ExpressRoute 常见问题ExpressRoute FAQ

什么是 ExpressRoute?What is ExpressRoute?

ExpressRoute 是一项 Azure 服务,允许在 Microsoft 数据中心与本地环境或共同租用设施中的基础结构之间创建专用连接。ExpressRoute is an Azure service that lets you create private connections between Microsoft datacenters and infrastructure that’s on your premises or in a colocation facility. ExpressRoute 连接不通过公共 Internet,与通过 Internet 的典型连接相比,提供更高的安全性、可靠性、速度和更低的延迟。ExpressRoute connections do not go over the public Internet, and offer higher security, reliability, and speeds with lower latencies than typical connections over the Internet.

使用 ExpressRoute 和专用网络连接的好处是什么?What are the benefits of using ExpressRoute and private network connections?

ExpressRoute 连接不通过公共 Internet 。ExpressRoute connections do not go over the public Internet. 与通过 Internet 的典型连接相比,ExpressRoute 连接提供更高的安全性、可靠性、速度和较低的一致延迟。They offer higher security, reliability, and speeds, with lower and consistent latencies than typical connections over the Internet. 在某些情况下,使用 ExpressRoute 连接在本地设备和 Azure 之间传输数据可以产生显著的成本效益。In some cases, using ExpressRoute connections to transfer data between on-premises devices and Azure can yield significant cost benefits.

哪里提供该服务?Where is the service available?

请参阅此页面以了解服务位置和可用性:ExpressRoute 合作伙伴和位置See this page for service location and availability: ExpressRoute partners and locations.

如果未与 ExpressRoute 运营商合作伙伴之一建立合作伙伴关系,则如何使用 ExpressRoute 连接到 Microsoft?How can I use ExpressRoute to connect to Microsoft if I don’t have partnerships with one of the ExpressRoute-carrier partners?

可以将区域运营商和地区以太网连接选择为支持的 Exchange 提供商位置之一。You can select a regional carrier and land Ethernet connections to one of the supported exchange provider locations. 然后,你可以在提供商位置与 Microsoft 实现对接。You can then peer with Microsoft at the provider location. 请查看 ExpressRoute 合作伙伴和位置的最后一部分,以确定服务提供商是否在任何 Exchange 位置。Check the last section of ExpressRoute partners and locations to see if your service provider is present in any of the Exchange locations. 然后,你可以通过服务提供商订购一条 ExpressRoute 线路以连接到 Azure。You can then order an ExpressRoute circuit through the service provider to connect to Azure.

ExpressRoute 的费用是多少?How much does ExpressRoute cost?

有关定价信息,请查看定价详细信息Check pricing details for pricing information.

如果我购买了具有给定带宽的 ExpressRoute 线路,我必须从网络服务提供商购买具有相同速度的 VPN 连接吗?If I pay for an ExpressRoute circuit of a given bandwidth, does the VPN connection I purchase from my network service provider have to be the same speed?

不是。No. 可以从服务提供商购买任何速度的 VPN 连接。You can purchase a VPN connection of any speed from your service provider. 但是,与 Azure 的连接速度限制为购买的 ExpressRoute 线路带宽。However, your connection to Azure is limited to the ExpressRoute circuit bandwidth that you purchase.

如果我购买了具有给定带宽的 ExpressRoute 线路,是否可以根据需要提升到更高的速度?If I pay for an ExpressRoute circuit of a given bandwidth, do I have the ability to burst up to higher speeds if necessary?

是的。Yes. ExpressRoute 线路的配置允许免费将速度提升到所购带宽限制的两倍。ExpressRoute circuits are configured to allow you to burst up to two times the bandwidth limit you procured for no additional cost. 请咨询你的服务提供商,确定他们是否支持此功能。Check with your service provider to see if they support this capability. 这不会持续一段时间,因此不能保证。This is not for a sustained period of time and is not guaranteed. 如果流量流过 ExpressRoute 网关,则 sku 的带宽是固定的,不可提升。If traffic flows through an ExpressRoute Gateway, the bandwidth for the sku is fixed and not burstable.

能否同时与虚拟网络和其他 Azure 服务使用同一专用网络连接?Can I use the same private network connection with virtual network and other Azure services simultaneously?

是的。Yes. 设置 ExpressRoute 线路后,可以同时访问虚拟网络中的服务和其他 Azure 服务。An ExpressRoute circuit, once set up, allows you to access services within a virtual network and other Azure services simultaneously. 通过专用对等路径可连接到虚拟网络,通过 Microsoft 对等路径可连接到其他服务。You connect to virtual networks over the private peering path, and to other services over the Microsoft peering path.

如何在 ExpressRoute 专用对等互连上播发 VNet?How are VNets advertised on ExpressRoute Private Peering?

ExpressRoute 网关会播发 Azure VNet 的地址空间,无法在子网级别包含/排除。The ExpressRoute gateway will advertise the Address Space(s) of the Azure VNet, you can't include/exclude at the subnet level. 它始终为播发的 VNet 地址空间。It is always the VNet Address Space that is advertised. 此外,如果使用 VNet 对等互连并且对等互连 VNet 启用了“使用远程网关”,则还会播发对等互连 VNet 的地址空间。Also, if VNet Peering is used and the peered VNet has "Use Remote Gateway" enabled, the Address Space of the peered VNet will also be advertised.

在 ExpressRoute 专用对等互连上,可以将多少个前缀从 VNet 播发到本地?How many prefixes can be advertised from a VNet to on-premises on ExpressRoute Private Peering?

在单个 ExpressRoute 连接上,或使用网关传输通过 VNet 对等互连进行播发时,最多可播放 200 个前缀。There is a maximum of 200 prefixes advertised on a single ExpressRoute connection, or through VNet peering using gateway transit. 例如,如果在连接到 ExpressRoute 线路的单个 VNet 上有 199 个地址空间,则所有这些 199 个前缀都会播发到本地。For example, if you have 199 address spaces on a single VNet connected to an ExpressRoute circuit, all 199 of those prefixes will be advertised to on-premises. 或者,如果启用了 VNet 以允许通过 1 个地址空间进行网关传输,并使用“允许远程网关”选项启用了 150 个分支 Vnet,则使用网关部署的 VNet 会将 151 个前缀播放到本地。Alternatively, if you have a VNet enabled to allow gateway transit with 1 address space and 150 spoke VNets enabled using the "Allow Remote Gateway" option, the VNet deployed with the gateway will advertise 151 prefixes to on-premises.

如果超过 ExpressRoute 连接上的前缀限制,会发生什么情况?What happens if I exceed the prefix limit on an ExpressRoute connection?

ExpressRoute 线路与网关(以及使用网关传输的对等互连 VNet,如果适用)之间的连接将会中断。The connection between the ExpressRoute circuit and the gateway (and peered VNets using gateway transit, if applicable) will go down. 当不再超过前缀限制时,它会重新建立。It will re-establish when the prefix limit is no longer exceeded.

是否可以筛选来自本地网络的路由?Can I filter routes coming from my on-premises network?

筛选/包含路由的唯一方法是在本地边缘路由器上进行。The only way to filter/include routes is on the on-premises edge router. 用户定义的路由可以添加到 VNet 中以影响特定路由,但这是静态的,不是 BGP 播发的一部分。User-defined Routes can be added in the VNet to affect specific routing, but this will be static and not part of the BGP advertisement.

ExpressRoute 是否提供服务级别协议 (SLA)?Does ExpressRoute offer a Service Level Agreement (SLA)?

有关信息,请参阅 ExpressRoute SLA 页。For information, see the ExpressRoute SLA page.

支持的服务Supported services

ExpressRoute 支持 三种路由域 ,适用于各种类型的服务。ExpressRoute supports three routing domains for various types of services.

专用对等互连Private peering

支持:Supported:

  • 虚拟网络,包括所有虚拟机和云服务Virtual networks, including all virtual machines and cloud services

Microsoft 对等互连Microsoft peering

如果对 Azure Microsoft 对等互连启用了 ExpressRoute 线路,则可以通过该线路访问 Azure 中使用的公共 IP 地址范围If your ExpressRoute circuit is enabled for Azure Microsoft peering, you can access the public IP address ranges used in Azure over the circuit. Azure Microsoft 对等互连将提供对当前在 Azure 上托管的服务的访问权限(具有地理限制,具体取决于线路的 SKU)。Azure Microsoft peering will provide access to services currently hosted on Azure (with geo-restrictions depending on your circuit's SKU). 若要验证特定服务的可用性,可以查看该服务的文档,以了解是否为该服务发布了保留范围。To validate availability for a specific service, you can check the documentation for that service to see if there is a reserved range published for that service. 然后,查找目标服务的 IP 范围,并与 Azure IP 范围和服务标记 – 公有云 XML 文件中列出的范围进行比较。Then, look up the IP ranges of the target service and compare with the ranges listed in the Azure IP Ranges and Service Tags – Public Cloud XML file. 或者,可以为相关服务开具支持票证以进行说明。Alternatively, you can open a support ticket for the service in question for clarification.

支持:Supported:

  • 支持大多数 Azure 服务。Most of the Azure services are supported. 请直接对要使用的服务进行确认来验证是否支持。Please check directly with the service that you want to use to verify support.

不支持:Not supported:

* <span data-ttu-id="d3ac6-165">Office 365</span><span class="sxs-lookup"><span data-stu-id="d3ac6-165">Office 365</span></span>
* <span data-ttu-id="d3ac6-166">PBI</span><span class="sxs-lookup"><span data-stu-id="d3ac6-166">PBI</span></span>
* <span data-ttu-id="d3ac6-167">CDN</span><span class="sxs-lookup"><span data-stu-id="d3ac6-167">CDN</span></span>

* <span data-ttu-id="d3ac6-168">多重身份验证服务器(旧版)</span><span class="sxs-lookup"><span data-stu-id="d3ac6-168">Multi-factor Authentication Server (legacy)</span></span>
* <span data-ttu-id="d3ac6-169">流量管理器</span><span class="sxs-lookup"><span data-stu-id="d3ac6-169">Traffic Manager</span></span>

公共对等互连Public peering

支持:Supported:

  • 支持大多数 Azure 服务。Most of the Azure services are supported. 请直接对要使用的服务进行确认来验证是否支持。Please check directly with the service that you want to use to verify support.

不支持:Not supported:

* <span data-ttu-id="d3ac6-175">Office 365</span><span class="sxs-lookup"><span data-stu-id="d3ac6-175">Office 365</span></span>
* <span data-ttu-id="d3ac6-176">PBI</span><span class="sxs-lookup"><span data-stu-id="d3ac6-176">PBI</span></span>
* <span data-ttu-id="d3ac6-177">CDN</span><span class="sxs-lookup"><span data-stu-id="d3ac6-177">CDN</span></span>
* <span data-ttu-id="d3ac6-178">多重身份验证</span><span class="sxs-lookup"><span data-stu-id="d3ac6-178">Multi-factor Authentication</span></span>
* <span data-ttu-id="d3ac6-179">流量管理器</span><span class="sxs-lookup"><span data-stu-id="d3ac6-179">Traffic Manager</span></span>

在配置 Microsoft 对等互连时,为什么会看到“播发的公用前缀”状态为“需要验证”?Why I see 'Advertised public prefixes' status as 'Validation needed', while configuring Microsoft peering?

Microsoft 会验证指定的“播发的公用前缀”和“对等 ASN”(或“客户 ASN”)是否已在 Internet 路由注册表中分配给你。Microsoft verifies if the specified 'Advertised public prefixes' and 'Peer ASN' (or 'Customer ASN') are assigned to you in the Internet Routing Registry. 如果要从其他实体获取公用前缀,并且没有在路由注册表中记录分配,则自动验证不会完成,需要手动验证。If you are getting the public prefixes from another entity and if the assignment is not recorded with the routing registry, the automatic validation will not complete and will require manual validation. 如果自动验证失败,则你会看到消息“需要验证”。If the automatic validation fails, you will see the message 'Validation needed'.

如果看到消息“需要验证”,请收集相关文档,它们显示公用前缀已由在路由注册表中作为前缀所有者列出的实体分配给你的组织,然后通过开具支持票证来提交这些文档以进行手动验证,如下所示。If you see the message 'Validation needed', collect the document(s) that show the public prefixes are assigned to your organization by the entity that is listed as the owner of the prefixes in the routing registry and submit these documents for manual validation by opening a support ticket as shown below.

数据和连接Data and connections

对于使用 ExpressRoute 可以传输的数据量是否有限制?Are there limits on the amount of data that I can transfer using ExpressRoute?

我们不对数据传输量设置限制。We do not set a limit on the amount of data transfer. 有关带宽价格的信息,请参阅定价详细信息Refer to pricing details for information on bandwidth rates.

ExpressRoute 支持的连接速度是多少?What connection speeds are supported by ExpressRoute?

支持的带宽如下:Supported bandwidth offers:

50 Mbps、100 Mbps、200 Mbps、500 Mbps、1 Gbps、2 Gbps、5 Gbps、10 Gbps50 Mbps, 100 Mbps, 200 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 5 Gbps, 10 Gbps

可以选择哪些服务提供商?Which service providers are available?

有关服务提供商和位置的列表,请参阅 ExpressRoute 合作伙伴和位置See ExpressRoute partners and locations for the list of service providers and locations.

技术详细信息Technical details

将本地位置连接到 Azure 有哪些技术要求?What are the technical requirements for connecting my on-premises location to Azure?

有关要求,请参阅 ExpressRoute 先决条件页See ExpressRoute prerequisites page for requirements.

与 ExpressRoute 的连接是冗余的吗?Are connections to ExpressRoute redundant?

是的。Yes. 每条 ExpressRoute 线路都配置一对冗余交叉连接,以提供高可用性。Each Express Route circuit has a redundant pair of cross connections configured to provide high availability.

如果其中一个交叉连接出现故障,不会失去连接。You will not lose connectivity if one of the cross connections fails. 可使用冗余连接,以支持网络负载和提供 ExpressRoute 线路的高可用性。A redundant connection is available to support the load of your network and provide high availability of your ExpressRoute circuit. 另外,还可以在不同对等位置创建一条线路以获得线路级恢复能力。You can additionally create a circuit in a different peering location to achieve circuit-level resilience.

如何在专用对等互连上实现冗余?How do I implement redundancy on private peering?

来自不同对等互连位置的多条 ExpressRoute 线路或来自同一对等互连位置的最多四个连接可以连接到同一虚拟网络,以此在单条线路变得不可用的情况下提供高可用性。Multiple ExpressRoute circuits from different peering locations or up to four connections from the same peering location can be connected to the same virtual network to provide high-availability in the case that a single circuit becomes unavailable. 你随后可以为其中一个本地连接分配更高的权重,使特定线路成为首选。You can then assign higher weights to one of the local connections to prefer a specific circuit. 强烈建议客户至少设置两个 ExpressRoute 线路,以避免单一故障点。It is strongly recommended that customers setup at least two ExpressRoute circuits to avoid single points of failure.

请参阅此处以了解如何进行高可用性设计,并参阅此处以了解如何进行灾难恢复设计。See here for designing for high availability and here for designing for disaster recovery.

如何在 Microsoft 对等互连上实现冗余?How I do implement redundancy on Microsoft peering?

当客户使用 Microsoft 对等互连访问 Azure 公共服务(如 Azure 存储或 Azure SQL)时,以及对于将 Microsoft 对等互连用于 Office 365 的客户,强烈建立他们在不同互连对等位置实现多个线路,以避免单一故障点。It is highly recommended when customers are using Microsoft peering to access Azure public services like Azure Storage or Azure SQL, as well as customers that are using Microsoft peering for Office 365 that they implement multiple circuits in different peering locations to avoid single points of failure. 客户可以在两个线路上播放相同的前缀,并使用 AS PATH 附加或播放不同的前缀来确定来自本地的路径。Customers can either advertise the same prefix on both circuits and use AS PATH prepending or advertise different prefixes to determine path from on-premises.

请参阅此处以了解如何进行高可用性设计。See here for designing for high availability.

如何确保连接到 ExpressRoute 的虚拟网络上的高可用性?How do I ensure high availability on a virtual network connected to ExpressRoute?

可以通过将同一对等互连位置中最多四条 ExpressRoute 线路连接到你的虚拟网络,或者将不同对等互连位置中的 ExpressRoute 线路连接到你的虚拟网络来实现高可用性。You can achieve high availability by connecting up to four ExpressRoute circuits in the same peering location to your virtual network, or by connecting ExpressRoute circuits in different peering locations to your virtual network. 如果一条 ExpressRoute 线路出现故障,连接会故障转移到另一条 ExpressRoute 线路。If one ExpressRoute circuit goes down, connectivity will fail over to another ExpressRoute circuit. 默认情况下,将基于等成本多路径路由 (ECMP) 对离开虚拟网络的流量进行路由。By default, traffic leaving your virtual network is routed based on Equal Cost Multi-path Routing (ECMP). 可以使用连接权重来使一条线路优先于另一条线路。You can use Connection Weight to prefer one circuit to another. 有关详细信息,请参阅优化 ExpressRoute 路由For more information, see Optimizing ExpressRoute Routing.

如何确保 Microsoft 对等互连或公共对等互连上以 Azure 公共服务(如 Azure 存储和 Azure SQL)为目标的流量首选采用 ExpressRoute 路径?How do I ensure that my traffic destined for Azure Public services like Azure Storage and Azure SQL on Microsoft peering or public peering is preferred on the ExpressRoute path?

必须在路由器上实现“本地首选项”属性,以确保从本地到 Azure 的路径始终首选采用 ExpressRoute 线路。You must implement the Local Preference attribute on your router(s) to ensure that the path from on-premises to Azure is always preferred on your ExpressRoute circuit(s).

请参阅此处有关 BGP 路径选择和常见路由器配置的其他详细信息。See additional details here on BGP path selection and common router configurations.

如果我不在云交换中共置,而我的服务提供商提供点到点连接,我需要在本地网络与 Microsoft 之间订购两个物理连接吗?If I'm not co-located at a cloud exchange and my service provider offers point-to-point connection, do I need to order two physical connections between my on-premises network and Microsoft?

如果服务提供商可以通过物理连接建立两条以太网虚拟线路,则只需要一个物理连接。If your service provider can establish two Ethernet virtual circuits over the physical connection, you only need one physical connection. 物理连接(例如光纤)的终点在第 1 层 (L1) 设备上(请参阅下图)。The physical connection (for example, an optical fiber) is terminated on a layer 1 (L1) device (see the image). 两条以太网虚拟线路使用不同的 VLAN ID 进行标记,一个供主要线路使用,一个供辅助线路使用。The two Ethernet virtual circuits are tagged with different VLAN IDs, one for the primary circuit, and one for the secondary. 这些 VLAN ID 位于外部 802.1Q 以太网标头中。Those VLAN IDs are in the outer 802.1Q Ethernet header. 内部 802.1Q 以太网标头(不显示)会映射到特定的 ExpressRoute 路由域The inner 802.1Q Ethernet header (not shown) is mapped to a specific ExpressRoute routing domain.

能否使用 ExpressRoute 将我的一个 VLAN 扩展到 Azure?Can I extend one of my VLANs to Azure using ExpressRoute?

不是。No. 不支持将第 2 层连接扩展到 Azure。We do not support layer 2 connectivity extensions into Azure.

能否在我的订阅中有多条 ExpressRoute 线路?Can I have more than one ExpressRoute circuit in my subscription?

是的。Yes. 可以在订阅中有多条 ExpressRoute 线路。You can have more than one ExpressRoute circuit in your subscription. 默认限制设置为 10。The default limit is set to 10. 如果需要增大限制,请联系 Microsoft 支持部门。You can contact Microsoft Support to increase the limit, if needed.

能否使用不同服务提供商的 ExpressRoute 线路?Can I have ExpressRoute circuits from different service providers?

是的。Yes. 可以使用许多服务提供商的 ExpressRoute 线路。You can have ExpressRoute circuits with many service providers. 每条 ExpressRoute 线路只与一个服务提供商相关联。Each ExpressRoute circuit is associated with one service provider only.

我在同一城市内看到两个 ExpressRoute 对等互连位置(例如,新加坡和新加坡 2)。I see two ExpressRoute peering locations in the same metro, for example, Singapore and Singapore2. 我应选择哪个对等位置来创建我的 ExpressRoute 线路?Which peering location should I choose to create my ExpressRoute circuit?

如果服务提供商在两个站点均提供 ExpressRoute,则可以与提供商协作,选择任意一个站点来设置 ExpressRoute。If your service provider offers ExpressRoute at both sites, you can work with your provider and pick either site to set up ExpressRoute.

是的。Yes. 可以具有多条包含相同或不同服务提供商的 ExpressRoute 线路。You can have multiple ExpressRoute circuits with the same or different service providers. 如果城区内有多个 ExpressRoute 对等位置,并且线路创建在了不同的对等位置,则可以将这些线路链接到同一虚拟网络。If the metro has multiple ExpressRoute peering locations and the circuits are created at different peering locations, you can link them to the same virtual network. 如果线路是在同一对等互连位置创建的,你最多可以将四条线路链接到同一虚拟网络。If the circuits are created at the same peering location, you can link up to four circuits to the same virtual network.

如何将我的虚拟网络连接到 ExpressRoute 线路How do I connect my virtual networks to an ExpressRoute circuit

基本步骤如下:The basic steps are:

  • 建立一条 ExpressRoute 线路并让服务提供商启用它。Establish an ExpressRoute circuit and have the service provider enable it.
  • 你或者提供商必须配置 BGP 对等互连。You, or the provider, must configure the BGP peering(s).
  • 将虚拟网络连接到 ExpressRoute 线路。Link the virtual network to the ExpressRoute circuit.

有关详细信息,请参阅 ExpressRoute 线路预配工作流和线路状态For more information, see ExpressRoute workflows for circuit provisioning and circuit states.

我的 ExpressRoute 线路是否存在连接界限?Are there connectivity boundaries for my ExpressRoute circuit?

是的。Yes. ExpressRoute 合作伙伴和位置一文概述了 ExpressRoute 线路的连接界限。The ExpressRoute partners and locations article provides an overview of the connectivity boundaries for an ExpressRoute circuit. 一条 ExpressRoute 线路的连接范围限制为单个地缘政治区域。Connectivity for an ExpressRoute circuit is limited to a single geopolitical region. 可以通过启用 ExpressRoute 高级功能,将连接扩展为跨地缘政治区域。Connectivity can be expanded to cross geopolitical regions by enabling the ExpressRoute premium feature.

是的。Yes. 在标准 ExpressRoute 线路上最多可以有 10 个虚拟网络连接,在高级 ExpressRoute 线路上最多可以有 100 个。You can have up to 10 virtual networks connections on a standard ExpressRoute circuit, and up to 100 on a premium ExpressRoute circuit.

我有多个包含虚拟网络的 Azure 订阅。I have multiple Azure subscriptions that contain virtual networks. 能否将不同订阅中的虚拟网络连接到单个 ExpressRoute 线路?Can I connect virtual networks that are in separate subscriptions to a single ExpressRoute circuit?

是的。Yes. 可以在同一订阅中最多链接 10 个虚拟网络作为线路,或在不同的订阅中使用单一 ExpressRoute 线路。You can link up to 10 virtual networks in the same subscription as the circuit or different subscriptions using a single ExpressRoute circuit. 可以通过启用 ExpressRoute 高级功能来提高此限制。This limit can be increased by enabling the ExpressRoute premium feature.

有关详细信息,请参阅在多个订阅之间共享 ExpressRoute 线路For more information, see Sharing an ExpressRoute circuit across multiple subscriptions.

我有多个关联到不同 Azure Active Directory 租户或企业协议合约的 Azure 订阅。I have multiple Azure subscriptions associated to different Azure Active Directory tenants or Enterprise Agreement enrollments. 是否可以将位于单独租户和合约中的虚拟网络连接到不在同一租户或合约中的单个 ExpressRoute 线路?Can I connect virtual networks that are in separate tenants and enrollments to a single ExpressRoute circuit not in the same tenant or enrollment?

是的。Yes. ExpressRoute 授权可以跨订阅、租户和合约边界,不需要进行额外配置。ExpressRoute authorizations can span subscription, tenant, and enrollment boundaries with no additional configuration required.

有关详细信息,请参阅在多个订阅之间共享 ExpressRoute 线路For more information, see Sharing an ExpressRoute circuit across multiple subscriptions.

连接到同一线路的虚拟网络相互隔离吗?Are virtual networks connected to the same circuit isolated from each other?

否。No. 从路由角度看,连接到同一 ExpressRoute 线路的所有虚拟网络都属于同一路由域,不是相互隔离的。From a routing perspective, all virtual networks linked to the same ExpressRoute circuit are part of the same routing domain and are not isolated from each other. 如果需要路由隔离,则需要创建单独的 ExpressRoute 线路。If you need route isolation, you need to create a separate ExpressRoute circuit.

能否将一个虚拟网络连接到多条 ExpressRoute 线路?Can I have one virtual network connected to more than one ExpressRoute circuit?

是的。Yes. 可将一个虚拟网络最多链接到处于相同或不同对等互连位置的四个 ExpressRoute 线路。You can link a single virtual network with up to four ExpressRoute circuits in either the same or different peering locations.

能否从连接到 ExpressRoute 线路的虚拟网络访问 Internet?Can I access the Internet from my virtual networks connected to ExpressRoute circuits?

是的。Yes. 如果尚未通过 BGP 会话公布默认路由 (0.0.0.0/0) 或 Internet 路由前缀,可以从连接到 ExpressRoute 线路的虚拟网络连接到 Internet。If you have not advertised default routes (0.0.0.0/0) or Internet route prefixes through the BGP session, you can connect to the Internet from a virtual network linked to an ExpressRoute circuit.

能否阻止与连接到 ExpressRoute 线路的虚拟网络建立 Internet 连接?Can I block Internet connectivity to virtual networks connected to ExpressRoute circuits?

是的。Yes. 可以播发默认路由 (0.0.0.0/0) 以阻止与虚拟网络内部署的虚拟机建立所有 Internet 连接,并通过 ExpressRoute 线路路由出所有流量。You can advertise default routes (0.0.0.0/0) to block all Internet connectivity to virtual machines deployed within a virtual network and route all traffic out through the ExpressRoute circuit.

请注意,如果播发默认路由,我们会强制将传送到通过 Microsoft 对等互连提供的服务(如 Azure 存储和 SQL DB)的流量传回本地。If you advertise default routes, we force traffic to services offered over Microsoft peering (such as Azure storage and SQL DB) back to your premises. 必须将路由器配置为通过 Microsoft 对等互连路径或通过 Internet 将流量传回 Azure。You will have to configure your routers to return traffic to Azure through the Microsoft peering path or over the Internet. 如果已启用了该服务的一个服务终结点,则不会强制将发送到该服务的流量传回本地。If you've enabled a service endpoint for the service, the traffic to the service is not forced to your premises. 流量将保持在 Azure 主干网络中。The traffic remains within the Azure backbone network. 若要详细了解服务终结点,请参阅虚拟网络服务终结点To learn more about service endpoints, see Virtual network service endpoints

连接到同一 ExpressRoute 线路的虚拟网络能否互相对话?Can virtual networks linked to the same ExpressRoute circuit talk to each other?

是的。Yes. 连接到同一 ExpressRoute 线路的虚拟网络中部署的虚拟机可以彼此通信。Virtual machines deployed in virtual networks connected to the same ExpressRoute circuit can communicate with each other.

能否将站点到站点连接与 ExpressRoute 一起用于虚拟网络?Can I use site-to-site connectivity for virtual networks in conjunction with ExpressRoute?

是的。Yes. ExpressRoute 可与站点到站点 VPN 共存。ExpressRoute can coexist with site-to-site VPNs. 请参阅配置 ExpressRoute 和站点到站点并存连接See Configure ExpressRoute and site-to-site coexisting connections.

为什么有一个公共 IP 地址与虚拟网络上的 ExpressRoute 网关相关联?Why is there a public IP address associated with the ExpressRoute gateway on a virtual network?

此公共 IP 地址仅用于内部管理,不会给虚拟网络带来安全隐患。The public IP address is used for internal management only, and does not constitute a security exposure of your virtual network.

对于我可以公布的路由数有限制吗?Are there limits on the number of routes I can advertise?

是的。Yes. 对于专用对等互连,我们最多接受 4000 个路由前缀;对于 Microsoft 对等互连,接受 200 个。We accept up to 4000 route prefixes for private peering and 200 for Microsoft peering. 如果启用 ExpressRoute 高级功能,可以将专用对等互连的此限制提高为 10,000 个路由。You can increase this to 10,000 routes for private peering if you enable the ExpressRoute premium feature.

对于我可以通过 BGP 会话公布的 IP 范围有限制吗?Are there restrictions on IP ranges I can advertise over the BGP session?

对于 Microsoft 对等 BGP 会话中,不接受私有前缀 (RFC1918)。We do not accept private prefixes (RFC1918) for the Microsoft peering BGP session. 我们在 Microsoft 和专用对等互连上接受任何前缀大小(最多 /32)。We accept any prefix size (up to /32) on both the Microsoft and the private peering.

如果超过 BGP 限制,会发生什么情况?What happens if I exceed the BGP limits?

BGP 会话会被删除。BGP sessions will be dropped. 当前缀计数低于限制后,将重置这些会话。They will be reset once the prefix count goes below the limit.

ExpressRoute BGP 保持时间是多少?What is the ExpressRoute BGP hold time? 是否可以调整它?Can it be adjusted?

保持时间为 180。The hold time is 180. Keep-Alive(保持活动)消息每隔 60 秒发送一次。The keep-alive messages are sent every 60 seconds. 这些是 Microsoft 端的固定设置,不能更改。These are fixed settings on the Microsoft side that cannot be changed. 可以配置不同的计时器,BGP 会话参数会相应地协商。It is possible for you to configure different timers, and the BGP session parameters will be negotiated accordingly.

是否可以更改 ExpressRoute 线路的带宽?Can I change the bandwidth of an ExpressRoute circuit?

是的,可以尝试在 Azure 门户中或者使用 PowerShell.mpt 来增加 ExpressRoute 线路的带宽。Yes, you can attempt to increase the bandwidth of your ExpressRoute circuit in the Azure portal, or by using PowerShell. 如果在创建线路的物理端口上有容量可用,则更改会成功。If there is capacity available on the physical port on which your circuit was created, your change succeeds.

如果更改失败,这意味着当前端口上没有剩余足够的容量,需要创建具有更高带宽的新 ExpressRoute 线路;或者意味着在该位置没有额外的容量,在这种情况下将无法增加带宽。If your change fails, it means either there isn’t enough capacity left on the current port and you need to create a new ExpressRoute circuit with the higher bandwidth, or that there is no additional capacity at that location, in which case you won't be able to increase the bandwidth.

还必须跟进连接服务提供商,确保他们更新其网络中的限制以支持带宽增加。You will also have to follow up with your connectivity provider to ensure that they update the throttles within their networks to support the bandwidth increase. 不过,无法减小 ExpressRoute 线路的带宽。You cannot, however, reduce the bandwidth of your ExpressRoute circuit. 必须创建具有更低带宽的新 ExpressRoute 线路并删除旧线路。You have to create a new ExpressRoute circuit with lower bandwidth and delete the old circuit.

如何更改 ExpressRoute 线路的带宽?How do I change the bandwidth of an ExpressRoute circuit?

可以使用 REST API 或 PowerShell cmdlet 更新 ExpressRoute 线路的带宽。You can update the bandwidth of the ExpressRoute circuit using the REST API or PowerShell cmdlet.

ExpressRoute 高级版ExpressRoute premium

什么是 ExpressRoute 高级版?What is ExpressRoute premium?

ExpressRoute 高级版是以下功能的集合:ExpressRoute premium is a collection of the following features:

  • 对于专用对等互连,将路由表限制从 4000 个路由提升为 10,000 个路由。Increased routing table limit from 4000 routes to 10,000 routes for private peering.
  • 增加了可在一条 ExpressRoute 线路上启用的 VNet 数(默认数量为 10 个)。Increased number of VNets that can be enabled on an ExpressRoute circuit (default is 10). 有关详细信息,请参阅 ExpressRoute 限制表。For more information, see the ExpressRoute Limits table.

如果启用了 ExpressRoute 高级版,可在一条 ExpressRoute 线路上启用多少个 VNet?How many VNets can I enable on an ExpressRoute circuit if I enabled ExpressRoute premium?

下表显示了 ExpressRoute 限制和每条 ExpressRoute 线路的 VNet 数:The following tables show the ExpressRoute limits and the number of VNets per ExpressRoute circuit:

ExpressRoute 限制ExpressRoute Limits

下列限制适用于每个订阅的 ExpressRoute 资源。The following limits apply to ExpressRoute resources per subscription.

资源Resource 默认/最大限制Default/Max Limit
每个订阅的 ExpressRoute 线路数ExpressRoute circuits per subscription 10 个10
每个订阅每个区域的 ExpressRoute 线路数(Azure 资源管理器)ExpressRoute circuits per region per subscription (Azure Resource Manager) 10 个10
具有 ExpressRoute Standard 的 Azure 私用对等互连的最大路由数Maximum number of routes for Azure private peering with ExpressRoute standard 4,0004,000
具有 ExpressRoute Premium 附加设备的 Azure 私用对等互连的最大路由数Maximum number of routes for Azure private peering with ExpressRoute premium add-on 10,00010,000
具有 ExpressRoute Standard 的 Azure Microsoft 对等互连的最大路由数Maximum number of routes for Azure Microsoft peering with ExpressRoute standard 200200
具有 ExpressRoute Premium 附加设备的 Azure Microsoft 对等互连的最大路由数Maximum number of routes for Azure Microsoft peering with ExpressRoute premium add-on 200200
链接到不同对等互连位置中相同虚拟网络的最大 ExpressRoute 线路数Maximum number of ExpressRoute circuits linked to the same virtual network in different peering locations 44
每个 ExpressRoute 线路允许的虚拟网络链接数Number of virtual network links allowed per ExpressRoute circuit 请参阅下表see table below

每个 ExpressRoute 线路的虚拟网络数Number of Virtual Networks per ExpressRoute circuit

线路大小Circuit Size 针对 Standard 的 VNet 链接数Number of VNet links for standard 使用 Premium 附加设备时的 VNet 链接数Number of VNet Links with Premium add-on
50 Mbps50 Mbps 10 个10 20 个20
100 Mbps100 Mbps 10 个10 2525
200 Mbps200 Mbps 10 个10 2525
500 Mbps500 Mbps 10 个10 4040
1 Gbps1 Gbps 10 个10 5050
2 Gbps2 Gbps 10 个10 6060
5 Gbps5 Gbps 1010 7575
10 Gbps10 Gbps 10 个10 100100

如何启用 ExpressRoute 高级版?How do I enable ExpressRoute premium?

在启用相应的功能后,可启用 ExpressRoute 高级功能,并可通过更新线路状态关闭高级功能。ExpressRoute premium features can be enabled when the feature is enabled, and can be shut down by updating the circuit state. 可以在创建线路时启用 ExpressRoute 高级版,或者调用 REST API/PowerShell cmdlet。You can enable ExpressRoute premium at circuit creation time, or can call the REST API / PowerShell cmdlet.

如何禁用 ExpressRoute 高级版?How do I disable ExpressRoute premium?

可以通过调用 REST API 或 PowerShell cmdlet 来禁用 ExpressRoute 高级版。You can disable ExpressRoute premium by calling the REST API or PowerShell cmdlet. 必须确保已调整连接需求以满足默认限制,然后再禁用 ExpressRoute 高级版。You must make sure that you have scaled your connectivity needs to meet the default limits before you disable ExpressRoute premium. 如果使用规模超出了默认限制,禁用 ExpressRoute 高级版的请求会失败。If your utilization scales beyond the default limits, the request to disable ExpressRoute premium fails.

我是否可以从高级功能集选择所需的功能?Can I pick and choose the features I want from the premium feature set?

不是。No. 无法选择功能。You can't pick the features. 如果启用 ExpressRoute 高级版,我们会启用所有功能。We enable all features when you turn on ExpressRoute premium.

ExpressRoute 高级版的费用是多少?How much does ExpressRoute premium cost?

有关费用,请参阅定价详细信息Refer to pricing details for cost.

除了支付 ExpressRoute 高级版费用以外,是否还要支付标准版 ExpressRoute 的费用?Do I pay for ExpressRoute premium in addition to standard ExpressRoute charges?

是的。Yes. ExpressRoute 高级版的费用是在 ExpressRoute 线路费用以及连接提供商所收费用的基础之上收取的。ExpressRoute premium charges apply on top of ExpressRoute circuit charges and charges required by the connectivity provider.

用于 Microsoft 对等互连的路由筛选器Route filters for Microsoft peering

首次启用 Microsoft 对等互连时,会看到哪些路由?I am turning on Microsoft peering for the first time, what routes will I see?

不会看到任何路由。You will not see any routes. 必须将路由筛选器附加到线路才能启动前缀播发。You have to attach a route filter to your circuit to start prefix advertisements. 有关说明,请参阅配置用于 Microsoft 对等互连的路由筛选器For instructions, see Configure route filters for Microsoft peering.

我已启用 Microsoft 对等互连,目前正在尝试选择 Exchange Online,但有错误指出我无权执行此操作。I turned on Microsoft peering and now I am trying to select Exchange Online, but it is giving me an error that I am not authorized to do it.

使用路由筛选器时,任何客户都可以启用 Microsoft 对等互连。When using route filters, any customer can turn on Microsoft peering. 但是,若要使用 Office 365 服务,仍需获得 Office 365 的授权。However, for consuming Office 365 services, you still need to get authorized by Office 365.

我在一个位置建立了 Microsoft 对等互连,目前我正尝试在另一个位置启用它,但未看到任何前缀。I have Microsoft peering at one location, now I am trying to enable it at another location and I am not seeing any prefixes.

  • 在 2017 年 8 月 1 日之前配置的 ExpressRoute 线路的 Microsoft 对等互连会通过 Microsoft 对等互连播发所有服务前缀,即使未定义路由筛选器。Microsoft peering of ExpressRoute circuits that were configured prior to August 1, 2017 will have all service prefixes advertised through Microsoft peering, even if route filters are not defined.

  • 在 2017 年 8 月 1 日或之后配置的 ExpressRoute 线路的 Microsoft 对等互连的任何前缀只有在路由筛选器附加到线路之后才会播发。Microsoft peering of ExpressRoute circuits that are configured on or after August 1, 2017 will not have any prefixes advertised until a route filter is attached to the circuit. 默认情况下,不会显示任何前缀。You will see no prefixes by default.