Share via

使用 Azure CLI 建立和修改網路網狀架構控制器

  • 發行項

本文說明如何使用 Azure 命令行介面 (AzureCLI) 建立網路網狀架構控制器 (NFC)。 本檔也會說明如何檢查狀態,或刪除網路網狀架構控制器。

必要條件

您必須先實作所有必要條件,才能建立 NFC。

例如資源的名稱不應該包含底線 (_) 字元。

驗證 ExpressRoute 線路

驗證 ExpressRoute 線路以取得正確的連線能力(CircuitID)(AuthID):如果連線不正確,NFC 布建將會失敗。

建立網路網狀架構控制器

您必須先建立資源群組,才能建立 NFC。

注意:您應該為每個 NFC 建立個別的資源群組。

您可以執行下列命令來建立資源群組:

az group create -n NFCResourceGroupName -l "East US"

NFC 建立的屬性

參數 描述 範例 必要 類型
Resource-Group 「資源群組」是存放 Azure 解決方案相關資源的容器。 NFCResourceGroupName XYZNFCResourceGroupName True String
Location Azure 區域是布建部署的必要專案。 eastus、westus3、southcentralus、eus2euap eastus True String
Resource-Name Resource-name 會是網狀架構的名稱 nfcname XYZnfcname True String
NFC IP 區塊 此區塊是 NFC IP 子網,預設子網區塊為 10.0.0.0/19,而且不應該與任何 ExpressRoute IP 重疊 10.0.0.0/19 10.0.0.0/19 非必要 String
ExpressRoute 線路 ExpressRoute 線路是連線 Azure 和內部部署的專用 10G 連結。 您必須知道 NFC 的 ExpressRoute 線路標識碼和驗證密鑰,才能成功佈建。 有兩個 Express Route 線路,一個用於基礎結構服務,另一個用於工作負載 (租使用者) 服務 --workload-er-connections '[{“expressRouteCircuitId”: “xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx”, “expressRouteAuthorizationKey”: “xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx”}]'

--infra-er-connections '[{“expressRouteCircuitId”: “xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx”, “expressRouteAuthorizationKey”: “xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx”}]'		 subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxx-resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-01“, ”expressRouteAuthorizationKey“: ”xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx“}] True 字串

以下是如何使用 Azure CLI 建立 NFC 的範例。 如需詳細資訊,請參閱 屬性一節

az networkfabric controller create \
  --resource-group "NFCResourceGroupName" \
  --location "eastus"  \
  --resource-name "nfcname" \
  --ipv4-address-space "10.0.0.0/19" \
  --infra-er-connections '[{"expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-01", "expressRouteAuthorizationKey": "<auth-key>"}]'
  --workload-er-connections '[{"expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-01"", "expressRouteAuthorizationKey": "<auth-key>"}]'

注意: NFC 建立需要 30-45 分鐘。 show使用 命令來監視 NFC 建立進度。 您會看到不同的布建狀態,例如[已接受]、[更新] 和 [成功/失敗]。 如果建立失敗,請刪除並重新建立 NFC。Failed 預期輸出只會在您透過 AzureCLI 執行時顯示立即執行

預期輸出:

 {
  "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabricControllers/nfcname",
  "infrastructureExpressRouteConnections": [
    {
      "expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-02"
    }
  ],
  "infrastructureServices": {
    "ipv4AddressSpaces": [
      "10.0.0.0/21"
    ],
    "ipv6AddressSpaces": []
  },
  "ipv4AddressSpace": "10.0.0.0/19",
  "ipv6AddressSpace": "FC00::/59",
  "isWorkloadManagementNetworkEnabled": "True",
  "location": "eastus",
  "managedResourceGroupConfiguration": {},
  "name": "NFCName",
  "nfcSku": "Standard",
  "provisioningState": "Succeeded",
  "resourceGroup": "NFCResourceGroupName",
  "systemData": {
    "createdAt": "2023XX-XXT18:59:41.7805324Z",
    "createdBy": "email@address.com",
    "createdByType": "User",
    "lastModifiedAt": "2023-XX-XXT09:50:27.4598499Z",
    "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e107873d7",
    "lastModifiedByType": "Application"
  },
  "type": "microsoft.managednetworkfabric/networkfabriccontrollers",
  "workloadExpressRouteConnections": [
    {
      "expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx//resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-03"
    }
  ],
  "workloadManagementNetwork": true,
  "workloadServices": {
    "ipv4AddressSpaces": [
      "10.0.28.0/22"
    ],
    "ipv6AddressSpaces": []
  }
}

使用多個 ExpressRoute 線路更新網路 Fabrc 控制器。

az networkfabric controller update \ 
 --resource-group "NFCResourceGroupName" \ 
 --location "eastus"  \ 
 --resource-name "nfcname" \ 
 --ipv4-address-space "10.0.0.0/19" \ 
--infra-er-connections "[{expressRouteCircuitId:'/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-01',expressRouteAuthorizationKey:'<auth-key>'},{expressRouteCircuitId:'/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-02',expressRouteAuthorizationKey:'<auth-key>'}]"
--workload-er-connections "[{expressRouteCircuitId:'/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-03',expressRouteAuthorizationKey:'<auth-key>'},{expressRouteCircuitId:'/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-04',expressRouteAuthorizationKey:'<auth-key>'}]"

取得網路網狀架構控制器

  az networkfabric controller show --resource-group "NFCResourceGroupName" --resource-name "nfcname"

預期輸出:

{
  "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabricControllers/nfcname",
  "infrastructureExpressRouteConnections": [
    {
      "expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-02"
    }
  ],
  "infrastructureServices": {
    "ipv4AddressSpaces": [
      "10.0.0.0/21"
    ],
    "ipv6AddressSpaces": []
  },
  "ipv4AddressSpace": "10.0.0.0/19",
  "ipv6AddressSpace": "FC00::/59",
  "isWorkloadManagementNetworkEnabled": "True",
  "location": "eastus",
  "managedResourceGroupConfiguration": {},
  "name": "NFCName",
  "nfcSku": "Standard",
  "provisioningState": "Succeeded",
  "resourceGroup": "NFCResourceGroupName",
  "systemData": {
    "createdAt": "2023XX-XXT18:59:41.7805324Z",
    "createdBy": "email@address.com",
    "createdByType": "User",
    "lastModifiedAt": "2023-XX-XXT09:50:27.4598499Z",
    "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e107873d7",
    "lastModifiedByType": "Application"
  },
  "type": "microsoft.managednetworkfabric/networkfabriccontrollers",
  "workloadExpressRouteConnections": [
    {
      "expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx//resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-03"
    }
  ],
  "workloadManagementNetwork": true,
  "workloadServices": {
    "ipv4AddressSpaces": [
      "10.0.28.0/22"
    ],
    "ipv6AddressSpaces": []
  }
}

更新網路網狀架構控制器

網路網狀架構控制器中的 PATCH 功能可讓用戶輕鬆新增或取代其他 Express Route 線路。 此功能在失敗或潛在的移轉事件期間特別有用。 在這種情況下,網路操作員可以透過新增或移除快速路由和密鑰,彈性地修改作用中的網路網狀架構控制器,同時確保作業不會受到影響。

注意

起始更新命令時,請務必提供建立程序期間提供的所有參數。 這是因為更新命令會覆寫現有的內容,因此必須包含所有相關參數,以確保完整且精確的修改。

az networkfabric controller update \ 
  --resource-group "NFCResourceGroupName" \ 
  --location "eastus"  \ 
  --resource-name "nfcname" \ 
  --ipv4-address-space "10.0.0.0/19" \ 
  --infra-er-connections '[{"expressRouteCircuitId":"/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-01", "expressRouteAuthorizationKey": "<auth-key>"}]' 
  --workload-er-connections '[{"expressRouteCircuitId":"/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-01"", "expressRouteAuthorizationKey": "<auth-key>"}]'

注意

執行 az networkfabric controller show 來擷取網路網狀架構控制器的相關信息。

刪除網路網狀架構控制器

只有在刪除所有相關聯的網路網狀架構之後,才應該刪除 NFC。

  az networkfabric controller delete --resource-group "NFCResourceGroupName" --resource-name "nfcname"

預期輸出:

"name": "nfcname",
    "networkFabricIds": [],
    "operationalState": null,
    "provisioningState": "succeeded",
    "resourceGroup": "NFCResourceGroupName",
    "systemData": {
      "createdAt": "2022-10-31T10:47:08.072025+00:00",

注意

刪除 NFC 需要 30 分鐘的時間。 在 Azure 入口網站 中,確認已刪除裝載的資源。

下一步

成功建立 NFC 之後,下一個步驟是建立 叢集管理員