Skip to content

Commit

Permalink
Azure vWAN Routing Intent support for Portal Deployment (#1437)
Browse files Browse the repository at this point in the history 
Co-authored-by: Recep Ozkurt <[email protected]>
Co-authored-by: Sacha Narinx <[email protected]>
Co-authored-by: Jack Tracey <[email protected]>
  • Loading branch information
@rozkurt @Springstone @jtracey93
4 people authored Oct 11, 2023
1 parent 59e2490 commit 6ab72ee
Show file tree
Hide file tree
Showing 4 changed files with 149 additions and 5 deletions.
8 changes: 4 additions & 4 deletions docs/wiki/Whats-new.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,10 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones:
- The portal accelerator experience has been updated to include deployment of Azure Monitor baseline alerts. Details on the policies deployed can be found [here](https://aka.ms/amba/alz).
- Fixed issue with couple of Policy file names to align with the actual name of the policies

#### Tooling

- Added vWAN Hub Routing Intent support to Portal Accelerator for scenarios that include Azure Firewall deployment
- Enhanced the ALZ Portal Accelerator to provide the ability to deploy the Azure VPN Gateway in Active/Active mode as per feedback from [#655](https://github.com/Azure/Enterprise-Scale/issues/655).

### September 2023

Expand Down Expand Up @@ -73,10 +77,6 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones:
- Deploy-VM-Monitoring (Management Group: Intermediate Root)
- Deploy-VMSS-Monitoring (Management Group: Intermediate Root)

#### Tooling

- Enhanced the ALZ Portal Accelerator to provide the ability to deploy the Azure VPN Gateway in Active/Active mode as per feedback from [#655](https://github.com/Azure/Enterprise-Scale/issues/655).

#### Other

- [Azure Landing Zone External Community Call - September 2023 - Hosted & Published](https://github.com/Azure/Enterprise-Scale/wiki/Community-Calls#25th-september-2023-25092023)
Expand Down
63 changes: 63 additions & 0 deletions eslzArm/eslz-portal.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1972,6 +1972,66 @@
}
]
}
},
{
"name": "enablevWANRoutingIntent",
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable vWAN Routing Intent",
"defaultValue": "No",
"visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').enableAzFw, 'Yes'))]",
"toolTip": "Enable vWan Routing Intent and set Azure Firewall as the next hop either for Internet Traffic, Private Traffic or both",
"constraints": {
"allowedValues": [
{
"label": "Yes",
"value": "Yes"
},
{
"label": "No",
"value": "No"
}
]
}
},
{
"name": "vWANRoutingIntentforInternetTraffic",
"type": "Microsoft.Common.OptionsGroup",
"label": "Select Yes if you want to enable routing intent policy to apply on Internet Traffic",
"defaultValue": "No",
"visible":"[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').enableAzFw, 'Yes'),equals(steps('connectivity').enablevWANRoutingIntent, 'Yes'))]",
"toolTip": "Enable vWAN Routing Intent for Internet Traffic",
"constraints": {
"allowedValues": [
{
"label": "Yes",
"value": "Yes"
},
{
"label": "No",
"value": "No"
}
]
}
},
{
"name": "vWANRoutingIntentforPrivateTraffic",
"type": "Microsoft.Common.OptionsGroup",
"label": "Select Yes if you want to enable routing intent policy to apply on Private Traffic",
"defaultValue": "No",
"visible":"[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').enableAzFw, 'Yes'),equals(steps('connectivity').enablevWANRoutingIntent, 'Yes'))]",
"toolTip": "Enable vWAN Routing Intent for Private Traffic",
"constraints": {
"allowedValues": [
{
"label": "Yes",
"value": "Yes"
},
{
"label": "No",
"value": "No"
}
]
}
}
]
},
Expand Down Expand Up @@ -3149,6 +3209,9 @@
"firewallZones": "[steps('connectivity').firewallZones]",
"subnetMaskForAzFw": "[steps('connectivity').subnetMaskForAzFw]",
"subnetMaskForAzFwMgmt": "[steps('connectivity').subnetMaskForAzFwMgmt]",
"enablevWANRoutingIntent":"[steps('connectivity').enablevWANRoutingIntent]",
"internetTrafficRoutingPolicy":"[if(equals(steps('connectivity').vWANRoutingIntentforInternetTraffic, 'Yes'), 'true', 'false')]",
"privateTrafficRoutingPolicy":"[if(equals(steps('connectivity').vWANRoutingIntentforPrivateTraffic, 'Yes'), 'true', 'false')]",
"identitySubscriptionId": "[if(or(not(equals(steps('identity').esIdentitySubSection.esIdentitySub,steps('management').esMgmtSubSection.esMgmtSub)),not(equals(steps('identity').esIdentitySubSection.esIdentitySub,steps('connectivity').esNwSubSection.esNwSub))),steps('identity').esIdentitySubSection.esIdentitySub,'')]",
"denyMgmtPortsForIdentity": "[steps('identity').denyMgmtPortsForIdentity]",
"denySubnetWithoutNsgForIdentity": "[steps('identity').denySubnetWithoutNsgForIdentity]",
Expand Down
31 changes: 31 additions & 0 deletions eslzArm/eslzArm.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -455,6 +455,28 @@
"type": "string",
"defaultValue": ""
},
"enablevWANRoutingIntent":{
"type": "string",
"allowedValues": [
"Yes",
"No"
],
"defaultValue": "No"
},
"internetTrafficRoutingPolicy": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Enable vWAN Routing Intent and Policy for Internet Traffic"
}
},
"privateTrafficRoutingPolicy": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Enable vWAN Routing Intent and Policy for Private Traffic"
}
},
"identitySubscriptionId": {
"type": "string",
"defaultValue": "",
Expand Down Expand Up @@ -2402,6 +2424,15 @@
},
"vpnGateWayScaleUnit": {
"value": "[parameters('vpnGateWayScaleUnit')]"
},
"enablevWANRoutingIntent":{
"value":"[parameters('enablevWANRoutingIntent')]"
},
"internetTrafficRoutingPolicy":{
"value":"[parameters('internetTrafficRoutingPolicy')]"
},
"privateTrafficRoutingPolicy":{
"value":"[parameters('privateTrafficRoutingPolicy')]"
}
}
}
Expand Down
52 changes: 51 additions & 1 deletion eslzArm/subscriptionTemplates/vwan-connectivity.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,31 @@
"firewallZones": {
"type": "array",
"defaultValue": []
},
"internetTrafficRoutingPolicy": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Enable vWAN Routing Intent and Policy for Internet Traffic"
}
},
"privateTrafficRoutingPolicy": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Enable vWAN Routing Intent and Policy for Private Traffic"
}
},
"enablevWANRoutingIntent":{
"type": "string",
"allowedValues":[
"Yes",
"No"
],
"metadata": {
"description":
"Enable vWAN Routing Intent"
}
}
},
"variables": {
Expand All @@ -112,7 +137,8 @@
},
"azFirewallDnsSettings": {
"enableProxy": true
}
},
"routingIntentnexthop":"[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables ('rgName'), '/providers/Microsoft.Network/azureFirewalls/', variables ('azFwName'))]"
},
"resources": [
{
Expand Down Expand Up @@ -259,6 +285,30 @@
"id": "[variables('azFirewallPolicyId').id]"
}
}
},
{
"condition":"[and(equals(parameters('enablevWANRoutingIntent'), 'Yes'),equals(parameters('enableAzFw'), 'Yes'))]",
"type": "Microsoft.Network/virtualHubs/routingIntent",
"apiVersion": "2023-04-01",
"name":"[concat(variables('vhubname'),'/','RoutingIntent')]",
"dependsOn": [
"[concat('Microsoft.Network/virtualHubs/',variables('vhubname'))]",
"[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables ('rgName'), '/providers/Microsoft.Network/azureFirewalls/', variables ('azFwName'))]"
],
"properties":{
"routingPolicies": "[
if(and(equals(parameters('internetTrafficRoutingPolicy'), true()),
equals(parameters('privateTrafficRoutingPolicy'), true())),
createArray(
createObject('name', 'PublicTraffic', 'destinations', createArray('Internet'), 'nextHop', variables('routingIntentnexthop')),
createObject('name', 'PrivateTraffic', 'destinations', createArray('PrivateTraffic'), 'nextHop', variables('routingIntentnexthop'))),
if(and(equals(parameters('internetTrafficRoutingPolicy'), true()),
equals(parameters('privateTrafficRoutingPolicy'), false())),
createArray(
createObject('name', 'PublicTraffic', 'destinations', createArray('Internet'), 'nextHop', variables('routingIntentnexthop'))),
createArray(
createObject('name', 'PrivateTraffic', 'destinations', createArray('PrivateTraffic'), 'nextHop', variables('routingIntentnexthop')))))]"
}
}
]
}
Expand Down

0 comments on commit 6ab72ee

Please sign in to comment.