A smart Azure engineer always has the right tools in their toolbox. In addition, a good grasp on the key fundamental networking concepts. In this case, the Border Gateway Protocol (BGP).
In this challenge you will be setting up the prerequisite tools you will need to complete the hack's challenges. You will also deploy a baseline Hub and Spoke network topography into Azure which you will use complete the challenges of this hack.
- First, make sure you have an Azure Subscription.
You can complete all of the challenges in this hack in a web browser using the Azure Portal and Azure Cloud Shell. However, if you work with Azure and on a regular basis, be a good cloud architect and make sure you have experience installing the required tools on your local workstation:
- The PowerShell way (same tooling for Windows, Linux or Mac):
- PowerShell core (7.x)
- Azure PowerShell modules
- Visual Studio Code: the Windows PowerShell ISE might be an option here for Windows users, but VS Code is far, far better
- Visual Studio Code PowerShell extension
- The Azure CLI way:
- Windows Subsystem for Linux, if you are running Windows and want to install the Azure CLI under a Linux shell like bash or zsh
- Azure CLI
- Visual Studio Code: the Windows Powershell ISE might be an option here for Windows users, but VS Code is far, far better
- VScode Azure CLI extension
Your coach will provide you with a Resources.zip file that contains resource files you will use to setup the initial Hub and Spoke Topology.
If you have installed all of the tools listed above and plan to work on your local workstation, you should download and unpack the Resources.zip file there too.
If you plan to use the Azure Cloud Shell, you should upload the Resources.zip file to your cloud shell first and then unpack it there.
- From a bash shell on your local workstation, or in the Azure Cloud Shell, navigate to the location you have unpacked the
Resources.zipfile. You should find a script file namedHubAndSpoke.sh. - Open the
HubAndSpoke.shscript file and set the following values:rg- The name of the resource group that will be created in Azure to deploy the baseline hub & spoke topology. If using a shared Azure subscription with other students, you should include your name or initials in the value to make it unique.adminpassword- Provide a password value which will be used for the admin account on the VMs that the script deploys.
- Run the script to deploy the baseline Hub & Spoke network in Azure.
NOTE: The script deploys Active/Active VPNs with BGP and the correspondent VNet Peering attributes for transitivity. However, other aspects such as configuring Local Network Gateways, setting up required Route Tables (UDRs) will need to be done manually. Simulated on-premises and Central NVA templates are provided separately throughout the challenge.
NOTE: The deployment process takes aproximately 30 min. In the meantime, your coach will provide an intro lecture or explanation of the challenges.
TIP: You may need to make the script file executable before you can run it.
# Make the file executable
chmod +x HubAndSpoke.sh
# Remove the unix characters
dos2unix HubAndSpoke.sh
#run the file
./HubAndSpoke.sh- You have an Azure shell at your disposal (Powershell, WSL(2), Mac, Linux or Azure Cloud Shell)
- Validate that you have deployed the base line Hub and Spoke Topology into your Azure subscription.
- You have reviewed foundational knowledge in Virtual Network Routing, Azure VNG , Azure Route Server, BGP fundamentals.
It is of paramount importance that you are aware that 100% of the Azure Route Server functionality revolves around basic to advanced Border Gateway Protocol (BGP) concepts. With that in mind, take as a first priority to grasp the BGP concepts as much as possible. On the other hand, do not feel overwhelmed if the concepts are not very clear at the beginning. After all, there are books dedicated entirely to BGP as a dynamic routing protocol.