将公共对等互连移动到 Microsoft 对等互连Move a public peering to Microsoft peering

本文可帮助你在不停机的情况下将公共对等互连配置移动到 Microsoft 对等互连。This article helps you move a public peering configuration to Microsoft peering with no downtime. ExpressRoute 支持将 Microsoft 对等互连与 Azure PaaS 服务的路由筛选器结合使用,例如 Azure 存储和 Azure SQL 数据库。ExpressRoute supports using Microsoft peering with route filters for Azure PaaS services, such as Azure storage and Azure SQL Database. 你现在仅需要一个路由域即可访问 Microsoft PaaS 和 SaaS 服务。You now need only one routing domain to access Microsoft PaaS and SaaS services. 可以利用路由筛选器为要使用的 Azure 区域选择性地播发 PaaS 服务前缀。You can use route filters to selectively advertise the PaaS service prefixes for Azure regions you want to consume.

Azure 公共对等互连有 1 个 NAT IP 地址与每个 BGP 会话相关联。Azure public peering has 1 NAT IP address associated to each BGP session. 通过 Microsoft 对等互连,可以配置自己的 NAT 分配,并使用路由筛选器进行选择性前缀播发。Microsoft peering allows you to configure your own NAT allocations, as well as use route filters for selective prefix advertisements. 公共对等互连是一种单向服务,使用该服务时,始终可以发起从 WAN 到 Azure 服务的连接。Public Peering is a unidirectional service using which Connectivity is always initiated from your WAN to Azure services. Azure 服务无法通过此路由域发起到网络的连接。Azure services will not be able to initiate connections into your network through this routing domain.

启用公共对等互连后,可以连接到所有 Azure 服务。Once public peering is enabled, you can connect to all Azure services. 我们不允许选择要将路由播发到的服务。We do not allow you to selectively pick services for which we advertise routes to. Microsoft 对等连接是一种双向连接,可以从 Azure 服务以及 WAN 发起其连接。While Microsoft peering is a bi-directional connectivity where connection can be initiated from Azure service along with your WAN. 有关路由域和对等互连的详细信息,请参阅 ExpressRoute 线路和路由域For more information about routing domains and peering, see ExpressRoute circuits and routing domains.

准备工作Before you begin

若要连接到 Microsoft 对等互连,你需要设置和管理 NAT。To connect to Microsoft peering, you need to set up and manage NAT. 连接服务提供商可以将 NAT 作为托管服务进行设置和管理。Your connectivity provider may set up and manage the NAT as a managed service. 如果计划在 Microsoft 对等互连上访问 Azure PaaS 和 Azure SaaS 服务,请务必正确设置 NAT IP 池大小。If you are planning to access the Azure PaaS and Azure SaaS services on Microsoft peering, it's important to size the NAT IP pool correctly. 通过 Azure ExpressRoute(Microsoft 对等互连)连接到 Microsoft 时,你有多条链路连接到 Microsoft。When you connect to Microsoft through Azure ExpressRoute(Microsoft peering), you have multiple links to Microsoft. 一条链路是现有的 Internet 连接,另一条是通过 ExpressRoute 连接。One link is your existing Internet connection, and the other is via ExpressRoute. 一些流量可能通过 Internet 流入 Microsoft,却通过 ExpressRoute 返回,反之亦然。Some traffic to Microsoft might go through the Internet but come back via ExpressRoute, or vice versa.

双向连接

警告

已播发到 Microsoft 的 NAT IP 池不得播发到 Internet。The NAT IP pool advertised to Microsoft must not be advertised to the Internet. 这会中断其他 Microsoft 服务的连接。This will break connectivity to other Microsoft services.

在配置 Microsoft 对等互连之前,请参阅具有多个网络路径的非对称路由了解非对称路由的注意事项。Refer to Asymmetric routing with multiple network paths for caveats of asymmetric routing before configuring Microsoft peering.

  • 如果使用公共对等互连,并且当前为用于访问 Azure 存储Azure SQL 数据库的公共 IP 地址设置了 IP 网络规则,则需要确保配置了 Microsoft 对等互连的 NAT IP 池包含在 Azure 存储帐户或 Azure SQL 帐户的公共 IP 地址列表中。If you are using public peering and currently have IP Network rules for public IP addresses that are used to access Azure Storage or Azure SQL Database, you need to make sure that the NAT IP pool configured with Microsoft peering is included in the list of public IP addresses for the Azure storage account or Azure SQL account.
  • 若要移动到 Microsoft 对等互连而不停机,则需按本文介绍的顺序使用这些步骤。In order to move to Microsoft peering with no downtime, use the steps in this article in the order that they are presented.

1.创建 Microsoft 对等互连1. Create Microsoft peering

如果尚未创建 Microsoft 对等互连,请使用以下任意文章创建 Microsoft 对等互连。If Microsoft peering has not been created, use any of the following articles to create Microsoft peering. 如果连接服务提供商提供第 3 层托管服务,则可以请求连接服务提供商为你的线路启用 Microsoft 对等互连。If your connectivity provider offers managed layer 3 services, you can ask the connectivity provider to enable Microsoft peering for your circuit.

如果第 3 层由你管理,则在继续操作之前需要以下信息:If the layer 3 is managed by you the following information is required before you proceed:

  • 主链路的 /30 子网。A /30 subnet for the primary link. 这必须是你拥有且已在 RIR/IRR 中注册的有效公共 IPv4 前缀。This must be a valid public IPv4 prefix owned by you and registered in an RIR / IRR. 在此子网中,Microsoft 将第二个可用的 IP 用于其路由器时,你将为你的路由器分配第一个可用的 IP 地址。From this subnet you will assign the first useable IP address to your router as Microsoft uses the second useable IP for its router.

  • 辅助链路的 /30 子网。A /30 subnet for the secondary link. 这必须是你拥有且已在 RIR/IRR 中注册的有效公共 IPv4 前缀。This must be a valid public IPv4 prefix owned by you and registered in an RIR / IRR. 在此子网中,Microsoft 将第二个可用的 IP 用于其路由器时,你将为你的路由器分配第一个可用的 IP 地址。From this subnet you will assign the first useable IP address to your router as Microsoft uses the second useable IP for its router.

  • 用于建立此对等互连的有效 VLAN ID。A valid VLAN ID to establish this peering on. 请确保线路中没有其他对等互连使用同一个 VLAN ID。Ensure that no other peering in the circuit uses the same VLAN ID. 主要链接和次要链接必须使用相同的 VLAN ID。For both Primary and Secondary links you must use the same VLAN ID.

  • 对等互连的 AS 编号。AS number for peering. 可以使用 2 字节和 4 字节 AS 编号。You can use both 2-byte and 4-byte AS numbers.

  • 播发的前缀:必须提供要通过 BGP 会话播发的所有前缀列表。Advertised prefixes: You must provide a list of all prefixes you plan to advertise over the BGP session. 只接受公共 IP 地址前缀。Only public IP address prefixes are accepted. 如果打算发送一组前缀,可以发送逗号分隔列表。If you plan to send a set of prefixes, you can send a comma-separated list. 这些前缀必须已在 RIR/IRR 中注册。These prefixes must be registered to you in an RIR / IRR.

  • 路由注册表名称:可以指定 AS 编号和前缀要注册到的 RIR/IRR。Routing Registry Name: You can specify the RIR / IRR against which the AS number and prefixes are registered.

  • 可选 - 客户 ASN:如果要播发的前缀未注册到对等互连 AS 编号,可以指定它们要注册到的 AS 编号。Optional - Customer ASN: If you are advertising prefixes that are not registered to the peering AS number, you can specify the AS number to which they are registered.

  • 可选 - MD5 哈希(如果选择使用)。Optional - An MD5 hash if you choose to use one.

有关启用 Microsoft 对等互连的详细说明,请参阅以下文章:Detailed instructions to enable Microsoft peering can be found in the following articles:

2.验证 Microsoft 对等互连已启用2. Validate Microsoft peering is enabled

验证 Microsoft 对等互连已启用,且播发的公用前缀处于已配置状态。Verify that the Microsoft peering is enabled and the advertised public prefixes are in the configured state.

3.配置路由筛选器并连接到线路3. Configure and attach a route filter to the circuit

默认情况下,新的 Microsoft 对等互连不播发任何前缀,直至路由筛选器附加到线路。By default, new Microsoft peering do not advertise any prefixes until a route filter is attached to the circuit. 创建路由筛选器规则时,可以为要用于 Azure PaaS 服务的 Azure 区域指定服务社区列表。When you create a route filter rule, you can specify the list of service communities for Azure regions that you want to consume for Azure PaaS services. 这为你提供了根据需求筛选路由的灵活性,如以下屏幕截图所示:This provides you the flexibility to filter the routes as per your requirement, as shown in the following screenshot:

合并公共对等互连

使用以下任一文章配置路由筛选器:Configure route filters using any of the following articles:

4.删除公共对等互连4. Delete the public peering

在验证 Microsoft 对等互连已配置且你要使用的前缀已在 Microsoft 对等互连上正确播发之后,随后即可删除公共对等互连。After verifying that the Microsoft peering is configured and the prefixes you wish to consume are correctly advertised on Microsoft peering, you can then delete the public peering. 若要删除公共对等互连,请使用以下任一文章:To delete the public peering, use any of the following articles:

5.查看对等互连5. View peerings

在 Azure 门户中可以看到所有 ExpressRoute 线路和对等互连的列表。You can see a list of all ExpressRoute circuits and peerings in the Azure portal. 有关详细信息,请参阅查看 Microsoft 对等互连详细信息For more information, see View Microsoft peering details.

后续步骤Next steps

有关 ExpressRoute 的详细信息,请参阅 ExpressRoute 常见问题For more information about ExpressRoute, see the ExpressRoute FAQ.