-
Notifications
You must be signed in to change notification settings - Fork 33
/
expressroute.azcli
482 lines (448 loc) · 27.4 KB
/
expressroute.azcli
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
#################################
# Commands to test ExpressRoute
#
# Jose Moreno, April 2021
#################################
# Control
location=australiaeast
er_location=australiaeast
er_pop=Sydney
er_circuit_sku=Standard
er_circuit_family=MeteredData # other values: MeteredData, UnlimitedData
er_circuit_bw=1000 # other values: 50, 100, 200, 500, 1000
create_spokes=yes
number_of_spokes=2
simulate_onprem=yes
create_ars=yes
flowlogs=yes
traffic_collector=yes
tc_name=mytc
# Other possible pop/region combinations with megaport:
# location=southcentralus
# er_location=southcentralus
# er_pop=Dallas
# location=germanywestcentral
# er_location=germanywestcentral
# er_pop=Frankfurt
# location=southcentralus
# er_location=southcentralus
# er_pop=Dallas
# location=australiaeast
# er_location=australiaeast
# er_pop=Sydney
# Variables
rg=ertest
er_provider=Megaport
er_circuit_name="er-$er_pop"
ergw_name="ergw-$er_pop"
ergw_pip="${ergw_name}-pip"
vnet_name="ervnet-$er_pop"
vnet_prefix=192.168.64.0/23
vm_subnet_name=vm
vm_subnet_prefix=192.168.64.64/26
gw_subnet_prefix=192.168.64.0/27
vm_name="vm-${er_pop}"
vm_pip_name="${vm_name}-pip"
vm_size=Standard_B1s
mcr_asn=65002
megaport_script_path="/home/jose/repos/azcli/megaport.sh"
ars_name=ars
ars_subnet_prefix=192.168.64.32/27
ars_pip_name="${ars_name}-pip"
# gcloud (to simulate onprem ER)
project_name=onprem
project_id=onprem$RANDOM
machine_type=e2-micro
gcp_asn=16550
region=us-east1 # other values: europe-west3, australia-southeast1, us-east1
zone=us-east1-c # other values: europe-west3-b, australia-southeast1-b, us-east1-c
gcp_vm_name=vm
gcp_vpc_name=vpc
gcp_subnet_name=vm
gcp_subnet_prefix='10.4.2.0/24'
attachment_name=attachment
router_name=router
# Create RG
echo "Creating resource group..."
az group create -n $rg -l $location -o none
# Create ER circuit
if [[ "$er_circuit_sku" == "Local" ]]; then
er_circuit_family="UnlimitedData"
er_circuit_bw="1000"
fi
echo "Creating ER circuit..."
az network express-route create -n $er_circuit_name --peering-location $er_pop -g $rg -o none --only-show-errors \
--bandwidth $er_circuit_bw Mbps --provider $er_provider -l $er_location --sku-family $er_circuit_family --sku-tier $er_circuit_sku
service_key=$(az network express-route show -n $er_circuit_name -g $rg --query serviceKey -o tsv)
# Provision Megaport MCR in location
megaport_script_path="/home/jose/repos/azcli/megaport.sh"
if [[ -e "$megaport_script_path" ]]
then
echo "Creating Megaport Cloud Router and configuring circuit..."
$megaport_script_path -s=jomore-${er_pop} -a=create_mcr -k=$service_key --asn=$mcr_asn
sleep 60 # Wait 1 minute before creating the connections. This could be replaced with a loop checking ./megaport.sh -a=list_live
$megaport_script_path -s=jomore-${er_pop} -a=create_vxc -k=$service_key
else
echo "Sorry, I cannot seem to find the script $megaport_script_path to interact with the Megaport API"
fi
# Create VNet and test VM
echo "Creating VNet and VM..."
az network vnet create -g $rg -n $vnet_name --address-prefix $vnet_prefix --subnet-name $vm_subnet_name --subnet-prefix $vm_subnet_prefix -l $location -o none
az vm create -n $vm_name -g $rg -l $location --image Ubuntu2204 --generate-ssh-keys --nsg "${vm_name}-nsg" -o none \
--public-ip-address $vm_pip_name --vnet-name $vnet_name --size $vm_size --subnet $vm_subnet_name -l $location
# Create ER Gateway and connect it to circuit
echo "Creating ER Gateway..."
az network vnet subnet create -g $rg --vnet-name $vnet_name -n GatewaySubnet --address-prefix $gw_subnet_prefix -o none
az network public-ip create -g $rg -n $ergw_pip --allocation-method Static --sku Standard -l $location -o none
az network vnet-gateway create -g $rg -n $ergw_name --gateway-type ExpressRoute --sku Standard -l $location --vnet $vnet_name --public-ip-addresses $ergw_pip -o none
circuit_id=$(az network express-route show -n $er_circuit_name -g $rg -o tsv --query id)
echo "Connecting ER Gateway to circuit $circuit_id..."
az network express-route update -n "$er_circuit_name" -g $rg -o none # sometimes you need to refresh the circuit
az network vpn-connection create -n "${ergw_name}-${er_pop}" -g $rg -l $location --vnet-gateway1 $ergw_name --express-route-circuit2 $circuit_id -o none
# Optional: configure flow logs on the Gateway Subnet
if [[ "$flowlogs" == "yes" ]]; then
logws_name=$(az monitor log-analytics workspace list -g $rg --query '[].name' -o tsv 2>/dev/null) # Retrieve the WS name if it already existed
if [[ -z "$logws_name" ]]
then
logws_name=log$RANDOM
echo "Creating log analytics workspace ${logws_name}..."
az monitor log-analytics workspace create -n $logws_name -g $rg -l $location -o none
fi
logws_id=$(az resource list -g $rg -n $logws_name --query '[].id' -o tsv)
logws_customerid=$(az monitor log-analytics workspace show -n $logws_name -g $rg --query customerId -o tsv)
# Create storage account
storage_account_name=$(az storage account list -g $rg --query '[].name' -o tsv 2>/dev/null) # Retrieve the storage account name if it already existed
if [[ -z "$storage_account_name" ]]
then
storage_account_name=log$RANDOM
echo "Creating storage account ${storage_account_name}..."
az storage account create -n $storage_account_name -g $rg --sku Standard_LRS --kind StorageV2 -l $location -o none
fi
# Enable flow logs
echo "Enabling VNet Flow Logs on gateway subnet..."
az network watcher flow-log create -l $location -g $rg --name "flowlog-$location" --vnet $vnet_name --subnet GatewaySubnet \
--storage-account $storage_account_name --workspace $logws_name --interval 10 --traffic-analytics true -o none
fi
# Optional: ER Traffic Collector
if [[ "$traffic_collector" == "yes" ]]; then
echo "Creating ER Traffic Collector..."
extension_version=$(az extension show -n traffic-collector --query version -o tsv)
if [[ -z "$extension_version" ]]; then
echo "Installing traffic_collector CLI extension..."
az extension add --name traffic-collector
else
echo "Updating traffic_collector CLI extension..."
az extension update --name traffic-collector
fi
az network-function traffic-collector -n $tc_name -g $rg -o none
fi
# Optional: create spoke associated to the previous VNet and configure the Hub VM as NVA
if [[ "$create_spokes" == "yes" ]]; then
# IP fwding in hub VM
echo "Getting information from hub VM..."
hub_vm_pip=$(az network public-ip show -n $vm_pip_name --query ipAddress -o tsv -g $rg) && echo $hub_vm_pip
hub_vm_nic_id=$(az vm show -n $vm_name -g $rg --query 'networkProfile.networkInterfaces[0].id' -o tsv)
hub_vm_ip=$(az network nic show --ids $hub_vm_nic_id --query 'ipConfigurations[0].privateIpAddress' -o tsv) && echo $hub_vm_ip
echo "Enabling IP forwarding in hub VM..."
az network nic update --ids $hub_vm_nic_id --ip-forwarding -o none
ssh -n -o BatchMode=yes -o StrictHostKeyChecking=no $hub_vm_pip "sudo sysctl -w net.ipv4.ip_forward=1"
# Route table for spokes
myip=$(curl -s4 ifconfig.co)
az network route-table create -n spokes-${er_pop} -g $rg -l $location --disable-bgp-route-propagation -o none
az network route-table route create --route-table-name spokes-${er_pop} -g $rg --address-prefix "0.0.0.0/0" --name default --next-hop-type VirtualAppliance --next-hop-ip-address "$hub_vm_ip" -o none
az network route-table route create --route-table-name spokes-${er_pop} -g $rg --address-prefix "${myip}/32" --name mypc --next-hop-type Internet -o none
# Route table for hub VM (empty)
az network route-table create -n hub-${er_pop} -g $rg -l $location -o none
az network vnet subnet update -g $rg --vnet-name $vnet_name -n $vm_subnet_name --route-table hub-${er_pop} -o none
# Route table for hub GatewaySubnet??
az network route-table create -n vng-${er_pop} -g $rg -l $location -o none
az network vnet subnet update -g $rg --vnet-name $vnet_name -n GatewaySubnet --route-table vng-${er_pop} -o none
# Create spokes
for spoke_id in {1..$number_of_spokes}; do
spoke_vnet_name="ervnet-${er_pop}-spoke${spoke_id}"
spoke_vm_name="vm-${er_pop}-spoke${spoke_id}"
spoke_vnet_prefix=192.168.${spoke_id}.0/24
spoke_vm_subnet_name=vm
spoke_vm_subnet_prefix=192.168.${spoke_id}.64/26
spoke_vm_pip_name="${spoke_vm_name}-pip"
# Create VNet, VNet peerings and VM
echo "Creating spoke ${spoke_vnet_name}..."
az network vnet create -g $rg -n $spoke_vnet_name --address-prefix $spoke_vnet_prefix --subnet-name $spoke_vm_subnet_name --subnet-prefix $spoke_vm_subnet_prefix -l $location -o none
az vm create -n $spoke_vm_name -g $rg -l $location --image Ubuntu2204 --generate-ssh-keys --nsg "${vm_name}-nsg" --public-ip-sku Standard \
--public-ip-address $spoke_vm_pip_name --vnet-name $spoke_vnet_name --size $vm_size --subnet $spoke_vm_subnet_name -l $location --no-wait -o none
az network vnet peering create -n "hubtospoke${spoke_id}" -g $rg --vnet-name $vnet_name --remote-vnet $spoke_vnet_name --allow-vnet-access --allow-forwarded-traffic --allow-gateway-transit -o none
az network vnet peering create -n "spoke${spoke_id}tohub" -g $rg --vnet-name $spoke_vnet_name --remote-vnet $vnet_name --allow-vnet-access --allow-forwarded-traffic --use-remote-gateways -o none
# Verify spoke VM (before applying RT)
# spoke_vm_nic_id=$(az vm show -n $spoke_vm_name -g $rg --query 'networkProfile.networkInterfaces[0].id' -o tsv)
# az network nic show-effective-route-table --ids $spoke_vm_nic_id -o table
# echo "Verifying VM ${spoke_vm_name}..."
# spoke_vm_pip=$(az network public-ip show -n $spoke_vm_pip_name --query ipAddress -o tsv -g $rg) && echo $spoke_vm_pip
# ssh -n -o BatchMode=yes -o StrictHostKeyChecking=no $spoke_vm_pip "ip a"
# Attach RT to VM subnet
az network vnet subnet update -g $rg --vnet-name $spoke_vnet_name -n $spoke_vm_subnet_name --route-table spokes-${er_pop} -o none
# Update the VNG route table
az network route-table route create --route-table-name vng-${er_pop} -g $rg --address-prefix $spoke_vnet_prefix --name $spoke_vnet_name --next-hop-type VirtualAppliance --next-hop-ip-address "$hub_vm_ip" -o none
done
fi
if [[ "$simulate_onprem" == "yes" ]]; then
# Create GCP environment to simulate onprem
# Get environment info
account=$(gcloud info --format json | jq -r '.config.account')
billing_account=$(gcloud beta billing accounts list --format json | jq -r '.[0].name')
billing_account_short=$(echo "$billing_account" | cut -f 2 -d/)
# Create project
echo "Creating Google Cloud project..."
gcloud projects create $project_id --name $project_name
gcloud config set project $project_id
gcloud beta billing projects link "$project_id" --billing-account "$billing_account_short"
gcloud services enable compute.googleapis.com
# VPC and instance
echo "Creating Google Cloud VPC, compute instance and firewall rules..."
gcloud compute networks create "$gcp_vpc_name" --bgp-routing-mode=regional --mtu=1500 --subnet-mode=custom
gcloud compute networks subnets create "$gcp_subnet_name" --network "$gcp_vpc_name" --range "$gcp_subnet_prefix" --region=$region
gcloud compute instances create "$gcp_vm_name" --image-family=ubuntu-2004-lts --image-project=ubuntu-os-cloud --machine-type "$machine_type" --network "$gcp_vpc_name" --subnet "$gcp_subnet_name" --zone "$zone"
gcloud compute firewall-rules create "${gcp_vpc_name}-allow-icmp" --network "$gcp_vpc_name" --priority=1000 --direction=INGRESS --rules=icmp --source-ranges=0.0.0.0/0 --action=ALLOW
gcloud compute firewall-rules create "${gcp_vpc_name}-allow-ssh" --network "$gcp_vpc_name" --priority=1010 --direction=INGRESS --rules=tcp:22 --source-ranges=0.0.0.0/0 --action=ALLOW
gcloud compute firewall-rules create "${gcp_vpc_name}-allow-web" --network "$gcp_vpc_name" --priority=1020 --direction=INGRESS --rules=tcp:80 --source-ranges=192.168.0.0/16 --action=ALLOW
# gcloud compute ssh $gcp_vm_name --zone=$zone --command="ip a" # This command will pause the script if the key file is password-protected
# Create interconnect
echo "Creating router and interconnect..."
gcloud compute routers create $router_name --project=$project_id --network=$gcp_vpc_name --asn=$gcp_asn --region=$region
gcloud compute interconnects attachments partner create $attachment_name --region $region --router $router_name --edge-availability-domain availability-domain-1
pairing_key=$(gcloud compute interconnects attachments describe $attachment_name --region $region --format json | jq -r '.pairingKey')
# Create VXC in Megaport
$megaport_script_path -g -s=jomore-${er_pop} -a=create_vxc -k=$pairing_key
# Activate attachment
echo "Waiting for attachment to get ready..."
# wait_for_gcp_attachment_ready $attachment_name $region
sleep 120
echo "Enabling attachment..."
gcloud compute interconnects attachments partner update $attachment_name --region $region --admin-enabled
fi
#######################################
# Optional: Create Azure Route Server #
#######################################
if [[ "$create_ars" == "yes" ]]; then
# Create subnet for ARS
echo "Creating subnet and PIP for ARS..."
az network vnet subnet create -g $rg --vnet-name $vnet_name -n RouteServerSubnet --address-prefix $ars_subnet_prefix -o none
ars_subnet_id=$(az network vnet subnet show -g $rg --vnet-name $vnet_name -n RouteServerSubnet --query id -o tsv)
# Create PIP
az network public-ip create -g $rg -n $ars_pip_name --allocation-method Static --sku Standard -l $location -o none
# Create ARS
echo "Creating ARS..."
az network routeserver create -n $ars_name -g $rg -l $location --hosted-subnet $ars_subnet_id --public-ip-address $ars_pip_name -o none
fi
##############################################################
# Optional: Create GlobalReach connection between 2 circuits #
##############################################################
circuit1_name=er-Frankfurt
circuit2_name=er-Dallas
circuit2_id=$(az network express-route show -n $circuit2_name -g $rg -o tsv --query id)
ip_range=172.16.31.0/29
az network express-route peering connection create -g $rg --circuit-name $circuit1_name --peering-name AzurePrivatePeering \
-n "${circuit1_name}-to-${circuit2_name}" --peer-circuit $circuit2_id --address-prefix $ip_range
# az network express-route peering connection delete -n "${circuit1_name}-to-${circuit2_name}" -g $rg --circuit-name $circuit1_name --peering-name AzurePrivatePeering
###################################################
# Optional: create second Vnet to simulate onprem #
###################################################
if [[ "$simulate_onprem" == "yes" ]]
then
# Variables
onprem_er_location=germanywestcentral
onprem_er_pop=Frankfurt
onprem_er_provider=Megaport
onprem_er_circuit_name=onpremer
onprem_vnet_name=onprem
onprem_vnet_prefix=172.16.0.0/16
onprem_ergw_name=onpremergw
onprem_ergw_pip="${onprem_ergw_name}-pip"
onprem_vm_subnet_name=vm
onprem_vm_subnet_prefix=172.16.1.0/24
onprem_gw_subnet_prefix=172.16.0.0/24
onprem_vm_name=onpremvm
onprem_vm_pip_name="${onprem_vm_name}-pip"
onprem_vm_size=Standard_B1s
# Create ER circuit
az network express-route create -n $onprem_er_circuit_name --peering-location $onprem_er_pop -g $rg \
--bandwidth 50 Mbps --provider $onprem_er_provider -l $onprem_er_location --sku-family MeteredData --sku-tier Standard -o none
onprem_service_key=$(az network express-route show -n $onprem_er_circuit_name -g $rg --query serviceKey -o tsv)
# Provision additional VXCs to existing MCR
if [[ -e "$megaport_script_path" ]]
then
$megaport_script_path -q -s=jomore -a=create_vxc -k=$onprem_service_key -n=onprem
else
echo "Sorry, I cannot seem to find the script megaport.sh to interact with the Megaport API"
fi
# Create VNet and test VM
az network vnet create -g $rg -n $onprem_vnet_name --address-prefix $onprem_vnet_prefix --subnet-name $onprem_vm_subnet_name --subnet-prefix $onprem_vm_subnet_prefix
az vm create -n $onprem_vm_name -g $rg -l $location --image ubuntuLTS --generate-ssh-keys --nsg "${onprem_vm_name}-nsg" \
--public-ip-address $onprem_vm_pip_name --vnet-name $onprem_vnet_name --size $onprem_vm_size --subnet $onprem_vm_subnet_name -o none
# Create ER Gateway and connect it to circuit
az network vnet subnet create -g $rg --vnet-name $onprem_vnet_name -n GatewaySubnet --address-prefix $onprem_gw_subnet_prefix -o none
az network public-ip create -g $rg -n $onprem_ergw_pip --allocation-method Dynamic --sku Basic -o none
az network vnet-gateway create -g $rg -n $onprem_ergw_name --gateway-type ExpressRoute --sku Standard -l $location --vnet $onprem_vnet_name --public-ip-addresses $onprem_ergw_pip -o none
onprem_circuit_id=$(az network express-route show -n $onprem_er_circuit_name -g $rg -o tsv --query id) && echo $onprem_circuit_id
az network vpn-connection create -n onpremcx -g $rg -l $location --vnet-gateway1 $onprem_ergw_name --express-route-circuit2 $onprem_circuit_id -o none
fi
#################################################################
# Optional: logs #
#################################################################
logws_name=$(az monitor log-analytics workspace list -g $rg --query '[0].name' -o tsv)
if [[ -z "$logws_name" ]]
then
logws_name=erlogs$RANDOM
echo "Creating log analytics workspace $logws_name..."
az monitor log-analytics workspace create -n $logws_name -g $rg -l $location -o none
fi
logws_id=$(az resource list -g $rg -n $logws_name --query '[].id' -o tsv)
logws_customerid=$(az monitor log-analytics workspace show -n $logws_name -g $rg --query customerId -o tsv)
gw_id_list=$(az network vnet-gateway list -g $rg --query '[].id' -o tsv)
while IFS= read -r gw_id; do
echo "Creating diagnostic settings for $gw_id..."
az monitor diagnostic-settings create -n mydiag$RANDOM --resource $gw_id --workspace $logws_id \
--metrics "[{category:AllMetrics,enabled:true,retentionPolicy:{days:0,enabled:false}}]" \
--logs '[{"category": "RouteDiagnosticLog", "enabled": true, "retentionPolicy": {"days": 0, "enabled": false}}]' -o none
done <<< "$gw_id_list"
circuit_id_list=$(az network express-route list -g $rg --query '[].id' -o tsv)
while IFS= read -r circuit_id; do
echo "Creating diagnostic settings for $gw_id..."
az monitor diagnostic-settings create -n mydiag$RANDOM --resource $gw_id --workspace $logws_id \
--metrics "[{category:AllMetrics,enabled:true,retentionPolicy:{days:0,enabled:false}}]" \
--logs '[{"category": "PeeringRouteTableLogs", "enabled": true, "retentionPolicy": {"days": 0, "enabled": false}}]' -o none
done <<< "$circuit_id_list"
#################################################################
# Optional: time how long it takes to create/delete connections #
#################################################################
# Find out how many spokes are peered with the hub
spokes=$(az network vnet peering list -g $rg --vnet-name $vnet_name -o tsv | wc -l)
# Deleting connection
echo "Deleting the connection with $spokes spokes configured..."
time az network vpn-connection delete -n "${ergw_name}-${er_pop}" -g $rg -o none
# Creating connection
echo "Creating the connection with $spokes spokes configured..."
time az network vpn-connection create -n "${ergw_name}-${er_pop}" -g $rg -l $location --vnet-gateway1 $ergw_name --express-route-circuit2 $circuit_id -o none
# Results
# No of spokes Deletion time Creation time
# ============ ============= =============
# 0 2:22 2:33
# 10 6:22 4:03
# 20 8:03 6:03
# 30 8:02 8:34
# 40 11:22 12:34
# 50 13:03 11:35
# 60 14:43 15:04
# 70 19.44 19,35
# 90 28.04 24,05
# 110 29.46 29,07
# 130
# 150
#####################
# Diagnostics #
#####################
# Megaport
./megaport.sh -q -s=jomore -a=list_live
# Resources created
az network expressroute list -g $rg -o table
az network gateway list -g $rg -o table
az network vnet list -g $rg -o table
az network route-table list -g $rg -o table
# Effective routes - Hub
vm_nic_id=$(az vm show -n $vm_name -g $rg --query 'networkProfile.networkInterfaces[0].id' -o tsv)
az network nic show-effective-route-table --ids $vm_nic_id -o table
# Effective routes - Spoke
spoke1_vm_nic_id=$(az vm show -n "vm-${er_pop}-spoke1" -g $rg --query 'networkProfile.networkInterfaces[0].id' -o tsv)
spoke1_vm_pip_address=$(az network public-ip show -n "vm-${er_pop}-spoke1-pip" -g $rg --query ipAddress -o tsv)
spoke1_vm_private_ip=$(az vm show -g $rg -n "vm-${er_pop}-spoke1" -d --query privateIps -o tsv)
spoke2_vm_nic_id=$(az vm show -n "vm-${er_pop}-spoke2" -g $rg --query 'networkProfile.networkInterfaces[0].id' -o tsv)
spoke2_vm_pip_address=$(az network public-ip show -n "vm-${er_pop}-spoke2-pip" -g $rg --query ipAddress -o tsv)
spoke2_vm_private_ip=$(az vm show -g $rg -n "vm-${er_pop}-spoke2" -d --query privateIps -o tsv)
az network nic show-effective-route-table --ids $spoke1_vm_nic_id -o table
az network nic show-effective-route-table --ids $spoke2_vm_nic_id -o table
ssh -n -o BatchMode=yes -o StrictHostKeyChecking=no $spoke1_vm_pip_address "ping -c 5 $spoke2_vm_private_ip"
# Enable/disable BGP route propagation at the spokes
az network route-table update -n spoke-${er_pop} -g $rg --disable-bgp-route-propagation false -o none
az network route-table update -n spoke-${er_pop} -g $rg --disable-bgp-route-propagation true -o none
# Effective routes - Onprem
onprem_vm_nic_id=$(az vm show -n $onprem_vm_name -g $rg --query 'networkProfile.networkInterfaces[0].id' -o tsv)
az network nic show-effective-route-table --ids $onprem_vm_nic_id -o table
vm_pip_address=$(az network public-ip show -n $vm_pip_name -g $rg --query ipAddress -o tsv) && echo $vm_pip_address
onprem_vm_private_ip=$(az vm show -g $rg -n $onprem_vm_name -d --query privateIps -o tsv) && echo $onprem_vm_private_ip
ssh -n -o BatchMode=yes -o StrictHostKeyChecking=no $vm_pip_address "ping -c 5 $onprem_vm_private_ip"
# ER circuit
az network express-route show -n $er_circuit_name -g $rg -o table
az network express-route update -n $er_circuit_name -g $rg
az network express-route show -n $er_circuit_name -g $rg --query 'peerings' -o table
az network express-route get-stats -n $er_circuit_name -g $rg -o table
az network express-route update -n $er_circuit_name -g $rg # Refresh
az network express-route peering list --circuit-name $er_circuit_name -g $rg -o table # Not working before refreshing
az network express-route peering connection list -g $rg -o table --peering-name AzurePrivatePeering --circuit-name $er_circuit_name
az network express-route list-route-tables-summary -g $rg -n $er_circuit_name --path primary --peering-name AzurePrivatePeering --query value -o table
az network express-route list-route-tables -g $rg -n $er_circuit_name --path primary --peering-name AzurePrivatePeering --query value -o table
az network vpn-connection list -g $rg -o table
# ER circuit (onprem)
az network express-route show -n $onprem_er_circuit_name -g $rg -o table
az network express-route update -n $onprem_er_circuit_name -g $rg
az network express-route show -n $onprem_er_circuit_name -g $rg --query 'peerings' -o table
az network express-route get-stats -n $onprem_er_circuit_name -g $rg -o table
az network express-route update -n $onprem_er_circuit_name -g $rg -o none # Refresh
az network express-route peering list --circuit-name $onprem_er_circuit_name -g $rg -o table # Not working before refreshing
az network express-route peering connection list -g $rg -o table --peering-name AzurePrivatePeering --circuit-name $onprem_er_circuit_name
az network express-route list-route-tables-summary -g $rg -n $onprem_er_circuit_name --path primary --peering-name AzurePrivatePeering --query value -o table
az network express-route list-route-tables -g $rg -n $onprem_er_circuit_name --path primary --peering-name AzurePrivatePeering --query value -o table
az network vpn-connection list -g $rg -o table
# VNG
az network vnet-gateway list-bgp-peer-status -n $ergw_name -g $rg -o table
az network vnet-gateway list-learned-routes -n $ergw_name -g $rg -o table
az network vnet-gateway list-learned-routes -n $ergw_name -g $rg --query 'value[].{LocalAddress:localAddress, Peer:sourcePeer, Network:network, NextHop:nextHop, ASPath: asPath, Origin:origin, Weight:weight}' -o table
az network vnet-gateway list-advertised-routes -n $ergw_name -g $rg -o table --peer 192.168.1.4
# Onprem VNG (if simulating onprem with another VNet/VNG)
az network vnet-gateway list-bgp-peer-status -n $onprem_ergw_name -g $rg -o table
az network vnet-gateway list-learned-routes -n $onprem_ergw_name -g $rg -o table
az network vnet-gateway list-learned-routes -n $onprem_ergw_name -g $rg --query 'value[].{LocalAddress:localAddress, Peer:sourcePeer, Network:network, NextHop:nextHop, ASPath: asPath, Origin:origin, Weight:weight}' -o table
az network vnet-gateway list-advertised-routes -n $onprem_ergw_name -g $rg -o table
# Route server (if there is one, not covered by this script)
rs_name=$(az network routeserver list -g $rg --query '[0].name' -o tsv) && echo $rs_name
nva_private_ip=$(az vm show -g $rg -n "$vm_name" -d --query privateIps -o tsv) && echo $nva_private_ip
az network routeserver peering list --routeserver $rs_name -g $rg -o table
rs_peer_name=$(az network routeserver peering list --routeserver $rs_name -g $rg -o tsv --query '[0].name') && echo $rs_peer_name
az network routeserver peering list-learned-routes -n $rs_peer_name --routeserver $rs_name -g $rg --query 'RouteServiceRole_IN_0' -o table
az network routeserver peering list-advertised-routes -n $rs_peer_name --routeserver $rs_name -g $rg --query 'RouteServiceRole_IN_0' -o table
# Flip b2b in the RS
az network routeserver update -n $rs_name -g $rg --allow-b2b-traffic false -o none
az network routeserver update -n $rs_name -g $rg --allow-b2b-traffic true -o none
#######################
# Cleanup - Danger! #
#######################
# Delete all VMs
function delete_vm() {
vm_name=$1
disk_id=$(az vm show -n $vm_name -g $rg --query storageProfile.osDisk.managedDisk.id -o tsv)
nic_id=$(az vm show -n $vm_name -g $rg --query 'networkProfile.networkInterfaces[0].id' -o tsv)
pip_id=$(az network nic show --ids $nic_id --query 'ipConfigurations[0].publicIpAddress.id' -o tsv)
nsg_id=$(az network nic show --ids $nic_id --query networkSecurityGroup.id -o tsv)
echo "Deleting VM $vm_name..."
az vm delete -n $vm_name -g $rg -y
echo "Deleting disk $disk_id..."
az disk delete --ids $disk_id -y
echo "Deleting NIC $nic_id..."
az network nic delete --ids $nic_id
echo "Deleting public IP $pip_id..."
az network public-ip delete --ids $pip_id
# echo "Deleting NSG $nsg_id..."
# az network nsg delete --ids $nsg_id
}
vm_list=$(az vm list -g $rg --query '[].name' -o tsv)
while IFS= read -r vm; do
delete_vm $vm
done <<< "$vm_list"
# Remove MCR from Megaport
megaport_script_path="/home/jose/repos/azcli/megaport.sh"
$megaport_script_path -q -s=jomore -a=delete_mcr
# Google cloud
if [[ "$simulate_onprem" == "yes" ]]; then
gcloud projects delete "$project_id"
gcloud projects list
fi
# Delete RG
az group delete -n $rg -y --no-wait