Provisioning Azure ExpressRoute Private Peering [Snippet]

The new Azure CLI 2.0 was recently released for general availability on Linux, macOS, and Windows (see this article for the announcement). In this post, I’m providing a step-by-step walk-through of using the Azure CLI 2.0 to provision ExpressRoute Private Peering with the new UltraPerformance VNET Gateway that provides up to 10Gbps throughput.

Note that you can also clone or fork this sample script snippet via my GitHub repo.

For more details on Azure ExpressRoute, see our official documentation site.

# Sample step-by-step Azure CLI 2.0 commands for configuring ExpressRoute Private Peering with UltraPerformance VNET Gateways

# Install Azure CLI 2.0
curl -L https://aka.ms/InstallAzureCli | bash

# Restart shell after initial installation of CLI 2.0
exec -l $SHELL

# Authenticate to Azure via Azure AD credentials
az login

# Select Azure Subscription
az account set --subscription "subscription-name-or-id"

# Create new Resource Group for ExpressRoute circuit
az group create --name "expressroute-rg" --location "azure-region"

# List the ExpressRoute providers to determine provider name, peering location and circuit bandwidth
az network express-route list-service-providers 

# Provision ExpressRoute circuit
az network express-route create --name "expressroute-circuit" --resource-group "expressroute-rg" --location "azure-region" --provider "expressroute-provider" --peering-location "peering-location" --bandwidth <bandwidth-in-mbps> --sku-family "MeteredData" --sku-tier "Standard"

# Get properties of the new ExpressRoute circuit
# Share "serviceKey" value with provider for provisioning circuit
# When "serviceProviderProvisioningState" equals "Provisioned" move forward with next step
az network express-route show --name "expressroute-circuit" --resource-group "expressroute-rg"

# Configure Azure Private Peering for ExpressRoute circuit
az network express-route peering create --name "private-peering" --type "AzurePrivatePeering" --circuit-name "expressroute-circuit" --resource-group "expressroute-rg" --peer-asn <peer-asn-number> --primary-peer-subnet "x.x.x.x/30" --secondary-peer-subnet "x.x.x.x/30" --vlan-id <vlan_id> --shared-key "optional-key-for-generating-MD5-hash"

# Get properties of Azure Private Peering
az network express-route peering show --name "private-peering" --circuit-name "expressroute-circuit" --resource-group "expressroute-rg"

# Provision UltraPerformance ExpressRoute VNET Gateway
az network public-ip create --name "vnet-gateway-1-ip" --resource-group "vnet-resource-group" --location "azure-region"
az network vnet-gateway create --name "vnet-gateway-1" --resource-group "vnet-resource-group" --location "azure-region" --public-ip-address "vnet-gateway-1-ip" --vnet "vnet-name" --gateway-type "ExpressRoute" --sku "UltraPerformance"

# Link ExpressRoute circuit to VNET Gateway in same subscription
az network vpn-connection create --name "vpn-connection-1" --resource-group "vnet-resource-group" --location "azure-region" --vnet-gateway1 "vnet-gateway" --express-route-circuit2 "expressroute-circuit-resource-id"

# Link ExpressRoute circuit to VNET Gateway in different subscription
az network express-route auth create --name "expressroute-auth-1" --circuit-name "expressroute-circuit" --resource-group "expressroute-rg"
az network express-route auth show --name "expressroute-auth-1" --resource-group "expressroute-rg" --circuit-name "expressroute-circuit" 
az network vpn-connection create --name "vpn-connection-1" --resource-group "vnet-resource-group" --location "azure-region" --vnet-gateway1 "vnet-gateway" --express-route-circuit2 "expressroute-circuit-resource-id" --authorization-key "authorization-key"