使用门户将虚拟网络连接到 ExpressRoute 线路Connect a virtual network to an ExpressRoute circuit using the portal

本文可帮助你使用 Azure 门户创建连接来将虚拟网络链接到 Azure ExpressRoute 线路。This article helps you create a connection to link a virtual network to an Azure ExpressRoute circuit using the Azure portal. 连接到 Azure ExpressRoute 线路的虚拟网络可以在同一订阅中,也可以属于另一订阅。The virtual networks that you connect to your Azure ExpressRoute circuit can either be in the same subscription, or they can be part of another subscription.

准备阶段Before you begin

  • 在开始配置之前,请先查看先决条件路由要求工作流Review the prerequisites, routing requirements, and workflows before you begin configuration.

  • 必须有一个活动的 ExpressRoute 线路。You must have an active ExpressRoute circuit.

    • 请按说明创建 ExpressRoute 线路,并通过连接提供商启用该线路。Follow the instructions to create an ExpressRoute circuit and have the circuit enabled by your connectivity provider.

    • 确保为线路配置 Azure 专用对等互连。Ensure that you have Azure private peering configured for your circuit. 有关对等互连和路由说明,请参阅为 ExpressRoute 线路创建和修改对等互连一文。See the Create and modify peering for an ExpressRoute circuit article for peering and routing instructions.

    • 确保配置 Azure 专用对等互连,并运行用户网络和 Microsoft 之间的 BGP 对等互连,以便启用端到端连接。Ensure that Azure private peering is configured and the BGP peering between your network and Microsoft is up so that you can enable end-to-end connectivity.

    • 确保已创建并完全预配一个虚拟网络和一个虚拟网络网关。Ensure that you have a virtual network and a virtual network gateway created and fully provisioned. 按照说明为 ExpressRoute 创建虚拟网关Follow the instructions to create a virtual network gateway for ExpressRoute. ExpressRoute 的虚拟网关使用 GatewayType“ExpressRoute”,而不是 VPN。A virtual network gateway for ExpressRoute uses the GatewayType 'ExpressRoute', not VPN.

  • 最多可以将 10 个虚拟网络链接到一条标准 ExpressRoute 线路。You can link up to 10 virtual networks to a standard ExpressRoute circuit. 使用标准 ExpressRoute 线路时,所有虚拟网络都必须位于同一地缘政治区域。All virtual networks must be in the same geopolitical region when using a standard ExpressRoute circuit.

  • 单个 VNet 可最多连接到 4 条 ExpressRoute 线路。A single VNet can be linked to up to four ExpressRoute circuits. 通过以下流程为正在连接的每条 ExpressRoute 线路创建新的连接对象。Use the process below to create a new connection object for each ExpressRoute circuit you are connecting to. ExpressRoute 线路可在同一订阅、不同订阅或两者兼有。The ExpressRoute circuits can be in the same subscription, different subscriptions, or a mix of both.

  • 如果已启用 ExpressRoute 高级外接程序,则可以链接 ExpressRoute 线路的地缘政治区域外部的虚拟网络,或者将大量虚拟网络连接到 ExpressRoute 线路。You can link a virtual network outside of the geopolitical region of the ExpressRoute circuit, or connect a larger number of virtual networks to your ExpressRoute circuit if you enabled the ExpressRoute premium add-on. 有关高级外接程序的更多详细信息,请参阅常见问题解答Check the FAQ for more details on the premium add-on.

    将 VNet 连接到线路 - 同一订阅Connect a VNet to a circuit - same subscription

Note

如果第 3 层提供商配置了你的对等互连,则 BGP 配置信息不会显示。BGP configuration information will not show up if the layer 3 provider configured your peerings. 如果线路处于已预配状态,应该能够创建连接。If your circuit is in a provisioned state, you should be able to create connections.

创建连接To create a connection

  1. 确保已成功配置 ExpressRoute 线路和 Azure 专用对等互连。Ensure that your ExpressRoute circuit and Azure private peering have been configured successfully. 请遵循创建 ExpressRoute 线路配置路由中的说明。Follow the instructions in Create an ExpressRoute circuit and Configure routing. ExpressRoute 线路应如下图所示:Your ExpressRoute circuit should look like the following image:

    ExpressRoute 线路屏幕截图

  2. 现在可以开始预配连接,以便将虚拟网络网关链接到 ExpressRoute 线路。You can now start provisioning a connection to link your virtual network gateway to your ExpressRoute circuit. 单击“连接” > “添加”以打开“添加连接”页面,然后配置值。 Click Connection > Add to open the Add connection page, and then configure the values.

    添加连接屏幕截图

  3. 成功配置你的连接之后,连接对象会显示连接的信息。After your connection has been successfully configured, your connection object will show the information for the connection.

    连接对象屏幕截图

将 VNet 连接到线路 - 不同订阅Connect a VNet to a circuit - different subscription

用户可以在多个订阅之间共享 ExpressRoute 线路。You can share an ExpressRoute circuit across multiple subscriptions. 下图显示了如何在多个订阅之间实现 ExpressRoute 线路共享的简单示意图。The figure below shows a simple schematic of how sharing works for ExpressRoute circuits across multiple subscriptions.

跨订阅连接

  • 大型云中的每个较小云用于表示属于组织中不同部门的订阅。Each of the smaller clouds within the large cloud is used to represent subscriptions that belong to different departments within an organization.

  • 组织内的每个部门可以使用自己的订阅部署其服务,但可以共享单个 ExpressRoute 线路以连接回本地网络。Each of the departments within the organization can use their own subscription for deploying their services, but they can share a single ExpressRoute circuit to connect back to your on-premises network.

  • 一个部门(此示例中为:IT 部门)可以拥有 ExpressRoute 线路。A single department (in this example: IT) can own the ExpressRoute circuit. 组织内的其他订阅可以使用 ExpressRoute 线路和关联到该线路的授权,包括链接到其他 Azure Active Directory 租户和企业协议合约的订阅。Other subscriptions within the organization can use the ExpressRoute circuit and authorizations associated to the circuit, including subscriptions linked to other Azure Active Directory tenants and Enterprise Agreement enrollments.

    Note

    将对 ExpressRoute 线路所有者收取专用线路的连接和带宽费用。Connectivity and bandwidth charges for the dedicated circuit will be applied to the ExpressRoute circuit owner. 所有虚拟网络共享相同的带宽。All virtual networks share the same bandwidth.

管理 - 关于线路所有者和线路用户Administration - About circuit owners and circuit users

“线路所有者”是 ExpressRoute 线路资源的已授权高级用户。The 'circuit owner' is an authorized Power User of the ExpressRoute circuit resource. 线路所有者可以创建可供“线路用户”兑换的授权。The circuit owner can create authorizations that can be redeemed by 'circuit users'. 线路用户是虚拟网关的所有者,这些网关与 ExpressRoute 线路位于不同的订阅中。Circuit users are owners of virtual network gateways that are not within the same subscription as the ExpressRoute circuit. 线路用户可以兑换授权(每个虚拟网络需要一个授权)。Circuit users can redeem authorizations (one authorization per virtual network).

线路所有者有权随时修改和撤消授权。The circuit owner has the power to modify and revoke authorizations at any time. 撤消授权会导致从已撤消访问权限的订阅中删除所有链路连接。Revoking an authorization results in all link connections being deleted from the subscription whose access was revoked.

线路所有者操作Circuit owner operations

创建连接授权To create a connection authorization

线路所有者创建授权。The circuit owner creates an authorization. 这样即可创建授权密钥,供线路用户用来将其虚拟网络网关连接到 ExpressRoute 线路。This results in the creation of an authorization key that can be used by a circuit user to connect their virtual network gateways to the ExpressRoute circuit. 一个授权只可用于一个连接。An authorization is valid for only one connection.

Note

每个连接都需要单独授权。Each connection requires a separate authorization.

  1. 在 ExpressRoute 页面中,单击“授权”,键入授权的名称并单击“保存”。 In the ExpressRoute page, Click Authorizations and then type a name for the authorization and click Save.

    授权

  2. 保存配置后,复制“资源 ID”和“授权密钥”。 Once the configuration is saved, copy the Resource ID and the Authorization Key.

    授权密钥

删除连接授权To delete a connection authorization

可以通过在你的连接的页面上单击“删除” 图标来删除连接。You can delete a connection by selecting the Delete icon on the page for your connection.

线路用户操作Circuit user operations

线路用户需要线路所有者提供的资源 ID 和授权密钥。The circuit user needs the resource ID and an authorization key from the circuit owner.

兑换连接授权To redeem a connection authorization

  1. 单击“+新建” 按钮。Click the +New button.

    单击“新建”

  2. 在市场中搜索“连接” ,选择它并单击“创建” 。Search for "Connection" in the Marketplace, select it, and click Create.

    搜索连接

  3. 请确保将“连接类型” 设置为“ExpressRoute”。Make sure the Connection type is set to "ExpressRoute".

  4. 在“基本信息”页面中填写详细信息,然后单击“确定” 。Fill in the details, then click OK in the Basics page.

    “基本信息”页面

  5. 在“设置”页面中,选择“虚拟网络网关”并选中“兑换授权”复选框。 In the Settings page, Select the Virtual network gateway and check the Redeem authorization check box.

  6. 输入“授权密钥”和“对等线路 URI”,并为连接命名。 Enter the Authorization key and the Peer circuit URI and give the connection a name. 单击 “确定”Click OK. 对等线路 URI 是 ExpressRoute 线路的资源 ID(可以在 ExpressRoute 线路的“属性设置”窗格下找到)。The Peer Circuit URI is the Resource ID of the ExpressRoute circuit (which you can find under the Properties Setting pane of the ExpressRoute Circuit).

    “设置”页

  7. 在“摘要”页面中复查信息,并单击“确定”。 Review the information in the Summary page and click OK.

释放连接授权To release a connection authorization

可以通过删除 ExpressRoute 线路与虚拟网络之间的连接释放授权。You can release an authorization by deleting the connection that links the ExpressRoute circuit to the virtual network.

可以通过在你的连接的页面上单击“删除” 图标来取消 VNet 到 ExpressRoute 的链接。You can delete a connection and unlink your VNet to an ExpressRoute circuit by selecting the Delete icon on the page for your connection.

后续步骤Next steps

有关 ExpressRoute 的详细信息,请参阅 ExpressRoute 常见问题For more information about ExpressRoute, see the ExpressRoute FAQ.