Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
20221129 Azure Route Exchange: 以 Azure VMware S...
Search
Phil Huang
November 29, 2022
Technology
0
300
20221129 Azure Route Exchange: 以 Azure VMware Solution 為例
#avs #azure #networking
YouTube:
https://www.youtube.com/watch?v=F9voykz0Brs
Phil Huang
November 29, 2022
Tweet
Share
More Decks by Phil Huang
See All by Phil Huang
20251119 如果是勇者欣美爾的話, 他會怎麼做? 東海資工
pichuang
0
160
20250924 零信任下的容器安全供應鏈:從隔離到信任
pichuang
0
44
20250705 Headlamp: 專注可擴展性的 Kubernetes 用戶界面
pichuang
0
380
20250307 雲端原生:引領數位轉型與永續的雙贏之道
pichuang
0
79
20250116 When Windows Meets Kubernetes…
pichuang
0
550
20241217-Azure Red Hat OpenShift 於 Azure TaiwanNorth 上之雲原生異地備援架構設計
pichuang
0
120
20241112 Real AVS Migration Experience Sharing
pichuang
0
86
Active/Passive HA FortiGate Pair with External and Internal Azure Load Balancer
pichuang
0
410
20240814-採用 Azure VMware Solution 啟動你的 Azure 雲端服務
pichuang
0
130
Other Decks in Technology
See All in Technology
次世代AIコーディング:OpenAI Codex の最新動向 進行スライド/nikkei-tech-talk-40
nikkei_engineer_recruiting
0
140
2025年の医用画像AI/AI×medical_imaging_in_2025_generated_by_AI
tdys13
0
330
AIエージェントを5分で一気におさらい! AIエージェント「構築」元年に備えよう
yakumo
1
150
業務の煩悩を祓うAI活用術108選 / AI 108 Usages
smartbank
9
21k
投資戦略を量産せよ 2 - マケデコセミナー(2025/12/26)
gamella
1
640
2025-12-27 Claude CodeでPRレビュー対応を効率化する@機械学習社会実装勉強会第54回
nakamasato
4
1.4k
「リリースファースト」の実感を届けるには 〜停滞するチームに変化を起こすアプローチ〜 #RSGT2026
kintotechdev
0
910
製造業から学んだ「本質を守り現場に合わせるアジャイル実践」
kamitokusari
0
630
AI に「学ばせ、調べさせ、作らせる」。Auth0 開発を加速させる7つの実践的アプローチ
scova0731
0
250
#22 CA × atmaCup 3rd 1st Place Solution
yumizu
1
180
「違う現場で格闘する二人」——社内コミュニティがつないだトヨタ流アジャイルの実践とその先
shinichitakeuchi
0
340
Sansan Engineering Unit 紹介資料
sansan33
PRO
1
3.6k
Featured
See All Featured
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
techseoconnect
PRO
0
65
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3.3k
Navigating the Design Leadership Dip - Product Design Week Design Leaders+ Conference 2024
apolaine
0
150
Testing 201, or: Great Expectations
jmmastey
46
7.9k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
11
790
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
<Decoding/> the Language of Devs - We Love SEO 2024
nikkihalliwell
1
110
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.3k
Product Roadmaps are Hard
iamctodd
PRO
55
12k
Paper Plane
katiecoart
PRO
0
45k
Navigating Team Friction
lara
191
16k
End of SEO as We Know It (SMX Advanced Version)
ipullrank
2
3.9k
Transcript
Azure Route Exchange Phil Huang <
[email protected]
> Sr. Cloud Solution Architect
2022/11/29 以 Azure VMware Solution 為例
Challenge Azure Networking
FortiGate 60E wan1 Public IP: x.x.x.x internal1 192.168.100.254/24 Surface 192.168.100.6/24
Azure VMware Solution 10.7.0.0/22 D-MSEE
On-premise Source IP: 192.168.100.6 vCenter IP of Azure VMware Solution
in Canada Central : 10.7.0.2
Hint Azure Networking
Azure VMware Solution 連線特性 Already enable VMware NSX-T Edge •
一座 Azure VMware Solution 提供 2 種 Peering 方式 1. Azure ExpressRoute 2. Azure ExpressRoute Global Reach (對方也須具備 ExpressRoute 才能用) • 預設狀況下,AVS BGP Peering 是由 Azure 所自動設定 • AS Path: 64513 (AVS BGP ASN) -> 65100 -> ... -> 398656 -> 12076 -> Customer Managed ASN
Azure ExpressRoute 連線特性 Private Connection to Microsoft Cloud Ref: https://learn.microsoft.com/en-us/azure/route-server/expressroute-vpn-support
• 若已具備 ExpressRoute 且須連到指定 Azure VNet, 則需在該 Azure VNet 使用 Virtual Network Gateway (VNG) 並採用 ExpressRoute Type 接入網 路 • 若有需要跟其他線路進行路由,則需要在該 Azure VNet 使用 Azure Route Server,並啟用 Branch-to- Branch 協助路由宣告 (Route Propagate)
Virtual Network Gateway 使用特性 Access to Azure virtual network •
Virtual Network Gateway 提供 2 種 Gateway Type,可共存 同一個 Azure VNet 1. VPN 2. ExpressRoute • 若需與 Azure Route Server 交換路由,則需要滿足下列條件
觀察 BGP Peer 及 Learned Routes 狀態 Virtual Network Gateway
• 選擇 VPN Gateway > Monitoring > BGP Peers
Azure Route Server 使用特性 Enables exchange route information with Azure
virtual networks • 預設狀況下,Azure Route Server 會啟用 BGP,且 ASN 為 65515 • 無需額外進行 BGP Peer 操作,預設自動跟所在 Azure VNet 之 GatewaySubnet 進行路由交換
Route Exchange with Static Route between ExpressRoute and S2S VPN
Case 1 Common Use Case!!!
Ref: FortiGate 60E wan1 Public IP: x.x.x.x internal1 192.168.100.254/24 Surface
192.168.100.6/24 • No BGP • Static Route Only Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute vnet-hub 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 65515 Solution - Create VNet - Create ExpressRoute Gateway (Basic SKU) - Create VPN Gateway - Active-Active Mode - Enable BGP - ASN: 65515 - Create Azure Route Server - Enable branch-to-branch
Ref: FortiGate 60E wan1 Public IP: x.x.x.x internal1 192.168.100.254/24 Surface
192.168.100.6/24 • No BGP • Static Route Only vWAN 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 65515 Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute Solution - Create vWAN - Create vHub
Case 1 Azure VMware Solution NSX-T T0 BGP ASN: 64513
10.7.0.0/22
Route Exchange with eBGP between ExpressRoute and S2S VPN Case
2
Ref: FortiGate 60E ASN: 65533 wan1 Public IP: x.x.x.x internal1
192.168.100.254/24 Surface 192.168.100.6/24 • BGP ASN: 65533 Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute vnet-hub 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 65515 Solution - Create VNet - Create ExpressRoute Gateway (Basic SKU) - Create VPN Gateway - Active-Active Mode - Enable BGP - ASN: 65515 - Create Azure Route Server - Enable branch-to-branch
Case 2: Route Traffic Azure VMware Solution NSX-T T0 BGP
ASN: 64513 10.7.0.0/22 ASN: 65533
Route Exchange with multi eBGP between ExpressRoute and S2S VPN
Case 3
Ref: FortiGate 60E ASN: 65533 wan1 Public IP: x.x.x.x internal1
192.168.100.254/24 Surface 192.168.100.6/24 Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute vnet-hub 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 300 Solution - Create VNet - Create ExpressRoute Gateway (Basic SKU) - Create VPN Gateway - Active-Active Mode - Enable BGP - ASN: 300 - Create Azure Route Server - Enable branch-to-branch
Case 3: Route Traffic ASN: 300 Azure VMware Solution NSX-T
T0 BGP ASN: 64513 10.7.0.0/22
Conclusion Azure Networking • 若於地端並無配置 BGP 設計,僅具有 Static Route /
Policy Route,則可以透過 Case 1 方式將路由接入 至 Azure • 若地端有 BGP 設定,則可透過 Case 2 與 Azure Private ASN 65515 進行路由交換 • 若有特殊架構規劃需求,則可透過 Case 3 或額外建立 NVA (如 FRRouting on Azure VM / 3rd party SD- WAN / vRouter 等) 實踐
Invent with purpose.
pichuang
nikkei_engineer_recruiting
tdys13
yakumo
smartbank
gamella
nakamasato
kintotechdev
kamitokusari
scova0731
yumizu
shinichitakeuchi
sansan33
techseoconnect
eileencodes
apolaine
jmmastey
tammyeverts
chriscoyier
nikkihalliwell
ipullrank
iamctodd
katiecoart
lara
![Azure Route Exchange Phil Huang <[email protected]> Sr. Cloud Solution Architect](https://files.speakerdeck.com/presentations/504828ed55344123aebde572d7a8961b/slide_0.jpg){kind=link}
