Gateway Type,可共存 同一個 Azure VNet 1. VPN 2. ExpressRoute • 若需與 Azure Route Server 交換路由,則需要滿足下列條件
觀察 BGP Peer 及 Learned Routes 狀態 Virtual Network Gateway
• 選擇 VPN Gateway > Monitoring > BGP Peers
Azure Route Server 使用特性 Enables exchange route information with Azure
virtual networks • 預設狀況下,Azure Route Server 會啟用 BGP,且 ASN 為 65515 • 無需額外進行 BGP Peer 操作,預設自動跟所在 Azure VNet 之 GatewaySubnet 進行路由交換
Route Exchange with Static Route between ExpressRoute and S2S VPN
Case 1 Common Use Case!!!
Ref: FortiGate 60E wan1 Public IP: x.x.x.x internal1 192.168.100.254/24 Surface
192.168.100.6/24 • No BGP • Static Route Only Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute vnet-hub 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 65515 Solution - Create VNet - Create ExpressRoute Gateway (Basic SKU) - Create VPN Gateway - Active-Active Mode - Enable BGP - ASN: 65515 - Create Azure Route Server - Enable branch-to-branch
Ref: FortiGate 60E wan1 Public IP: x.x.x.x internal1 192.168.100.254/24 Surface
192.168.100.6/24 • No BGP • Static Route Only vWAN 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 65515 Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute Solution - Create vWAN - Create vHub
Case 1 Azure VMware Solution NSX-T T0 BGP ASN: 64513
10.7.0.0/22
Route Exchange with eBGP between ExpressRoute and S2S VPN Case
2
Ref: FortiGate 60E ASN: 65533 wan1 Public IP: x.x.x.x internal1
192.168.100.254/24 Surface 192.168.100.6/24 • BGP ASN: 65533 Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute vnet-hub 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 65515 Solution - Create VNet - Create ExpressRoute Gateway (Basic SKU) - Create VPN Gateway - Active-Active Mode - Enable BGP - ASN: 65515 - Create Azure Route Server - Enable branch-to-branch
Case 2: Route Traffic Azure VMware Solution NSX-T T0 BGP
ASN: 64513 10.7.0.0/22 ASN: 65533
Route Exchange with multi eBGP between ExpressRoute and S2S VPN
Case 3
Ref: FortiGate 60E ASN: 65533 wan1 Public IP: x.x.x.x internal1
192.168.100.254/24 Surface 192.168.100.6/24 Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute vnet-hub 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 300 Solution - Create VNet - Create ExpressRoute Gateway (Basic SKU) - Create VPN Gateway - Active-Active Mode - Enable BGP - ASN: 300 - Create Azure Route Server - Enable branch-to-branch
Case 3: Route Traffic ASN: 300 Azure VMware Solution NSX-T
T0 BGP ASN: 64513 10.7.0.0/22
Conclusion Azure Networking • 若於地端並無配置 BGP 設計,僅具有 Static Route /
Policy Route,則可以透過 Case 1 方式將路由接入 至 Azure • 若地端有 BGP 設定,則可透過 Case 2 與 Azure Private ASN 65515 進行路由交換 • 若有特殊架構規劃需求,則可透過 Case 3 或額外建立 NVA (如 FRRouting on Azure VM / 3rd party SD- WAN / vRouter 等) 實踐
Invent with purpose.
pichuang
sadnessojisan
lycorp_recruit_jp
salaboy
sinsoku
sansantech
niwatakeru
asei
nikinusu
ryomrt
kitsuya0828
chanyou0311
kidooonn
reverentgeek
jmmastey
aleyda
hannesfritz
trallard
sstephenson
notwaldorf
morganepeng
holman
lara
swwweet
tenderlove
![Azure Route Exchange Phil Huang <[email protected]> Sr. Cloud Solution Architect](https://files.speakerdeck.com/presentations/504828ed55344123aebde572d7a8961b/slide_0.jpg){kind=link}
