You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This article helps you create a connection to link a virtual network (virtual network) to Azure ExpressRoute circuits using the Azure portal. The virtual networks that you connect to your Azure ExpressRoute circuit can either be in the same subscription or part of another subscription.
23
21
@@ -45,7 +43,6 @@ This article helps you create a connection to link a virtual network (virtual ne
45
43
46
44
> [!NOTE]
47
45
> BGP configuration information will not appear if the layer 3 provider configured your peerings. If your circuit is in a provisioned state, you should be able to create connections.
48
-
>
49
46
50
47
### To create a connection
51
48
@@ -109,6 +106,92 @@ This article helps you create a connection to link a virtual network (virtual ne
109
106
110
107
:::image type="content" source="./media/expressroute-howto-linkvnet-portal-resource-manager/connection-object.png" alt-text="Screenshot of a created connection resource.":::
111
108
109
+
## Connect a virtual network to a circuit - different subscription
110
+
111
+
You can share an ExpressRoute circuit across multiple subscriptions. The following figure shows a simple schematic of how sharing works for ExpressRoute circuits across multiple subscriptions.
Each of the smaller clouds within the large cloud is used to represent subscriptions that belong to different departments within an organization. Each of the departments within the organization uses their own subscription for deploying their services--but they can share a single ExpressRoute circuit to connect back to your on-premises network. A single department (in this example: IT) can own the ExpressRoute circuit. Other subscriptions within the organization may use the ExpressRoute circuit.
116
+
117
+
> [!NOTE]
118
+
> * Connecting virtual networks between Azure sovereign clouds and Public Azure cloud is not supported. You can only link virtual networks from different subscriptions in the same cloud.
119
+
> * Connectivity and bandwidth charges for the dedicated circuit will be applied to the ExpressRoute circuit owner. All virtual networks share the same bandwidth.
120
+
121
+
### Administration - About circuit owners and circuit users
122
+
123
+
The 'circuit owner' is an authorized Power User of the ExpressRoute circuit resource. The circuit owner can create authorizations that can be redeemed by 'circuit users'. Circuit users are owners of virtual network gateways that aren't within the same subscription as the ExpressRoute circuit. Circuit users can redeem authorizations (one authorization per virtual network).
124
+
125
+
The circuit owner has the power to modify and revoke authorizations at any time. Revoking an authorization results in all link connections being deleted from the subscription whose access was revoked.
126
+
127
+
> [!NOTE]
128
+
> Circuit owner is not an built-in RBAC role or defined on the ExpressRoute resource.
129
+
> The definition of the circuit owner is any role with the following access:
> This includes the built-in roles such as Contributor, Owner and Network Contributor. Detailed description for the different [built-in roles](../role-based-access-control/built-in-roles.md).
135
+
136
+
### Circuit owner operations
137
+
138
+
**To create a connection authorization**
139
+
140
+
The circuit owner creates an authorization, which creates an authorization key to be used by a circuit user to connect their virtual network gateways to the ExpressRoute circuit. An authorization is valid for only one connection.
141
+
142
+
> [!NOTE]
143
+
> Each connection requires a separate authorization.
144
+
>
145
+
146
+
1. In the ExpressRoute page, select **Authorizations** and then type a **name** for the authorization and select **Save**.
If you want to delete the connection but retain the authorization key, you can delete the connection from the connection page of the circuit.
161
+
162
+
> [!NOTE]
163
+
> To view your Gateway connections, go to your ExpressRoute circuit in Azure portal. From there, navigate to *Connections* underneath *Settings* for your ExpressRoute circuit. This will show you each ExpressRoute gateway that your circuit is connected to. If the gateway is under a different subscription than the circuit, the *Peer* field will display the circuit authorization key.
The circuit user needs the resource ID and an authorization key from the circuit owner.
170
+
171
+
**To redeem a connection authorization**
172
+
173
+
1. Select the **+ Create a resource** button. Search for **Connection** and select **Create**.
174
+
175
+
:::image type="content" source="./media/expressroute-howto-linkvnet-portal-resource-manager/create-new-resources.png" alt-text="Create new resources":::
176
+
177
+
1. In the **Basics** page, make sure the *Connection type* is set to **ExpressRoute**. Select the *Resource group*, and then select **Next: Settings>**.
1. In the **Settings** page, select **High Resiliency** or **Standard Resiliency**, and then select the *Virtual network gateway*. Check the **Redeem authorization** check box. Enter the *Authorization key* and the *Peer circuit URI* and give the connection a name.
183
+
184
+
> [!NOTE]
185
+
> The *Peer Circuit URI* is the Resource ID of the ExpressRoute circuit (which you can find under the Properties Setting pane of the ExpressRoute Circuit).
[FastPath](expressroute-about-virtual-network-gateways.md) improves data path performance such as packets per second and connections per second between your on-premises network and your virtual network.
0 commit comments