Merge pull request #273145 from AbdullahBell/expressroute-gateway-migration

ExpressRoute: Update: Migrate to an availability zone-enabled ExpressRoute virtual network gateway

Author: v-dirichards

articles/expressroute/TOC.yml

@@ -63,6 +63,8 @@
     href: expressroute-about-virtual-network-gateways.md
   - name: About zone-redundant gateways for Availability Zones
     href: ../vpn-gateway/about-zone-redundant-vnet-gateways.md?toc=/azure/expressroute/toc.json
+  - name: About Migrating to an AZ gateway
+    href: gateway-migration.md
   - name: About ExpressRoute FastPath
     href: about-fastpath.md
   - name: About ExpressRoute Direct
@@ -234,7 +236,11 @@
   - name: Migrate to a new circuit
     href: circuit-migration.md
   - name: Migrate to an AZ gateway
-    href: gateway-migration.md
+    items:
+    - name: Azure portal
+      href: expressroute-howto-gateway-migration-portal.md
+    - name: Azure PowerShell
+      href: expressroute-howto-gateway-migration-powershell.md
   - name: Moving from classic to Resource Manager
     items:
     - name: Move a circuit from classic to Resource Manager

articles/expressroute/expressroute-about-virtual-network-gateways.md

@@ -71,8 +71,6 @@ Before you create an ExpressRoute gateway, you must create a gateway subnet. The
 
 > [!NOTE]
 > [!INCLUDE [vpn-gateway-gwudr-warning.md](../../includes/vpn-gateway-gwudr-warning.md)]
->
-
 > - We don't recommend deploying Azure DNS Private Resolver into a virtual network that has an ExpressRoute virtual network gateway and setting wildcard rules to direct all name resolution to a specific DNS server. Such a configuration can cause management connectivity issues.
 
 
@@ -90,7 +88,7 @@ Add-AzVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -AddressPrefix 10.0.3.0/2
 
 ### <a name="zrgw"></a>Zone-redundant gateway SKUs
 
-You can also deploy ExpressRoute gateways in Azure Availability Zones. This configuration physically and logically separates them into different Availability Zones, protecting your on-premises network connectivity to Azure from zone-level failures.
+You can also deploy ExpressRoute gateways in Azure Availability Zones. This configuration physically and logically separates them into different Availability Zones, protecting your on-premises network connectivity to Azure from zone-level failures. 
 
 ![Zone-redundant ExpressRoute gateway](./media/expressroute-about-virtual-network-gateways/zone-redundant.png)
 
@@ -102,6 +100,8 @@ Zone-redundant gateways use specific new gateway SKUs for ExpressRoute gateway.
 
 The new gateway SKUs also support other deployment options to best match your needs. When creating a virtual network gateway using the new gateway SKUs, you can deploy the gateway in a specific zone. This type of gateway is referred to as a zonal gateway. When you deploy a zonal gateway, all the instances of the gateway are deployed in the same Availability Zone.
 
+To learn about migrating an ExpressRoute gateway, see [Gateway migration](gateway-migration.md).
+
 ## VNet to VNet and VNet to Virtual WAN connectivity
 
 By default, VNet to VNet and VNet to Virtual WAN connectivity is disabled through an ExpressRoute circuit for all gateway SKUs. To enable this connectivity, you must configure the ExpressRoute virtual network gateway to allow this traffic. For more information, see guidance about [virtual network connectivity over ExpressRoute](virtual-network-connectivity-guidance.md). To enabled this traffic, see [Enable VNet to VNet or VNet to Virtual WAN connectivity through ExpressRoute](expressroute-howto-add-gateway-portal-resource-manager.md#enable-or-disable-vnet-to-vnet-or-vnet-to-virtual-wan-traffic-through-expressroute).

articles/expressroute/expressroute-howto-gateway-migration-portal.md

@@ -0,0 +1,101 @@
+---
+title: Migrate to an availability zone-enabled ExpressRoute virtual network gateway in Azure portal
+titleSuffix: Azure ExpressRoute
+description: This article explains how to seamlessly migrate from Standard/HighPerf/UltraPerf SKUs to ErGw1/2/3AZ SKUs in Azure portal.
+services: expressroute
+author: duongau
+ms.service: expressroute
+ms.custom: ignite-2023, devx-track-azurepowershell
+ms.topic: how-to
+ms.date: 04/26/2024
+ms.author: duau
+---
+
+# Migrate to an availability zone-enabled ExpressRoute virtual network gateway in Azure portal
+
+When you create an ExpressRoute virtual network gateway, you need to choose the [gateway SKU](expressroute-about-virtual-network-gateways.md#gateway-types). If you choose a higher-level SKU, more CPUs and network bandwidth are allocated to the gateway. As a result, the gateway can support higher network throughput and more dependable network connections to the virtual network. 
+
+The following SKUs are available for ExpressRoute virtual network gateways:
+
+* Standard
+* HighPerformance
+* UltraPerformance
+* ErGw1Az
+* ErGw2Az
+* ErGw3Az
+* ErGwScale (Preview)
+
+## Prerequisites
+
+- Review the [Gateway migration](gateway-migration.md) article before you begin.
+- You must have an existing [ExpressRoute Virtual network gateway](expressroute-howto-add-gateway-portal-resource-manager.md) in your Azure subscription.
+- A second prefix is required for the gateway subnet. If you have only one prefix, you can add a second prefix by following the steps in the [Add a second prefix to the gateway subnet](#add-a-second-prefix-to-the-gateway-subnet) section.
+  
+## Add a second prefix to the gateway subnet
+
+The gateway subnet needs two or more address prefixes for migration. If you have only one prefix, you can add a second prefix by following these steps.
+
+1. First, update the `Az.Network` module to the latest version by running this PowerShell command:
+
+    ```powershell-interactive
+    Update-Module -Name Az.Network -Force
+    ```
+
+1. Then, add a second prefix to the **GatewaySubnet** by running these PowerShell commands:
+
+    ```powershell-interactive
+    $vnet = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $resourceGroup
+    $subnet = Get-AzVirtualNetworkSubnetConfig -Name GatewaySubnet -VirtualNetwork $vnet
+    $prefix = "Enter new prefix"
+    $subnet.AddressPrefix.Add($prefix)
+    Set-AzVirtualNetworkSubnetConfig -Name GatewaySubnet -VirtualNetwork $vnet -AddressPrefix $subnet.AddressPrefix
+    Set-AzVirtualNetwork -VirtualNetwork $vnet
+    ```
+
+## Migrate to a new gateway in Azure portal
+
+Here are the steps to migrate to a new gateway in Azure portal.
+
+
+1. In the [Azure portal](https://portal.azure.com/), navigate to your Virtual Network Gateway resource.
+
+1. the left-hand menu under *Settings*, select **Gateway SKU Migration**.
+
+    :::image type="content" source="media/gateway-migration/gateway-sku-migration-location.png" alt-text="Screenshot of Gateway migration location."lightbox="media/gateway-migration/gateway-sku-migration-location.png":::
+
+1. Select **Validate** to check if the gateway is ready for migration. You'll first see a list of prerequisites that must be met before migration can begin. If these prerequisites aren't met, validation fails and you can't proceed. 
+
+    :::image type="content" source="media/gateway-migration/validate-step.png" alt-text="Screenshot of the validate step for migrating a virtual network gateway."lightbox="media/gateway-migration/validate-step.png":::
+
+1. Once validation is successful, you enter the *Prepare* stage. Here, a new Virtual Network gateway is created. Under **Virtual Network Gateway Details**, enter the following information.
+    
+    :::image type="content" source="media/gateway-migration/gateway-prepare-stage.png" alt-text="Screenshot of the Prepare stage for migrating a virtual network gateway."lightbox="media/gateway-migration/gateway-prepare-stage.png":::
+
+    | Setting | Value |
+    | --------| ----- |
+    | **Gateway Name** | Enter a name for the new gateway. |
+    | **Gateway SKU** | Select the SKU for the new gateway. |
+    | **Public IP Address** | Select **Add new**, then enter a name for the new public IP, select your availability zone, and select **OK** |
+
+    > [!NOTE]
+    > Be aware that your existing Virtual Network gateway will be locked during this process, preventing any creation or modification of connections to this gateway.
+
+1. Select **Prepare** to create the new gateway. This operation could take up to 15 minutes.
+
+1. After the new gateway is created, you'll proceed to the *Migrate* stage. Here, select the new gateway you created. In this example, it's **myERGateway_migrated**. This transfers the settings from your old gateway to the new one. All network traffic, control plane, and data path connections from your old gateway will transfer without any interruptions. To start this process, select **Migrate Traffic**. This operation could take up to 5 minutes.
+
+    :::image type="content" source="media/gateway-migration/migrate-traffic-step.png" alt-text="Screenshot of migrating traffic for migrating a virtual network gateway."lightbox="media/gateway-migration/migrate-traffic-step.png":::
+
+1. After the traffic migration is finished, you'll proceed to the *Commit* stage. In this stage, you finalize the migration, which involves deleting the old gateway. To do this, select **Commit Migration**. This final step is designed to occur without causing any downtime. 
+
+    :::image type="content" source="media/gateway-migration/commit-step.png" alt-text="Screenshot of the commit step for migrating a virtual network gateway."lightbox="media/gateway-migration/commit-step.png":::
+
+
+>[!IMPORTANT]
+> - Before running this step, verify that the new virtual network gateway has a working ExpressRoute connection.
+> - When migrating your gateway, you can expect possible interruption for a maximum of 30 seconds.
+
+## Next steps
+
+* Learn more about [designing for high availability](designing-for-high-availability-with-expressroute.md).
+* Plan for [disaster recovery](designing-for-disaster-recovery-with-expressroute-privatepeering.md) and [using VPN as a backup](use-s2s-vpn-as-backup-for-expressroute-privatepeering.md).

articles/expressroute/expressroute-howto-gateway-migration-powershell.md

@@ -0,0 +1,102 @@
+---
+title: Migrate to an availability zone-enabled ExpressRoute virtual network gateway using PowerShell
+titleSuffix: Azure ExpressRoute
+description: This article explains how to seamlessly migrate from Standard/HighPerf/UltraPerf SKUs to ErGw1/2/3AZ SKUs using PowerShell.
+services: expressroute
+author: duongau
+ms.service: expressroute
+ms.custom: ignite-2023, devx-track-azurepowershell
+ms.topic: how-to
+ms.date: 04/26/2024
+ms.author: duau
+---
+
+# Migrate to an availability zone-enabled ExpressRoute virtual network gateway using PowerShell
+
+When you create an ExpressRoute virtual network gateway, you need to choose the [gateway SKU](expressroute-about-virtual-network-gateways.md#gateway-types). If you choose a higher-level SKU, more CPUs and network bandwidth are allocated to the gateway. As a result, the gateway can support higher network throughput and more dependable network connections to the virtual network. 
+
+The following SKUs are available for ExpressRoute virtual network gateways:
+
+* Standard
+* HighPerformance
+* UltraPerformance
+* ErGw1Az
+* ErGw2Az
+* ErGw3Az
+* ErGwScale (Preview)
+
+## Prerequisites
+
+- Review the [Gateway migration](gateway-migration.md) article before you begin.
+- You must have an existing [ExpressRoute Virtual network gateway](expressroute-howto-add-gateway-portal-resource-manager.md) in your Azure subscription.
+
+### Working with Azure PowerShell
+
+[!INCLUDE [updated-for-az](../../includes/hybrid-az-ps.md)]
+
+[!INCLUDE [expressroute-cloudshell](../../includes/expressroute-cloudshell-powershell-about.md)]
+
+## Migrate to a new gateway in using PowerShell
+
+Here are the steps to migrate to a new gateway using PowerShell.
+
+### Clone the script
+
+1. Clone the setup script from GitHub.
+
+   ```azurepowershell-interactive
+   git clone https://github.com/Azure-Samples/azure-docs-powershell-samples/ 
+   ```
+
+1. Change to the directory where the script is located.
+
+   ```azurepowershell-interactive
+   CD azure-docs-powershell-samples/expressroute-gateway/
+   ```
+### Prepare the migration
+
+This script creates a new ExpressRoute Virtual Network gateway on the same GatewaySubnet and connects it to your existing ExpressRoute circuits.
+
+1. Run the **PrepareMigration.ps1** script to prepare the migration. 
+
+    ```azurepowershell-interactive
+   gateway-migration/preparemigration.ps1
+    ```
+1. Enter the ID of the Gateway resource that is set to be migrated.
+1. The gateway subnet needs two or more address prefixes for migration. If you have only one prefix, you will be prompted to enter an additional prefix. 
+1. Enter an availability zone for your new gateway. 
+
+### Run the migration
+
+This script transfers the configuration from the old gateway to the new one.
+
+1. Run the **Migration.ps1** script to perform the migration. 
+
+    ```azurepowershell-interactive
+   gateway-migration/migration.ps1
+    ```
+1. Enter the ID of the pre-migration gateway.
+1. Enter the ID of the post-migration gateway.
+
+### Commit the migration
+
+This script deletes the old gateway and its connections.
+
+1. Run the **CommitMigration.ps1** script to complete the migration. 
+
+    ```azurepowershell-interactive
+   gateway-migration/commitmigration.ps1
+    ```
+1. Enter the ID of the pre-migration gateway.
+
+    >[!IMPORTANT]
+    > - Before running this step, verify that the new virtual network gateway has a working ExpressRoute connection.
+    > - When migrating your gateway, you can expect possible interruption for a maximum of 30 seconds.
+
+
+
+
+## Next steps
+
+* Learn more about [designing for high availability](designing-for-high-availability-with-expressroute.md).
+* Plan for [disaster recovery](designing-for-disaster-recovery-with-expressroute-privatepeering.md) and [using VPN as a backup](use-s2s-vpn-as-backup-for-expressroute-privatepeering.md).