Reputation: 23
Adding a second ExpressRoute connection to an Azure virtual network with networkconfig.xml
We are trying to add a second ExpressRoute connection to a vNet in an Azure subscription. We have already successfully completed the connection to our first ExpressRoute (we are using the Exchange Provider method) using a combination of the virtual network GUI and powershell cmdlet tools.
However... the GUI only supports adding one site-to-site VPN via ExpressRoute.
The method for adding a secondary site-to-site connection is to export the network configuration (via the Azure portal) and edit the resulting NetworkConfig.xml file - and then re-import this via the portal.
All good, in theory.
The NetworkConfig.xml file exported from the gui:
<Gateway>
<ConnectionsToLocalNetwork>
<LocalNetworkSiteRef name="XXXX">
<Connection type="Dedicated" />
</LocalNetworkSiteRef>
</ConnectionsToLocalNetwork>
</Gateway>
In conjunction with MS Support (with whom we are still engaged), we determined the following should work:
<Gateway>
<ConnectionsToLocalNetwork>
<LocalNetworkSiteRef name="XXXX">
<Connection type="Dedicated" />
</LocalNetworkSiteRef>
<LocalNetworkSiteRef name="YYYY">
<Connection type="Dedicated" />
</LocalNetworkSiteRef>
</ConnectionsToLocalNetwork>
</Gateway>
However, attempting to import this generates the following error message:
"The gateway in virtual network site XXX-XXX-XX referenced multiple local network sites and uses a connection type different than 'IPsec' for at least one of the connections. If a gateway references more than one local network site, the connection type to all local network sites must be 'IPsec'. 'IPsec' is the default connection type."
This appears to suggest multiple ExpressRoute connections on a single vNet are not supported, which would be contrary to the MS FAQ here:
Can I have one virtual network connected to more than one ExpressRoute circuit?
Yes. You can link a single virtual network with up to 4 ExpressRoute circuits. All ExpressRoute circuits must be in the same continent. They can be ordered through different service providers and in different locations.
(from https://azure.microsoft.com/en-us/documentation/articles/expressroute-coexist/)
Does anyone have any idea how we should proceed?
Thanks
Upvotes: 1
Views: 3375
Answers (1)
Reputation: 11
You can accomplish this task using APIs. You can link up to 4 ExpressRoute circuits to a virtual network. You can do this by linking the same vnet to multiple circuits. Below is a sample
new-azurededicatedcircuitlink -servicekey <skey1> -vnetname <vnet>
new-azurededicatedcircuitlink -servicekey <skey2> -vnetname <vnet>
In the above example skey 1 and skey 2 represent different circuits.
Upvotes: 1
Related Questions
- Azure SDK - Add/Remove Virtual Network from App Service
- Prevent Azure Expressroute from learning routes from VPN Gateway
- Azure ExpressRoute Gateway Zone Redundant Gateway ARM Tempate
- Azure ExpressRoute via Vnet
- Azure Expressroute for O365 and IaaS
- Azure VPN Configuration - Connect to existing VPN
- Azure gateway with a virtual network
- Azure indirect Peering
- Connecting an Azure Webapp to an existing virtual network
- Connecting an Azure virtual network to an external VPN gateway