Condividi tramite


Creating and Connecting an ExpressRoute Circuit with Azure Resource Manager

Hi readers, it’s me again. I wanted to highlight that the Azure ExpressRoute documentation has been updated to explain how to create and connect an ExpressRoute circuit with ARM. Go to the How To section and you’ll see the details to perform this (for example, this article explains how to create and modify ER circuits using ARM and PowerShell, this one explains how to create or modify the routing information in your circuit and this one will explain you how to link the vNet to your ExpressRoute circuit with ARM). 

I’m leaving this blog for background information, but won’t keep updating it, so please, go ahead and refer to the links above as they’re kept up to date as new features are introduced!

Victor


Hello readers! Since the recent announcements at AzureCon 2015 (in case you missed this event, you can watch the recordings here), we’ve been seeing more and more interest in evaluating and deploying some of our newest technologies in Azure.

In particular, I want to highlight the announcement that you can now use Azure Resource Manager (ARM) to deploy and manage ExpressRoute circuits. This is a huge announcement and basically it means that you can now include ExpressRoute resources in the declarative templates, so you can have a more complete definition of a network resource including the ExpressRoute circuit mapping. Also, this means that you can now use ExpressRoute to connect directly to your virtual networks deployed in ARM.

When ARM support for ExpressRoute was originally announced, it was available in the Brazil South region only, but since early August it has been rolled out to all regions.

This is great news, but now you may be wondering, how you can deploy and manage your ExpressRoute circuits and connect them to virtual networks in ARM? You can accomplish this via PowerShell, using declarative templates, or with a combination of both. Let’s explore both options in detail, but before jumping into the bits and bytes, let me address a key point in regards to existing ExpressRoute circuits connected to a classic virtual network (legacy virtual networks):

Currently, you cannot connect an existing ExpressRoute circuit (that is connected to a classic virtual network) to an ARM-based virtual network. You’ll need to create a new ExpressRoute circuit so that you can connect it to an ARM-based virtual network.

With this important point clarified, let’s now deep dive into creating your ExpressRoute circuit and connect it to a virtual network via PowerShell and using declarative templates. I’d like to thank to Amit Srivastava, Program Manager in the Azure Networking team for providing the sample PS code and ARM templates!

Note that during this blog post I’ll refer to ARM-based virtual networks as virtual networks, and Azure Service Manager virtual networks as classic virtual networks.

 


Prerequisites and assumptions

WARNING – this blog post assumes that you’ve experience with the BGP protocol, with ExpressRoute, and that you have already a relationship with an ExpressRoute connectivity provider.

Also note that during the blog post I use sample values to deploy and configure the Azure resources. It’s expected that you replace those values with the ones required for you or your company (for example, Azure region, prefixes, ASN number, and so on).

If you are new to ExpressRoute, I’d highly recommend that you first familiarize with ExpressRoute. You can start with the following resources:

· ExpressRoute documentation

· Evolve Your Network Infrastructure for Microsoft Azure Connectivity

· ExpressRoute for experts

Also, this blog assumes that you are already familiar with Azure Resource Manager, and how to deploy resources using declarative templates. You can use the following resources as starting point:

· Azure Resource Manager overview

· Deploying, Organizing and Securing Applications with the Azure Resource Manager

· Next-generation application deployment with Azure Resource Manager

Finally, you need to make sure that you’ve Azure PowerShell 1.0 Preview (or later) installed in your system. This is required because the cmdlets that will allow you to create and manage your ExpressRoute circuits that need to be connected to an ARM-based Virtual Network already follow the [Verb]-AzureRm[Noun] format and the changes that come with the Deprecation of Switch AzureMode in Azure PowerShell.

 


Architecture

Before getting started running PowerShell scripts or deploying templates, let’s review the resources required to connect an ExpressRoute circuit with a virtual network in ARM:

· An ExpressRoute circuit.

· A virtual network with at least two subnets

o Subnet 1 for your Azure resources (for example, VMs)

o Gateway Subnet

· A Public IP address

· An ExpressRoute Gateway that depends on

o Public IP address

o Virtual Network

Once these resources are successfully deployed and configured, you can make the connection between your ExpressRoute Circuit and the Virtual Network as described in the picture below in green:

clip_image002

 


Using PowerShell

Let’s review how you can create an ExpressRoute circuit and connect it to a Virtual Network via PowerShell. As there are several steps involved, the following picture details the steps required:

 

image

Now, let’s see the PS code required:

1. First things first, login and choose the right Azure subscription:

001002003 Login-AzureRmAccountSelect-AzureRmSubscription -SubscriptionId "<sub-id>"

2. Create a resource group for the ExpressRoute circuit (remember, everything you create in ARM must be in a resource group):

001002003004005 $rg = "yourRG"$rglocation = "West Europe"New-AzureRmResourceGroup -Name $rg -Location $rglocation

3. Create the ExpressRoute circuit with your desired configuration.

001002003004005006007 $CircuitName = "MyCkt"$ServiceProviderName = "ER-ServiceProvider"$PeeringLocation = "London"$Bandwidth = 50New-AzureRmExpressRouteCircuit -Name $CircuitName -ResourceGroupName $rg -Location $rglocation -SkuTier Premium -SkuFamily UnlimitedData -ServiceProviderName $ServiceProviderName -PeeringLocation $PeeringLocation -BandwidthInMbps $Bandwidth

Parameters:

Name – The name of the ExpressRoute circuit

ResourceGroupName: The resource group where the ExpressRoute circuit will be deployed

Location: Azure location where the ExpressRoute circuit will be created

SkuTier: Standard or Premium

SkuFamily: MeteredData or UnlimitedData

ServiceProviderName: Name of the ExpressRoute service provider. You can get the validate names running this: Get-AzureRmExpressRouteServiceProvider | select Name

PeeringLocation: Name of the peering location (not the ARM resource location)

BandwidthInMbps: bandwidth in Mbps of the circuit being created

4. Once you create the ExpressRoute circuit, you must add BGP peering. Again, sorry to sound repetitive, but you should replace these values with the correct ones for your environment.

001002003004005006007008009010 $CircuitPeeringName = "AzurePrivatePeering"$ASN = 100$PrimaryPrefix = "10.6.1.0/30"$SecondaryPrefix = "10.6.2.0/30"$vLan = 200$ckt = Get-AzureRmExpressRouteCircuit -Name $CircuitName -ResourceGroupName $rgAdd-AzureRmExpressRouteCircuitPeeringConfig -Name $CircuitPeeringName -Circuit $ckt -PeeringType AzurePrivatePeering -PeerASN $ASN -PrimaryPeerAddressPrefix $PrimaryPrefix -SecondaryPeerAddressPrefix $SecondaryPrefix -VlanId $vLanSet-AzureRmExpressRouteCircuit -ExpressRouteCircuit $ckt

Parameters:

PeeringType: BGP peering type for the Circuit. As we’ll be connecting to a virtual network in Azure, peering must be AzurePrivatePeering

PeerASN: Autonomous System Number of the customer or connectivity provider.

PrimaryPeerAddressPrefix: /30 subnet used to configure IP addresses for interfaces on Link1

SecondaryPeerAddressPrefix: /30 subnet used to configure IP addresses for interfaces on Link2

VlanId: vLAN identifier used by the customer

5. Now here there’s an important step. You must provide the service key you got when creating your ExpressRoute circuit to your ExpressRoute provider as they will need to provision the circuit on their end, before proceeding to the next step. You can obtain the service key running the Get-AzureRmExpressRouteCircuit cmdlet. Please do not continue until your ExpressRoute circuit is fully provisioned. You must make sure that the ExpressRoute circuit has its circuitProvisioningState property set to 'Enabled' , and serviceProviderProvisioningState property set to 'Provisioned' in the output window when running Get-AzureRmExpressRouteCircuit:

PS C:\> Get-AzureRmExpressRouteCircuit

Name : myCkt
ResourceGroupName : ExpressRouteRG
Location : westeurope
Id : /subscriptions/***subscriptionId***/resourceGroups/ExpressRouteRG/providers/Microsoft.Network/expressRouteCircuits/myCkt
Etag :
ProvisioningState : Succeeded
Sku : {
"Name": "Premium_UnlimitedData",
"Tier": "Premium",
"Family": "UnlimitedData"
}
CircuitProvisioningState : Enabled
ServiceProviderProvisioningState : Provisioned
ServiceProviderNotes :
ServiceProviderProperties : {
"ServiceProviderName": "***ServiceProvider***",
"PeeringLocation": "London",
"BandwidthInMbps": 50
}
ServiceKey : ***ServiceKey***
Peerings : []

6. Once the ExpressRoute circuit is provisioned, you need to create the virtual network that you’ll use to connect to your ExpressRoute circuit, and you must define a gateway subnet as the sample below:

001002003004005006007008009010011 $subnet1Name = "s1"$subnet1AddressPrefix = "192.168.0.0/24"$subnet2Name = "GatewaySubnet"$subnet2AddressPrefix = "192.168.1.0/28"$vNetName = "TestVnet"$vNetAddressPrefix = "192.168.0.0/16"$s1 = New-AzureRmVirtualNetworkSubnetConfig -Name $subnet1Name -AddressPrefix $subnet1AddressPrefix$s2 = New-AzureRmVirtualNetworkSubnetConfig -Name $subnet2Name -AddressPrefix $subnet2AddressPrefix$vnet = New-AzureRmVirtualNetwork -Name $vNetName -ResourceGroupName $rg -Location $rglocation -AddressPrefix $vNetAddressPrefix -Subnet $s1, $s2

Parameters (subnet):

Name: The name of the subnet to create

AddressPrefix: The address range in CIDR notation for the subnet

Parameters (Virtual Network)

Name: The name of the Virtual Network to create

ResourceGroupName: The resource group where the virtual network will be created

Location: Azure location where the virtual network will be created

AddressPrefix: The address space in CIDR notation for the new virtual network

Subnet: The subnets that will be created in the virtual network

7. Now, you have to create an ExpressRoute Gateway. We’ll use this gateway to connect the ExpressRoute circuit to your virtual network.

001002003004005006007008 $GWPublicIPName = "GwPIP"$IPConfigName = "Ipconfig"$GWName = "ERGW"$pip = New-AzureRmPublicIpAddress -Name $GWPublicIPName -ResourceGroupName $rg -Location $rglocation -AllocationMethod Dynamic$subnet = $vnet.Subnets[1].Id$ipconfig = New-AzureRmVirtualNetworkGatewayIpConfig -Name $IPConfigName -PublicIpAddressId $pip.Id -SubnetId $subnetNew-AzureRmVirtualNetworkGateway -Name $GWName -ResourceGroupName $rg -Location $rglocation -GatewayType ExpressRoute -VpnType RouteBased -IpConfigurations $ipconfig

Parameters (Public IP Address):

Name: The resource name given to the public IP attached to the gateway

ResourceGroupName: The resource group where the public IP will be created

Location: Azure location where the public IP will be created

AllocationMethod: Public IP allocation method.

Parameters (Gateway)

Name: The resource name given to the ExpressRoute gateway

ResourceGroupName: The resource group where the gateway will be created

Location: Azure location where the gateway will be created

GatewayType: must be ExpressRoute

VpnType: must be RouteBased

IPConfigurations: IP configuration for the gateway

8. And final step, you will need to link the ExpressRoute Gateway to your ExpressRoute circuit

001002003004005 $ERConnectionName = "ERConnection"$gw = Get-AzureRmVirtualNetworkGateway -Name $GWName -ResourceGroupName $rg$conn = New-AzureRmVirtualNetworkGatewayConnection -Name $ERConnectionName -ResourceGroupName $rg -Location $rglocation -VirtualNetworkGateway1 $gw -PeerId $ckt.Id -ConnectionType ExpressRoute

Here, the key parameter is PeerId, and you must pass the circuit id ($ckt.id) of the ExpressRoute circuit you created in step 3.

And that’s it! You now have an ExpressRoute circuit connected to a Virtual Network Smile

 


Using Templates

clip_image006

If you use declarative templates to deploy and manage your resources in Azure, let’s see how you can create an ExpressRoute circuit and connect it to an virtual network using templates.

As you may be already familiar with, there’re multiple ways to deploy Azure resources using declarative templates. Once you identify your preferred deployment method (personally, I use the Azure Quick Start Templates, edit them in Visual Studio 2015 and deploy them via PowerShell), then you have to:

1. Locate and review the Create ExpressRoute Circuit with Private Peering template. You will find two main files:

a. azuredeploy.json – this is the template that when deployed, it will create an ExpressRoute circuit with Private Peering.

b. azuredeploy.parameters.json – this is the parameters file that will make it easier to deploy this template, as you can provide the values/settings desired for your ExpressRoute circuit in this file, an when you deploy the template, you don’t have to provide any parameters interactively. It’s expected that you’ll customize this file with the values required for your ExpressRoute circuit. We provide sample values as a reference only.

2. Create a resource group in Azure

001002003004005 $rg = "yourRG"$rglocation = "West Europe"New-AzureRmResourceGroup -Name $rg -Location $rglocation

3. Deploy the template. Again, you can use your preferred method as highlighted before. In my case, I use PowerShell to deploy the templates using the sample below:

001002003004005006007008 $deploymentName = "CreateERCkt"$rg = "yourRG"$cktTemplateFile = "C:\Templates\201-expressroute-circuit-public-private-peering\azuredeploy.json"$cktParametersFile = "C:\Templates\201-expressroute-circuit-public-private-peering\azuredeploy.parameters.json"New-AzureRmResourceGroupDeployment -Name $deploymentName -ResourceGroupName $rg -TemplateFile $cktTemplateFile -TemplateParameterFile $cktParametersFile

In my example above, I’m deploying the ExpressRoute circuit with private peering using the template in the GitHub repository, but leveraging the parameters file that I’ve customized on-prem. You can change these locations to suit your environment.

4. Once the ExpressRoute circuit is created, you must provide the Service Key to your service provider so that they can provision the circuit on their end. You can obtain the service key running the Get-AzureRmExpressRouteCircuit cmdlet. Please do not continue until your ExpressRoute circuit is fully provisioned. You must make sure that the ExpressRoute circuit has its circuitProvisioningState property set to 'Enabled' , and serviceProviderProvisioningState property set to 'Provisioned' in the output window when running Get-AzureRmExpressRouteCircuit:

PS C:\> Get-AzureRmExpressRouteCircuit

Name : myCkt
ResourceGroupName : ExpressRouteRG
Location : westeurope
Id : /subscriptions/***subscriptionId***/resourceGroups/ExpressRouteRG/providers/Microsoft.Network/expressRouteCircuits/myCkt
Etag :
ProvisioningState : Succeeded
Sku : {
"Name": "Premium_UnlimitedData",
"Tier": "Premium",
"Family": "UnlimitedData"
}
CircuitProvisioningState : Enabled
ServiceProviderProvisioningState : Provisioned
ServiceProviderNotes :
ServiceProviderProperties : {
"ServiceProviderName": "***ServiceProvider***",
"PeeringLocation": "London",
"BandwidthInMbps": 50
}
ServiceKey : ***ServiceKey***
Peerings : []

5. Next, create the ExpressRoute gateway, and connect the virtual network with your ExpressRoute circuit. For this, locate and review the Connect a VNET to an ExpressRoute Circuit template. As in step 1) above, you will find two main files:

a. azuredeploy.json – this is the template that when deployed, it will create an Virtual Network, an ExpressRoute Gateway, and it will make the connection to your ExpressRoute circuit.

b. azuredeploy.parameters.json – similar to the previous template, this is the parameters file that can simplify the deployment of your template. Again, it’s expected that you customize the values in this file to reflect your requirements. We provide sample values as a reference only.

6. Deploy the template using your preferred method. If you choose to use PowerShell, you could use this as a reference:

001002003004005006007008 $deploymentName = "ConnectERCkt"$rg = "yourRG"$connTemplateFile = "C:\Templates\301-expressroute-circuit-vnet-connection\azuredeploy.json"$connParametersFile = "C:\Templates\301-expressroute-circuit-vnet-connection\azuredeploy.parameters.json"New-AzureRmResourceGroupDeployment -Name $deploymentName -ResourceGroupName $rg -TemplateFile $cktTemplateFile -TemplateParameterFile $cktParametersFile

And that’s it! After this procedure you should have an ExpressRoute circuit connected to your virtual network.

 


Conclusion

Azure Resource Manager offers great flexibility on how you can deploy and manage your resources in Azure. In this blog post I have shown you how to connect an ExpressRoute circuit to an ARM virtual network, and we saw how to perform this directly via PowerShell, or via declarative templates (my preferred method).

That’s all for today! I hope you find helpful this blog post and until the next time! Happy ExpressRouting Smile

Comments

  • Anonymous
    October 26, 2015
    Hi Victor,

    I have created a few ARM ExpressRoute connections. Can you tell me how to specify a SharedKey by using the cmdlets? I couldn't see a way with New-AzureRmExpressRouteCircuitPeeringConfig. This used to exist with New-AzureBGPPeering in ASM.

    is it possible with cmdlets, or at the moment only with Resource Template?
  • Anonymous
    October 30, 2015
    This is great article, and fun to read! But I have problem to provision the Expressroute created with Resource Manager to work with the AT&T Netbond. I wonder if anyone has the same problem.
  • Anonymous
    November 05, 2015
    Thanks Cheng. Can you provide details on the errors you're getting?
  • Anonymous
    November 17, 2015
    Can we have ExpressRoute and VPN side by side ?
    Based on this Article, the Gateway type should be 'ExpressRoute', does this mean that we can't use VPN connections to the same Virtual Network already using ExpressRoute ?
  • Anonymous
    November 23, 2015
    Hi Michael, if you update your Azure PowerShell installation you can now specify a SharedKey with the New-AzureRmExpressRouteCircuitPeeringConfig cmdlets.
  • Anonymous
    November 23, 2015
    Guys, please note that the Azure documentation has been updated recently, please check it our for the latest details on how to Create and modify an ExpressRoute circuit using Azure Resource Manager and PowerShell:https://azure.microsoft.com/en-us/documentation/articles/expressroute-howto-circuit-arm/
  • Anonymous
    December 14, 2015
    Folks, please note that the virtual networks must be in the same subscription.
  • Anonymous
    January 06, 2016
    Hi Victor -

    Great article. I'm wondering if you have any guidance with co-existence for ASM and ARM. For example, I have three subscriptions spanning three regions (NAM, EW, EA) all connected via v1 [tag:XR] under ASM. However we'd now like to start deploying workloads via ARM to those same subscriptions whilst we wait for MSFT to release it's migration story from ASM to ARM. I have some thoughts on how to do this but wondered if you had any.

    At the very least I am looking at creating new ARM-based circuits to those subscriptions, connecting them to ARM-based vNets, and then I assume creating a vNet-to-vNet gateway in order to connect my ASM and ARM subnets together. Is there a more elegant way at this time?
  • Anonymous
    January 07, 2016
    Thanks for your feedback Wren,

    You can connect a single ARM-based ER Circuit with ARM-based vNets across multiple subscriptions (see details herehttps://azure.microsoft.com/en-us/documentation/articles/expressroute-howto-linkvnet-arm/).

    And for communication between ASM vNets and ARM vNets, you could have something like:
    ASM vNet <-> ASM ER <-> On-Prem <-> ARM ER <-> ARM vNet

    Thanks,
    Victor
    • Anonymous
      March 16, 2016
      In this example:ASM vNet ASM ER On-Prem ARM ER ARM vNetare you suggesting we can created two ER circuits on the same ER service (cables) or would you need two completely separate ER services ?CheersPaul
  • Anonymous
    January 07, 2016
    Also note that my comment from 14.Dec is not valid anymore as now you can connect an ARM ER Circuit with ARM vNets across multiple subscriptions. Details herehttps://azure.microsoft.com/en-us/documentation/articles/expressroute-howto-linkvnet-arm/
  • Anonymous
    February 09, 2016
    Great article.Question.If i already have a ER on a different subscription I manage. Can I use that same ER on a new subscription with a new IaaSv2 deployment?
  • Anonymous
    February 22, 2016
    can we use expressroute premium for ARM model
    • Anonymous
      February 23, 2016
      Hi Rahul,Absolutely, you can get the ExpressRoute Premium add-on for both, ASM and ARM deployment models.Cheers,Victor
  • Anonymous
    March 30, 2016
    Folks, please see this post for our plans to have a single ExpressRoute circuit to connect to both, ASM and ARM vNets: https://azure.microsoft.com/en-us/blog/transitioning-to-the-resource-manager-model/
  • Anonymous
    April 05, 2016
    As of today, you can now use a single ExpressRoute circuit and connect it to ASM and ARM vNets!!!Details are available here:https://azure.microsoft.com/en-us/documentation/articles/expressroute-move/And step by step instructions are here:https://azure.microsoft.com/en-us/documentation/articles/expressroute-howto-move-arm/Cheers,Victor
  • Anonymous
    September 26, 2016
    Hello very nice website!! Mann .. Beautiful .. Amazing ..I'll bookmark your sitre and take the feeds also?I'm glad to search out numerous useful ino here within the publish, we'd like work out extra tecjniques in this regard, thank youu for sharing.. . . . .