创建和修改 ExpressRoute 线路的对等互连Create and modify peering for an ExpressRoute circuit

本文可帮助你使用 Azure 门户为 Azure 资源管理器 (ARM) ExpressRoute 线路创建和管理路由配置。This article helps you create and manage routing configuration for an Azure Resource Manager (ARM) ExpressRoute circuit, using the Azure portal. 还可以检查状态,以及更新、删除和取消预配 ExpressRoute 线路的对等互连。You can also check the status, update, or delete and deprovision peerings for an ExpressRoute circuit. 如果想使用不同的方法处理线路,请从以下列表中选择一篇文章进行参阅:If you want to use a different method to work with your circuit, select an article from the following list:

可以为 ExpressRoute 线路配置一到三个对等互连(Azure 专用、Azure 公共和 Microsoft 对等互连)。You can configure one, two, or all three peerings (Azure private, Azure public and Microsoft Peering) for an ExpressRoute circuit. 可以按照所选的任意顺序配置对等互连。You can configure peerings in any order you choose. 但是,必须确保一次只完成一个对等互连的配置。However, you must make sure that you complete the configuration of each peering one at a time. 有关路由域和对等互连的详细信息,请参阅关于线路和对等互连For more information about routing domains and peerings, see About circuits and peerings.

配置先决条件Configuration prerequisites

  • 在开始配置之前,请务必查看先决条件页、路由要求页和工作流页。Make sure that you have reviewed the prerequisites page, the routing requirements page, and the workflows page before you begin configuration.
  • 必须有一个活动的 ExpressRoute 线路。You must have an active ExpressRoute circuit. 在继续下一步之前,请按说明 创建 ExpressRoute 线路 ,并通过连接提供商启用该线路。Follow the instructions to Create an ExpressRoute circuit and have the circuit enabled by your connectivity provider before you proceed. 若要配置对等互连,ExpressRoute 线路必须处于已预配且已启用状态。In order to configure peering(s), the ExpressRoute circuit must be in a provisioned and enabled state.
  • 如果计划使用共享密钥/MD5 哈希,请确保在隧道两端都使用该哈希,并将最大字母数字字符数限制为 25。If you plan to use a shared key/MD5 hash, be sure to use this on both sides of the tunnel and limit the number of alphanumeric characters to a maximum of 25. 不支持特殊字符。Special characters are not supported.

这些说明只适用于由提供第 2 层连接服务的服务提供商创建的线路。These instructions only apply to circuits created with service providers offering Layer 2 connectivity services. 如果服务提供商提供第 3 层托管服务(通常是 IPVPN,如 MPLS),则连接服务提供商会配置和管理路由。If you are using a service provider that offers managed Layer 3 services (typically an IPVPN, like MPLS), your connectivity provider configures and manages routing for you.

Important

我们目前无法通过服务管理门户播发服务提供商配置的对等互连。We currently do not advertise peerings configured by service providers through the service management portal. 我们正在努力不久就实现这一功能。We are working on enabling this capability soon. 请在配置 BGP 对等互连之前与服务提供商协商。Check with your service provider before configuring BGP peerings.

Microsoft 对等互连Microsoft peering

本文介绍如何为 ExpressRoute 线路创建、获取、更新和删除 Microsoft 对等互连配置。This section helps you create, get, update, and delete the Microsoft peering configuration for an ExpressRoute circuit.

Important

在 2019 年 10 月 1 日之前配置的 ExpressRoute 线路的 Microsoft 对等互连会通过 Microsoft 对等互连播发所有服务前缀,即使未定义路由筛选器。Microsoft peering of ExpressRoute circuits that were configured prior to October 1, 2019 will have all service prefixes advertised through the Microsoft peering, even if route filters are not defined. 在 2019 年 10 月 1 日或之后配置的 ExpressRoute 线路的 Microsoft 对等互连的任何前缀只有在路由筛选器附加到线路之后才会播发。Microsoft peering of ExpressRoute circuits that are configured on or after October 1, 2019 will not have any prefixes advertised until a route filter is attached to the circuit. 有关详细信息,请参阅配置用于 Microsoft 对等互连的路由筛选器For more information, see Configure a route filter for Microsoft peering.

创建 Microsoft 对等互连To create Microsoft peering

  1. 配置 ExpressRoute 线路。Configure the ExpressRoute circuit. 在进一步继续之前,请检查提供程序状态以确保线路完全由连接提供商预配。Check the Provider status to ensure that the circuit is fully provisioned by the connectivity provider before continuing further.

    如果连接服务提供商提供第 3 层托管服务,可以请求连接服务提供商启用 Microsoft 对等互连。If your connectivity provider offers managed Layer 3 services, you can ask your connectivity provider to enable Microsoft peering for you. 在这种情况下,不需要遵循后续部分中所列的说明。In that case, you won't need to follow the instructions listed in the next sections. 但是,如果连接提供商未为你管理路由,则在创建线路后,请继续执行这些步骤。However, if your connectivity provider does not manage routing for you, after creating your circuit, proceed with these steps.

    线路 - 提供商状态:未预配Circuit - Provider status: Not provisioned

    线路 - 提供商状态:已预配Circuit - Provider status: Provisioned

  2. 配置线路的 Microsoft 对等互连。Configure Microsoft peering for the circuit. 在继续下一步之前,请确保已准备好以下信息。Make sure that you have the following information before you proceed.

    • 主链路的 /30 子网。A /30 subnet for the primary link. 这必须是你拥有且已在 RIR/IRR 中注册的有效公共 IPv4 前缀。This must be a valid public IPv4 prefix owned by you and registered in an RIR / IRR. 在此子网中,Microsoft 将第二个可用的 IP 用于其路由器时,你将为你的路由器分配第一个可用的 IP 地址。From this subnet you will assign the first useable IP address to your router as Microsoft uses the second useable IP for its router.
    • 辅助链路的 /30 子网。A /30 subnet for the secondary link. 这必须是你拥有且已在 RIR/IRR 中注册的有效公共 IPv4 前缀。This must be a valid public IPv4 prefix owned by you and registered in an RIR / IRR. 在此子网中,Microsoft 将第二个可用的 IP 用于其路由器时,你将为你的路由器分配第一个可用的 IP 地址。From this subnet you will assign the first useable IP address to your router as Microsoft uses the second useable IP for its router.
    • 用于建立此对等互连的有效 VLAN ID。A valid VLAN ID to establish this peering on. 请确保线路中没有其他对等互连使用同一个 VLAN ID。Ensure that no other peering in the circuit uses the same VLAN ID. 主要链接和次要链接必须使用相同的 VLAN ID。For both Primary and Secondary links you must use the same VLAN ID.
    • 对等互连的 AS 编号。AS number for peering. 可以使用 2 字节和 4 字节 AS 编号。You can use both 2-byte and 4-byte AS numbers.
    • 播发的前缀:必须提供要通过 BGP 会话播发的所有前缀列表。Advertised prefixes: You must provide a list of all prefixes you plan to advertise over the BGP session. 只接受公共 IP 地址前缀。Only public IP address prefixes are accepted. 如果打算发送一组前缀,可以发送逗号分隔列表。If you plan to send a set of prefixes, you can send a comma-separated list. 这些前缀必须已在 RIR/IRR 中注册。These prefixes must be registered to you in an RIR / IRR.
    • “可选”- 客户 ASN :如果要播发的前缀未注册到对等互连 AS 编号,可以指定它们要注册到的 AS 编号。Optional - Customer ASN: If you are advertising prefixes that are not registered to the peering AS number, you can specify the AS number to which they are registered.
    • 路由注册表名称:可以指定 AS 编号和前缀要注册到的 RIR/IRR。Routing Registry Name: You can specify the RIR / IRR against which the AS number and prefixes are registered.
    • 可选 - MD5 哈希(如果选择使用)。Optional - An MD5 hash if you choose to use one.
  3. 可以选择想要配置的对等互连,如以下示例中所示。You can select the peering you wish to configure, as shown in the following example. 选择 Microsoft 对等互连行。Select the Microsoft peering row.

    选择 Microsoft 对等互连行Select the Microsoft peering row

  4. 配置 Microsoft 对等互连。Configure Microsoft peering. 指定所有参数后,请保存配置。Save the configuration once you have specified all parameters. 下图显示了一个示例配置:The following image shows an example configuration:

    配置 Microsoft 对等互连

Important

Microsoft 会验证是否在 Internet 路由注册表中为你分配了指定的“播发公共前缀”和“对等 ASN”(或“客户 ASN”)。Microsoft verifies if the specified 'Advertised public prefixes' and 'Peer ASN' (or 'Customer ASN') are assigned to you in the Internet Routing Registry. 如果要从另一个实体获取公共前缀,并且该分配没有记录在路由注册表中,则自动验证将不会完成,并且将需要手动验证。If you are getting the public prefixes from another entity and if the assignment is not recorded with the routing registry, the automatic validation will not complete and will require manual validation. 如果自动验证失败,你将看到消息“需要验证”。If the automatic validation fails, you will see the message 'Validation needed'.

如果看到消息“需要验证”,请收集显示公共前缀将由路由注册表中作为前缀所有者列出的实体分配给你组织的文档,并通过开具支持票证提交这些文档进行手动验证,如下所示。If you see the message 'Validation needed', collect the document(s) that show the public prefixes are assigned to your organization by the entity that is listed as the owner of the prefixes in the routing registry and submit these documents for manual validation by opening a support ticket as shown below.

如果线路达到“需要验证”状态,则必须打开支持票证以向我们的支持团队显示前缀所有权的证明。If your circuit gets to a 'Validation needed' state, you must open a support ticket to show proof of ownership of the prefixes to our support team. 可以直接从门户中打开支持票证,如以下示例中所示:You can open a support ticket directly from the portal, as shown in the following example:

需要验证 - 支持票证

  1. 成功接受配置后,你将看到类似于下图的内容:After the configuration has been accepted successfully, you'll see something similar to the following image:

    对等互连状态:已配置]Peering status: Configured]

查看 Microsoft 对等互连详细信息To view Microsoft peering details

可以通过选择对等互连行来查看 Microsoft 对等互连的属性。You can view the properties of Microsoft peering by selecting the row for the peering.

查看 Microsoft 对等互连属性View Microsoft peering properties

更新 Microsoft 对等互连配置To update Microsoft peering configuration

可以选择要修改的对等互连行,然后修改对等互连属性并保存修改。You can select the row for the peering that you want to modify, then modify the peering properties and save your modifications.

选择对等互连行

删除 Microsoft 对等互连To delete Microsoft peering

可以通过单击“删除”图标来删除对等互连配置,如下图中所示:You can remove your peering configuration by clicking the delete icon, as shown in the following image:

删除对等互连

Azure 专用对等互连Azure private peering

本文介绍了如何为 ExpressRoute 线路创建、获取、更新和删除 Azure 专用对等互连配置。This section helps you create, get, update, and delete the Azure private peering configuration for an ExpressRoute circuit.

创建 Azure 专用对等互连To create Azure private peering

  1. 配置 ExpressRoute 线路。Configure the ExpressRoute circuit. 在继续之前,请确保线路完全由连接提供商设置。Ensure that the circuit is fully provisioned by the connectivity provider before continuing.

    如果连接服务提供商提供第 3 层托管服务,可以请求连接服务提供商启用 Azure 专用对等互连。If your connectivity provider offers managed Layer 3 services, you can ask your connectivity provider to enable Azure private peering for you. 在这种情况下,不需要遵循后续部分中所列的说明。In that case, you won't need to follow the instructions listed in the next sections. 但是,如果连接提供商未为你管理路由,则在创建线路后,请继续执行后续步骤。However, if your connectivity provider does not manage routing for you, after creating your circuit, proceed with the next steps.

    线路 - 提供商状态:未预配Circuit - Provider status: Not provisioned

    线路 - 提供商状态:已预配Circuit - Provider status: Provisioned

  2. 配置线路的 Azure 专用对等互连。Configure Azure private peering for the circuit. 在继续执行后续步骤之前,请确保已准备好以下各项:Make sure that you have the following items before you proceed with the next steps:

    • 主链路的 /30 子网。A /30 subnet for the primary link. 此子网不能是保留给虚拟网络使用的任何地址空间的一部分。The subnet must not be part of any address space reserved for virtual networks. 在此子网中,Microsoft 将第二个可用的 IP 用于其路由器时,你将为你的路由器分配第一个可用的 IP 地址。From this subnet you will assign the first useable IP address to your router as Microsoft uses the second useable IP for its router.
    • 辅助链路的 /30 子网。A /30 subnet for the secondary link. 此子网不能是保留给虚拟网络使用的任何地址空间的一部分。The subnet must not be part of any address space reserved for virtual networks. 在此子网中,Microsoft 将第二个可用的 IP 用于其路由器时,你将为你的路由器分配第一个可用的 IP 地址。From this subnet you will assign the first useable IP address to your router as Microsoft uses the second useable IP for its router.
    • 用于建立此对等互连的有效 VLAN ID。A valid VLAN ID to establish this peering on. 请确保线路中没有其他对等互连使用同一个 VLAN ID。Ensure that no other peering in the circuit uses the same VLAN ID. 主要链接和次要链接必须使用相同的 VLAN ID。For both Primary and Secondary links you must use the same VLAN ID.
    • 对等互连的 AS 编号。AS number for peering. 可以使用 2 字节和 4 字节 AS 编号。You can use both 2-byte and 4-byte AS numbers. 可以使用专用 AS 编号建立对等互连(65515 到 65520 之间的数字除外)。You can use a private AS number for this peering except for the number from 65515 to 65520, inclusively.
    • 设置专用对等互连时,必须通过 BGP 将路由从本地边缘路由器播发到 Azure。You must advertise the routes from your on-premises Edge router to Azure via BGP when you set up the private peering.
    • 可选 - MD5 哈希(如果选择使用)。Optional - An MD5 hash if you choose to use one.
  3. 选择“Azure 专用”对等互连行,如下面的示例中所示:Select the Azure Private peering row, as shown in the following example:

    选择“专用对等互连”行Select the private peering row

  4. 配置专用对等互连。Configure private peering. 指定所有参数后,请保存配置。Save the configuration once you have specified all parameters.

    配置专用对等互连

  5. 成功接受配置后,会看到类似于以下示例的内容:After the configuration has been accepted successfully, you see something similar to the following example:

    已保存专用对等互连

查看 Azure 专用对等互连详细信息To view Azure private peering details

可以通过选择对等互连查看 Azure 专用对等互连的属性。You can view the properties of Azure private peering by selecting the peering.

查看专用对等互连属性View private peering properties

更新 Azure 专用对等互连配置To update Azure private peering configuration

可以选择用于对等互连的行并修改对等互连属性。You can select the row for peering and modify the peering properties. 更新后,保存所做的更改。After updating, save your changes.

更新专用对等互连

删除 Azure 专用对等互连To delete Azure private peering

可以通过选择“删除”图标来删除对等互连配置,如下图中所示:You can remove your peering configuration by selecting the delete icon, as shown in the following image:

删除专用对等互连

Azure 公共对等互连Azure public peering

本文介绍了如何为 ExpressRoute 线路创建、获取、更新和删除 Azure 公共对等互连配置。This section helps you create, get, update, and delete the Azure public peering configuration for an ExpressRoute circuit.

创建 Azure 公共对等互连To create Azure public peering

  1. 配置 ExpressRoute 线路。Configure ExpressRoute circuit. 在进一步继续之前,请确保线路完全由连接提供商设置。Ensure that the circuit is fully provisioned by the connectivity provider before continuing further. 如果连接服务提供商提供第 3 层托管服务,可以请求连接服务提供商启用 Azure 公共对等互连。If your connectivity provider offers managed Layer 3 services, you can ask your connectivity provider to enable Azure public peering for you. 在这种情况下,不需要遵循后续部分中所列的说明。In that case, you won't need to follow instructions listed in the next sections. 但是,如果连接服务提供商不为你管理路由,请在创建线路后按照后续步骤继续配置。However, if your connectivity provider does not manage routing for you, after creating your circuit, continue your configuration using the next steps.

    列出公共对等互连

  2. 配置线路的 Azure 公共对等互连。Configure Azure public peering for the circuit. 在继续执行后续步骤之前,请确保已准备好以下各项:Make sure that you have the following items before you proceed with the next steps:

    • 主链路的 /30 子网。A /30 subnet for the primary link. 这必须是有效的公共 IPv4 前缀。This must be a valid public IPv4 prefix. 在此子网中,Microsoft 将第二个可用的 IP 用于其路由器时,你将为你的路由器分配第一个可用的 IP 地址。From this subnet you will assign the first useable IP address to your router as Microsoft uses the second useable IP for its router.
    • 辅助链路的 /30 子网。A /30 subnet for the secondary link. 这必须是有效的公共 IPv4 前缀。This must be a valid public IPv4 prefix. 在此子网中,Microsoft 将第二个可用的 IP 用于其路由器时,你将为你的路由器分配第一个可用的 IP 地址。From this subnet you will assign the first useable IP address to your router as Microsoft uses the second useable IP for its router.
    • 用于建立此对等互连的有效 VLAN ID。A valid VLAN ID to establish this peering on. 请确保线路中没有其他对等互连使用同一个 VLAN ID。Ensure that no other peering in the circuit uses the same VLAN ID. 主要链接和次要链接必须使用相同的 VLAN ID。For both Primary and Secondary links you must use the same VLAN ID.
    • 对等互连的 AS 编号。AS number for peering. 可以使用 2 字节和 4 字节 AS 编号。You can use both 2-byte and 4-byte AS numbers.
    • 可选 - MD5 哈希(如果选择使用)。Optional - An MD5 hash if you choose to use one.
  3. 选择“Azure 公共”对等互连行,如下图中所示:Select the Azure public peering row, as shown in the following image:

    选择公共对等互连行

  4. 配置公共对等互连。Configure public peering. 下图显示了一个配置示例:The following image shows a configuration example:

    配置公共对等互连

  5. 指定所有参数后,请保存配置。Save the configuration once you have specified all parameters. 成功接受配置后,会看到类似于以下示例的内容:After the configuration has been accepted successfully, you see something similar to the following example:

    保存公共对等互连配置

查看 Azure 公共对等互连详细信息To view Azure public peering details

通过选择对等互连查看 Azure 公共对等互连的属性。View the properties of Azure public peering by selecting the peering.

更新 Azure 公共对等互连配置To update Azure public peering configuration

选择对等互连所对应的行,然后修改对等互连属性。Select the row for peering, then modify the peering properties.

删除 Azure 公共对等互连To delete Azure public peering

通过选择“删除”图标来删除对等互连配置。Remove your peering configuration by selecting the delete icon.

后续步骤Next steps

下一步,将 VNet 链接到 ExpressRoute 线路Next step, Link a VNet to an ExpressRoute circuit.