cloud provider interconnect (cpi) customer setup for azure ...€¦ · 11/4/2018 · the gateway...
TRANSCRIPT
Cloud Provider
Interconnect (CPI)
Customer Setup for
Azure Government
CPI Customer Setup for Azure Government
Page 1 of 20 Last updated: 4/11/2018
Table of Contents Express Route ........................................................................................................................................ 2
1.1 Configure Peering ......................................................................................................................... 5
1.2 Create a Virtual Network .............................................................................................................. 7
1.3 Create a Gateway Subnet ............................................................................................................. 9
1.4 Create Virtual Network Gateway ................................................................................................ 11
1.5 Connect a Virtual Network to ExpressRoute .............................................................................. 13
1.6 Configure Network Routing ........................................................................................................ 15
1.7 Associate Route Table to Subnet ................................................................................................ 19
1.8 Verify Connectivity ...................................................................................................................... 20
Appendix ............................................................................................................................................. 20
2.1 Azure IP Subnet Ranges by Region.............................................................................................. 20
Purpose: This guide is to assist CDT customers in Cloud Provider Interconnect (CPI) setup with a CDT provided Azure Government account.
CPI Customer Setup for Azure Government
Page 2 of 20 Last updated: 4/11/2018
Express Route Additional Azure Documentation can be found here:
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-circuit-portal-resource-
manager
From the Azure portal, search for Express Route, select ExpressRoute.
Click + Add or Create ExpressRoute Circuits to create a new ExpressRoute Circuit.
CPI Customer Setup for Azure Government
Page 3 of 20 Last updated: 4/11/2018
From the Create ExpressRoute circuit page:
1. Select Create new
2. Give the circuit a name (CE-ER was used for this demo)
3. Select Equinix as the Provider
4. Select Silicon Valley as the Peering location
5. Select a speed for the bandwidth
6. Select either Standard or Premium for the SKU. Standard should be default selection unless
otherwise specified with consultation with Microsoft.
7. Select Metered as billing model
8. Select a Subscription
9. Create or assign a Resource group for the connection (CE-ER-RG was used for this demo).
Recommendation: Should be assigned to the Arizona Networking Resource Group
10. Select a location. (Select Arizona, unless directed otherwise through consultation with
Microsoft.)
11. Click Create
The SKU can be changed as needed from Standard to Premium, Premium provides more resources. For information on the differences, see: https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits#networking-limits
CPI Customer Setup for Azure Government
Page 4 of 20 Last updated: 4/11/2018
The Billing model can be changed from Metered to Unlimited but not from Unlimited to Metered. An unlimited Billing model can be very expensive; for more information visit: https://azure.microsoft.com/en-us/pricing/details/expressroute/
After the ExpressRoute circuit has been created, select the newly created ExpressRoute circuit.
Note, that Provider status shows (Not provisioned). Locate and record the Service key. The Service key will need to be provided to the CDT Networking team to complete your CPI build.
CPI Customer Setup for Azure Government
Page 5 of 20 Last updated: 4/11/2018
1.1 Configure Peering Additional Azure Documentation can be found here:
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-routing-portal-
resource-manager
After the CPI ExpressRoute circuit has been built out by CDT, they will provide a primary and
secondary subnet to use in setting up Azure peering.
Once the circuit has been provisioned by CDT, the Provider status should show as Provisioned.
From the Express Route Circuit menu, select Peerings. Click on either the Private or Public Peering option, depending on what was requested.
CPI Customer Setup for Azure Government
Page 6 of 20 Last updated: 4/11/2018
Complete the fields with CDT provided network information.
1. Enter Peer ASN = CDT ASN.
2. Enter Primary subnet provided by CDT.
3. Enter Secondary subnet provided by CDT.
4. Enter VLAN ID = VLAN between ECX and DX/MS (See the CDT network design diagram.)
5. Click Save.
The peering status should now show as Provisioned.
CPI Customer Setup for Azure Government
Page 7 of 20 Last updated: 4/11/2018
1.2 Create a Virtual Network Additional Azure Documentation can be found here:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-create-vnet-arm-
pportal
From the main menu, select Virtual Networks, click +Add or Create Virtual networks button.
From the Create virtual network page
1. Give the circuit a name (CDT-POC-VN was used for this demo).
2. Enter in address space, see notes below.
3. Select a Subscription.
4. Assign a Resource group for the connection (CDT-POC-NW-RG was used for this demo).
5. Select a location.
6. Name the subnet (CDT-POC-SN was used for this demo).
7. Enter the subnet address space, see notes below.
8. Click Create.
Microsoft recommends that you use a /23 or /24 sized VNET. Multiple subnets inside the VNET can be created for various architected designs or network segmentation.
A gateway subnet will need to be created in addition to the subnet that was created in this activity. Microsoft recommends that you use a /27 gateway subnet for redundancy. The smallest subnet that can use for testing purposes is a /27 VNET. When using a /27 VNET the subnet and gateway subnet that you create will be a /28.
CPI Customer Setup for Azure Government
Page 8 of 20 Last updated: 4/11/2018
CPI Customer Setup for Azure Government
Page 9 of 20 Last updated: 4/11/2018
1.3 Create a Gateway Subnet The Gateway subnet will need to be a /27 for redundancy in Azure. For testing purposes the
smallest Gateway that can be used is a /28.
From the Virtual networks pane select the VNET that was just created.
Click on Subnets.
CPI Customer Setup for Azure Government
Page 10 of 20 Last updated: 4/11/2018
Click on +Gateway subnet.
From the Add subnet page.
1. The name of the Gateway Subnet cannot be changed (It is named GatewaySubnet by default).
2. Enter in your address space.
3. Select OK.
Note the two subnets that were created.
CPI Customer Setup for Azure Government
Page 11 of 20 Last updated: 4/11/2018
1.4 Create Virtual Network Gateway Additional Azure Documentation can be found here:
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-add-gateway-portal-
resource-manager
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-about-virtual-network-
gateways
Search for and click-on Virtual network gateways.
Click the + Add button or Create Virtual network gateway to add a new Virtual network gateway.
From the Create virtual network gateways page.
1. Give the gateway a name (CDT-POC-VNG was used for this demo)
2. Select ExpressRoute
3. Select a speed for your SKU (Select Standard for < 1Gbps, High Performance for 1 or 2 Gbps)
4. Select a Virtual Network (CDT-POC-VN was used for this demo)
5. Select a Public IP address, create a Public IP address if needed (CDT-POC-IP was created and
used for this demo) See the screen shots below on how to create a Public IP
6. Click Create
CPI Customer Setup for Azure Government
Page 12 of 20 Last updated: 4/11/2018
The deployment process to create the virtual network gateway can take 30 minutes or more.
CPI Customer Setup for Azure Government
Page 13 of 20 Last updated: 4/11/2018
Click Create new and then give your Public IP a name (CDT-POC-IP was used for this demo).
The Virtual network gateway has been deployed.
1.5 Connect a Virtual Network to ExpressRoute Additional Azure Documentation can be found here:
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-linkvnet-portal-
resource-manager
Open the ExpressRoute circuit created earlier.
CPI Customer Setup for Azure Government
Page 14 of 20 Last updated: 4/11/2018
Click on Connections.
From the Add connection page.
1. Give the connection a name (CDT-POC-CT was used for this demo)
2. Select a Virtual Network Gateway
3. Click OK
CPI Customer Setup for Azure Government
Page 15 of 20 Last updated: 4/11/2018
1.6 Configure Network Routing Additional Azure Documentation can be found here:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
CDT configures a default route of {0.0.0.0/0} for CPI. Adding a custom route table for Azure-based
traffic can alleviate errant network behavior. For Azure-based IP subnets by region, reference
Appendix section 2.1.
Click on Route tables to create a new route table.
Click +Add or Create Route tables button.
CPI Customer Setup for Azure Government
Page 16 of 20 Last updated: 4/11/2018
Complete the fields for your Route table.
1. Give the Route table a name (AZ-RT01 was used for this demo).
2. Select a Resource group.
3. Select a Location: The User Defined Route (UDR) is based on region. Customers should use
the region closest to host resources; in the example below, US Gov Arizona is used.
4. Click Create.
CPI Customer Setup for Azure Government
Page 17 of 20 Last updated: 4/11/2018
Click on the Route table that you just created.
Click Routes.
Click +Add.
CPI Customer Setup for Azure Government
Page 18 of 20 Last updated: 4/11/2018
As referenced in Appendix section 2.1, USGov Arizona has 10 Azure-based subnets that need to
be added.
Complete Route table fields.
1. Name the Route (AZRT01 was used for this demo, followed by AZRT02, etc).
2. Enter the address prefix associated with the route name.
3. Select Internet.
Click OK.
Repeat the procedure to add all Azure-based subnets to the route table. The completed route
table should look something like this.
CPI Customer Setup for Azure Government
Page 19 of 20 Last updated: 4/11/2018
1.7 Associate Route Table to Subnet From the new route table, click on Subnets and then click on +Associate.
1. Click and select the Virtual network.
2. Click and select the Subnet to associate the new route table to.
3. Click OK.
Review completed route table association to ensure it is correct.
CPI Customer Setup for Azure Government
Page 20 of 20 Last updated: 4/11/2018
1.8 Verify Connectivity CPI with ExpressRoute is now configured. Be sure to test the connection.
Microsoft provides step by step verification methods here:
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-troubleshooting-
expressroute-overview
Appendix
2.1 Azure IP Subnet Ranges by Region Use the following table to define custom routes for Azure-based resources. Customers should use
the region closest to host resources.
USGov Azizona USGov Iowa USGov Texas USGov Virginia
40.112.41.0/24 13.72.128.0/18 40.112.40.0/24 13.72.0.0/18
52.126.0.0/18 13.73.64.0/19 52.238.128.0/18 13.73.208.0/20
52.126.192.0/25 23.97.16.0/20 52.238.64.0/18 13.77.224.0/19
52.127.0.0/20 23.97.40.0/21 52.239.176.0/25 23.97.0.0/20
52.127.16.0/21 40.112.38.160/27 52.243.128.0/17 23.97.32.0/21
52.239.166.0/24 40.112.38.32/27 52.245.1.0/24 40.112.38.0/27
52.244.0.0/16 40.112.38.96/27 52.249.96.0/19 40.112.38.128/27
52.245.0.0/24 52.239.164.192/26 40.112.38.64/27
52.245.6.0/24 52.243.0.0/19 52.227.0.0/16
52.245.128.0/17 52.239.165.0/25
52.245.3.0/24
52.247.128.0/18