共用方式為


使用 Azure CLI 建立和修改網路網狀架構控制器

本文說明如何使用 Azure 命令列介面 (AzureCLI) 來建立網路網狀架構控制器 (NFC)。 本文也將示範如何檢查狀態或刪除網路網狀架構控制器。

必要條件

您必須先實作所有必要條件,才能建立 NFC。

例如資源的名稱不應該包含底線 (_) 字元。

驗證 ExpressRoute 線路

驗證 ExpressRoute 線路以取得正確的連線能力 (CircuitID)(AuthID);如果連線不正確,NFC 佈建會失敗。

建立網路網狀架構控制器

您必須先建立資源群組,才能建立 NFC。

注意:您應該為每個 NFC 建立個別的資源群組。

您可以執行下列命令來建立資源群組:

az group create -n NFCResourceGroupName -l "<Location>"

NFC 建立的屬性

參數 描述 範例 必要 類型
Resource-Group 「資源群組」是存放 Azure 解決方案相關資源的容器。 NFCResourceGroupName XYZNFCResourceGroupName True String
Location Azure 區域是佈建部署的必要項目。 eastus、westus3、southcentralus、eastus2euap eastus True String
Resource-Name 資源名稱會是網路網狀架構控制器的名稱 nfcname XYZnfcname True String
ipv4-address-space IPv4 網路網狀架構控制器位址空間,預設子網區塊為 10.0.0.0/19,而且不應該與任何 ExpressRoute IP 重疊 10.0.0.0/19 10.0.0.0/19 非必要 String
ipv6-address-space IPv6 網路網狀架構控制器位址空間,此參數預設為 FC00::/59,允許的範圍/59 “FC00::/59” “FC00::/59” 非必要 String
ExpressRoute 線路 ExpressRoute 線路是可連線 Azure 和內部部署的專用 10G 連結。 您必須知道 NFC 的 ExpressRoute 線路識別碼和驗證金鑰,才能成功佈建。 有兩個 Express Route 線路,一個用於基礎結構服務,另一個用於工作負載 (租用戶) 服務 --infra-er-connections '[{“expressRouteCircuitId”: “xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx”, “expressRouteAuthorizationKey”: “xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx”}]'

--workload-er-connections '[{“expressRouteCircuitId”: “xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx”, “expressRouteAuthorizationKey”: “xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx”}]'
subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-01", "expressRouteAuthorizationKey": "xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx"}] True 字串
Managed-Resource-Group 受控資源群組組態屬性。 NFCManagedResourceGroupName XYZNFCManagedResourceGroupName True String

以下是如何使用 Azure CLI 建立 NFC 的範例。 如需詳細資訊,請參閱屬性一節

az networkfabric controller create \
  --resource-group "NFCResourceGroupName" \
  --location "<Location>"  \
  --resource-name "nfcname" \
  --ipv4-address-space "10.0.0.0/19" \
  --ipv6-address-space "FC00::/59" \
  --infra-er-connections '[{"expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-01", "expressRouteAuthorizationKey": "<auth-key>"}]'
  --workload-er-connections '[{"expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-01"", "expressRouteAuthorizationKey": "<auth-key>"}]' \
--debug --no-wait

注意:NFC 建立需要 30-45 分鐘。 使用 show 命令來監視 NFC 建立進度。 您會看到不同的佈建狀態,例如已接受、更新中和成功/失敗。 如果建立失敗,請刪除並重建 NFC (Failed)。 預期輸出只會在您透過 AzureCLI 執行時立即顯示執行中

預期輸出:

 {
  "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabricControllers/nfcname",
  "infrastructureExpressRouteConnections": [
    {
      "expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-02"
    }
  ],
  "infrastructureServices": {
    "ipv4AddressSpaces": [
      "10.0.0.0/21"
    ],
    "ipv6AddressSpaces": []
  },
  "ipv4AddressSpace": "10.0.0.0/19",
  "ipv6AddressSpace": "FC00::/59",
  "isWorkloadManagementNetworkEnabled": "True",
  "location": "<Location>",
  "managedResourceGroupConfiguration": {},
  "name": "NFCName",
  "provisioningState": "Succeeded",
  "resourceGroup": "NFCResourceGroupName",
  "systemData": {
    "createdAt": "2023XX-XXT18:59:41.7805324Z",
    "createdBy": "email@address.com",
    "createdByType": "User",
    "lastModifiedAt": "2023-XX-XXT09:50:27.4598499Z",
    "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e107873d7",
    "lastModifiedByType": "Application"
  },
  "type": "microsoft.managednetworkfabric/networkfabriccontrollers",
  "workloadExpressRouteConnections": [
    {
      "expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx//resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-03"
    }
  ],
  "workloadManagementNetwork": true,
  "workloadServices": {
    "ipv4AddressSpaces": [
      "10.0.28.0/22"
    ],
    "ipv6AddressSpaces": []
  }
}

取得網路網狀架構控制器

  az networkfabric controller show --resource-group "NFCResourceGroupName" --resource-name "nfcname"

預期輸出:

{
  "id": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/NFCResourceGroupName/providers/Microsoft.ManagedNetworkFabric/networkFabricControllers/nfcname",
  "infrastructureExpressRouteConnections": [
    {
      "expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-02"
    }
  ],
  "infrastructureServices": {
    "ipv4AddressSpaces": [
      "10.0.0.0/21"
    ],
    "ipv6AddressSpaces": []
  },
  "ipv4AddressSpace": "10.0.0.0/19",
  "ipv6AddressSpace": "FC00::/59",
  "isWorkloadManagementNetworkEnabled": "True",
  "location": "<Location>",
  "managedResourceGroupConfiguration": {},
  "name": "NFCName",
  "provisioningState": "Succeeded",
  "resourceGroup": "NFCResourceGroupName",
  "systemData": {
    "createdAt": "2023XX-XXT18:59:41.7805324Z",
    "createdBy": "email@address.com",
    "createdByType": "User",
    "lastModifiedAt": "2023-XX-XXT09:50:27.4598499Z",
    "lastModifiedBy": "d1bd24c7-b27f-477e-86dd-939e107873d7",
    "lastModifiedByType": "Application"
  },
  "type": "microsoft.managednetworkfabric/networkfabriccontrollers",
  "workloadExpressRouteConnections": [
    {
      "expressRouteCircuitId": "/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx//resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-03"
    }
  ],
  "workloadManagementNetwork": true,
  "workloadServices": {
    "ipv4AddressSpaces": [
      "10.0.28.0/22"
    ],
    "ipv6AddressSpaces": []
  }
}

更新網路網狀架構控制器

網路網狀架構控制器中的 PATCH 功能可讓用戶輕鬆新增或取代其他 Express Route 線路。 此功能在失敗或潛在的移轉事件期間特別有用。 在這種情況下,網路操作員可以透過新增或移除快速路由和密鑰,彈性地修改作用中的網路網狀架構控制器,同時確保作業不會受到影響。

注意

起始更新命令時,請務必提供建立程序期間提供的所有參數。 這是因為更新命令會覆寫現有的內容,因此必須包含所有相關參數,以確保完整且精確的修改。

az networkfabric controller update \ 
  --resource-group "NFCResourceGroupName" \ 
  --location "<Location>"  \ 
  --resource-name "nfcname" \ 
  --ipv4-address-space "10.0.0.0/19" \ 
  --infra-er-connections '[{"expressRouteCircuitId":"/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-01", "expressRouteAuthorizationKey": "<auth-key>"}]' 
  --workload-er-connections '[{"expressRouteCircuitId":"/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-01"", "expressRouteAuthorizationKey": "<auth-key>"}]' 

注意

執行 az networkfabric controller show 來擷取網路網狀架構控制器的相關信息。

使用多個 ExpressRoute 線路更新網路網狀架構控制器。

az networkfabric controller update \ 
 --resource-group "NFCResourceGroupName" \ 
 --location "eastus"  \ 
 --resource-name "nfcname" \ 
 --ipv4-address-space "10.0.0.0/19" \ 
--infra-er-connections "[{expressRouteCircuitId:'/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-01',expressRouteAuthorizationKey:'<auth-key>'},{expressRouteCircuitId:'/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-02',expressRouteAuthorizationKey:'<auth-key>'}]"
--workload-er-connections "[{expressRouteCircuitId:'/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-03',expressRouteAuthorizationKey:'<auth-key>'},{expressRouteCircuitId:'/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-04',expressRouteAuthorizationKey:'<auth-key>'}]"
命令 說明
az networkfabric controller update 在 Azure 中更新現有網路網狀架構控制器的命令
參數 說明 範例值
--resource-group 指定網路網狀架構控制器所在的資源群組。 "NFCResourceGroupName"
--location 指定部署網路網狀架構控制器的 Azure 區域。 "eastus"
--resource-name 您想要更新的網路網狀架構控制器資源名稱。 "nfcname"
--ipv4-address-space 定義網路網狀架構控制器的IPv4位址空間。 "10.0.0.0/19"
--infra-er-connections 指定 JSON 陣組格式的基礎結構 ExpressRoute 連線。 "[{expressRouteCircuitId:'/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-11',expressRouteAuthorizationKey:'<auth-key>'},{expressRouteCircuitId:'/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-13',expressRouteAuthorizationKey:'<auth-key>'}]"
--workload-er-connections 以 JSON 陣語格式指定工作負載 ExpressRoute 連線。 "[{expressRouteCircuitId:'/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-11',expressRouteAuthorizationKey:'<auth-key>'},{expressRouteCircuitId:'/subscriptions/xxxxxx-xxxxxx-xxxx-xxxx-xxxxxx/resourceGroups/ER-Dedicated-WUS2-AFO-Circuits/providers/Microsoft.Network/expressRouteCircuits/MSFT-ER-Dedicated-PvtPeering-WestUS2-AFO-Ckt-12',expressRouteAuthorizationKey:'<auth-key>'}]"

注意

將、"nfcname"、 和 "<auth-key>""NFCResourceGroupName"佔位元取代為您設定的相關實際值。

刪除網路網狀架構控制器

只有在刪除所有相關聯的網路網狀架構之後,才應該刪除 NFC。

  az networkfabric controller delete --resource-group "NFCResourceGroupName" --resource-name "nfcname"

預期輸出:

"name": "nfcname",
    "networkFabricIds": [],
    "operationalState": null,
    "provisioningState": "succeeded",
    "resourceGroup": "NFCResourceGroupName",
    "systemData": {
      "createdAt": "2022-10-31T10:47:08.072025+00:00",

注意

刪除 NFC 需要 30 分鐘的時間。 在 Azure 入口網站中,確認已刪除裝載的資源。

下一步

成功建立 NFC 之後,下一個步驟是建立叢集管理員