建立隔離網域的組態範例
本文提供如何在各種案例中設定隔離網域的範例。
建立 L2 隔離網域
在此範例中,我們會使用下列屬性建立第 2 層隔離網域:
- 名稱:
l2domain1 - 資源群組:
rg1 - 位置:
eastus - 網路網狀架構識別碼:
nf1 - VLAN 識別碼:600
命令:
az networkfabric l2domain create \
--resource-group rg1 \
--name l2domain1 \
--location eastus \
--network-fabric-id nf1 \
--vlan-id 600
預期輸出:
{
"administrativeState": "Enabled",
"id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/rg1/providers/Microsoft.ManagedNetworkFabric/l2IsolationDomains/l2domain1",
"name": "l2domain1",
"networkFabricId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/NetworkFabrics/nf1",
"provisioningState": "Succeeded",
"resourceGroup": "rg1",
"systemData": {
"createdAt": "2023-XX-XXT12:34:56.789012+00:00",
"createdBy": "email@address.com",
"createdByType": "User",
"lastModifiedAt": "2023-XX-XXT12:34:56.789012+00:00",
"lastModifiedBy": "email@address.com",
"lastModifiedByType": "User"
},
"type": "microsoft.managednetworkfabric/l2isolationdomains",[^2^][2]
"vlanId": 600
}
建立 L3 隔離網域。
若要建立 L3 隔離網域,您可以遵循下列步驟:
az networkfabric l3domain create使用 命令來建立 L3 隔離網域。 您必須指定必要的參數:- 資源群組
- 資源名稱
- Location
- 網路網狀架構標識碼。
您也可以指定選擇性參數,例如:
- 重新發佈連線的子網
- 轉散發靜態路由
- 匯總路由組態
- 連線 子網路由原則。
az networkfabric internalnetwork create使用 命令為 L3 隔離網域建立一或多個內部網路。 您需要提供:- VLAN 識別碼
- 連線 IPv4 或 IPv6 子網
- 每個內部網路的 BGP 組態。
您也可以指定選擇性參數,例如:
- MTU
- 靜態路由設定
- 擴展。
az networkfabric externalnetwork create使用 命令建立 L3 隔離網域的外部網路。 您必須選擇對等互連選項(選項 A 或選項 B),並提供對應的屬性,例如對等 ASN、VLAN 識別碼、主要和次要 IPv4 或 IPv6 前置詞,以及路由目標。az networkfabric l3domain update-admin-state使用 命令來啟用 L3 隔離網域。 您必須啟用隔離網域,才能將設定推送至網路網狀架構裝置。
範例:
在此範例中,我們會使用下列屬性建立 L3 隔離網域:
- 名稱:
example-l3domain - 網路網狀架構識別碼
/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/NetworkFabrics/NFName。
命令:
az networkfabric l3domain create \
--resource-group "ResourceGroupName" \
--resource-name "example-l3domain" \
--location "eastus" \
--nf-id "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/NetworkFabrics/NFName"
建立內部網路
在此範例中,我們會使用下列屬性建立內部網路:
- VLAN 識別碼:1001
- IPv4 子網:10.0.0.0/24
- L3 隔離功能變數名稱:
example-l3domain
命令:
az networkfabric internalnetwork create \
--resource-group "ResourceGroupName" \
--l3-isolation-domain-name "example-l3domain" \
--resource-name "example-internalnetwork" \
--vlan-id 1001 \
--connected-ipv4-subnets '[{"prefix":"10.0.0.0/24"}]' \
--mtu 1500
這個類似的範例會使用 IPv6 位址,而不是 IPv4:
az networkfabric internalnetwork create \
--resource-group "ResourceGroupName" \
--l3-isolation-domain-name "example-l3domain" \
--resource-name "example-internalnetwork" \
--vlan-id 1002 \
--connected-ipv6-subnets '[{"prefix":"10:101:1::0/64"}]' \
--mtu 1500
在此範例中,我們會新增 BGP 組態:
az networkfabric internalnetwork create \
--resource-group "ResourceGroupName" \
--l3-isolation-domain-name "example-l3domain" \
--resource-name "example-internalnetwork" \
--vlan-id 1003 \
--connected-ipv4-subnets '[{"prefix":"10.1.2.0/24"}]' \
--mtu 1500 \
--bgp-configuration '{"defaultRouteOriginate": "True", "allowAS": 2, "allowASOverride": "Enable", "PeerASN": 65535, "ipv4ListenRangePrefixes": ["10.1.2.0/28"]}'
建立外部網路
此範例會使用選項 B 搭配 IPv4 和 IPv6 路由目標建立外部網路
命令:
az networkfabric externalnetwork create \
--resource-group "ResourceGroupName" \
--l3domain "example-l3domain" \
--resource-name "example-externalnetwork" \
--peering-option "OptionB" \
--option-b-properties "{routeTargets:{exportIpv4RouteTargets:['65045:2001'],importIpv4RouteTargets:['65045:2001'],exportIpv6RouteTargets:['65045:2002'],importIpv6RouteTargets:['65045:2002']}}"
預期輸出:
{
"administrativeState": "Enabled",
"id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/example-l3domain/externalNetworks/example-externalnetwork",
"name": "example-externalnetwork",
"optionBProperties": {
"exportRouteTargets": [
"65045:2001",
"65045:2002"
],
"importRouteTargets": [
"65045:2001",
"65045:2002"
],
"routeTargets": {
"exportIpv4RouteTargets": [
"65045:2001"
],
"importIpv4RouteTargets": [
"65045:2001"
],
"exportIpv6RouteTargets": [
"65045:2002"
\,
"importIpv6RouteTargets": [
"65045:2002"
]
}
},
"peeringOption": "OptionB",
"provisioningState": "Succeeded",
"resourceGroup": "ResourceGroupName",
"systemData": {
"createdAt": "2023-XX-XXT15:45:31.938216+00:00",
"createdBy": "email@address.com",
"createdByType": "User",
"lastModifiedAt": "2023-XX-XXT15:45:31.938216+00:00",
"lastModifiedBy": "email@address.com",
"lastModifiedByType": "User"
},
"type": "microsoft.managednetworkfabric/l3isolationdomains/externalnetworks"
}
此範例會使用選項 A 搭配 IPv4 和 IPv6 前置詞來建立外部網路:
az networkfabric externalnetwork create \
--resource-group "ResourceGroupName" \
--l3domain "example-l3domain" \
--resource-name "example-externalnetwork" \
--peering-option "OptionA" \
--option-a-properties '{"peerASN": 65026,"vlanId": 2423, "mtu": 1500, "primaryIpv4Prefix": "10.18.0.148/30", "secondaryIpv4Prefix": "10.18.0.152/30", "primaryIpv6Prefix": "fda0:d59c:da16::/127", "secondaryIpv6Prefix": "fda0:d59c:da17::/127"}'
預期輸出:
{
"administrativeState": "Enabled",
"id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ResourceGroupName/providers/Microsoft.ManagedNetworkFabric/l3IsolationDomains/example-l3domain/externalNetworks/example-externalnetwork",
"name": "example-externalnetwork",
"optionAProperties": {
"fabricASN": 65050,
"mtu": 1500,
"peerASN": 65026,
"primaryIpv4Prefix": "10.18.0.148/30",
"secondaryIpv4Prefix": "10.18.0.152/30",
"primaryIpv6Prefix": "fda0:d59c:da16::/127",
"secondaryIpv6Prefix": "fda0:d59c:da17::/127",
"vlanId": 2423
},
"peeringOption": "OptionA",
"provisioningState": "Succeeded",
"resourceGroup": "ResourceGroupName",
"systemData": {
"createdAt": "2023-XX-XXT09:54:00.4244793Z",
"createdAt": "2023-XX-XXT07:23:54.396679+00:00",
"createdBy": "email@address.com",
"lastModifiedAt": "2023-XX-XX1T07:23:54.396679+00:00",
"lastModifiedBy": "email@address.com",
"lastModifiedByType": "User"
},
"type": "microsoft.managednetworkfabric/l3isolationdomains/externalnetworks"
}