Tutorial: Configure a virtual network gateway for ExpressRoute using PowerShell
This tutorial helps you add, resize, and remove a virtual network (VNet) gateway for a pre-existing VNet. The steps for this configuration apply to VNets that were created using the Resource Manager deployment model for an ExpressRoute configuration. For more information, see About virtual network gateways for ExpressRoute.
In this tutorial, you learn how to:
- Create a gateway subnet.
- Create Virtual Network gateway.
Configuration reference list
The steps for this task use a VNet based on the values in the following configuration reference list. Additional settings and names are also outlined in this list. We don't use this list directly in any of the steps, although we do add variables based on the values in this list. You can copy the list to use as a reference, replacing the values with your own.
|Virtual Network Name||TestVNet|
|Virtual Network address space||192.168.0.0/16|
|Subnet1 address space||192.168.1.0/24|
|Gateway Subnet name||GatewaySubnet|
|Gateway Subnet address space||192.168.200.0/26|
|Gateway IP Name||GWIP|
|Gateway IP configuration Name||gwipconf|
|Gateway Public IP Name||gwpip|
IPv6 support for private peering is currently in Public Preview. If you would like to connect your virtual network to an ExpressRoute circuit with IPv6-based private peering configured, please make sure that your virtual network is dual stack and follows the guidelines described here.
Add a gateway
To connect with Azure, run
Declare your variables for this exercise. Be sure to edit the sample to reflect the settings that you want to use.
$RG = "TestRG" $Location = "East US" $GWName = "GW" $GWIPName = "GWIP" $GWIPconfName = "gwipconf" $VNetName = "TestVNet"
Store the virtual network object as a variable.
$vnet = Get-AzVirtualNetwork -Name $VNetName -ResourceGroupName $RG
Add a gateway subnet to your Virtual Network. The gateway subnet must be named "GatewaySubnet". The gateway subnet has to be /27 or larger (/26, /25, and so on). If you plan on connecting 16 ExpressRoute circuits to your gateway, you must create a gateway subnet of /26 or larger.
Add-AzVirtualNetworkSubnetConfig -Name GatewaySubnet -VirtualNetwork $vnet -AddressPrefix 192.168.200.0/26
If you are using a dual stack virtual network and plan to use IPv6-based private peering over ExpressRoute, create a dual stack gateway subnet instead.
Add-AzVirtualNetworkSubnetConfig -Name GatewaySubnet -VirtualNetwork $vnet -AddressPrefix "10.0.0.0/26","ace:daa:daaa:deaa::/64"
Set the configuration.
$vnet = Set-AzVirtualNetwork -VirtualNetwork $vnet
Store the gateway subnet as a variable.
$subnet = Get-AzVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -VirtualNetwork $vnet
Request a public IP address. The IP address is requested before creating the gateway. You can't specify the IP address that you want to use; it’s dynamically assigned. You'll use this IP address in the next configuration section. The AllocationMethod must be Dynamic.
$pip = New-AzPublicIpAddress -Name $GWIPName -ResourceGroupName $RG -Location $Location -AllocationMethod Dynamic
If you plan to use IPv6-based private peering over ExpressRoute, please set the IP SKU to Standard and the AllocationMethod to Static:
$pip = New-AzPublicIpAddress -Name $GWIPName -ResourceGroupName $RG -Location $Location -AllocationMethod Static -SKU Standard
Create the configuration for your gateway. The gateway configuration defines the subnet and the public IP address to use. In this step, you're specifying the configuration that will be used when you create the gateway. Use the following sample to create your gateway configuration.
$ipconf = New-AzVirtualNetworkGatewayIpConfig -Name $GWIPconfName -Subnet $subnet -PublicIpAddress $pip
Create the gateway. In this step, the -GatewayType is especially important. You must use the value ExpressRoute. After running these cmdlets, the gateway can take 45 minutes or more to create.
New-AzVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG -Location $Location -IpConfigurations $ipconf -GatewayType Expressroute -GatewaySku Standard
If you plan to use IPv6-based private peering over ExpressRoute, make sure to select an AZ SKU (ErGw1AZ, ErGw2AZ, ErGw3AZ) for -GatewaySku or use Non-AZ SKU (Standard, HighPerformance, UltraPerformance) for -GatewaySKU with Standard and Static Public IP.
Verify the gateway was created
Use the following commands to verify that the gateway has been created:
Get-AzVirtualNetworkGateway -ResourceGroupName $RG
Resize a gateway
There are a number of Gateway SKUs. You can use the following command to change the Gateway SKU at any time.
This command doesn't work for UltraPerformance gateway. To change your gateway to an UltraPerformance gateway, first remove the existing ExpressRoute gateway, and then create a new UltraPerformance gateway. To downgrade your gateway from an UltraPerformance gateway, first remove the UltraPerformance gateway, and then create a new gateway.
$gw = Get-AzVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG Resize-AzVirtualNetworkGateway -VirtualNetworkGateway $gw -GatewaySku HighPerformance
Clean up resources
Use the following command to remove the gateway:
Remove-AzVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG
After you've created the VNet gateway, you can link your VNet to an ExpressRoute circuit.