创建和管理 ExpressRoute 公共对等互连Create and manage ExpressRoute public peering

可以参照本文来创建和管理 ExpressRoute 线路的公共对等互连路由配置。This article helps you create and manage public peering routing configuration for an ExpressRoute circuit. 还可以检查状态,以及更新/删除和取消预配对等互连。You can also check the status, update, or delete and deprovision peerings.

连接Connectivity

始终会从 WAN 发起到 Azure 服务的连接。Connectivity is always initiated from your WAN to Azure services. Azure 服务无法通过此路由域发起到你的网络的连接。Azure services will not be able to initiate connections into your network through this routing domain. 如果为 ExpressRoute 线路启用了 Azure 公共对等互连,则可以通过该线路访问 Azure 中使用的公共 IP 范围If your ExpressRoute circuit is enabled for Azure public peering, you can access the public IP ranges used in Azure over the circuit.

启用公共对等互连后,可以连接到大多数 Azure 服务。Once public peering is enabled, you can connect to most Azure services. 我们不允许选择要将路由播发到的服务。We do not allow you to selectively pick services for which we advertise routes to.

  • Azure 存储、SQL 数据库和网站等服务是通过公共 IP 地址提供的。Services such as Azure Storage, SQL Databases, and Websites are offered on public IP addresses.
  • 通过公共对等路由域可以私下连接到公共 IP 地址(包括云服务的 VIP)上托管的服务。Through the public peering routing domain, you can privately connect to services hosted on public IP addresses, including VIPs of your cloud services.
  • 可以将公共对等域连接到外围网络,并从 WAN 连接到公共 IP 地址上的所有 Azure 服务,而无需通过 Internet 连接。You can connect the public peering domain to your DMZ and connect to all Azure services on their public IP addresses from your WAN without having to connect through the internet.

服务Services

本部分显示通过公共对等互连提供的服务。This section shows the services available over public peering. 如果你使用公共对等互连,而你要使用的服务只能通过 Microsoft 对等互连获得支持,则必须切换到 Microsoft 对等互连。If you use public peering and the service you want to use is supported only over Microsoft peering, you must switch to Microsoft peering. 有关受支持服务的列表,请参阅 Microsoft 对等互连See Microsoft peering for a list of supported services.

支持:Supported:

  • 支持大多数 Azure 服务。Most of the Azure services are supported. 请直接对要使用的服务进行确认来验证是否支持。Check directly with the service that you want to use to verify support.

不支持:Not supported:

  • Office 365Office 365
  • Power BIPower BI
  • CDNCDN
  • 多重身份验证服务器(旧版)Multi-factor Authentication Server (legacy)
  • 流量管理器Traffic Manager

若要验证特定服务的可用性,可以查看该服务的文档,确定是否存在针对该服务发布的保留范围。To validate availability for a specific service, you can check the documentation for that service to see if there is a reserved range published for that service. 然后,可以查找目标服务的 IP 范围,并将其与 Azure IP 范围和服务标记 - 公有云 XML 文件中列出的范围进行比较。Then you may look up the IP ranges of the target service and compare with the ranges listed in the Azure IP Ranges and Service Tags – Public Cloud XML file. 或者,可以为相应服务开具支持票证以便说明。Alternatively, you can open a support ticket for the service in question for clarification.

对等互连比较Peering comparison

专用对等互连Private Peering Microsoft 对等互连Microsoft Peering 公共对等互连(新的线路已弃用)Public Peering (deprecated for new circuits)
每个对等互连支持的最大前缀数Max. # prefixes supported per peering 默认情况下为 4000,而 ExpressRoute 高级版支持 10,0004000 by default, 10,000 with ExpressRoute Premium 200200 200200
支持的 IP 地址范围IP address ranges supported WAN 中任何有效的 IP 地址。Any valid IP address within your WAN. 由你或连接提供商拥有的公共 IP 地址。Public IP addresses owned by you or your connectivity provider. 由你或连接提供商拥有的公共 IP 地址。Public IP addresses owned by you or your connectivity provider.
AS 编号要求AS Number requirements 专用和公共 AS 编号。Private and public AS numbers. 如果选择使用公共 AS 编号,必须拥有该编号。You must own the public AS number if you choose to use one. 专用和公共 AS 编号。Private and public AS numbers. 但是,必须证明对公共 IP 地址的所有权。However, you must prove ownership of public IP addresses. 专用和公共 AS 编号。Private and public AS numbers. 但是,必须证明对公共 IP 地址的所有权。However, you must prove ownership of public IP addresses.
支持的 IP 协议IP protocols supported IPv4IPv4 IPv4、IPv6IPv4, IPv6 IPv4IPv4
路由接口 IP 地址Routing Interface IP addresses RFC1918 和公共 IP 地址RFC1918 and public IP addresses 在路由注册表中注册的公共 IP 地址。Public IP addresses registered to you in routing registries. 在路由注册表中注册的公共 IP 地址。Public IP addresses registered to you in routing registries.
MD5 哈希支持MD5 Hash support Yes Yes Yes

备注

Azure 公共对等互连有 1 个 NAT IP 地址与每个 BGP 会话相关联。Azure public peering has 1 NAT IP address associated to each BGP session. 对于大于 2 个 NAT IP 地址,请转到 Microsoft 对等互连。For greater than 2 NAT IP addresses, move to Microsoft peering. 通过 Microsoft 对等互连,可以配置自己的 NAT 分配,并使用路由筛选器进行选择性前缀播发。Microsoft peering allows you to configure your own NAT allocations, as well as use route filters for selective prefix advertisements. 有关详细信息,请参阅转到 Microsoft 对等互连For more information, see Move to Microsoft peering.

自定义路由筛选器Custom route filters

可以在网络中定义自定义路由筛选器,以只使用所需的路由。You can define custom route filters within your network to consume only the routes you need. 有关路由配置的详细信息,请参阅路由页。Refer to the Routing page for detailed information on routing configuration.

Azure PowerShell 步骤Azure PowerShell steps

  1. 验证是否有已预配且已启用的 ExpressRoute 线路。Verify that you have an ExpressRoute circuit that is provisioned and also enabled. 使用以下示例:Use the following example:

    Get-AzExpressRouteCircuit -Name "ExpressRouteARMCircuit" -ResourceGroupName "ExpressRouteResourceGroup"
    

    其响应类似于如下示例:The response is similar to the following example:

    Name                             : ExpressRouteARMCircuit
    ResourceGroupName                : ExpressRouteResourceGroup
    Location                         : chinanorth
    Id                               : /subscriptions/***************************/resourceGroups/ExpressRouteResourceGroup/providers/Microsoft.Network/expressRouteCircuits/ExpressRouteARMCircuit
    Etag                             : W/"################################"
    ProvisioningState                : Succeeded
    Sku                              : {
                                       "Name": "Standard_MeteredData",
                                        "Tier": "Standard",
                                        "Family": "MeteredData"
                                      }
    CircuitProvisioningState         : Enabled
    ServiceProviderProvisioningState : Provisioned
    ServiceProviderNotes             : 
    ServiceProviderProperties        : {
                                        "ServiceProviderName": "Beijing Telecom Ethernet",
                                        "PeeringLocation": "Beijing",
                                        "BandwidthInMbps": 200
                                      }
    ServiceKey                       : **************************************
    Peerings                         : []
    
  2. 配置线路的 Azure 公共对等互连。Configure Azure public peering for the circuit. 在继续下一步之前,请确保已准备以下信息。Make sure that you have the following information before you proceed further.

    • 主链路的 /30 子网。A /30 subnet for the primary link. 这必须是有效的公共 IPv4 前缀。This must be a valid public IPv4 prefix.
    • 辅助链路的 /30 子网。A /30 subnet for the secondary link. 这必须是有效的公共 IPv4 前缀。This must be a valid public IPv4 prefix.
    • 用于建立此对等互连的有效 VLAN ID。A valid VLAN ID to establish this peering on. 请确保线路中没有其他对等互连使用同一个 VLAN ID。Ensure that no other peering in the circuit uses the same VLAN ID.
    • 对等互连的 AS 编号。AS number for peering. 可以使用 2 字节和 4 字节 AS 编号。You can use both 2-byte and 4-byte AS numbers.
    • 可选:Optional:
    • MD5 哈希(如果选择使用)。An MD5 hash if you choose to use one.

    运行以下示例为线路配置 Azure 公共对等互连Run the following example to configure Azure public peering for your circuit

    Add-AzExpressRouteCircuitPeeringConfig -Name "AzurePublicPeering" -ExpressRouteCircuit $ckt -PeeringType AzurePublicPeering -PeerASN 100 -PrimaryPeerAddressPrefix "12.0.0.0/30" -SecondaryPeerAddressPrefix "12.0.0.4/30" -VlanId 100
    
    Set-AzExpressRouteCircuit -ExpressRouteCircuit $ckt
    

    如果选择使用 MD5 哈希,请使用以下示例:If you choose to use an MD5 hash, use the following example:

    Add-AzExpressRouteCircuitPeeringConfig -Name "AzurePublicPeering" -ExpressRouteCircuit $ckt -PeeringType AzurePublicPeering -PeerASN 100 -PrimaryPeerAddressPrefix "12.0.0.0/30" -SecondaryPeerAddressPrefix "12.0.0.4/30" -VlanId 100  -SharedKey "A1B2C3D4"
    
    Set-AzExpressRouteCircuit -ExpressRouteCircuit $ckt
    

    重要

    请确保将 AS 编号指定为对等互连 ASN,而不是客户 ASN。Ensure that you specify your AS number as peering ASN, not customer ASN.

获取 Azure 公共对等互连详细信息To get Azure public peering details

可以使用以下 cmdlet 来获取配置详细信息:You can get configuration details using the following cmdlet:

  $ckt = Get-AzExpressRouteCircuit -Name "ExpressRouteARMCircuit" -ResourceGroupName "ExpressRouteResourceGroup"

  Get-AzExpressRouteCircuitPeeringConfig -Name "AzurePublicPeering" -Circuit $ckt

更新 Azure 公共对等互连配置To update Azure public peering configuration

可以使用以下示例来更新配置的任何部分。You can update any part of the configuration using the following example. 在此示例中,线路的 VLAN ID 将从 200 更新为 600。In this example, the VLAN ID of the circuit is being updated from 200 to 600.

Set-AzExpressRouteCircuitPeeringConfig  -Name "AzurePublicPeering" -ExpressRouteCircuit $ckt -PeeringType AzurePublicPeering -PeerASN 100 -PrimaryPeerAddressPrefix "123.0.0.0/30" -SecondaryPeerAddressPrefix "123.0.0.4/30" -VlanId 600

Set-AzExpressRouteCircuit -ExpressRouteCircuit $ckt

删除 Azure 公共对等互连To delete Azure public peering

可以运行以下示例来删除对等互连配置:You can remove your peering configuration by running the following example:

Remove-AzExpressRouteCircuitPeeringConfig -Name "AzurePublicPeering" -ExpressRouteCircuit $ckt
Set-AzExpressRouteCircuit -ExpressRouteCircuit $ckt

Azure CLI 步骤Azure CLI steps

  1. 检查 ExpressRoute 线路以确保它已预配并已启用。Check the ExpressRoute circuit to ensure it is provisioned and also enabled. 使用以下示例:Use the following example:

    az network express-route list
    

    其响应类似于如下示例:The response is similar to the following example:

    "allowClassicOperations": false,
    "authorizations": [],
    "circuitProvisioningState": "Enabled",
    "etag": "W/\"1262c492-ffef-4a63-95a8-a6002736b8c4\"",
    "gatewayManagerEtag": null,
    "id": "/subscriptions/81ab786c-56eb-4a4d-bb5f-f60329772466/resourceGroups/ExpressRouteResourceGroup/providers/Microsoft.Network/expressRouteCircuits/MyCircuit",
    "location": "chinanorth",
    "name": "MyCircuit",
    "peerings": [],
    "provisioningState": "Succeeded",
    "resourceGroup": "ExpressRouteResourceGroup",
    "serviceKey": "1d05cf70-1db5-419f-ad86-1ca62c3c125b",
    "serviceProviderNotes": null,
    "serviceProviderProperties": {
     "bandwidthInMbps": 200,
     "peeringLocation": "Beijing Telecom Ethernet",
     "serviceProviderName": "Beijing"
    },
    "serviceProviderProvisioningState": "Provisioned",
    "sku": {
     "family": "UnlimitedData",
     "name": "Standard_MeteredData",
     "tier": "Standard"
    },
    "tags": null,
    "type": "Microsoft.Network/expressRouteCircuits]
    
  2. 配置线路的 Azure 公共对等互连。Configure Azure public peering for the circuit. 在继续下一步之前,请确保已准备以下信息。Make sure that you have the following information before you proceed further.

    • 主链路的 /30 子网。A /30 subnet for the primary link. 这必须是有效的公共 IPv4 前缀。This must be a valid public IPv4 prefix.
    • 辅助链路的 /30 子网。A /30 subnet for the secondary link. 这必须是有效的公共 IPv4 前缀。This must be a valid public IPv4 prefix.
    • 用于建立此对等互连的有效 VLAN ID。A valid VLAN ID to establish this peering on. 请确保线路中没有其他对等互连使用同一个 VLAN ID。Ensure that no other peering in the circuit uses the same VLAN ID.
    • 对等互连的 AS 编号。AS number for peering. 可以使用 2 字节和 4 字节 AS 编号。You can use both 2-byte and 4-byte AS numbers.
    • 可选 - MD5 哈希(如果选择使用)。Optional - An MD5 hash if you choose to use one.

    运行以下示例为线路配置 Azure 公共对等互连:Run the following example to configure Azure public peering for your circuit:

    az network express-route peering create --circuit-name MyCircuit --peer-asn 100 --primary-peer-subnet 12.0.0.0/30 -g ExpressRouteResourceGroup --secondary-peer-subnet 12.0.0.4/30 --vlan-id 200 --peering-type AzurePublicPeering
    

    如果选择使用 MD5 哈希,请使用以下示例:If you choose to use an MD5 hash, use the following example:

    az network express-route peering create --circuit-name MyCircuit --peer-asn 100 --primary-peer-subnet 12.0.0.0/30 -g ExpressRouteResourceGroup --secondary-peer-subnet 12.0.0.4/30 --vlan-id 200 --peering-type AzurePublicPeering --SharedKey "A1B2C3D4"
    

    重要

    请确保将 AS 编号指定为对等互连 ASN,而不是客户 ASN。Ensure that you specify your AS number as peering ASN, not customer ASN.

查看 Azure 公共对等互连详细信息To view Azure public peering details

可以使用以下示例来获取配置详细信息:You can get configuration details using the following example:

az network express-route peering show -g ExpressRouteResourceGroup --circuit-name MyCircuit --name AzurePublicPeering

输出类似于以下示例:The output is similar to the following example:

{
  "azureAsn": 12076,
  "etag": "W/\"2e97be83-a684-4f29-bf3c-96191e270666\"",
  "gatewayManagerEtag": "18",
  "id": "/subscriptions/9a0c2943-e0c2-4608-876c-e0ddffd1211b/resourceGroups/ExpressRouteResourceGroup/providers/Microsoft.Network/expressRouteCircuits/MyCircuit/peerings/AzurePublicPeering",
  "lastModifiedBy": "Customer",
  "microsoftPeeringConfig": null,
  "name": "AzurePublicPeering",
  "peerAsn": 7671,
  "peeringType": "AzurePublicPeering",
  "primaryAzurePort": "",
  "primaryPeerAddressPrefix": "",
  "provisioningState": "Succeeded",
  "resourceGroup": "ExpressRouteResourceGroup",
  "routeFilter": null,
  "secondaryAzurePort": "",
  "secondaryPeerAddressPrefix": "",
  "sharedKey": null,
  "state": "Enabled",
  "stats": null,
  "vlanId": 100
}

更新 Azure 公共对等互连配置To update Azure public peering configuration

可以使用以下示例来更新配置的任何部分。You can update any part of the configuration using the following example. 在此示例中,线路的 VLAN ID 将从 200 更新为 600。In this example, the VLAN ID of the circuit is being updated from 200 to 600.

az network express-route peering update --vlan-id 600 -g ExpressRouteResourceGroup --circuit-name MyCircuit --name AzurePublicPeering

删除 Azure 公共对等互连To delete Azure public peering

可以运行以下示例来删除对等互连配置:You can remove your peering configuration by running the following example:

az network express-route peering delete -g ExpressRouteResourceGroup --circuit-name MyCircuit --name AzurePublicPeering

Azure 门户步骤Azure portal steps

若要配置对等互连,请使用本文中包含的 PowerShell 或 CLI 步骤。To configure peering, use the PowerShell or CLI steps contained in this article. 若要管理对等互连,可以使用以下部分。To manage a peering, you can use the sections below. 这些步骤类似于在门户中管理 Microsoft 对等互连的步骤,可以将其用作参考。For reference, these steps look similar to managing a Microsoft peering in the portal.

查看 Azure 公共对等互连详细信息To view Azure public peering details

可通过在门户中选择对等互连来查看 Azure 公共对等互连的属性。View the properties of Azure public peering by selecting the peering in the portal.

更新 Azure 公共对等互连配置To update Azure public peering configuration

选择对等互连所对应的行,然后修改对等互连属性。Select the row for peering, then modify the peering properties.

删除 Azure 公共对等互连To delete Azure public peering

通过选择“删除”图标来删除对等互连配置。Remove your peering configuration by selecting the delete icon.

后续步骤Next steps

下一步,将虚拟网络链接到 ExpressRoute 线路Next step, Link a virtual network to an ExpressRoute circuit.