ASN

ASN

关注
发信
关注(28)粉丝(399)

从两个不同位置到单个Azure Vnet的Express Route连接

本文介绍了从两个不同位置到单个Azure Vnet的Express Route连接的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我的情况如下:

我想设置BGP会话,但是我不确定是否可以正常工作.

我们有来自两个物理上不同的数据中心的两条Express路由,这些数据中心终止在同一Azure Vnet上.

DC 1:

防火墙1 ASN 6501<-> Azure悉尼VNET-1-ASN 12076-私有

防火墙1 ASN 6501<-> Azure悉尼VNET-1-ASN 12076-公共

防火墙1 ASN 6501<-> Azure悉尼VNET-1-ASN 12076-MS

DC 2,ASN 6502

防火墙2 ASN 6502<-> Azure悉尼VNET-1-ASN 12076-私有

防火墙2 ASN 6502<-> Azure悉尼VNET-1-ASN 12076-公共

防火墙2 ASN 6502<-> Azure悉尼VNET-1-ASN 12076-MS

当我计划使用防火墙时,没有VRF.

我还计划在DC1中使用BGP参数Local pref 150,并在DC2上使用x 2前缀,以确保DC1始终偏爱.

我的问题吗?

问题1:在客户端使用两个不同的ASN终止于Azure上的单个ASN广告VNET的情况下,是否进行此设置?

Q2:我是否需要VRF或防火墙策略才能将全部3个会话区分开?

Q3:是否可以通过BGP Prepend控制Azure Vnet以确保始终将流量发送到DC1,并且如果DC1不可用,则只能将流量发送到DC2?

问题4:Azure是否仅具有联网功能?只读或读写访问,因为除非它只是网络的一部分,否则很难从Server团队那里获得对Azure的控制权.

谢谢,

Nilay.

解决方案


My scenario is like below:

BGP session I would like to setup but I am not entirely sure if that will work. 

we have two Express route from two physically diverse data center terminating on the same Azure Vnet. 

DC 1:

Firewall 1  ASN 6501 <--> Azure Sydney VNET-1 - ASN 12076 - Private  

Firewall 1  ASN 6501 <--> Azure Sydney VNET-1 - ASN 12076 - Public  

Firewall 1  ASN 6501 <--> Azure Sydney VNET-1 - ASN 12076 - MS 

DC 2, ASN 6502

Firewall 2  ASN 6502 <--> Azure Sydney VNET-1 - ASN 12076 - Private  

Firewall 2  ASN 6502 <--> Azure Sydney VNET-1 - ASN 12076 - Public  

Firewall 2  ASN 6502 <--> Azure Sydney VNET-1 - ASN 12076 - MS

As I am planning to use the firewall there is no VRF.

I am also planning to use the BGP parameters Local pref 150 in DC1 and preped x 2 on DC2 to make sure DC1 prefer all the time. 

My questions ?

Q1: Do this setup work where two different ASN from client terminating on the single ASN ad VNET at Azure.

Q2: Do I need to have the VRF or Firewall policy to set apart the all 3 session is good enough?

Q3: Can I control Azure Vnet via BGP Prepend to make sure it always send the traffic to DC1 and if the DC1 is not available then only it sends the traffic to DC2?

Q4: Do Azure has Networking only  read only or read and write  access as it is going to be hard to get control from Server team for azure unless it is only networking part. 

Thanks,

Nilay. 

解决方案


这篇关于从两个不同位置到单个Azure Vnet的Express Route连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-23 17:32
Powered by LMLPHP ©2025 ASN 0.001501