您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

教程:使用门户将虚拟网络连接到 ExpressRoute 线路Tutorial: Connect a virtual network to an ExpressRoute circuit using the portal

本教程可帮助你使用 Azure 门户创建连接来将虚拟网络链接到 Azure ExpressRoute 线路。This tutorial helps you create a connection to link a virtual network to an Azure ExpressRoute circuit using the Azure portal. 连接到 Azure ExpressRoute 线路的虚拟网络可以在同一订阅中,也可以属于另一订阅。The virtual networks that you connect to your Azure ExpressRoute circuit can either be in the same subscription or be part of another subscription.

在本教程中,你将了解如何执行以下操作:In this tutorial, you learn how to:

  • 将虚拟网络连接到同一订阅中的线路。Connect a virtual networking to a circuit in the same subscription.
  • 将虚拟网络连接到另一订阅中的线路。Connect a virtual networking to a circuit in a different subscription.
  • 删除虚拟网络与 ExpressRoute 线路之间的链接。Delete the link between the virtual network and ExpressRoute circuit.

必备条件Prerequisites

  • 在开始配置之前,请先查看先决条件路由要求工作流Review the prerequisites, routing requirements, and workflows before you begin configuration.

  • 必须有一个活动的 ExpressRoute 线路。You must have an active ExpressRoute circuit.

    • 请按说明创建 ExpressRoute 线路,并通过连接提供商启用该线路。Follow the instructions to create an ExpressRoute circuit and have the circuit enabled by your connectivity provider.
    • 请确保为线路配置 Azure 专用对等互连。Ensure that you have Azure private peering configured for your circuit. 有关对等互连和路由说明,请参阅为 ExpressRoute 线路创建和修改对等互连一文。See the Create and modify peering for an ExpressRoute circuit article for peering and routing instructions.
    • 确保已配置 Azure 专用对等互连,并建立网络和 Microsoft 之间的 BGP 对等互连,以便进行端到端连接。Ensure that Azure private peering gets configured and establishes BGP peering between your network and Microsoft for end-to-end connectivity.
    • 确保已创建并完全预配一个虚拟网络和一个虚拟网络网关。Ensure that you have a virtual network and a virtual network gateway created and fully provisioned. 按照说明创建 ExpressRoute 的虚拟网络网关Follow the instructions to create a virtual network gateway for ExpressRoute. ExpressRoute 虚拟网络网关使用的 GatewayType 是“ExpressRoute”而非 VPN。A virtual network gateway for ExpressRoute uses the GatewayType 'ExpressRoute', not VPN.
  • 最多可以将 10 个虚拟网络链接到一条标准 ExpressRoute 线路。You can link up to 10 virtual networks to a standard ExpressRoute circuit. 使用标准 ExpressRoute 线路时,所有虚拟网络必须都位于同一地缘政治区域。All virtual networks must be in the same geopolitical region when using a standard ExpressRoute circuit.

  • 单个 VNet 可最多连接到 16 条 ExpressRoute 线路。A single VNet can be linked to up to 16 ExpressRoute circuits. 使用以下流程为要连接的每条 ExpressRoute 线路创建新的连接对象。Use the following process to create a new connection object for each ExpressRoute circuit you're connecting to. ExpressRoute 线路可在同一订阅、不同订阅或两者兼有。The ExpressRoute circuits can be in the same subscription, different subscriptions, or a mix of both.

  • 如果启用 ExpressRoute 高级版加载项,则可以链接 ExpressRoute 线路的地缘政治区域外部的虚拟网络。If you enable the ExpressRoute premium add-on, you can link virtual networks outside of the geopolitical region of the ExpressRoute circuit. 通过高级版加载项,你还可以根据所选带宽,将 10 个以上的虚拟网络连接到 ExpressRoute 线路。The premium add-on will also allow you to connect more than 10 virtual networks to your ExpressRoute circuit depending on the bandwidth chosen. 有关高级外接程序的更多详细信息,请参阅常见问题解答Check the FAQ for more details on the premium add-on.

  • 为了更好地了解这些步骤,可以在开始之前观看视频You can view a video before beginning to better understand the steps.

将 VNet 连接到线路 - 同一订阅Connect a VNet to a circuit - same subscription

备注

如果第 3 层提供商配置了对等互连,则将不会显示 BGP 配置信息。BGP configuration information will not appear if the layer 3 provider configured your peerings. 如果线路处于已预配状态,应该能够创建连接。If your circuit is in a provisioned state, you should be able to create connections.

创建连接To create a connection

  1. 确保已成功配置 ExpressRoute 线路和 Azure 专用对等互连。Ensure that your ExpressRoute circuit and Azure private peering have been configured successfully. 按照创建 ExpressRoute 线路创建和修改 ExpressRoute 线路的对等互连中的说明操作。Follow the instructions in Create an ExpressRoute circuit and Create and modify peering for an ExpressRoute circuit. ExpressRoute 线路应如下图所示:Your ExpressRoute circuit should look like the following image:

    ExpressRoute 线路屏幕截图

  2. 现在可以开始预配连接,以便将虚拟网络网关链接到 ExpressRoute 线路。You can now start provisioning a connection to link your virtual network gateway to your ExpressRoute circuit. 选择“连接” > “添加”,打开“添加连接”页面 。Select Connection > Add to open the Add connection page.

    添加连接屏幕截图

  3. 输入连接的名称,然后选择“下一步:设置 >”。Enter a name for the connection and then select Next: Settings >.

    创建连接的“基本信息”页面

  4. 选择要链接到线路的虚拟网络中的网关,然后选择“查看 + 创建”。Select the gateway that belongs to the virtual network that you want to link to the circuit and select Review + create. 然后在验证完成后,选择“创建”。Then select Create after validation completes.

    创建连接设置页面

  5. 成功配置连接之后,连接对象会显示连接的信息。After your connection has been successfully configured, your connection object will show the information for the connection.

    连接对象屏幕截图

将 VNet 连接到线路 - 不同订阅Connect a VNet to a circuit - different subscription

用户可以在多个订阅之间共享 ExpressRoute 线路。You can share an ExpressRoute circuit across multiple subscriptions. 下图是在多个订阅之间共享 ExpressRoute 线路的简单示意图。The following figure shows a simple schematic of how sharing works for ExpressRoute circuits across multiple subscriptions.

跨订阅连接

大型云中的每个较小云用于表示属于组织中不同部门的订阅。Each of the smaller clouds within the large cloud is used to represent subscriptions that belong to different departments within an organization. 组织内的每个部门使用自己的订阅部署其服务,但可以共享单个 ExpressRoute 线路以连接回本地网络。Each of the departments within the organization uses their own subscription for deploying their services--but they can share a single ExpressRoute circuit to connect back to your on-premises network. 单个部门(在此示例中为 IT 部门)可以拥有 ExpressRoute 线路。A single department (in this example: IT) can own the ExpressRoute circuit. 组织内的其他订阅可以使用 ExpressRoute 线路。Other subscriptions within the organization may use the ExpressRoute circuit.

备注

专用线路的连接和带宽费用将应用于 ExpressRoute 线路所有者。Connectivity and bandwidth charges for the dedicated circuit will be applied to the ExpressRoute circuit owner. 所有虚拟网络共享相同的带宽。All virtual networks share the same bandwidth.

管理 - 关于线路所有者和线路用户Administration - About circuit owners and circuit users

“线路所有者”是 ExpressRoute 线路资源的已授权超级用户。The 'circuit owner' is an authorized Power User of the ExpressRoute circuit resource. 线路所有者可以创建可由线路用户兑换的授权。The circuit owner can create authorizations that can be redeemed by 'circuit users'. 线路用户是虚拟网络网关的所有者(这些网关与 ExpressRoute 线路位于不同的订阅中)。Circuit users are owners of virtual network gateways that aren't within the same subscription as the ExpressRoute circuit. 线路用户可以兑换授权(每个虚拟网络需要一个授权)。Circuit users can redeem authorizations (one authorization per virtual network).

线路所有者有权随时修改和撤消授权。The circuit owner has the power to modify and revoke authorizations at any time. 撤消授权会导致从已撤消访问权限的订阅中删除所有链路连接。Revoking an authorization results in all link connections being deleted from the subscription whose access was revoked.

线路所有者操作Circuit owner operations

若要创建连接授权To create a connection authorization

线路所有者创建授权,这将创建授权密钥,供线路用户用于将其虚拟网络网关连接到 ExpressRoute 线路。The circuit owner creates an authorization, which creates an authorization key to be used by a circuit user to connect their virtual network gateways to the ExpressRoute circuit. 一个授权只可用于一个连接。An authorization is valid for only one connection.

备注

每个连接都需要单独授权。Each connection requires a separate authorization.

  1. 在 ExpressRoute 页面中,选择“授权”,然后键入授权的名称并选择“保存” 。In the ExpressRoute page, select Authorizations and then type a name for the authorization and select Save.

    授权

  2. 保存配置后,复制“资源 ID”和“授权密钥”。Once the configuration is saved, copy the Resource ID and the Authorization Key.

    授权密钥

若要删除连接授权To delete a connection authorization

可为连接的授权密钥选择“删除”图标来删除该连接。You can delete a connection by selecting the Delete icon for the authorization key for your connection.

删除授权密钥

如果要删除连接,但想要保留授权密钥,可从线路的连接页面中删除此连接。If you want to delete the connection but retain the authorization key, you can delete the connection from the connection page of the circuit.

删除具有线路的连接

线路用户操作Circuit user operations

线路用户需有资源 ID 以及线路所有者提供的授权密钥。The circuit user needs the resource ID and an authorization key from the circuit owner.

若要兑换连接授权To redeem a connection authorization

  1. 选择“+ 创建资源” 按钮。Select the + Create a resource button. 搜索“连接”,然后选择“创建” 。Search for Connection and select Create.

    创建新资源

  2. 确保“连接类型”设置为“ExpressRoute”。Make sure the Connection type is set to ExpressRoute. 选择“资源组”和“位置”,然后在“基本信息”页面中选择“确定” 。Select the Resource group and Location, then select OK in the Basics page.

    备注

    该位置必须与你要为其创建连接的虚拟网络网关位置相匹配。The location must match the virtual network gateway location you're creating the connection for.

    “基本信息”页

  3. 在“设置”页面中,选择“虚拟网络网关”并选中“兑换授权”复选框。In the Settings page, Select the Virtual network gateway and check the Redeem authorization check box. 输入“授权密钥”和“对等线路 URI”,并为连接命名。Enter the Authorization key and the Peer circuit URI and give the connection a name. 选择“确定”。Select OK.

    备注

    对等线路 URI 是 ExpressRoute 线路的资源 ID(可以在 ExpressRoute 线路的“属性设置”窗格下找到)。The Peer Circuit URI is the Resource ID of the ExpressRoute circuit (which you can find under the Properties Setting pane of the ExpressRoute Circuit).

    “设置”页

  4. 在“摘要”页面中复查信息,并选择“确定” 。Review the information in the Summary page and select OK.

    摘要页面

清理资源Clean up resources

可以通过在你的连接的页面上单击“删除”图标来取消 VNet 到 ExpressRoute 的链接。You can delete a connection and unlink your VNet to an ExpressRoute circuit by selecting the Delete icon on the page for your connection.

删除连接

后续步骤Next steps

在本教程中,你已了解如何将虚拟网络连接到同一订阅和不同订阅中的线路。In this tutorial, you learned how to connect a virtual network to a circuit in the same subscription and a different subscription. 有关 ExpressRoute 网关的详细信息,请参阅:For more information about the ExpressRoute gateway, see: