方案:路由到共享服务 VNetScenario: Route to Shared Services VNets

使用虚拟 WAN 虚拟中心路由时,有很多可用方案。When working with Virtual WAN virtual hub routing, there are quite a few available scenarios. 此方案的目标是设置路由以访问共享服务 VNet,其中包含你希望每个 VNet 和分支 (VPN/ER/P2S) 访问的工作负荷。In this scenario, the goal is to set up routes to access a Shared Service VNet with workloads that you want every VNet and Branch (VPN/ER/P2S) to access. 这些共享工作负荷的示例可能包括具有域控制器或文件共享等服务的虚拟机。Examples of these shared workloads might include Virtual Machines with services like Domain Controllers or File Shares.

有关虚拟中心路由的详细信息,请参阅关于虚拟中心路由For more information about virtual hub routing, see About virtual hub routing.

设计Design

我们可以使用连接性矩阵来汇总此方案的各项要求。We can use a connectivity matrix to summarize the requirements of this scenario. 在该矩阵中,各单元格描述了虚拟 WAN 连接(流的“源”端,表中的行标题)是否了解特定流量流的目标前缀(流的“目标”端,表中斜体形式的列标题)。In the matrix, each cell describes whether a Virtual WAN connection (the "From" side of the flow, the row headers in the table) learns a destination prefix (the "To" side of the flow, the column headers in italics in the table) for a specific traffic flow. “X”的意思是连接性由虚拟 WAN 提供:An "X" means that connectivity is provided by Virtual WAN:

连接性矩阵Connectivity matrix

From 到:To: 隔离的 VNetIsolated VNets 共享 VNetShared VNet 分支Branches
隔离的 VNetIsolated VNets XX XX
共享 VNetShared VNets XX XX XX
分支Branches XX XX XX

隔离 VNet 方案类似,此连接性矩阵提供了两种不同的行模式,它们会转换为两个路由表(共享服务 VNet 和分支具有相同的连接要求)。Similar to the Isolated VNet scenario, this connectivity matrix gives us two different row patterns, which translate to two route tables (the shared services VNets and the branches have the same connectivity requirements). 虚拟 WAN 已经具有默认路由表,因此我们还需要一个自定义路由表,在本例中,我们将其称为 RT_SHARED。Virtual WAN already has a Default route table, so we will need another custom route table, which we will call RT_SHARED in this example.

VNet 将与 RT_SHARED 路由表关联。VNets will be associated to the RT_SHARED route table. 由于它们需要连接到分支和共享服务 VNet,因此共享服务 VNet 和分支需要传播到 RT_SHARED(否则 VNet 无法了解分支前缀和共享 VNet 前缀)。Because they need connectivity to branches and to the shared service VNets, the shared service VNet and branches will need to propagate to RT_SHARED (otherwise the VNets would not learn the branch and shared VNet prefixes). 由于分支始终关联到默认路由表,并且共享服务 VNet 的连接要求相同,因此我们也将共享服务 VNet 关联到默认路由表。Because the branches are always associated to the Default route table, and the connectivity requirements are the same for shared services VNets, we will associate the shared service VNets to the Default route table too.

因此,最终设计如下:As a result, this is the final design:

  • 隔离的虚拟网络:Isolated virtual networks:
    • 关联的路由表:RT_SHAREDAssociated route table: RT_SHARED
    • 传播到路由表: 默认Propagating to route tables: Default
  • 共享服务虚拟网络:Shared Services virtual networks:
    • 关联的路由表: 默认Associated route table: Default
    • 传播到路由表:RT_SHARED 和 DefaultPropagating to route tables: RT_SHARED and Default
  • 分支:Branches:
    • 关联的路由表: 默认Associated route table: Default
    • 传播到路由表:RT_SHARED 和 DefaultPropagating to route tables: RT_SHARED and Default

备注

如果将虚拟 WAN 部署在多个区域,则需要在每个中心创建 RT_SHARED 路由表,并且需要使用传播标签将每个共享服务 VNet 和分支连接中的路由传播到每个虚拟中心的路由表。If your Virtual WAN is deployed over multiple regions, you will need to create the RT_SHARED route table in every hub, and routes from each shared services VNet and branch connection need to be propagated to the route tables in every virtual hub using propagation labels.

有关虚拟中心路由的详细信息,请参阅关于虚拟中心路由For more information about virtual hub routing, see About virtual hub routing.

工作流Workflow

若要配置此方案,请考虑以下步骤:To configure the scenario, consider the following steps:

  1. 标识共享服务 VNet。Identify the Shared Services VNet.

  2. 创建一个自定义路由表。Create a custom route table. 在本例中,我们将路由表称为 RT_SHARED。In the example, we refer to the route table as RT_SHARED. 有关创建路由表的步骤,请参阅如何配置虚拟中心路由For steps to create a route table, see How to configure virtual hub routing. 使用以下值作为准则:Use the following values as a guideline:

    • 关联Association

      • 对于除共享服务 VNet 外的 VNet ,请选择要隔离的 VNet。For VNets except the Shared Services VNet , select the VNets to isolate. 这意味着,所有这些 VNet(共享服务 VNet 除外)都能够基于 RT_SHARED 路由表的路由来访问目标。This will imply that all these VNets (except the shared services VNet) will be able to reach destination based on the routes of RT_SHARED route table.
    • 传播Propagation

      • 对于分支,除了可能已经选择的任何其他路由表之外,还需要将路由传播到此路由表。For Branches , propagate routes to this route table, in addition to any other route tables you may have already selected. 此步骤可让 RT_SHARED 路由表了解所有分支连接(VPN/ER/用户 VPN)中的路由。Because of this step, the RT_SHARED route table will learn routes from all branch connections (VPN/ER/User VPN).
      • 对于 VNet,请选择“共享服务 VNet”。For VNets , select the Shared Services VNet. 此步骤可让 RT_SHARED 路由表了解共享服务 VNet 连接中的路由。Because of this step, RT_SHARED route table will learn routes from the Shared Services VNet connection.

最终的路由配置如下图所示:This will result in the routing configuration shown in the following figure:

共享服务 VNet

后续步骤Next steps