快速入门:使用 ARM 模板创建具有专用对等互连的 ExpressRoute 线路
本快速入门介绍如何使用 Azure 资源管理器模板(ARM 模板)来创建具有专用对等互连的 ExpressRoute 线路。
资源管理器模板是定义项目基础结构和配置的 JavaScript 对象表示法 (JSON) 文件。 模板使用声明性语法。 在声明性语法中,你可以在不编写创建部署的编程命令序列的情况下,描述预期部署。
如果你的环境满足先决条件,并且你熟悉如何使用 ARM 模板,请选择“部署到 Azure”按钮。 模板将在 Azure 门户中打开。
先决条件
如果没有 Azure 订阅,请在开始前创建试用版订阅。
查看模板
本快速入门中使用的模板来自 Azure 快速启动模板。
在本快速入门中,你将创建一个以上海电信以太网为服务提供商的 ExpressRoute 线路。 该线路使用高级 SKU,带宽为 50 Mbps,对等互连位置在上海。 使用主要子网 192.168.10.16/30 和辅助子网 192.168.10.20/30 来启用专用对等互连。 创建虚拟网络以及 HighPerformance ExpressRoute 网关。
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.5.6.12127",
"templateHash": "7902308351795495256"
}
},
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources deployed in the Bicep file"
}
},
"erpeeringLocation": {
"type": "string",
"defaultValue": "Shanghai",
"metadata": {
"description": "ExpressRoute peering location"
}
},
"erCircuitName": {
"type": "string",
"defaultValue": "er-ckt01",
"metadata": {
"description": "Name of the ExpressRoute circuit"
}
},
"serviceProviderName": {
"type": "string",
"defaultValue": "Shanghai Telecom Ethernet",
"metadata": {
"description": "Name of the ExpressRoute provider"
}
},
"erSKU_Tier": {
"type": "string",
"defaultValue": "Premium",
"allowedValues": [
"Premium",
"Standard"
],
"metadata": {
"description": "Tier ExpressRoute circuit"
}
},
"erSKU_Family": {
"type": "string",
"defaultValue": "MeteredData",
"allowedValues": [
"MeteredData",
"UnlimitedData"
],
"metadata": {
"description": "Billing model ExpressRoute circuit"
}
},
"bandwidthInMbps": {
"type": "int",
"defaultValue": 50,
"allowedValues": [
50,
100,
200,
500,
1000,
2000,
5000,
10000
],
"metadata": {
"description": "Bandwidth ExpressRoute circuit"
}
},
"peerASN": {
"type": "int",
"defaultValue": 65001,
"metadata": {
"description": "autonomous system number used to create private peering between the customer edge router and MSEE routers"
}
},
"primaryPeerAddressPrefix": {
"type": "string",
"defaultValue": "192.168.10.16/30",
"metadata": {
"description": "point-to-point network prefix of primary link between the customer edge router and MSEE router"
}
},
"secondaryPeerAddressPrefix": {
"type": "string",
"defaultValue": "192.168.10.20/30",
"metadata": {
"description": "point-to-point network prefix of secondary link between the customer edge router and MSEE router"
}
},
"vlanId": {
"type": "int",
"defaultValue": 100,
"metadata": {
"description": "VLAN Id used between the customer edge routers and MSEE routers. primary and secondary link have the same VLAN Id"
}
},
"vnetName": {
"type": "string",
"defaultValue": "vnet1",
"metadata": {
"description": "name of the Virtual Network"
}
},
"subnet1Name": {
"type": "string",
"defaultValue": "subnet1",
"metadata": {
"description": "name of the subnet"
}
},
"vnetAddressSpace": {
"type": "string",
"defaultValue": "10.10.10.0/24",
"metadata": {
"description": "address space assigned to the Virtual Network"
}
},
"subnet1Prefix": {
"type": "string",
"defaultValue": "10.10.10.0/25",
"metadata": {
"description": "network prefix assigned to the subnet"
}
},
"gatewaySubnetPrefix": {
"type": "string",
"defaultValue": "10.10.10.224/27",
"metadata": {
"description": "network prefixes assigned to the gateway subnet. It has to be a network prefix with mask /27 or larger"
}
},
"gatewayName": {
"type": "string",
"defaultValue": "er-gw",
"metadata": {
"description": "name of the ExpressRoute Gateway"
}
},
"gatewaySku": {
"type": "string",
"defaultValue": "HighPerformance",
"allowedValues": [
"Standard",
"HighPerformance",
"UltraPerformance",
"ErGw1AZ",
"ErGw2AZ",
"ErGw3AZ"
],
"metadata": {
"description": "ExpressRoute Gateway SKU"
}
}
},
"variables": {
"erSKU_Name": "[format('{0}_{1}', parameters('erSKU_Tier'), parameters('erSKU_Family'))]",
"gatewayPublicIPName": "[format('{0}-pubIP', parameters('gatewayName'))]",
"nsgName": "nsg"
},
"resources": [
{
"type": "Microsoft.Network/expressRouteCircuits",
"apiVersion": "2021-05-01",
"name": "[parameters('erCircuitName')]",
"location": "[parameters('location')]",
"sku": {
"name": "[variables('erSKU_Name')]",
"tier": "[parameters('erSKU_Tier')]",
"family": "[parameters('erSKU_Family')]"
},
"properties": {
"serviceProviderProperties": {
"serviceProviderName": "[parameters('serviceProviderName')]",
"peeringLocation": "[parameters('erpeeringLocation')]",
"bandwidthInMbps": "[parameters('bandwidthInMbps')]"
},
"allowClassicOperations": false
}
},
{
"type": "Microsoft.Network/expressRouteCircuits/peerings",
"apiVersion": "2021-05-01",
"name": "[format('{0}/{1}', parameters('erCircuitName'), 'AzurePrivatePeering')]",
"properties": {
"peeringType": "AzurePrivatePeering",
"peerASN": "[parameters('peerASN')]",
"primaryPeerAddressPrefix": "[parameters('primaryPeerAddressPrefix')]",
"secondaryPeerAddressPrefix": "[parameters('secondaryPeerAddressPrefix')]",
"vlanId": "[parameters('vlanId')]"
},
"dependsOn": [
"[resourceId('Microsoft.Network/expressRouteCircuits', parameters('erCircuitName'))]"
]
},
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2021-05-01",
"name": "[variables('nsgName')]",
"location": "[parameters('location')]",
"properties": {
"securityRules": [
{
"name": "SSH-rule",
"properties": {
"description": "allow SSH",
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "22",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "VirtualNetwork",
"access": "Allow",
"priority": 500,
"direction": "Inbound"
}
},
{
"name": "RDP-rule",
"properties": {
"description": "allow RDP",
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "3389",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "VirtualNetwork",
"access": "Allow",
"priority": 600,
"direction": "Inbound"
}
}
]
}
},
{
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2021-05-01",
"name": "[parameters('vnetName')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('vnetAddressSpace')]"
]
},
"subnets": [
{
"name": "[parameters('subnet1Name')]",
"properties": {
"addressPrefix": "[parameters('subnet1Prefix')]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]"
}
}
},
{
"name": "GatewaySubnet",
"properties": {
"addressPrefix": "[parameters('gatewaySubnetPrefix')]"
}
}
]
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]"
]
},
{
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "2021-05-01",
"name": "[variables('gatewayPublicIPName')]",
"location": "[parameters('location')]",
"properties": {
"publicIPAllocationMethod": "Dynamic"
}
},
{
"type": "Microsoft.Network/virtualNetworkGateways",
"apiVersion": "2021-05-01",
"name": "[parameters('gatewayName')]",
"location": "[parameters('location')]",
"properties": {
"ipConfigurations": [
{
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), 'GatewaySubnet')]"
},
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('gatewayPublicIPName'))]"
}
},
"name": "gwIPconf"
}
],
"gatewayType": "ExpressRoute",
"sku": {
"name": "[parameters('gatewaySku')]",
"tier": "[parameters('gatewaySku')]"
},
"vpnType": "RouteBased"
},
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses', variables('gatewayPublicIPName'))]",
"[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName'))]"
]
}
],
"outputs": {
"erCircuitName": {
"type": "string",
"value": "[parameters('erCircuitName')]"
},
"gatewayName": {
"type": "string",
"value": "[parameters('gatewayName')]"
},
"gatewaySku": {
"type": "string",
"value": "[parameters('gatewaySku')]"
}
}
}
该模板中已定义了多个 Azure 资源:
- Microsoft.Network/expressRouteCircuits
- Microsoft.Network/expressRouteCircuits/peerings(用于线路上已启用的专用对等互连)
- Microsoft.Network/networkSecurityGroups(网络安全组应用于虚拟网络中的子网)
- Microsoft.Network/virtualNetworks
- Microsoft.Network/publicIPAddresses(公共 IP 由 ExpressRoute 网关使用)
- Microsoft.Network/virtualNetworkGateways(ExpressRoute 网关用于将 VNet 链接到线路)
若要查找与 ExpressRoute 相关的更多模板,请参阅 Azure 快速启动模板。
部署模板
打开 Azure PowerShell 控制台并登录到由世纪互联运营的 Azure。
$projectName = Read-Host -Prompt "Enter a project name that is used for generating resource names" $location = Read-Host -Prompt "Enter the location (i.e. chinaeast)" $templateUri = "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.network/expressroute-private-peering-vnet/azuredeploy.json" $resourceGroupName = "${projectName}rg" New-AzResourceGroup -Name $resourceGroupName -Location "$location" New-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateUri $templateUri Read-Host -Prompt "Press [ENTER] to continue ..."等到控制台中显示提示。
从上一个代码块中选择“复制”,以复制 PowerShell 脚本。
右键单击 shell 控制台窗格,然后选择“粘贴”。
输入相应的值。
资源组名称是追加了 rg 的项目名称。
部署模板大约需要 20 分钟。 完成后,输出类似于:
使用 Azure PowerShell 部署模板。 除了 Azure PowerShell,还可以使用 Azure 门户、Azure CLI 和 REST API。 若要了解其他部署方法,请参阅部署模板。
验证部署
登录 Azure 门户。
从左侧窗格中选择“资源组”。
选择你在上一部分中创建的资源组。 默认资源组名称是追加了 rg 的项目名称。
资源组应包含以下资源:
选择 ExpressRoute 线路 er-ck01 来验证线路状态是否为“已启用”,提供程序状态是否为“未预配”,专用对等互连的状态是否为“已预配” 。
注意
你将需要调用提供程序来完成预配过程,然后才能将虚拟网络链接到线路。
清理资源
如果不再需要使用 ExpressRoute 线路创建的资源,请删除资源组以删除 ExpressRoute 线路和所有相关资源。
若要删除资源组,请调用 Remove-AzResourceGroup cmdlet:
Remove-AzResourceGroup -Name <your resource group name>
后续步骤
在本快速入门中,我们创建了:
- ExpressRoute 线路
- 虚拟网络
- VPN 网关
- 公共 IP
- 网络安全组
若要了解如何将虚拟网络链接到线路,请继续学习 ExpressRoute 教程。