你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
Network Fabric OptionA 和 OptionB
BGP(边界网关协议)是在路由器之间在 Internet 上使用的协议,允许在自治系统 (AS) 之间路由流量。 自治系统使用 BGP 向其对等方播发他们可路由到哪些 IP,以及它们通过会哪些 AS 到达那里。 例如,ISP(Internet 服务提供商)通过流入量点播发流量以进入其网络。 他们将播发他们知道如何路由到其网络上的公共 IP,而无需共享他们在内部如何进行路由。
每个自治系统中的边缘路由器都手动配置了一组它们信任的 BGP 对等方,并且只接受来自这些对等方路由的流量。
有两个与 Nexus 相关的对等互连标准:
选项 A:此选项比选项 B 更简单,但可伸缩性更低,并且仅支持标准版中的 IPv4。 它也可以支持 IPv6 和多播,但这取决于实施情况,而且不能保证成功。
选项 B:此选项更为复杂,但支持标准版中的 IPv4、IPv6 和多播。 它比选项 A 更具可伸缩性。Nexus 支持 IPv4、IPv6 和多播。
有关多自治系统的详细信息,请参阅 RFC 4364 的第 10 部分。
有关创建和预配 Network Fabric 所涉及的命令的详细信息,请参阅使用 Azure CLI 创建和预配网络构造。
选项 A 和选项 B 在 fabric创建和 nni 创建的步骤中指定。
Fabric 创建
在以下属性中指定:
--managed-network-config [必需]:用于设置管理网络的配置。示例:
使用选项 A 属性创建网络结构az networkfabric fabric create \ --resource-group "<NFResourceGroup>" \ --location "<Location>" \ --resource-name "<NFName>" \ --nf-sku "<NFSKU>" \ --fabric-version "x.x.x" \ --nfc-id "/subscriptions/<subscription_id>/resourceGroups/<NFResourceGroup>/providers/Microsoft.ManagedNetworkFabric/networkFabricControllers/<NFCName>" \ --fabric-asn 65048 \ --ipv4-prefix x.x.x.x/19 \ --rack-count 4 \ --server-count-per-rack 8 \ --ts-config "{primaryIpv4Prefix:'x.x.x.x/30',secondaryIpv4Prefix:'x.x.x.x/30',username:'****',password:'*****',serialNumber:<TS_SN>}" \ --managed-network-config "{infrastructureVpnConfiguration:{networkToNetworkInterconnectId:'/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/Microsoft.ManagedNetworkFabric/networkFabrics/example-fabric/networkToNetworkInterconnects/example-nni',peeringOption:OptionA,optionAProperties:{bfdConfiguration:{multiplier:5,intervalInMilliSeconds:300},mtu:1500,vlanId:520,peerASN:65133,primaryIpv4Prefix:'x.x.x.x/31',secondaryIpv4Prefix:'x.x.x.x/31'}},workloadVpnConfiguration:{networkToNetworkInterconnectId:'/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/Microsoft.ManagedNetworkFabric/networkFabrics/example-fabric/networkToNetworkInterconnects/example-nni',peeringOption:OptionA,optionAProperties:{bfdConfiguration:{multiplier:5,intervalInMilliSeconds:300},mtu:1500,vlanId:520,peerASN:65133,primaryIpv4Prefix:'x.x.x.x/31',secondaryIpv4Prefix:'x.x.x.x/31',primaryIpv6Prefix:'xxxx:xxxx:xxxx:xxxx::xx/127',secondaryIpv6Prefix:'xxxx:xxxx:xxxx:xxxx::xx/127'}}}"使用选项 B 属性创建网络结构
az networkfabric fabric create \ --resource-group "<NFResourceGroup>" \ --location "<Location>" \ --resource-name "<NFName>" \ --nf-sku "<NFSKU>" \ --fabric-version "x.x.x" \ --nfc-id "/subscriptions/<subscription_id>/resourceGroups/<NFResourceGroup>/providers/Microsoft.ManagedNetworkFabric/networkFabricControllers/<NFCName>" \ --fabric-asn 65048 \ --ipv4-prefix "x.x.x.x/19" \ --ipv6-prefix "xxxx:xxxx:xxxx:xxxx::xx/59" \ --rack-count 8 \ --server-count-per-rack 16 \ --ts-config '{"primaryIpv4Prefix": "x.x.x.x/30", "secondaryIpv4Prefix": "x.x.x.x/30", "username": "'$TS_USER'", "password": "'$TS_PASSWORD'", "serialNumber": "<TS_SN>", "primaryIpv6Prefix": "xxxx:xxxx:xxxx:xxxx::xx/64", "secondaryIpv6Prefix": "xxxx:xxxx:xxxx:xxxx::xx/64"}' \ --managed-network-config '{"infrastructureVpnConfiguration": {"peeringOption": "OptionB", "optionBProperties": {"routeTargets": {"exportIpv4RouteTargets": ["13979:2928504", "13979:106948"], "exportIpv6RouteTargets": ["13979:2928504", "13979:106948"], "importIpv4RouteTargets": ["13979:2928504", "13979:106947"], "importIpv6RouteTargets": ["13979:2928504", "13979:106947"]}}}, "workloadVpnConfiguration": {"peeringOption": "OptionB", "optionBProperties": {"routeTargets": {"exportIpv4RouteTargets": ["13979:2928516"], "exportIpv6RouteTargets": ["13979:2928516"], "importIpv4RouteTargets": ["13979:2928516"], "importIpv6RouteTargets": ["13979:2928516"]}}}}'NNI(网络到 NetworkInterface)创建。 NNI 是在 fabric 创建之后创建的,但在网络设备更新和 fabric 预配之前创建。
在以下属性中指定:
--use-option-b [必需]:为 NNI 选择选项 B。 允许的值:[False, True]。对于选项 A,设置为“False”
对于选项 B,设置为“True”--option-b-layer3-configuration:选项 B Layer3Configuration 的常见属性。
示例:
NNI(网络到 NetworkInterface)使用选项 A 属性创建az networkfabric nni create \ --resource-group "<NFResourceGroup>" \ --fabric "<NFFabric>" \ --resource-name "<NFNNIName>" \ --nni-type "CE" \ --is-management-type "True" \ --use-option-b "False" \ --layer2-configuration "{interfaces:['/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/Microsoft.ManagedNetworkFabric/networkDevices/example-networkDevice/networkInterfaces/example-interface'],mtu:1500}" \ --layer3-configuration '{"peerASN": 65048, "vlanId": 501, "primaryIpv4Prefix": "x.x.x.x/30", "secondaryIpv4Prefix": "x.x.x.x/30", "primaryIpv6Prefix": "xxxx:xxxx:xxxx:xxxx::xx/127", "secondaryIpv6Prefix": "xxxx:xxxx:xxxx:xxxx::xx/127"}' \ --ingress-acl-id "/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/Microsoft.ManagedNetworkFabric/accesscontrollists/example-Ipv4ingressACL" \ --egress-acl-id "/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/Microsoft.ManagedNetworkFabric/accesscontrollists/example-Ipv4egressACL"NNI(网络到 NetworkInterface)使用选项 B 属性创建
az networkfabric nni create \ --resource-group "<NFResourceGroup>" \ --fabric "<NFFabric>" \ --resource-name "<NFNNIName>" \ --nni-type "CE" \ --is-management-type "True" \ --use-option-b "True" \ --layer2-configuration "{interfaces:['/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/Microsoft.ManagedNetworkFabric/networkDevices/example-networkDevice/networkInterfaces/example-interface'],mtu:1500}" \ --option-b-layer3-configuration "{peerASN:28,vlanId:501,primaryIpv4Prefix:'x.x.x.x/30',secondaryIpv4Prefix:'x.x.x.x/30',primaryIpv6Prefix:'xxxx:xxxx:xxxx:xxxx::xx/127',secondaryIpv6Prefix:'xxxx:xxxx:xxxx:xxxx::xx/127'}" \ --ingress-acl-id "/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/Microsoft.ManagedNetworkFabric/accesscontrollists/example-Ipv4ingressACL" \ --egress-acl-id "/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/Microsoft.ManagedNetworkFabric/accesscontrollists/example-Ipv4egressACL"