Creating and Connecting an ExpressRoute Circuit with Azure Resource Manager

Hi readers, it’s me again. I wanted to highlight that the Azure ExpressRoute documentation has been updated to explain how to create and connect an ExpressRoute circuit with ARM. Go to the How To section and you’ll see the details to perform this (for example, this article explains how to create and modify ER circuits using ARM and PowerShell, this one explains how to create or modify the routing information in your circuit and this one will explain you how to link the vNet to your ExpressRoute circuit with ARM). 

I’m leaving this blog for background information, but won’t keep updating it, so please, go ahead and refer to the links above as they’re kept up to date as new features are introduced!

Victor


Hello readers! Since the recent announcements at AzureCon 2015 (in case you missed this event, you can watch the recordings here), we’ve been seeing more and more interest in evaluating and deploying some of our newest technologies in Azure.

In particular, I want to highlight the announcement that you can now use Azure Resource Manager (ARM) to deploy and manage ExpressRoute circuits. This is a huge announcement and basically it means that you can now include ExpressRoute resources in the declarative templates, so you can have a more complete definition of a network resource including the ExpressRoute circuit mapping. Also, this means that you can now use ExpressRoute to connect directly to your virtual networks deployed in ARM.

When ARM support for ExpressRoute was originally announced, it was available in the Brazil South region only, but since early August it has been rolled out to all regions.

This is great news, but now you may be wondering, how you can deploy and manage your ExpressRoute circuits and connect them to virtual networks in ARM? You can accomplish this via PowerShell, using declarative templates, or with a combination of both. Let’s explore both options in detail, but before jumping into the bits and bytes, let me address a key point in regards to existing ExpressRoute circuits connected to a classic virtual network (legacy virtual networks):

Currently, you cannot connect an existing ExpressRoute circuit (that is connected to a classic virtual network) to an ARM-based virtual network. You’ll need to create a new ExpressRoute circuit so that you can connect it to an ARM-based virtual network.

With this important point clarified, let’s now deep dive into creating your ExpressRoute circuit and connect it to a virtual network via PowerShell and using declarative templates. I’d like to thank to Amit Srivastava, Program Manager in the Azure Networking team for providing the sample PS code and ARM templates!

Note that during this blog post I’ll refer to ARM-based virtual networks as virtual networks, and Azure Service Manager virtual networks as classic virtual networks.

 


Prerequisites and assumptions

WARNING – this blog post assumes that you’ve experience with the BGP protocol, with ExpressRoute, and that you have already a relationship with an ExpressRoute connectivity provider.

Also note that during the blog post I use sample values to deploy and configure the Azure resources. It’s expected that you replace those values with the ones required for you or your company (for example, Azure region, prefixes, ASN number, and so on).

If you are new to ExpressRoute, I’d highly recommend that you first familiarize with ExpressRoute. You can start with the following resources:

· ExpressRoute documentation

· Evolve Your Network Infrastructure for Microsoft Azure Connectivity

· ExpressRoute for experts

Also, this blog assumes that you are already familiar with Azure Resource Manager, and how to deploy resources using declarative templates. You can use the following resources as starting point:

· Azure Resource Manager overview

· Deploying, Organizing and Securing Applications with the Azure Resource Manager

· Next-generation application deployment with Azure Resource Manager

Finally, you need to make sure that you’ve Azure PowerShell 1.0 Preview (or later) installed in your system. This is required because the cmdlets that will allow you to create and manage your ExpressRoute circuits that need to be connected to an ARM-based Virtual Network already follow the [Verb]-AzureRm[Noun] format and the changes that come with the Deprecation of Switch AzureMode in Azure PowerShell.

 


Architecture

Before getting started running PowerShell scripts or deploying templates, let’s review the resources required to connect an ExpressRoute circuit with a virtual network in ARM:

· An ExpressRoute circuit.

· A virtual network with at least two subnets

o Subnet 1 for your Azure resources (for example, VMs)

o Gateway Subnet

· A Public IP address

· An ExpressRoute Gateway that depends on

o Public IP address

o Virtual Network

Once these resources are successfully deployed and configured, you can make the connection between your ExpressRoute Circuit and the Virtual Network as described in the picture below in green:

clip_image002

 


Using PowerShell

Let’s review how you can create an ExpressRoute circuit and connect it to a Virtual Network via PowerShell. As there are several steps involved, the following picture details the steps required:

 

image

Now, let’s see the PS code required:

1. First things first, login and choose the right Azure subscription:

001
002
003
Login-AzureRmAccount
Select-AzureRmSubscription
 -SubscriptionId "<sub-id>" 

2. Create a resource group for the ExpressRoute circuit (remember, everything you create in ARM must be in a resource group):

001
002
003
004
005
$rg = "yourRG"
$rglocation = "West Europe"

New-AzureRmResourceGroup -Name $rg -Location $rglocation 

3. Create the ExpressRoute circuit with your desired configuration.

001
002
003
004
005
006
007
$CircuitName = "MyCkt"
$ServiceProviderName = "ER-ServiceProvider"
$PeeringLocation = "London"
$Bandwidth = 50

New-AzureRmExpressRouteCircuit -Name $CircuitName -ResourceGroupName $rg -Location $rglocation -SkuTier Premium -SkuFamily UnlimitedData -ServiceProviderName $ServiceProviderName -PeeringLocation $PeeringLocation -BandwidthInMbps $Bandwidth 

Parameters:

Name – The name of the ExpressRoute circuit

ResourceGroupName: The resource group where the ExpressRoute circuit will be deployed

Location: Azure location where the ExpressRoute circuit will be created

SkuTier: Standard or Premium

SkuFamily: MeteredData or UnlimitedData

ServiceProviderName: Name of the ExpressRoute service provider. You can get the validate names running this: Get-AzureRmExpressRouteServiceProvider | select Name

PeeringLocation: Name of the peering location (not the ARM resource location)

BandwidthInMbps: bandwidth in Mbps of the circuit being created

4. Once you create the ExpressRoute circuit, you must add BGP peering. Again, sorry to sound repetitive, but you should replace these values with the correct ones for your environment.

001
002
003
004
005
006
007
008
009
010
$CircuitPeeringName = "AzurePrivatePeering"
$ASN = 100
$PrimaryPrefix = "10.6.1.0/30"
$SecondaryPrefix = "10.6.2.0/30"
$vLan = 200

$ckt = Get-AzureRmExpressRouteCircuit -Name $CircuitName -ResourceGroupName $rg
Add-AzureRmExpressRouteCircuitPeeringConfig -Name $CircuitPeeringName -Circuit $ckt -PeeringType AzurePrivatePeering -PeerASN $ASN -PrimaryPeerAddressPrefix $PrimaryPrefix -SecondaryPeerAddressPrefix $SecondaryPrefix -VlanId $vLan
Set-AzureRmExpressRouteCircuit -ExpressRouteCircuit $ckt
 

Parameters:

PeeringType: BGP peering type for the Circuit. As we’ll be connecting to a virtual network in Azure, peering must be AzurePrivatePeering

PeerASN: Autonomous System Number of the customer or connectivity provider.

PrimaryPeerAddressPrefix: /30 subnet used to configure IP addresses for interfaces on Link1

SecondaryPeerAddressPrefix: /30 subnet used to configure IP addresses for interfaces on Link2

VlanId: vLAN identifier used by the customer

5. Now here there’s an important step. You must provide the service key you got when creating your ExpressRoute circuit to your ExpressRoute provider as they will need to provision the circuit on their end, before proceeding to the next step. You can obtain the service key running the Get-AzureRmExpressRouteCircuit cmdlet. Please do not continue until your ExpressRoute circuit is fully provisioned. You must make sure that the ExpressRoute circuit has its circuitProvisioningState property set to 'Enabled', and serviceProviderProvisioningState property set to 'Provisioned' in the output window when running Get-AzureRmExpressRouteCircuit:

PS C:\> Get-AzureRmExpressRouteCircuit

Name                             : myCkt
ResourceGroupName                : ExpressRouteRG
Location                         : westeurope
Id                               : /subscriptions/***subscriptionId***/resourceGroups/ExpressRouteRG/
providers/Microsoft.Network/expressRouteCircuits/myCkt
Etag                             :
ProvisioningState                : Succeeded
Sku                              : {
                                     "Name": "Premium_UnlimitedData",
                                     "Tier": "Premium",
                                     "Family": "UnlimitedData"
                                   }
CircuitProvisioningState         : Enabled
ServiceProviderProvisioningState : Provisioned

ServiceProviderNotes             :
ServiceProviderProperties        : {
                                     "ServiceProviderName": "***ServiceProvider***",
                                     "PeeringLocation": "London",
                                     "BandwidthInMbps": 50
                                   }
ServiceKey                       : ***ServiceKey***
Peerings                         : []

6. Once the ExpressRoute circuit is provisioned, you need to create the virtual network that you’ll use to connect to your ExpressRoute circuit, and you must define a gateway subnet as the sample below:

001
002
003
004
005
006
007
008
009
010
011
$subnet1Name = "s1"
$subnet1AddressPrefix = "192.168.0.0/24"
$subnet2Name = "GatewaySubnet"
$subnet2AddressPrefix = "192.168.1.0/28"
$vNetName = "TestVnet"
$vNetAddressPrefix = "192.168.0.0/16"

$s1 = New-AzureRmVirtualNetworkSubnetConfig -Name $subnet1Name -AddressPrefix $subnet1AddressPrefix
$s2
 = New-AzureRmVirtualNetworkSubnetConfig -Name $subnet2Name -AddressPrefix 
$subnet2AddressPrefix
$vnet
 = New-AzureRmVirtualNetwork -Name $vNetName -ResourceGroupName $rg -Location $rglocation -AddressPrefix $vNetAddressPrefix -Subnet $s1, $s2
 

Parameters (subnet):

Name: The name of the subnet to create

AddressPrefix: The address range in CIDR notation for the subnet

Parameters (Virtual Network)

Name: The name of the Virtual Network to create

ResourceGroupName: The resource group where the virtual network will be created

Location: Azure location where the virtual network will be created

AddressPrefix: The address space in CIDR notation for the new virtual network

Subnet: The subnets that will be created in the virtual network

7. Now, you have to create an ExpressRoute Gateway. We’ll use this gateway to connect the ExpressRoute circuit to your virtual network.

001
002
003
004
005
006
007
008
$GWPublicIPName = "GwPIP"
$IPConfigName = "Ipconfig"
$GWName = "ERGW"

$pip = New-AzureRmPublicIpAddress -Name $GWPublicIPName -ResourceGroupName $rg -Location $rglocation -AllocationMethod Dynamic
$subnet = $vnet.Subnets[1].Id
$ipconfig = New-AzureRmVirtualNetworkGatewayIpConfig -Name $IPConfigName -PublicIpAddressId $pip.Id -SubnetId $subnet
New-AzureRmVirtualNetworkGateway -Name $GWName -ResourceGroupName $rg -Location $rglocation -GatewayType ExpressRoute -VpnType RouteBased -IpConfigurations $ipconfig

Parameters (Public IP Address):

Name: The resource name given to the public IP attached to the gateway

ResourceGroupName: The resource group where the public IP will be created

Location: Azure location where the public IP will be created

AllocationMethod: Public IP allocation method.

Parameters (Gateway)

Name: The resource name given to the ExpressRoute gateway

ResourceGroupName: The resource group where the gateway will be created

Location: Azure location where the gateway will be created

GatewayType: must be ExpressRoute

VpnType: must be RouteBased

IPConfigurations: IP configuration for the gateway

8. And final step, you will need to link the ExpressRoute Gateway to your ExpressRoute circuit

001
002
003
004
005
$ERConnectionName = "ERConnection"

$gw = Get-AzureRmVirtualNetworkGateway -Name $GWName -ResourceGroupName $rg
$conn
 = New-AzureRmVirtualNetworkGatewayConnection -Name $ERConnectionName -ResourceGroupName $rg -Location $rglocation -VirtualNetworkGateway1 $gw -PeerId $ckt.Id -ConnectionType ExpressRoute
 

Here, the key parameter is PeerId, and you must pass the circuit id ($ckt.id) of the ExpressRoute circuit you created in step 3.

And that’s it! You now have an ExpressRoute circuit connected to a Virtual Network Smile

 


Using Templates

clip_image006

If you use declarative templates to deploy and manage your resources in Azure, let’s see how you can create an ExpressRoute circuit and connect it to an virtual network using templates.

As you may be already familiar with, there’re multiple ways to deploy Azure resources using declarative templates. Once you identify your preferred deployment method (personally, I use the Azure Quick Start Templates, edit them in Visual Studio 2015 and deploy them via PowerShell), then you have to:

1. Locate and review the Create ExpressRoute Circuit with Private Peering template. You will find two main files:

a. azuredeploy.json – this is the template that when deployed, it will create an ExpressRoute circuit with Private Peering.

b. azuredeploy.parameters.json – this is the parameters file that will make it easier to deploy this template, as you can provide the values/settings desired for your ExpressRoute circuit in this file, an when you deploy the template, you don’t have to provide any parameters interactively. It’s expected that you’ll customize this file with the values required for your ExpressRoute circuit. We provide sample values as a reference only.

2. Create a resource group in Azure

001
002
003
004
005
$rg = "yourRG"
$rglocation = "West Europe"

New-AzureRmResourceGroup -Name $rg -Location $rglocation 

3. Deploy the template. Again, you can use your preferred method as highlighted before. In my case, I use PowerShell to deploy the templates using the sample below:

001
002
003
004
005
006
007
008
$deploymentName = "CreateERCkt"
$rg = "yourRG"
$cktTemplateFile = "C:\Templates\201-expressroute-circuit-public-private-peering\azuredeploy.json"
$cktParametersFile = "C:\Templates\201-expressroute-circuit-public-private-peering\azuredeploy.parameters.json"

New-AzureRmResourceGroupDeployment -Name $deploymentName -ResourceGroupName $rg -TemplateFile $cktTemplateFile -TemplateParameterFile $cktParametersFile

In my example above, I’m deploying the ExpressRoute circuit with private peering using the template in the GitHub repository, but leveraging the parameters file that I’ve customized on-prem. You can change these locations to suit your environment.

4. Once the ExpressRoute circuit is created, you must provide the Service Key to your service provider so that they can provision the circuit on their end. You can obtain the service key running the Get-AzureRmExpressRouteCircuit cmdlet. Please do not continue until your ExpressRoute circuit is fully provisioned. You must make sure that the ExpressRoute circuit has its circuitProvisioningState property set to 'Enabled', and serviceProviderProvisioningState property set to 'Provisioned' in the output window when running Get-AzureRmExpressRouteCircuit:

PS C:\> Get-AzureRmExpressRouteCircuit

Name                             : myCkt
ResourceGroupName                : ExpressRouteRG
Location                         : westeurope
Id                               : /subscriptions/***subscriptionId***/resourceGroups/ExpressRouteRG/providers/Microsoft.Network/expressRouteCircuits/myCkt
Etag                             :
ProvisioningState                : Succeeded
Sku                              : {
                                     "Name": "Premium_UnlimitedData",
                                     "Tier": "Premium",
                                     "Family": "UnlimitedData"
                                   }
CircuitProvisioningState         : Enabled
ServiceProviderProvisioningState : Provisioned

ServiceProviderNotes             :
ServiceProviderProperties        : {
                                     "ServiceProviderName": "***ServiceProvider***",
                                     "PeeringLocation": "London",
                                     "BandwidthInMbps": 50
                                   }
ServiceKey                       : ***ServiceKey***
Peerings                         : []

5. Next, create the ExpressRoute gateway, and connect the virtual network with your ExpressRoute circuit. For this, locate and review the Connect a VNET to an ExpressRoute Circuit template. As in step 1) above, you will find two main files:

a. azuredeploy.json – this is the template that when deployed, it will create an Virtual Network, an ExpressRoute Gateway, and it will make the connection to your ExpressRoute circuit.

b. azuredeploy.parameters.json – similar to the previous template, this is the parameters file that can simplify the deployment of your template. Again, it’s expected that you customize the values in this file to reflect your requirements. We provide sample values as a reference only.

6. Deploy the template using your preferred method. If you choose to use PowerShell, you could use this as a reference:

001
002
003
004
005
006
007
008
$deploymentName = "ConnectERCkt"
$rg = "yourRG"
$connTemplateFile = "C:\Templates\301-expressroute-circuit-vnet-connection\azuredeploy.json"
$connParametersFile = "C:\Templates\301-expressroute-circuit-vnet-connection\azuredeploy.parameters.json"

New-AzureRmResourceGroupDeployment -Name $deploymentName -ResourceGroupName $rg -TemplateFile $cktTemplateFile -TemplateParameterFile $cktParametersFile

And that’s it! After this procedure you should have an ExpressRoute circuit connected to your virtual network.

 


Conclusion

Azure Resource Manager offers great flexibility on how you can deploy and manage your resources in Azure. In this blog post I have shown you how to connect an ExpressRoute circuit to an ARM virtual network, and we saw how to perform this directly via PowerShell, or via declarative templates (my preferred method).

That’s all for today! I hope you find helpful this blog post and until the next time! Happy ExpressRouting Smile