Scenario
I have an ExpressRoute circuit configured with a connection to a Version 2 (Resource Manager) Azure Virtual Network. I also have an additional Virtual Network in a different Subscription which I need to connect to the same circuit.
The Issue
The instructions on connecting another Virtual Network in a different Subscription are a little confusing. It’s also worth noting that some of the parameters are different now with the latest version of the PowerShell Azure cmdlets. The original instructions may be found here
Environment
I have a Virtual Network in each of my two subscriptions:
- Subscription 1: Production – Australia East
- Subscription 2: Test/Dev -Australia Southeast
The primary ExpressRoute connection is configured to use the “Production Australia East” Virtual Network.
Assumptions
The script assumes that you have performed the following work:
- Configured ExpressRoute with a connection to your primary Virtual Network
- Added a /28 subnet into your target Virtual Network with the name “GatewaySubnet”
- Created a Virtual Network Gateway in your target Virtual Network of type “ExpressRoute”
What the script does
The PowerShell script below performs the following steps:
- Defines parameters for:
- Source – The primary subscription and Virtual Network that ExpressRoute is configured to communicate with
- Target – The subscription and Virtual Network that we would like to add a connection to
- Selects the source subscription
- Gets information about the existing circuit into a variable
- Creates an authorisation for a new connection and places the information into a variable
- Refreshes information about the circuit into the corresponding variable
- Selects the target subscription
- Gets information about the target gateway
- Creates a new Network Gateway connection
The PowerShell Script
Ensure that the variable at the top of the script are changed to suit your needs.
Ensure that the target location specified is correct for the target Virtual Network, otherwise you receive the error “Unable to parse” which is not entirely helpful!
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 | # Define Source Parameters $SourceSubscriptionName=’Prod01′ $SourceResourceGroupName=’ProdInfraEast’ $CircuitName=’EXP_Prod_aueast’ $AuthorisationName=’TestDev01Southeast’ # Define Target Parameters $TargetResourceGroupName=’TestDevInfraSoutheast’ $TargetSubscriptionName=’TestDev01′ $TargetGatewayName=’GW_TestDev_auSoutheast’ $TargetConnectionName=’EXPCON_TestDev_auSoutheast’ $TargetLocation=’Australia Southeast’ # End editable parameters #Login-AzureRmAccount # Select Source Subscription Select-AzureRmSubscription ` -SubscriptionName $SourceSubscriptionName Write-Host ‘Getting initial variables’ # Get information about existing circuit $Circuit = Get-AzureRmExpressRouteCircuit ` -Name $CircuitName ` -ResourceGroupName $SourceResourceGroupName Write-Host ‘Adding Authorisation’ # Add a authorisation request to the ExpressRoute Circuit Add-AzureRmExpressRouteCircuitAuthorization ` -ExpressRouteCircuit $circuit ` -Name $AuthorisationName ` -Verbose # Update the Circuit with the authorisation information Set-AzureRmExpressRouteCircuit ` -ExpressRouteCircuit $circuit ` -Verbose # Re-request information about the circuit $circuit = Get-AzureRmExpressRouteCircuit ` -Name $CircuitName ` -ResourceGroupName $SourceResourceGroupName ` -Verbose # Request information about the new authorisation $auth1 = Get-AzureRmExpressRouteCircuitAuthorization ` -ExpressRouteCircuit $circuit ` -Name $AuthorisationName ` -Verbose # Select Target Subscription Select-AzureRmSubscription ` -SubscriptionName $TargetSubscriptionName # Get information about the Target Gateway $TargetGW = Get-AzureRmVirtualNetworkGateway ` -Name $TargetGatewayName ` -ResourceGroupName $TargetResourceGroupName Write-Host ‘Redeeming Key’ $connection = New-AzureRmVirtualNetworkGatewayConnection ` -Name $targetConnectionName ` -ResourceGroupName $TargetResourceGroupName ` -Location $TargetLocation ` -VirtualNetworkGateway1 $TargetGW ` -PeerId $Circuit.Id ` -ConnectionType ExpressRoute ` -AuthorizationKey $auth1.AuthorizationKey ` -Verbose |
Connecting an Azure Express route circuit to another Virtual Network in a different subscription is relatively easy, but the process is not really well documented. The original documentation also specifies -circuit in many command lines instead of -ExpressRouteCircuit
It is also worth noting that (frustratingly) we cannot use a version 1 (Classic) circuit for this process. The two do not appear to be compatible.
Have more questions? Get in touch with Insentra today.
