优化 ExpressRoute 路由Optimize ExpressRoute Routing

有多个 ExpressRoute 线路时,可以通过多个路径连接到 Azure。When you have multiple ExpressRoute circuits, you have more than one path to connect to Azure. 结果就是,所采用的路由可能不是最理想的 - 也就是说,流量可能会经历较长的路径才能到达 Azure,而 Azure 的流量也可能会经历较长的路径才能到达网络。As a result, suboptimal routing may happen - that is, your traffic may take a longer path to reach Azure, and Azure to your network. 网络路径越长,延迟越严重。The longer the network path, the higher the latency. 延迟对应用程序性能和用户体验有直接影响。Latency has direct impact on application performance and user experience. 本文详述此问题,并说明如何使用标准路由技术来优化路由。This article will illustrate this problem and explain how to optimize routing using the standard routing technologies.

Microsoft 和公共对等互连的路径选择Path Selection on Microsoft and Public peerings

如果你有一个或多个 ExpressRoute 线路,以及通过 Internet Exchange (IX) 或 Internet 服务提供商 (ISP) 连接到 Internet 的路径,则在使用 Microsoft 或 公共对等互连时,确保流量在所需的路径上流动非常重要。It's important to ensure that when utilizing Microsoft or Public peering that traffic flows over the desired path if you have one or more ExpressRoute circuits, as well as paths to the Internet via an Internet Exchange (IX) or Internet Service Provider (ISP). BGP 利用基于许多因素的最佳路径选择算法,包括最长前缀匹配 (LPM)。BGP utilizes a best path selection algorithm based on a number of factors including longest prefix match (LPM). 为确保通过 Microsoft 或公共对等互连发往 Azure 的流量遍历 ExpressRoute 路径,客户必须实现“Local Preference”(本地优先级) 属性,以确保该路径始终是 ExpressRoute 上的首选路径。To ensure that traffic destined for Azure via Microsoft or Public peering traverses the ExpressRoute path, customers must implement the Local Preference attribute to ensure that the path is always preferred on ExpressRoute.

备注

默认的本地优先级通常为 100。The default local preference is typically 100. 本地优先级越高越好。Higher local preferences are more preferred.

请考虑以下示例场景:Consider the following example scenario:

ExpressRoute 案例 1 问题 - 从客户到 Microsoft 的路由欠佳

在上面的示例中,要首选 ExpressRoute路径,请按如下所示配置“本地优先级”。In the above example, to prefer ExpressRoute paths configure Local Preference as follows.

从 R1 角度看 Cisco IOS-XE 配置:Cisco IOS-XE configuration from R1 perspective:

R1(config)#route-map prefer-ExR permit 10
R1(config-route-map)#set local-preference 150

R1(config)#router BGP 345
R1(config-router)#neighbor 1.1.1.2 remote-as 12076
R1(config-router)#neighbor 1.1.1.2 activate
R1(config-router)#neighbor 1.1.1.2 route-map prefer-ExR in

从 R1 角度看 Junos 配置:Junos configuration from R1 perspective:

user@R1# set protocols bgp group ibgp type internal
user@R1# set protocols bgp group ibgp local-preference 150

从 Azure 到客户的欠佳路由Suboptimal routing from Azure to customer

假设你有两个办公室,一个在北京,一个在上海。下面是一个示例:从 Azure 发出的连接需要更长的路径才能到达网络。Here is another example where connections from Azure take a longer path to reach your network. 在此示例中,在 混合环境中使用本地 Exchange 服务器和 Exchange Online。In this case, you use on-premises Exchange servers and Exchange Online in a hybrid environment. 办公室都连接到 WAN。Your offices are connected to a WAN. 通过两个 ExpressRoute 线路将两个办公室中的本地服务器的前缀都播发到 Azure。You advertise the prefixes of your on-premises servers in both of your offices to Azure through the two ExpressRoute circuits. 在进行邮箱迁移等情况下,Exchange Online 会发起到本地服务器的连接。Exchange Online will initiate connections to the on-premises servers in cases such as mailbox migration. 遗憾的是,到北京公室的连接会路由到中国东部的 ExpressRoute 线路。Unfortunately, the connection to Beijing office is routed to the ExpressRoute circuit in China East. 在没有任何提示的情况下,Azure 网络无法判断哪个客户前缀靠近中国东部,哪个客户前缀靠近中国北部。Without any hint, the Azure network can't tell which customer prefix is close to China East and which one is close to China North. 它碰巧选取了到北京办公室的错误路径。It happens to pick the wrong path to your office in Beijing.

ExpressRoute 案例 2 - 从 Microsoft 到客户的路由欠佳

解决方案:使用 AS PATH 追加Solution: use AS PATH prepending

此问题有两种解决方案。There are two solutions to the problem. 第一种解决方案是,直接将你北京办公室的本地前缀 177.2.0.0/31 播发到中国北部的 ExpressRoute 线路上,将你上海办公室的本地前缀 177.2.0.2/31 播发到中国东部的 ExpressRoute 线路上。The first one is that you simply advertise your on-premises prefix for your Beijing office, 177.2.0.0/31, on the ExpressRoute circuit in China East and your on-premises prefix for your Shanghai office, 177.2.0.2/31, on the ExpressRoute circuit in China East. 结果就是,Azure 只能通过一个路径连接到每个办公室。As a result, there is only one path for Azure to connect to each of your offices. 路径不再模棱两可,路由得到了优化。There is no ambiguity and routing is optimized. 使用此设计时,需要考虑故障转移策略。With this design, you need to think about your failover strategy. 在通过 ExpressRoute 连接到 Azure 的路径断开的情况下,需确保 Exchange Online 仍能连接到本地服务器。In the event that the path to Azure via ExpressRoute is broken, you need to make sure that Exchange Online can still connect to your on-premises servers.

第二种解决方案是,继续将两种前缀播发到两个 ExpressRoute 线路上,但除此之外你还需提示我们哪个前缀靠近哪个办公室。The second solution is that you continue to advertise both of the prefixes on both ExpressRoute circuits, and in addition you give us a hint of which prefix is close to which one of your offices. 由于我们支持 BGP AS Path 追加,因此可以对前缀的 AS Path 进行配置,使之影响路由。Because we support BGP AS Path prepending, you can configure the AS Path for your prefix to influence routing. 在此示例中,可以延长中国东部 172.2.0.0/31 的 AS PATH,这样我们就会首选中国北部的 ExpressRoute 线路来传送目标为该前缀的流量(因为我们的网络会认为在北部,到此前缀的路径较短)。In this example, you can lengthen the AS PATH for 172.2.0.0/31 in China East so that we will prefer the ExpressRoute circuit in China North for traffic destined for this prefix (as our network will think the path to this prefix is shorter in the North). 类似地,可以延长中国北部 172.2.0.2/31 的 AS PATH,这样我们就会首选中国东部的 ExpressRoute 线路。Similarly you can lengthen the AS PATH for 172.2.0.2/31 in China North so that we'll prefer the ExpressRoute circuit in China East. 路由是针对这两处办公室进行优化的。Routing is optimized for both offices. 根据此设计,如果一个 ExpressRoute 线路断开,Exchange Online 仍可通过其他 ExpressRoute 线路以及 WAN 访问你。With this design, if one ExpressRoute circuit is broken, Exchange Online can still reach you via another ExpressRoute circuit and your WAN.

重要

使用专用 AS 编号进行对等互连时,我们会删除 Microsoft 对等互连上收到的前缀的 AS PATH 中的专用 AS 编号。We remove private AS numbers in the AS PATH for the prefixes received on Microsoft Peering when peering using a private AS number. 需要与公共 AS 进行对等互连,并在 AS PATH 中追加公共 AS 编号,以影响 Microsoft 对等互连的路由。You need to peer with a public AS and append public AS numbers in the AS PATH to influence routing for Microsoft Peering.

ExpressRoute 案例 2 解决方法 - 使用 AS PATH 附加

备注

尽管此处给出的示例针对的是 Microsoft 和公共对等互连,但我们也支持专用对等互连的相同功能。While the examples given here are for Microsoft and Public peerings, we do support the same capabilities for the Private peering. 此外,AS Path 追加会在单个 ExpressRoute 线路内工作,以影响主要和次要路径的选择。Also, the AS Path prepending works within one single ExpressRoute circuit, to influence the selection of the primary and secondary paths.

虚拟网络之间的路由欠佳Suboptimal routing between virtual networks

可以通过将虚拟网络(也称为“VNet”)链接到 ExpressRoute 线路,来实现虚拟网络之间的通信。With ExpressRoute, you can enable Virtual Network to Virtual Network (which is also known as "VNet") communication by linking them to an ExpressRoute circuit. 将 VNet 链接到多条 ExpressRoute 线路时,VNet 之间的路由可能欠佳。When you link them to multiple ExpressRoute circuits, suboptimal routing can happen between the VNets. 我们分析一个示例。Let's consider an example. 有两条 ExpressRoute 线路,一条在中国北部,一条在中国东部。You have two ExpressRoute circuits, one in China North and one in China East. 每个区域中有两个 VNet。In each region, you have two VNets. Web 服务器部署在一个 VNet 中,应用程序服务器部署在另一个 VNet 中。Your web servers are deployed in one VNet and application servers in the other. 为实现冗余,将每个区域中的两个 VNet 链接到了本地 ExpressRoute 线路和远程 ExpressRoute 线路。For redundancy, you link the two VNets in each region to both the local ExpressRoute circuit and the remote ExpressRoute circuit. 如下所示,一个 VNet 与另一个 VNet 之间有两条路径。As can be seen below, from each VNet there are two paths to the other VNet. VNet 不知道哪条 ExpressRoute 线路是本地的,哪条是远程的。The VNets don't know which ExpressRoute circuit is local and which one is remote. 由于 VNet 针对负载均衡的 VNet 间流量执行相等成本多路径 (ECMP) 路由,因此某些流量会经历更长的路径,最终路由到远程 ExpressRoute 线路。Consequently as they do Equal-Cost-Multi-Path (ECMP) routing to load-balance inter-VNet traffic, some traffic flows will take the longer path and get routed at the remote ExpressRoute circuit.

ExpressRoute 案例 3 - 虚拟网络之间的路由欠佳

解决方法:将高权重分配给本地连接Solution: assign a high weight to local connection

解决方法很简单。The solution is simple. 由于你知道 VNet 和线路的位置,因此可以告诉我们,每个 VNet 应该优先使用哪条路径。Since you know where the VNets and the circuits are, you can tell us which path each VNet should prefer. 具体而言,在本示例中,可向本地连接分配一个比远程连接更高的权重(请参阅此处的配置示例)。Specifically for this example, you assign a higher weight to the local connection than to the remote connection (see the configuration example here). 当 VNet 收到多个连接上的另一个 VNet 的前缀时,会优先选择具有最高权重的连接将流量发送到该前缀。When a VNet receives the prefix of the other VNet on multiple connections it will prefer the connection with the highest weight to send traffic destined for that prefix.

ExpressRoute 案例 3 解决方法 - 将高权重分配给本地连接

备注

如果有多条 ExpressRoute 线路,也可以影响从 VNet 到本地网络的路由:配置连接的权重而不是应用 AS PATH 附加(上面第二种方案中所述的技术)。You can also influence routing from VNet to your on-premises network, if you have multiple ExpressRoute circuits, by configuring the weight of a connection instead of applying AS PATH prepending, a technique described in the second scenario above. 对于每个前缀,我们在确定如何发送流量时,始终会查看 AS Path 长度前面的连接权重。For each prefix, we will always look at the connection weight before the AS Path length when deciding how to send traffic.