Επεξεργασία

Κοινή χρήση μέσω


Quickstart: Create and modify an ExpressRoute circuit using Azure PowerShell

This quickstart shows you how to create an ExpressRoute circuit in three different resiliency types: Maximum Resiliency, High Resiliency, and Standard Resiliency using Azure PowerShell. You'll learn how to check the status, update, delete, or deprovision a circuit using PowerShell cmdlets.

Diagram of ExpressRoute circuit deployment environment using Azure PowerShell.

Prerequisites

Azure Cloud Shell

Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. You can use either Bash or PowerShell with Cloud Shell to work with Azure services. You can use the Cloud Shell preinstalled commands to run the code in this article, without having to install anything on your local environment.

To start Azure Cloud Shell:

Option Example/Link
Select Try It in the upper-right corner of a code or command block. Selecting Try It doesn't automatically copy the code or command to Cloud Shell. Screenshot that shows an example of Try It for Azure Cloud Shell.
Go to https://shell.azure.com, or select the Launch Cloud Shell button to open Cloud Shell in your browser. Button to launch Azure Cloud Shell.
Select the Cloud Shell button on the menu bar at the upper right in the Azure portal. Screenshot that shows the Cloud Shell button in the Azure portal

To use Azure Cloud Shell:

  1. Start Cloud Shell.

  2. Select the Copy button on a code block (or command block) to copy the code or command.

  3. Paste the code or command into the Cloud Shell session by selecting Ctrl+Shift+V on Windows and Linux, or by selecting Cmd+Shift+V on macOS.

  4. Select Enter to run the code or command.

Create and provision an ExpressRoute circuit

Sign in to your Azure account and select your subscription

If you are using the Azure Cloud Shell, you sign in to your Azure account automatically after clicking 'Try it'. To sign in locally, open your PowerShell console with elevated privileges and run the cmdlet to connect.

Connect-AzAccount

If you have more than one subscription, get a list of your Azure subscriptions.

Get-AzSubscription

Specify the subscription that you want to use.

Select-AzSubscription -SubscriptionName "Name of subscription"

Get the list of supported providers, locations, and bandwidths

Before you create an ExpressRoute circuit, you need the list of supported connectivity providers, locations, and bandwidth options.

The PowerShell cmdlet Get-AzExpressRouteServiceProvider returns this information, which you use in later steps:

Get-AzExpressRouteServiceProvider

Check to see if your connectivity provider is listed there. Make a note of the following information, which you need later when you create a circuit:

  • Name
  • PeeringLocations
  • BandwidthsOffered

You're now ready to create an ExpressRoute circuit.

Get the list of resilient locations

If you're creating an ExpressRoute circuit with a resiliency type of Maximum Resiliency, you need to know the list of resilient locations. Here are the steps to retrieve this information:

Clone the script

# Clone the setup script from GitHub.
git clone https://github.com/Azure-Samples/azure-docs-powershell-samples/ 
# Change to the directory where the script is located.
CD azure-docs-powershell-samples/expressroute/

Run resilient locations script

Run the Get-AzExpressRouteResilientLocations.ps1 script to get the list of resilient locations. The following example shows how to get the resilient locations for a specific subscription sorted by distance from Silicon Valley:

$SubscriptionId = Get-AzureSubscription -SubscriptionName "<SubscriptionName>"
highAvailabilitySetup/Get-AzExpressRouteResilientLocations.ps1 -SubscriptionId $SubscriptionId -RelativeLocation "silicon valley"

If you don't specify the location, you get a list of all resilient locations.

Create an ExpressRoute circuit

If you don't already have a resource group, you must create one before you create your ExpressRoute circuit. You can do so by running the New-AzResourceGroup cmdlet:

$resourceGroupName = (New-AzResourceGroup -Name "ExpressRouteResourceGroup" -Location "West US").ResourceGroupName

If you already have a resource group, you can use Get-AzResourceGroup to get the resource group name into a variable:

$resourceGroupName = (Get-AzResourceGroup -Name "<ResourceGroupName>").ResourceGroupName

Maximum Resiliency (Recommended) provides the highest level of resiliency for your ExpressRoute connection. It provides two ExpressRoute circuits with local redundancy in two different ExpressRoute edge locations.

The following example shows how to create two ExpressRoute circuits through Equinix with local redundancy in Silicon Valley and Washington DC. If you're using a different provider and different settings, replace that information when you make your request.

Note

This example uses the New-AzHighAvailabilityExpressRouteCircuits.ps1 script. You must clone the script from GitHub to create the circuits. For more information, see Clone the script.

$SubscriptionId = Get-AzureSubscription -SubscriptionName "<SubscriptionName>"
highAvailabilitySetup/New-AzHighAvailabilityExpressRouteCircuits.ps1 -SubscriptionId $SubscriptionId -ResourceGroupName $resourceGroupName -Location "westus" -Name1 $circuit1Name -Name2 $circuit2Name -SkuFamily1 "MeteredData" -SkuFamily2 "MeteredData" -SkuTier1 "Standard" -SkuTier2 "Standard" -ServiceProviderName1 "Equinix" -ServiceProviderName2 "Equinix" -PeeringLocation1 "Silicon Valley" -PeeringLocation2 "Washington DC" -BandwidthInMbps 1000

Diagram of maximum resiliency for an ExpressRoute connection.

Note

Maximum Resiliency provides maximum protection against location wide outages and connectivity failures in an ExpressRoute location. This option is strongly recommended for all critical and production workloads.

Make sure that you specify the correct SKU tier and SKU family:

  • SKU tier determines whether an ExpressRoute circuit is Local, Standard, or Premium. You can specify Local, *Standard, or Premium.
  • SKU family determines the billing type. You can specify MeteredData for a metered data plan and UnlimitedData for an unlimited data plan. You can change the billing type from MeteredData to UnlimitedData, but you can't change the type from UnlimitedData to MeteredData. A Local circuit is always UnlimitedData.

Important

Your ExpressRoute circuit is billed from the moment a service key is issued. Ensure that you perform this operation when the connectivity provider is ready to provision the circuit.

The response contains the service key. You can get detailed descriptions of all the parameters by running the following command:

get-help New-AzExpressRouteCircuit -detailed

List all ExpressRoute circuits

To get a list of all the ExpressRoute circuits that you created, run the Get-AzExpressRouteCircuit command:

Get-AzExpressRouteCircuit

The response looks similar to the following example:

Name                             : ExpressRouteARMCircuit
ResourceGroupName                : ExpressRouteResourceGroup
Location                         : westus
Id                               : /subscriptions/***************************/resourceGroups/ExpressRouteResourceGroup/providers/Microsoft.Network/expressRouteCircuits/ExpressRouteARMCircuit
Etag                             : W/"################################"
ProvisioningState                : Succeeded
Sku                              : {
                                    "Name": "Standard_MeteredData",
                                    "Tier": "Standard",
                                    "Family": "MeteredData"
                                    }
CircuitProvisioningState          : Enabled
ServiceProviderProvisioningState  : NotProvisioned
ServiceProviderNotes              :
ServiceProviderProperties         : {
                                    "ServiceProviderName": "Equinix",
                                    "PeeringLocation": "Silicon Valley",
                                    "BandwidthInMbps": 200
                                    }
ServiceKey                        : **************************************
Peerings                          : []

You can retrieve this information at any time by using the Get-AzExpressRouteCircuit cmdlet. Making the call with no parameters lists all the circuits. Your service key is listed in the ServiceKey field:

Get-AzExpressRouteCircuit

The response looks similar to the following example:

Name                             : ExpressRouteARMCircuit
ResourceGroupName                : ExpressRouteResourceGroup
Location                         : westus
Id                               : /subscriptions/***************************/resourceGroups/ExpressRouteResourceGroup/providers/Microsoft.Network/expressRouteCircuits/ExpressRouteARMCircuit
Etag                             : W/"################################"
ProvisioningState                : Succeeded
Sku                              : {
                                    "Name": "Standard_MeteredData",
                                    "Tier": "Standard",
                                    "Family": "MeteredData"
                                    }
CircuitProvisioningState         : Enabled
ServiceProviderProvisioningState : NotProvisioned
ServiceProviderNotes             :
ServiceProviderProperties        : {
                                    "ServiceProviderName": "Equinix",
                                    "PeeringLocation": "Silicon Valley",
                                    "BandwidthInMbps": 200
                                    }
ServiceKey                       : **************************************
Peerings                         : []

Send the service key to your connectivity provider for provisioning

ServiceProviderProvisioningState provides you with information about the current state of provisioning on the service-provider side. CircuitProvisioningState provides you with the status on the Microsoft side. For more information about circuit provisioning states, see Workflows.

When you create a new ExpressRoute circuit, the circuit is in the following state:

ServiceProviderProvisioningState : NotProvisioned
CircuitProvisioningState         : Enabled

The circuit changes to the following state when the connectivity provider is currently enabling it for you:

ServiceProviderProvisioningState : Provisioning
CircuitProvisioningState         : Enabled

To use the ExpressRoute circuit, it must be in the following state:

ServiceProviderProvisioningState : Provisioned
CircuitProvisioningState         : Enabled

Periodically check the status and the state of the circuit key

Checking the status and the state of the service key lets you know when your provider provisioned your circuit. After the circuit gets configured, ServiceProviderProvisioningState appears as Provisioned, as shown in the following example:

Get-AzExpressRouteCircuit -Name "ExpressRouteARMCircuit" -ResourceGroupName "ExpressRouteResourceGroup"

The response looks similar to the following example:

Name                             : ExpressRouteARMCircuit
ResourceGroupName                : ExpressRouteResourceGroup
Location                         : westus
Id                               : /subscriptions/***************************/resourceGroups/ExpressRouteResourceGroup/providers/Microsoft.Network/expressRouteCircuits/ExpressRouteARMCircuit
Etag                             : W/"################################"
ProvisioningState                : Succeeded
Sku                              : {
                                    "Name": "Standard_MeteredData",
                                    "Tier": "Standard",
                                    "Family": "MeteredData"
                                    }
CircuitProvisioningState         : Enabled
ServiceProviderProvisioningState : Provisioned
ServiceProviderNotes             :
ServiceProviderProperties        : {
                                    "ServiceProviderName": "Equinix",
                                    "PeeringLocation": "Silicon Valley",
                                    "BandwidthInMbps": 200
                                    }
ServiceKey                       : **************************************
Peerings                         : []

Create your routing configuration

For step-by-step instructions, see the ExpressRoute circuit routing configuration article to create and modify circuit peerings.

Important

These instructions only apply to circuits that are created with service providers that offer layer 2 connectivity services. If you're using a service provider that offers managed layer 3 services (typically an IP VPN, like MPLS), your connectivity provider configures and manages routing for you.

Next, link a virtual network to your ExpressRoute circuit. Use the Linking virtual networks to ExpressRoute circuits article when you work with the Resource Manager deployment model.

Getting the status of an ExpressRoute circuit

You can retrieve this information at any time by using the Get-AzExpressRouteCircuit cmdlet. Making the call with no parameters lists all the circuits.

Get-AzExpressRouteCircuit

The response is similar to the following example:

Name                             : ExpressRouteARMCircuit
ResourceGroupName                : ExpressRouteResourceGroup
Location                         : westus
Id                               : /subscriptions/***************************/resourceGroups/ExpressRouteResourceGroup/providers/Microsoft.Network/expressRouteCircuits/ExpressRouteARMCircuit
Etag                             : W/"################################"
ProvisioningState                : Succeeded
Sku                              : {
                                    "Name": "Standard_MeteredData",
                                    "Tier": "Standard",
                                    "Family": "MeteredData"
                                    }
CircuitProvisioningState         : Enabled
ServiceProviderProvisioningState : Provisioned
ServiceProviderNotes             :
ServiceProviderProperties        : {
                                        "ServiceProviderName": "Equinix",
                                        "PeeringLocation": "Silicon Valley",
                                        "BandwidthInMbps": 200
                                    }
ServiceKey                       : **************************************
Peerings                         : []

You can get information on a specific ExpressRoute circuit by passing the resource group name and circuit name as a parameter to the call:

Get-AzExpressRouteCircuit -Name "ExpressRouteARMCircuit" -ResourceGroupName "ExpressRouteResourceGroup"

The response looks similar to the following example:

Name                             : ExpressRouteARMCircuit
ResourceGroupName                : ExpressRouteResourceGroup
Location                         : westus
Id                               : /subscriptions/***************************/resourceGroups/ExpressRouteResourceGroup/providers/Microsoft.Network/expressRouteCircuits/ExpressRouteARMCircuit
Etag                             : W/"################################"
ProvisioningState                : Succeeded
Sku                              : {
                                        "Name": "Standard_MeteredData",
                                        "Tier": "Standard",
                                        "Family": "MeteredData"
                                    }
CircuitProvisioningState         : Enabled
ServiceProviderProvisioningState : Provisioned
ServiceProviderNotes             :
ServiceProviderProperties        : {
                                        "ServiceProviderName": "Equinix",
                                        "PeeringLocation": "Silicon Valley",
                                        "BandwidthInMbps": 200
                                    }
ServiceKey                       : **************************************
Peerings                         : []

You can get detailed descriptions of all the parameters by running the following command:

get-help Get-AzExpressRouteCircuit -detailed

Modifying an ExpressRoute circuit

You can modify certain properties of an ExpressRoute circuit without impacting connectivity.

You can do the following tasks with no downtime:

  • Enable or disable an ExpressRoute premium add-on for your ExpressRoute circuit.
  • Increase the bandwidth of your ExpressRoute circuit provided there's capacity available on the port. Downgrading the bandwidth of a circuit isn't supported.
  • Change the metering plan from Metered Data to Unlimited Data. Changing the metering plan from Unlimited Data to Metered Data isn't supported.
  • You can enable and disable Allow Classic Operations.

For more information on limits and limitations, see the ExpressRoute FAQ.

To enable the ExpressRoute premium add-on

You can enable the ExpressRoute premium add-on for your existing circuit by using the following PowerShell snippet:

$ckt = Get-AzExpressRouteCircuit -Name "ExpressRouteARMCircuit" -ResourceGroupName "ExpressRouteResourceGroup"

$ckt.Sku.Tier = "Premium"
$ckt.sku.Name = "Premium_MeteredData"

Set-AzExpressRouteCircuit -ExpressRouteCircuit $ckt

The circuit now has the ExpressRoute premium add-on features enabled. We begin billing you for the premium add-on capability as soon as the command successfully ran.

To disable the ExpressRoute premium add-on

Important

If you're using resources that are greater than what is permitted for the standard circuit, this operation can fail.

Note the following information:

  • Before you downgrade from premium to standard, you must ensure that the number of virtual networks that are linked to the circuit is less than 10. If you don't, your update request fails, and we bill you at premium rates.
  • All virtual networks in other geopolitical regions must be first unlinked. If you don't remove the link, your update request fails and we continue to bill you at premium rates.
  • Your route table must be less than 4,000 routes for private peering. If your route table size is greater than 4,000 routes, the BGP session drops. The BGP session doesn't re-establish until the number of advertised prefixes is under 4,000.

You can disable the ExpressRoute premium add-on for the existing circuit by using the following PowerShell cmdlet:

$ckt = Get-AzExpressRouteCircuit -Name "ExpressRouteARMCircuit" -ResourceGroupName "ExpressRouteResourceGroup"

$ckt.Sku.Tier = "Standard"
$ckt.sku.Name = "Standard_MeteredData"

Set-AzExpressRouteCircuit -ExpressRouteCircuit $ckt

To update the ExpressRoute circuit bandwidth

For supported bandwidth options for your provider, check the ExpressRoute FAQ. You can pick any size greater than the size of your existing circuit.

Important

You may have to recreate the ExpressRoute circuit if there is inadequate capacity on the existing port. You cannot upgrade the circuit if there is no additional capacity available at that location.

You cannot reduce the bandwidth of an ExpressRoute circuit without disruption. Downgrading bandwidth requires you to deprovision the ExpressRoute circuit and then reprovision a new ExpressRoute circuit.

After you decide what size you need, use the following command to resize your circuit:

$ckt = Get-AzExpressRouteCircuit -Name "ExpressRouteARMCircuit" -ResourceGroupName "ExpressRouteResourceGroup"

$ckt.ServiceProviderProperties.BandwidthInMbps = 1000

Set-AzExpressRouteCircuit -ExpressRouteCircuit $ckt

Your circuit is upgraded on the Microsoft side. Then you must contact your connectivity provider to update configurations on their side to match this change. After you make this notification, we'll begin billing you for the updated bandwidth option.

To move the SKU from metered to unlimited

You can change the SKU of an ExpressRoute circuit by using the following PowerShell snippet:

$ckt = Get-AzExpressRouteCircuit -Name "ExpressRouteARMCircuit" -ResourceGroupName "ExpressRouteResourceGroup"

$ckt.Sku.Family = "UnlimitedData"
$ckt.sku.Name = "Premium_UnlimitedData"

Set-AzExpressRouteCircuit -ExpressRouteCircuit $ckt

To control access to the classic and Resource Manager environments

Review the instructions in Move ExpressRoute circuits from the classic to the Resource Manager deployment model.

Deprovisioning an ExpressRoute circuit

Note the following information:

  • All virtual networks, route filters, authorizations, and global reach associations must be unlinked from the ExpressRoute circuit. If this operation fails, check to see if any virtual networks are linked to the circuit.
  • If the ExpressRoute circuit service provider provisioning state is Provisioning or Provisioned you must work with your service provider to deprovision the circuit on their side. We continue to reserve resources and bill you until the service provider completes deprovisioning the circuit and notifies us.
  • If the service provider deprovisioned the circuit, meaning the service provider provisioning state gets set to Not provisioned, you can delete the circuit. The billing for the circuit stops.

Clean up resources

You can delete your ExpressRoute circuit by running the following command:

Remove-AzExpressRouteCircuit -ResourceGroupName "ExpressRouteResourceGroup" -Name "ExpressRouteARMCircuit"

Next steps

After you create your circuit and provision it with your provider, continue to the next step to configure the peering: