Shulou(Shulou.com)06/01 Report--

Azure stack from Azure, as the industry's only and leading public cloud platform consistent hybrid cloud platform, can help enterprise customers deliver Azure cloud services from their own data centers. As the highlight of Microsoft's hybrid cloud strategy, it is officially announced that it will GA in the middle of this year. Shanghai Yidian Group attaches great importance to this product and has set up a special team to track the latest Azure Stack technology developments and actively promote the landing of Azure Stack in China. In the coming period of time, we will summarize the technical content of tracking Azure Stack over the past year into a series of articles on Azure Stack technology and share them with people interested in Microsoft hybrid cloud products.

As the first article in a series of Azure Stack technologies, this article will describe the network connectivity difficulties we are facing in building an Azure Stack-based hybrid cloud business solution, as well as the efforts and technical explorations made by relevant technicians to solve this problem.

1. Introduction of Expre***outer and Site2Site × × 1.1 Microsoft Expre***oute service and Site2Site × × × service

Express Route (ER): Azure Expre***oute allows you to extend to the Azure cloud by connecting to a service provider (in this case, Shanghai Telecom). Use ER to establish a connection with Azure cloud services. The ER connection does not go through the public Internet. Expre***oute connections provide higher reliability, faster speed, lower latency, and higher security than typical connections over Internet.

A detailed introduction to ER can be found on Microsoft's official website.

S2S × ×: is a site-to-site interconnected azure service. For more information, please refer to the Microsoft official website documentation] (https://www.azure.cn/documentation/articles/***-gateway-howto-site-to-site-resource-manager-portal/

You can also refer to the previous blog post about ER

1.2 ER+S2S × × configuration Design 1.2.1 site-to-site × × as the failover path for Expre***oute

A site-to-site × × connection can be configured as a backup of Expre***oute. This applies only to virtual networks that are linked to Azure private peer-to-peer paths. For services that can be accessed through Azure public lines, there is no × × based failover solution. The Expre***oute line is always the primary link. Data flows through the site-to-site path only if the Expre***oute line fails, as shown in the figure below.

1.2.2 site-to-site × × as a supplement to Expre***oute

The network can be configured so that some sites are directly connected to Azure through site-to-site × ×, and some sites are connected through Expre***oute. See the following figure.

1.3 ER+S2S × × × hybrid cloud connectivity experiment

The company's ER+S2S × × hybrid cloud experimental environment opens up the company's Azure public cloud subscription and the private cloud environment located in Zizhu Microsoft. The detailed architecture diagram and network planning are shown in the figure below. (thank you very much for the support of Microsoft ER team.)

Azure public cloud and private cloud environments are connected through Expre***oute and site-to-site × ×, which can configure site-to-site × × as a secure failover path for Exre***oute to achieve high availability. Or use site-to-site × × to connect to sites that are not connected through Expre***oute to carry some traffic that is not sensitive to network latency.

two。 Hybrid Cloud Lab Environment Network Topology 2.1 Expre***oute Architecture

Azure Expre***oute allows you to extend your local network to the Azure cloud by connecting to a dedicated connection provided by your service provider. Use Expre***oute to establish a connection with Azure cloud services.

The Expre***oute connection does not go through the public Internet. Expre***oute connections provide higher reliability, faster speed, lower latency, and higher security than typical connections over Internet. The architecture of Expre***oute is shown in the following figure.

The advantages of Expre***oute are:

Establish a layer 3 connection between the local network and the Azure cloud by connecting the service provider. This connection can be established through point-to-point Ethernet or through Ethernet switching via virtual cross connections.

Connect to Azure cloud services across all regions of the geopolitical region.

Connect to Azure services in all regions from around the world through Expre***oute Premium add-ons.

Dynamic routing between your network and Azure through the Industry Standard Protocol (BGP).

Provide built-in redundancy at each peer location to improve reliability.

Connect run time SLA.

2.2 Network Topology of Hybrid Cloud Lab Environment

The hybrid cloud environment for the test relies on Shanghai Telecom's two point-to-point physical lines to connect the Azure public cloud data center in Nanhui and Microsoft lab environment in Zizhu. Run Azure Expre***oute services on two physical lines to connect public and private clouds. The detailed network topology diagram is as follows.

3. Expre***oute fee

Expre***oute fee is divided into two parts, the cost of telecom operators and the cost of Azure Expre***oute services.

3.1 fees for telecom operators

In this scheme, two lines are opened, and the two switches are connected separately, and the bandwidth is the sum of the bandwidth of the two lines, so that the two lines back up each other to achieve high availability.

For detailed prices, please consult the ER Business specialist of Shanghai Telecom.

3.2Service charges for Azure Expre***oute

The service fee is divided into two billing methods: bill-by-bandwidth and bill-by-traffic (traffic only calculates the traffic of downloading data from the public cloud. It is recommended to adopt the bill-by-traffic method if the download volume is small).

Bill by bandwidth

Billed according to outgoing data traffic

For more information on the billing of Azure Expre***oute services, please see the price list on azure's official website: https://www.azure.cn/pricing/details/expre***oute/

4. Configuration method of Expre***oute

The following steps describe the tasks to be performed by preconfiguring an end-to-end Expre***oute line.

Use PowerShell to configure Expre***oute lines. See the Powershell script "ER-Webinar-Script" for details.

Order the connection from the service provider (China Telecom). This process varies depending on the situation. For more information about how to order a connection, please contact your connection service provider.

Verify the Expre***oute line preconfiguration status through PowerShell to ensure that the line preconfiguration is successful. See the Powershell script "ER-Webinar-Script" for details.

Configure the routing domain. Connect to the service provider management layer 3, and they will configure routing for your line.

Enable Azure private peer interconnect-you must enable this peer interconnect to connect to VM/ cloud services deployed in a virtual network.

Enable Azure Public Peer Interconnect-if you want to connect to an Azure service hosted on a public IP address, you must enable Azure Public Peer Interconnect. You must do this if you have chosen to enable default routing for the Azure private peer interconnect and want to access Azure resources.

Link a virtual network to an Expre***oute line-you can link a virtual network to an Expre***oute line. Please follow the instructions to link VNet to your line. These VNet can be in the same Azure subscription as the Expre***oute line, or in different subscriptions.

See Expre***oute 's Powershell script "ER-Webinar-Script" for detailed configuration.

Detailed configuration methods can be found on the official website.

5. Expre***oute test results 5.1 Network delay test

The following figure is from the ping of this machine (a PC of the institute's intranet) to the wiki server of the institute's intranet. The delay of the picture is basically within 10ms, with a certain jitter.

two。 The following picture shows the ping from this machine (a PC of the research institute intranet) to a server in the Yishan computer room. The intranet of the research institute is connected to the Yishan road computer room through a 100m dedicated line. The delay of looking at the picture is about 10-30ms, and the jitter is large.

3. The following figure shows the external network address from the ping of this machine (a PC in the company's intranet) to a server in Baoshan computer room. The company's internal network and Baoshan computer room can only be accessed through the external network (WAN). The delay of looking at the picture is about 10-30ms, and the jitter is large. Figure 2 is from the ping of this machine (a PC of the company's intranet) to Baidu server, and the delay is basically around 30ms.

4. Finally, from a computer in our Azure shared cloud to the gateway address of Microsoft's private cloud environment, the two are connected through Azure's Expre***oute, and we can find that the feedback time of each packet is very stable around 4ms. By comparison, the network latency of the hybrid cloud solution through Azure Expre***oute is basically the same as that of a pure private network environment.

Experimental conclusion: the delay of the network connected by Azure Expre***oute is very small, the network jitter is also very small, and the QOS of the network is very good, even better than the intranet environment of our research institute.

5.2 Network bandwidth test Azure public cloud account → Microsoft test machine public network address: 42.159.room.136 → external network address: 183.195.room.76 internal network address: 10.0.1.7 → internal network address: 192.168.12.10

The transfer speed of transferring files from the virtual machine in Azure's shared cloud account to Microsoft test machine via ftp is as follows:

File time tested 205.16MB2 minutes 46 seconds (1.23MB/s) 205.16MB2 minutes 47 seconds (1.23MB/s) 205.16MB2 minutes 52 seconds (1.2MB/s) 1.2GB16 minutes 39 seconds (1.23MB/s)

The transfer speed from the Microsoft test machine to the virtual machine in the Azure shared cloud account via ftp is as follows

File time tested 205.16MB2 minutes 46 seconds (1.23MB/s) 205.16MB2 minutes 52 seconds (1.2MB/s) 205.16MB2 minutes 47 seconds (1.23MB/s) 205.16MB2 minutes 47 seconds (1.23MB/s) 205.16MB2 minutes 52 seconds (1.2MB/s) 1.2GB16 minutes 46 seconds (1.22MB/s)

Compare the S2S × × transmission speed:

File time tested 205.16MB2 minutes 9 seconds (1.59MB/s) 205.16MB2 minutes 16 seconds (1.51MB/s) 205.16MB2 minutes 13 seconds (1.54MB/s) 205.16MB2 minutes 10 seconds (1.58MB/s) 205.16MB5 minutes 14 seconds (0.65MB/s) 205.16MB2 minutes 7 seconds (1.62MB/s) 1.96GB37 minutes 50 seconds (903.6KB/S) 1.2GB13 minutes 9 seconds (1.56MB/s)

Test conclusion:

The bandwidth of the physical line of ER is 10m. After testing, the data transmission speed of FTP is basically at the 1.2M/s level, and the bandwidth is stable and guaranteed. However, S2S × × × more depends on the current network environment, and FTP transmission has been interrupted many times during the test.

Through the experiment, we find that the bandwidth of the ER line is determined by the bandwidth of the physical line. Because it is a dedicated line, the network bandwidth is stable and the delay is very small. The solution of S2S × × depends more on the current network condition. Due to routing to the public network, there is no way to guarantee the network bandwidth and delay.

Combined with the characteristics of the two connectivity schemes, taking site-to-site × × as the failover path of Expre***oute is a very good configuration scheme.

6. Summary and suggestion

Azure Stack will be released soon, and it is believed that many Azure Stack users will need a reliable connectivity solution to support their hybrid cloud business. From the comparative tests above, we can find that Expre***oute, as a reliable way to ensure network bandwidth and uptime, can ensure the access and data transmission between your local data center and Azure public cloud. At the same time, Azure and Azure Stack provide various × × access methods, such as site2site × × mentioned above, which can realize the network connection between the data center and the Azure cloud platform, point2site × × can solve the network access problem of mobile office workers, and vnet2vnet can realize the network connectivity of the virtual network in the hybrid cloud data center.

Through ER, a reliable network connectivity mode and a variety of × × × access methods, to build a flexible and reliable hybrid cloud environment, fast, flexible and efficient implementation of our business scenarios.

If you are interested in Azure Stack series of articles, please follow our follow-up articles in time. In the next article, the product manager of Azure Stack will share with you how Azure Stack will be competitive in the private cloud domain and what kind of business scenarios it is suitable for. In particular, it will make an in-depth comparison with the hot domestic OpenStack system in terms of function and business direction.

Author: Han Wei (mailbox)

If you are interested in the content of the article, please contact:

Azure Stack Technical support team (gaoc@rc.inesa.com / niuhx@rc.inesa.com) of Yi Dian (Group) Co., Ltd.

Reprint please note: reproduced from Azure Stack Notes blog (http://a-stack.com)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.