Upgrade to Pro — share decks privately, control downloads, hide ads and more …

20221129 Azure Route Exchange: 以 Azure VMware Solution 為例

Phil Huang
November 29, 2022
Technology
0
36

20221129 Azure Route Exchange: 以 Azure VMware Solution 為例

#avs #azure #networking

YouTube: https://www.youtube.com/watch?v=F9voykz0Brs

Phil Huang

November 29, 2022
Tweet

More Decks by Phil Huang

See All by Phil Huang
20221222 Unleashing the Power of Azure VMware Solution
pichuang
0
130
20221220 Azure Public IP 路由偏好教戰手冊
pichuang
0
53
20221214 Latency Measurement of Azure Backbone Network
pichuang
0
25
20221116 混合雲架構師日常 如何使用 WSL 2 搭配 Ansible 自動化進行 Azure 維運管理
pichuang
2
130
20221028 淺談 Azure Private 5G Core 和 Kubernetes
pichuang
0
250
20221016 要如何直面到 Kubernetes 所帶來的技術能力影響
pichuang
4
2.3k
20220731 如何跟隨開源技術保持你的職涯發展
pichuang
0
280
20220323_Harbor 技術雜談
pichuang
2
520
Kubernetes 叢集平台 Tanzu Community Edition 動手做
pichuang
0
280

Other Decks in Technology

See All in Technology
OCI DevOps 概要 / OCI DevOps overview
oracle4engineer
PRO
0
500
20230123_FinJAWS
takuyay0ne
0
120
Oracle Transaction Manager for Microservices Free 22.3 製品概要
oracle4engineer
PRO
5
110
私見「UNIXの考え方」/20230124-kameda-unix-phylosophy
opelab
1
170
ECテックカンファレンス2023 EC事業部のモバイル開発2023
tatsumi0000
0
310
API連携に伴う規制と対応 / Regulations and responses to API linkage
moneyforward
0
160
OpenShift.Run2023_create-aro-with-terraform
ishiitaiki20fixer
1
320
WebLogic Server for OCI 概要
oracle4engineer
PRO
3
880
Google Cloud Workflows: API automation, patterns and best practices
glaforge
0
100
地方自治体業務あるある ーアナログ最適化編-
y150saya
1
270
cdk deployに必要な権限ってなんだ?
kinyok
0
180
Periodic Multi-Agent Path Planning
hziwara
0
120

Featured

See All Featured
Three Pipe Problems
jasonvnalue
89
8.9k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
239
19k
Infographics Made Easy
chrislema
235
17k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
38
3.6k
Designing on Purpose - Digital PM Summit 2013
jponch
108
5.9k
Why You Should Never Use an ORM
jnunemaker
PRO
49
7.9k
Principles of Awesome APIs and How to Build Them.
keavy
117
15k
Building a Scalable Design System with Sketch
lauravandoore
451
31k
We Have a Design System, Now What?
morganepeng
37
5.9k
Intergalactic Javascript Robots from Outer Space
tanoku
261
26k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
2
400
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
175
9.1k

Transcript

  1. Azure Route Exchange Phil Huang <[email protected]> Sr. Cloud Solution Architect

    2022/11/29 以 Azure VMware Solution 為例

  2. Challenge Azure Networking

  3. FortiGate 60E wan1 Public IP: x.x.x.x internal1 192.168.100.254/24 Surface 192.168.100.6/24

    Azure VMware Solution 10.7.0.0/22 D-MSEE

  4. On-premise Source IP: 192.168.100.6 vCenter IP of Azure VMware Solution

    in Canada Central : 10.7.0.2

  5. Hint Azure Networking

  6. Azure VMware Solution 連線特性 Already enable VMware NSX-T Edge •

    一座 Azure VMware Solution 提供 2 種 Peering 方式 1. Azure ExpressRoute 2. Azure ExpressRoute Global Reach (對方也須具備 ExpressRoute 才能用) • 預設狀況下,AVS BGP Peering 是由 Azure 所自動設定 • AS Path: 64513 (AVS BGP ASN) -> 65100 -> ... -> 398656 -> 12076 -> Customer Managed ASN

  7. Azure ExpressRoute 連線特性 Private Connection to Microsoft Cloud Ref: https://learn.microsoft.com/en-us/azure/route-server/expressroute-vpn-support

    • 若已具備 ExpressRoute 且須連到指定 Azure VNet, 則需在該 Azure VNet 使用 Virtual Network Gateway (VNG) 並採用 ExpressRoute Type 接入網 路 • 若有需要跟其他線路進行路由,則需要在該 Azure VNet 使用 Azure Route Server,並啟用 Branch-to- Branch 協助路由宣告 (Route Propagate)

  8. Virtual Network Gateway 使用特性 Access to Azure virtual network •

    Virtual Network Gateway 提供 2 種 Gateway Type,可共存 同一個 Azure VNet 1. VPN 2. ExpressRoute • 若需與 Azure Route Server 交換路由,則需要滿足下列條件

  9. 觀察 BGP Peer 及 Learned Routes 狀態 Virtual Network Gateway

    • 選擇 VPN Gateway > Monitoring > BGP Peers

  10. Azure Route Server 使用特性 Enables exchange route information with Azure

    virtual networks • 預設狀況下,Azure Route Server 會啟用 BGP,且 ASN 為 65515 • 無需額外進行 BGP Peer 操作,預設自動跟所在 Azure VNet 之 GatewaySubnet 進行路由交換

  11. Route Exchange with Static Route between ExpressRoute and S2S VPN

    Case 1 Common Use Case!!!

  12. Ref: FortiGate 60E wan1 Public IP: x.x.x.x internal1 192.168.100.254/24 Surface

    192.168.100.6/24 • No BGP • Static Route Only Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute vnet-hub 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 65515 Solution - Create VNet - Create ExpressRoute Gateway (Basic SKU) - Create VPN Gateway - Active-Active Mode - Enable BGP - ASN: 65515 - Create Azure Route Server - Enable branch-to-branch

  13. Ref: FortiGate 60E wan1 Public IP: x.x.x.x internal1 192.168.100.254/24 Surface

    192.168.100.6/24 • No BGP • Static Route Only vWAN 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 65515 Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute Solution - Create vWAN - Create vHub

  14. Case 1 Azure VMware Solution NSX-T T0 BGP ASN: 64513

    10.7.0.0/22

  15. Route Exchange with eBGP between ExpressRoute and S2S VPN Case

    2

  16. Ref: FortiGate 60E ASN: 65533 wan1 Public IP: x.x.x.x internal1

    192.168.100.254/24 Surface 192.168.100.6/24 • BGP ASN: 65533 Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute vnet-hub 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 65515 Solution - Create VNet - Create ExpressRoute Gateway (Basic SKU) - Create VPN Gateway - Active-Active Mode - Enable BGP - ASN: 65515 - Create Azure Route Server - Enable branch-to-branch

  17. Case 2: Route Traffic Azure VMware Solution NSX-T T0 BGP

    ASN: 64513 10.7.0.0/22 ASN: 65533

  18. Route Exchange with multi eBGP between ExpressRoute and S2S VPN

    Case 3

  19. Ref: FortiGate 60E ASN: 65533 wan1 Public IP: x.x.x.x internal1

    192.168.100.254/24 Surface 192.168.100.6/24 Azure VMware Solution 10.7.0.0/22 D-MSEE ExpressRoute vnet-hub 10.10.0.0/24 ExpressRoute Gateway GatewaySubnet 10.10.0.0/27 AzureRouteSubnet 10.10.0.32/27 ars-hub ASN: 65515 private-ip: 10.10.0.37 private-ip: 10.10.0.36 S2S VPN Gateway pip-vpn-1 pip-vpn-2 pip-er pip-ars private-ip-1: 10.10.0.14 private-ip-2: 10.10.0.15 ASN: 300 Solution - Create VNet - Create ExpressRoute Gateway (Basic SKU) - Create VPN Gateway - Active-Active Mode - Enable BGP - ASN: 300 - Create Azure Route Server - Enable branch-to-branch

  20. Case 3: Route Traffic ASN: 300 Azure VMware Solution NSX-T

    T0 BGP ASN: 64513 10.7.0.0/22

  21. Conclusion Azure Networking • 若於地端並無配置 BGP 設計,僅具有 Static Route /

    Policy Route,則可以透過 Case 1 方式將路由接入 至 Azure • 若地端有 BGP 設定,則可透過 Case 2 與 Azure Private ASN 65515 進行路由交換 • 若有特殊架構規劃需求,則可透過 Case 3 或額外建立 NVA (如 FRRouting on Azure VM / 3rd party SD- WAN / vRouter 等) 實踐

  22. Invent with purpose.