Share via

你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn

使用 Azure CLI 创建和修改网络结构控制器

  • 项目

本文介绍如何使用 Azure 命令行接口 (AzureCLI) 创建网络结构控制器 (NFC)。 本文档还演示如何删除网络结构控制器,或检查其状态。

先决条件

在创建 NFC 之前,必须实现所有先决条件。

名称(例如资源)不应包含下划线 (_) 字符。

验证 ExpressRoute 线路

验证 ExpressRoute 线路是否正确连接 (CircuitID)(AuthID);如果连接不正确,NFC 预配将失败。

创建网络结构控制器

必须先创建资源组,然后才能创建 NFC。

注意:应为每个 NFC 创建单独的资源组。

通过运行以下命令创建资源组:

az group create -n NFCResourceGroupName -l "East US"

用于 NFC 创建的属性

参数 说明 示例 必须 类型
Resource-Group 资源组是用于保存 Azure 解决方案相关资源的容器。 NFCResourceGroupName XYZNFCResourceGroupName True 字符串
位置 Azure 区域必须预配部署。 eastus、westus3、southcentralus、eus2euap eastus True 字符串
Resource-Name Resource-name 将是结构的名称 nfcname XYZnfcname True 字符串
NFC IP Block 此块是 NFC IP 子网,默认子网块为 10.0.0.0/19,并且它也不应与任何 ExpressRoute IP 重叠 10.0.0.0/19 10.0.0.0/19 不需要 字符串
Express Route 线路 ExpressRoute 线路是连接 Azure 和本地的专用 10G 链路。 需要知道 ExpressRoute 线路 ID 和身份验证密钥才能成功预配 NFC。 有两条 Express Route 线路,一条用于基础结构服务,另一条用于工作负载(租户)服务 --workload-er-connections '[{"expressRouteCircuitId": "xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx", "expressRouteAuthorizationKey": "xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx"}]'

--infra-er-connections '[{"expressRouteCircuitId": "xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx", "expressRouteAuthorizationKey": "xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx"}]'		 subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-01", "expressRouteAuthorizationKey": "xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx"}] True string

下面是如何使用 Azure CLI 创建 NFC 的示例。 有关详细信息,请参阅属性部分。

az networkfabric controller create \
  --resource-group "NFCResourceGroupName" \
  --location "eastus"  \
  --resource-name "nfcname" \
  --ipv4-address-space "10.0.0.0/19" \
  --infra-er-connections '[{"expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-01", "expressRouteAuthorizationKey": "<auth-key>"}]'
  --workload-er-connections '[{"expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-01"", "expressRouteAuthorizationKey": "<auth-key>"}]'

注意:NFC 创建需要 30-45 分钟。 使用 show 命令监视 NFC 创建进度。 你将看到不同的预配状态,例如“已接受”、“正在更新”和“成功/失败”。 如果创建失败 (Failed),请删除并重新创建 NFC。 预期输出仅在通过 AzureCLI 执行后显示正在运行

预期输出:

 {
  "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabricControllers/nfcname",
  "infrastructureExpressRouteConnections": [
    {
      "expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-02"
    }
  ],
  "infrastructureServices": {
    "ipv4AddressSpaces": [
      "10.0.0.0/21"
    ],
    "ipv6AddressSpaces": []
  },
  "ipv4AddressSpace": "10.0.0.0/19",
  "ipv6AddressSpace": "FC00::/59",
  "isWorkloadManagementNetworkEnabled": "True",
  "location": "eastus",
  "managedResourceGroupConfiguration": {},
  "name": "NFCName",
  "nfcSku": "Standard",
  "provisioningState": "Succeeded",
  "resourceGroup": "NFCResourceGroupName",
  "systemData": {
    "createdAt": "2023XX-XXT18:59:41.7805324Z",
    "createdBy": "email@address.com",
    "createdByType": "User",
    "lastModifiedAt": "2023-XX-XXT09:50:27.4598499Z",
    "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e107873d7",
    "lastModifiedByType": "Application"
  },
  "type": "microsoft.managednetworkfabric/networkfabriccontrollers",
  "workloadExpressRouteConnections": [
    {
      "expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx//resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-03"
    }
  ],
  "workloadManagementNetwork": true,
  "workloadServices": {
    "ipv4AddressSpaces": [
      "10.0.28.0/22"
    ],
    "ipv6AddressSpaces": []
  }
}

使用多个 ExpressRoute 线路更新网络结构控制器。

az networkfabric controller update \ 
 --resource-group "NFCResourceGroupName" \ 
 --location "eastus"  \ 
 --resource-name "nfcname" \ 
 --ipv4-address-space "10.0.0.0/19" \ 
--infra-er-connections "[{expressRouteCircuitId:'/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-01',expressRouteAuthorizationKey:'<auth-key>'},{expressRouteCircuitId:'/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-02',expressRouteAuthorizationKey:'<auth-key>'}]"
--workload-er-connections "[{expressRouteCircuitId:'/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-03',expressRouteAuthorizationKey:'<auth-key>'},{expressRouteCircuitId:'/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-04',expressRouteAuthorizationKey:'<auth-key>'}]"

获取网络结构控制器

  az networkfabric controller show --resource-group "NFCResourceGroupName" --resource-name "nfcname"

预期输出:

{
  "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabricControllers/nfcname",
  "infrastructureExpressRouteConnections": [
    {
      "expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-02"
    }
  ],
  "infrastructureServices": {
    "ipv4AddressSpaces": [
      "10.0.0.0/21"
    ],
    "ipv6AddressSpaces": []
  },
  "ipv4AddressSpace": "10.0.0.0/19",
  "ipv6AddressSpace": "FC00::/59",
  "isWorkloadManagementNetworkEnabled": "True",
  "location": "eastus",
  "managedResourceGroupConfiguration": {},
  "name": "NFCName",
  "nfcSku": "Standard",
  "provisioningState": "Succeeded",
  "resourceGroup": "NFCResourceGroupName",
  "systemData": {
    "createdAt": "2023XX-XXT18:59:41.7805324Z",
    "createdBy": "email@address.com",
    "createdByType": "User",
    "lastModifiedAt": "2023-XX-XXT09:50:27.4598499Z",
    "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e107873d7",
    "lastModifiedByType": "Application"
  },
  "type": "microsoft.managednetworkfabric/networkfabriccontrollers",
  "workloadExpressRouteConnections": [
    {
      "expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx//resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-03"
    }
  ],
  "workloadManagementNetwork": true,
  "workloadServices": {
    "ipv4AddressSpaces": [
      "10.0.28.0/22"
    ],
    "ipv6AddressSpaces": []
  }
}

更新网络结构控制器

网络结构控制器中的 PATCH 功能使用户能够轻松添加或更换其他 Express Route 线路。 此功能在发生失败或潜在迁移事件期间特别有用。 在这种情况下,网络运营商可以通过添加或删除 Express Route 和密钥来灵活地修改活动的网络结构控制器,同时确保操作不受影响。

注意

启动更新命令时,提供在创建过程中提供的所有参数至关重要。 这是因为 update 命令将覆盖现有内容,因此需要包含所有相关参数,以确保修改全面、准确。

az networkfabric controller update \ 
  --resource-group "NFCResourceGroupName" \ 
  --location "eastus"  \ 
  --resource-name "nfcname" \ 
  --ipv4-address-space "10.0.0.0/19" \ 
  --infra-er-connections '[{"expressRouteCircuitId":"/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-01", "expressRouteAuthorizationKey": "<auth-key>"}]' 
  --workload-er-connections '[{"expressRouteCircuitId":"/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-01"", "expressRouteAuthorizationKey": "<auth-key>"}]'

注意

运行 az networkfabric controller show 以检索有关网络结构控制器的信息。

删除网络结构控制器

只有在删除所有关联的网络结构后,才应删除 NFC。

  az networkfabric controller delete --resource-group "NFCResourceGroupName" --resource-name "nfcname"

预期输出:

"name": "nfcname",
    "networkFabricIds": [],
    "operationalState": null,
    "provisioningState": "succeeded",
    "resourceGroup": "NFCResourceGroupName",
    "systemData": {
      "createdAt": "2022-10-31T10:47:08.072025+00:00",

注意

删除 NFC 需要 30 分钟。 在 Azure 门户中,验证托管资源是否已删除。

后续步骤

成功创建 NFC 后,下一步是创建群集管理器