Creación de un dispositivo de red virtual de centro en Azure con Terraform
Un dispositivo VPN es un dispositivo que proporciona conectividad externa a una red local. El dispositivo VPN puede ser un dispositivo de hardware o una solución de software. Un ejemplo de solución de software es el Servicio de acceso remoto y enrutamiento (RRAS) en Windows Server 2012. Para más información sobre los dispositivos VPN, consulte About VPN devices for Site-to-Site VPN Gateway connections (Acerca de los dispositivos VPN y los parámetros de IPsec/IKE para conexiones de VPN Gateway de sitio a sitio).
Azure admite una amplia variedad de dispositivos virtuales de red para seleccionar. Para este artículo, se usa una imagen de Ubuntu. Para más información sobre la amplia variedad de soluciones de dispositivos compatibles con Azure, consulte el página principal de Aplicaciones de red.
En este artículo aprenderá a:
- Implementar la red virtual del concentrador en la topología de red en estrella tipo hub-and-spoke.
- Creación de una máquina virtual de red central que actúa como dispositivo
- Habilitación de rutas mediante extensiones de CustomScript
- Creación de tablas de rutas de puerta de enlace de concentrador y radio
1. Configurar su entorno
- Suscripción de Azure: Si no tiene una suscripción a Azure, cree una cuenta gratuita antes de empezar.
Configuración de Terraform: si aún no lo ha hecho, configure Terraform con una de las siguientes opciones:
Creación de una topología de red híbrida en estrella tipo hub-and-spoke con Terraform en Azure.
Creación de una red virtual del centro con Terraform en Azure.
2. Implementación del código de Terraform
Haga que el directorio de ejemplo creado en el primer artículo de esta serie sea el directorio actual.
Cree un archivo llamado
hub-nva.tfe inserte el siguiente código:locals { prefix-hub-nva = "hub-nva" hub-nva-location = "eastus" hub-nva-resource-group = "hub-nva-rg" } resource "azurerm_resource_group" "hub-nva-rg" { name = "${local.prefix-hub-nva}-rg" location = local.hub-nva-location tags = { environment = local.prefix-hub-nva } } resource "azurerm_network_interface" "hub-nva-nic" { name = "${local.prefix-hub-nva}-nic" location = azurerm_resource_group.hub-nva-rg.location resource_group_name = azurerm_resource_group.hub-nva-rg.name enable_ip_forwarding = true ip_configuration { name = local.prefix-hub-nva subnet_id = azurerm_subnet.hub-dmz.id private_ip_address_allocation = "Static" private_ip_address = "10.0.0.36" } tags = { environment = local.prefix-hub-nva } } resource "azurerm_virtual_machine" "hub-nva-vm" { name = "${local.prefix-hub-nva}-vm" location = azurerm_resource_group.hub-nva-rg.location resource_group_name = azurerm_resource_group.hub-nva-rg.name network_interface_ids = [azurerm_network_interface.hub-nva-nic.id] vm_size = var.vmsize storage_image_reference { publisher = "Canonical" offer = "UbuntuServer" sku = "16.04-LTS" version = "latest" } storage_os_disk { name = "myosdisk1" caching = "ReadWrite" create_option = "FromImage" managed_disk_type = "Standard_LRS" } os_profile { computer_name = "${local.prefix-hub-nva}-vm" admin_username = var.username admin_password = var.password } os_profile_linux_config { disable_password_authentication = false } tags = { environment = local.prefix-hub-nva } } resource "azurerm_virtual_machine_extension" "enable-routes" { name = "enable-iptables-routes" virtual_machine_id = azurerm_virtual_machine.hub-nva-vm.id publisher = "Microsoft.Azure.Extensions" type = "CustomScript" type_handler_version = "2.0" settings = <<SETTINGS { "fileUris": [ "https://raw.githubusercontent.com/mspnp/reference-architectures/master/scripts/linux/enable-ip-forwarding.sh" ], "commandToExecute": "bash enable-ip-forwarding.sh" } SETTINGS tags = { environment = local.prefix-hub-nva } } resource "azurerm_route_table" "hub-gateway-rt" { name = "hub-gateway-rt" location = azurerm_resource_group.hub-nva-rg.location resource_group_name = azurerm_resource_group.hub-nva-rg.name disable_bgp_route_propagation = false route { name = "toHub" address_prefix = "10.0.0.0/16" next_hop_type = "VnetLocal" } route { name = "toSpoke1" address_prefix = "10.1.0.0/16" next_hop_type = "VirtualAppliance" next_hop_in_ip_address = "10.0.0.36" } route { name = "toSpoke2" address_prefix = "10.2.0.0/16" next_hop_type = "VirtualAppliance" next_hop_in_ip_address = "10.0.0.36" } tags = { environment = local.prefix-hub-nva } } resource "azurerm_subnet_route_table_association" "hub-gateway-rt-hub-vnet-gateway-subnet" { subnet_id = azurerm_subnet.hub-gateway-subnet.id route_table_id = azurerm_route_table.hub-gateway-rt.id depends_on = [azurerm_subnet.hub-gateway-subnet] } resource "azurerm_route_table" "spoke1-rt" { name = "spoke1-rt" location = azurerm_resource_group.hub-nva-rg.location resource_group_name = azurerm_resource_group.hub-nva-rg.name disable_bgp_route_propagation = false route { name = "toSpoke2" address_prefix = "10.2.0.0/16" next_hop_type = "VirtualAppliance" next_hop_in_ip_address = "10.0.0.36" } route { name = "default" address_prefix = "0.0.0.0/0" next_hop_type = "vnetlocal" } tags = { environment = local.prefix-hub-nva } } resource "azurerm_subnet_route_table_association" "spoke1-rt-spoke1-vnet-mgmt" { subnet_id = azurerm_subnet.spoke1-mgmt.id route_table_id = azurerm_route_table.spoke1-rt.id depends_on = [azurerm_subnet.spoke1-mgmt] } resource "azurerm_subnet_route_table_association" "spoke1-rt-spoke1-vnet-workload" { subnet_id = azurerm_subnet.spoke1-workload.id route_table_id = azurerm_route_table.spoke1-rt.id depends_on = [azurerm_subnet.spoke1-workload] } resource "azurerm_route_table" "spoke2-rt" { name = "spoke2-rt" location = azurerm_resource_group.hub-nva-rg.location resource_group_name = azurerm_resource_group.hub-nva-rg.name disable_bgp_route_propagation = false route { name = "toSpoke1" address_prefix = "10.1.0.0/16" next_hop_in_ip_address = "10.0.0.36" next_hop_type = "VirtualAppliance" } route { name = "default" address_prefix = "0.0.0.0/0" next_hop_type = "vnetlocal" } tags = { environment = local.prefix-hub-nva } } resource "azurerm_subnet_route_table_association" "spoke2-rt-spoke2-vnet-mgmt" { subnet_id = azurerm_subnet.spoke2-mgmt.id route_table_id = azurerm_route_table.spoke2-rt.id depends_on = [azurerm_subnet.spoke2-mgmt] } resource "azurerm_subnet_route_table_association" "spoke2-rt-spoke2-vnet-workload" { subnet_id = azurerm_subnet.spoke2-workload.id route_table_id = azurerm_route_table.spoke2-rt.id depends_on = [azurerm_subnet.spoke2-workload] }
Solución de problemas de Terraform en Azure
Solución de problemas comunes al usar Terraform en Azure