Connecting Virtual Networks in different Azure Subscriptions to an ExpressRoute circuit in Resource Manager

Scenario

I have an ExpressRoute circuit configured with a connection to a Version 2 (Resource Manager) Azure Virtual Network. I also have an additional Virtual Network in a different Subscription which I need to connect to the same circuit.

The Issue

The instructions on connecting another Virtual Network in a different Subscription are a little confusing. It’s also worth noting that some of the parameters are different now with the latest version of the PowerShell Azure cmdlets. The original instructions may be found at this URL: https://azure.microsoft.com/en-us/documentation/articles/expressroute-howto-linkvnet-arm/#connect-a-virtual-network-in-a-different-azure-subscription-to-an-expressroute-circuit

Environment

I have a Virtual Network in each of my two subscriptions:

  • Subscription 1: Production – Australia East
  • Subscription 2: Test/Dev -Australia Southeast

The primary ExpressRoute connection is configured to use the “Production Australia East” Virtual Network.

Assumptions

The script assumes that you have performed the following work:

  • Configured ExpressRoute with a connection to your primary Virtual Network
  • Added a /28 subnet into your target Virtual Network with the name “GatewaySubnet”
  • Created a Virtual Network Gateway in your target Virtual Network of type “ExpressRoute”

What the script does

The PowerShell script below performs the following steps:

  • Defines parameters for:
    • Source – The primary subscription and Virtual Network that ExpressRoute is configured to communicate with
    • Target – The subscription and Virtual Network that we would like to add a connection to
  • Selects the source subscription
  • Gets information about the existing circuit into a variable
  • Creates an authorisation for a new connection and places the information into a variable
  • Refreshes information about the circuit into the corresponding variable
  • Selects the target subscription
  • Gets information about the target gateway
  • Creates a new Network Gateway connection

The PowerShell Script

Ensure that the variable at the top of the script are changed to suit your needs.

Important: Ensure that the target location specified is correct for the target Virtual Network, otherwise you receive the error “Unable to parse” which is not entirely helpful!

# Define Source Parameters
$SourceSubscriptionName="Prod01"
$SourceResourceGroupName="ProdInfraEast"

$CircuitName="EXP_Prod_aueast"

$AuthorisationName="TestDev01Southeast"

# Define Target Parameters
$TargetResourceGroupName="TestDevInfraSoutheast"
$TargetSubscriptionName="TestDev01"
$TargetGatewayName="GW_TestDev_auSoutheast"
$TargetConnectionName="EXPCON_TestDev_auSoutheast"
$TargetLocation="Australia Southeast"
# End editable parameters
#Login-AzureRmAccount

# Select Source Subscription
Select-AzureRmSubscription `
-SubscriptionName $SourceSubscriptionName

Write-Host "Getting initial variables"
# Get information about existing circuit
$Circuit = Get-AzureRmExpressRouteCircuit `
-Name $CircuitName `
-ResourceGroupName $SourceResourceGroupName

Write-Host "Adding Authorisation"
# Add a authorisation request to the ExpressRoute Circuit
Add-AzureRmExpressRouteCircuitAuthorization `
-ExpressRouteCircuit $circuit `
-Name $AuthorisationName `
-Verbose
# Update the Circuit with the authorisation information
Set-AzureRmExpressRouteCircuit `
-ExpressRouteCircuit $circuit `
-Verbose

# Re-request information about the circuit
$circuit = Get-AzureRmExpressRouteCircuit `
-Name $CircuitName `
-ResourceGroupName $SourceResourceGroupName `
-Verbose

# Request information about the new authorisation
$auth1 = Get-AzureRmExpressRouteCircuitAuthorization `
-ExpressRouteCircuit $circuit `
-Name $AuthorisationName `
-Verbose

# Select Target Subscription
Select-AzureRmSubscription `
-SubscriptionName $TargetSubscriptionName

# Get information about the Target Gateway
$TargetGW = Get-AzureRmVirtualNetworkGateway `
-Name $TargetGatewayName `
-ResourceGroupName $TargetResourceGroupName

Write-Host "Redeeming Key"

$connection = New-AzureRmVirtualNetworkGatewayConnection `
-Name $targetConnectionName `
-ResourceGroupName $TargetResourceGroupName `
-Location $TargetLocation `
-VirtualNetworkGateway1 $TargetGW `
-PeerId $Circuit.Id `
-ConnectionType ExpressRoute `
-AuthorizationKey $auth1.AuthorizationKey `
-Verbose

End Note

Connecting an Azure Expressroute circuit to another Virtual Network in a different subscription is relatively easy, but the process is not really well documented. The original documentation also specifies -circuit in many command lines instead of -ExpressRouteCircuit

It is also worth noting that (frustratingly) we cannot use a version 1 (Classic) circuit for this process. The two do not appear to be compatible.

 

Advertisements

2 thoughts on “Connecting Virtual Networks in different Azure Subscriptions to an ExpressRoute circuit in Resource Manager

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s