创建 NVA 的虚拟 WAN 中心路由表:Azure 门户Create a Virtual WAN hub route table for NVAs: Azure portal

本文介绍如何通过网络虚拟设备 (NVA) 将流量从连接到虚拟 WAN 中心的分支(本地站点)引导到辐射虚拟网络 (VNet)。This article shows you how to steer traffic from a branch (on-premises site) connected to the Virtual WAN hub to a Spoke virtual network (VNet) via a Network Virtual Appliance (NVA).

虚拟 WAN 示意图

准备阶段Before you begin

验证是否符合以下条件:Verify that you have met the following criteria:

  • 已有一个网络虚拟设备 (NVA)。You have a Network Virtual Appliance (NVA). 网络虚拟设备是所选的第三方软件,它通常是通过虚拟网络中的 Azure 市场预配的。A Network Virtual Appliance is a third-party software of your choice that is typically provisioned from Azure Marketplace in a virtual network.

    • 必须向 NVA 网络接口分配一个专用 IP 地址。A private IP address must be assigned to the NVA network interface.

    • 该 NVA 不是部署在虚拟中心内。The NVA is not deployed in the virtual hub. 它必须部署在单独的虚拟网络中。It must be deployed in a separate virtual network.

    • 可将一个或多个虚拟网络连接到 NVA 虚拟网络。The NVA virtual network may have one or many virtual networks connected to it. 本文将 NVA 虚拟网络称作“间接辐射 VNet”。In this article, we refer to the NVA virtual network as an 'indirect spoke VNet'. 可以使用 VNet 对等互连将这些虚拟网络连接到 NVA VNet。These virtual networks can be connected to the NVA VNet by using VNet peering. 在上图中,VNet 1、VNet 2 和 NVA VNet 之间的 VNet 对等互连链路用黑色箭头表示。The VNet Peering links are depicted by black arrows in the above figure between VNet 1, VNet 2, and NVA VNet.

  • 你已创建了两个虚拟网络。You have created two virtual networks. 这些 VNet 将用作辐射 VNet。They will be used as spoke VNets.

    • VNet 辐射地址空间为:VNet1:10.0.2.0/24,VNet2:10.0.3.0/24。The VNet spoke address spaces are: VNet1: 10.0.2.0/24 and VNet2: 10.0.3.0/24. 有关如何创建虚拟网络的信息,请参阅创建虚拟网络If you need information on how to create a virtual network, see Create a virtual network.

    • 确保上述任何 VNet 不包含虚拟网络网关。Ensure there are no virtual network gateways in any of the VNets.

    • VNet 不需要网关子网。The VNets do not require a gateway subnet.

1.登录1. Sign in

从浏览器导航到 Azure 门户并使用 Azure 帐户登录。From a browser, navigate to the Azure portal and sign in with your Azure account.

2.创建虚拟 WAN2. Create a virtual WAN

创建虚拟 WAN。Create a virtual WAN. 请使用以下示例值:Use the following example values:

  • 虚拟 WAN 名称: myVirtualWANVirtual WAN name: myVirtualWAN
  • 资源组: testRGResource group: testRG
  • 位置: 中国北部 2Location: China North 2
  1. 导航到“虚拟 WAN”页。Navigate to the Virtual WAN page. 在门户中,单击“+创建资源” 。In the portal, click +Create a resource. 在搜索框中键入“虚拟 WAN” ,然后选择 Enter。Type Virtual WAN into the search box and select Enter.

  2. 从结果中选择“虚拟 WAN” 。Select Virtual WAN from the results. 在“虚拟 WAN”页上,单击“创建” 。On the Virtual WAN page, click Create.

  3. 在“创建 WAN” 页上填写以下字段:On the Create WAN page, fill in the following fields:

    • 名称 - 键入要用于称呼 WAN 的名称。Name - Type the Name that you want to call your WAN.
    • 订阅 - 选择要使用的订阅。Subscription - Select the subscription that you want to use.
    • 资源组 - 新建资源组或使用现有的资源组。Resource Group - Create new or use existing.
    • 资源位置 - 从下拉列表中选择资源位置。Resource Location - Choose a resource location from the dropdown. WAN 是一个全局资源,不会驻留在某个特定区域。A WAN is a global resource and does not live in a particular region. 但是,必须选择一个区域才能更轻松地管理和查找所创建的 WAN 资源。However, you must select a region in order to more easily manage and locate the WAN resource that you create.
  4. 填写完字段后,单击“创建” 。After you finish filling out the fields, click Create.

3.创建中心3. Create a hub

创建中心。Create the hub. 请使用以下示例值:Use the following example values:

  • 位置: 中国北部 2Location: China North 2
  • 名称: chinanorth2hubName: chinanorth2hub
  • 中心专用地址空间: 10.0.1.0/24Hub private address space: 10.0.1.0/24

中心包含网关。A hub contains the gateway. 创建中心后,即使你没有附加任何站点,也会对该中心收取费用。Once the hub is created, you'll be charged for the hub, even if you don't attach any sites. 创建中心和网关需要 30 分钟。It takes 30 minutes to create the hub and gateway.

  1. 找到创建的虚拟 WAN。Locate the Virtual WAN that you created. 在虚拟 WAN 页的“虚拟 WAN 体系结构”部分,单击“中心” 。On the Virtual WAN page, under the Virtual WAN architecture section, click Hubs.

  2. 在“中心”页上,单击“+新建中心”打开“创建虚拟中心”页 。On the Hubs page, click +New Hub to open the Create virtual hub page.

  3. 在“创建虚拟中心” 页上,请填写以下字段:On the Create virtual hub page, complete the following fields:

    • 位置Location
    • 名称Name
    • 中心专用地址空间Hub private address space

单击“确认”以创建中心。 Click Confirm to create the hub. 单击“刷新”以在“中心”页上查看该中心 。Click Refresh to view the hub on the Hubs page.

4.创建并应用中心路由表4. Create and apply a hub route table

使用中心路由表更新中心。Update the hub with a hub route table. 请使用以下示例值:Use the following example values:

  • 辐射 VNet 地址空间: (VNet1 和 VNet2)10.0.2.0/24 和 10.0.3.0/24Spoke VNet address spaces: (VNet1 and VNet2) 10.0.2.0/24 and 10.0.3.0/24
  • 外围网络 NVA 网络接口专用 IP 地址: 10.0.4.5DMZ NVA network interface private IP address: 10.0.4.5
  1. 导航到你的虚拟 WAN。Navigate to your virtual WAN.
  2. 单击要为其创建路由表的中心。Click the hub for which you want to create a route table.
  3. 依次单击“...”、“编辑虚拟中心”。 Click the ..., and then click Edit virtual hub.
  4. 在“编辑虚拟中心”页上,向下滚动并选中“使用表路由”复选框。 On the Edit virtual hub page, scroll down and select the checkbox Use table for routing.
  5. 在“如果目标前缀为”列中添加地址空间。 In the If destination prefix is column, add the address spaces. 在“发送到下一跃点”列中,添加外围网络 NVA 网络接口专用 IP 地址。 In the Send to next hop column, add the DMZ NVA network interface private IP address.
  6. 单击“确认”以使用路由表设置更新中心资源。 Click Confirm to update the hub resource with the route table settings.

5.创建 VNet 连接5. Create the VNet connections

创建从每个间接辐射 VNet(VNet1 和 VNet2)到中心的虚拟网络连接。Create a virtual network connection from each indirect spoke VNet (VNet1 and VNet2) to the hub. 这些虚拟网络连接在上图中用蓝色箭头表示。These virtual network connections are depicted by the blue arrows in the above figure. 然后,创建从 NVA VNet 到中心的 VNet 连接(图中的黑色箭头)。Then, create a VNet connection from the NVA VNet to the hub (black arrow in the figure).

对于此步骤,可以使用以下值:For this step, you can use the following values:

虚拟网络名称Virtual network name 连接名称Connection name
VNet1VNet1 testconnection1testconnection1
VNet2VNet2 testconnection2testconnection2
NVAVNetNVAVNet testconnection3testconnection3

针对要连接的每个虚拟网络重复以下过程。Repeat the following procedure for each virtual network that you want to connect.

  1. 在虚拟 WAN 的页面上,单击“虚拟网络连接”。 On the page for your virtual WAN, click Virtual network connections.

  2. 在虚拟网络连接页上,单击“+添加连接”。 On the virtual network connection page, click +Add connection.

  3. 在“添加连接”页上填写以下字段 :On the Add connection page, fill in the following fields:

    • 连接名称 - 为连接命名。Connection name - Name your connection.
    • 中心 - 选择要与此连接关联的中心。Hubs - Select the hub you want to associate with this connection.
    • 订阅 - 验证订阅。Subscription - Verify the subscription.
    • 虚拟网络 - 选择要连接到此中心的虚拟网络。Virtual network - Select the virtual network you want to connect to this hub. 此虚拟网络不能包含现有的虚拟网络网关。The virtual network cannot have an already existing virtual network gateway.
  4. 单击“确定”创建连接。 Click OK to create the connection.

后续步骤Next steps

若要详细了解虚拟 WAN,请参阅虚拟 WAN 概述页。To learn more about Virtual WAN, see the Virtual WAN Overview page.