Azure ExpressRoute Connectivity

Establish private connections to Azure from your on-premises environments.

Introduction to Azure ExpressRoute

Azure ExpressRoute allows you to create private connections between your on-premises infrastructure and Microsoft Azure. These connections can be established through a connectivity provider, a network-to-network connection (from your existing WAN), or a point-to-point Ethernet connection. ExpressRoute connections do not go over the public internet, offering higher security, reliability, and speeds with lower latencies than typical internet connections.

This service is ideal for mission-critical workloads, large data transfers, and scenarios where predictable network performance is essential. By using ExpressRoute, you can leverage the cloud's scalability and agility while maintaining the benefits of your existing network infrastructure.

Key Concepts

Connectivity Providers

ExpressRoute circuits are provisioned through a global network of connectivity partners. These providers offer physical connections from your premises to Azure's edge locations. You choose a provider based on your geographical location, bandwidth requirements, and service level agreements (SLAs).

Peering Locations

These are the physical locations where Microsoft has its network edge points of presence (PoPs). You will connect to one of these peering locations to establish your ExpressRoute circuit.

Local, Standard, and Premium SKUs

ExpressRoute offers different service tiers (SKUs) that determine bandwidth limits, number of routes, and geographic reach. The Local SKU is for shorter distances, the Standard SKU provides global reach and more routes, and the Premium SKU offers increased bandwidth, more global routes, and additional features.

Private Peering, Public Peering, and Microsoft Peering

These refer to the types of traffic that can traverse your ExpressRoute circuit. Private Peering is used for your virtual networks in Azure. Public Peering is deprecated for new connections but was used for Microsoft public IP address services. Microsoft Peering is used to access Azure public services (like Office 365) directly from your on-premises network.

Benefits of ExpressRoute

  • Reliability and Performance: Dedicated, predictable network performance with lower latency and higher throughput.
  • Enhanced Security: Traffic bypasses the public internet, reducing exposure to security threats.
  • Cost Savings: Can be more cost-effective for large data transfers compared to egress charges over the public internet.
  • Global Reach: Connect to Azure regions worldwide through our extensive network of partners.
  • Hybrid Cloud Integration: Seamlessly integrate your on-premises datacenter with Azure.

Connectivity Models

ExpressRoute supports several connectivity models:

1. Cloud Exchange Co-location

Connect to Azure through a cloud exchange provider at a co-location facility. This offers quick and easy connectivity with other cloud services and tenants within the same facility.

2. Point-to-Point Ethernet Connection

Establish a direct Layer 2 connection between your on-premises network and Azure using an Ethernet provider. This is a direct physical link.

3. Any-to-Any (MPLS VPN)

Connect your existing WAN (like MPLS) to Azure. Your network provider extends your WAN to connect to Azure, allowing seamless routing between your on-premises sites and Azure virtual networks.

Getting Started with ExpressRoute

Setting up ExpressRoute involves a few key steps:

  1. Choose a connectivity provider: Select a provider that serves your region and meets your bandwidth needs.
  2. Order an ExpressRoute circuit: Work with your chosen provider to order an ExpressRoute circuit. You'll need to specify the SKU, bandwidth, and peering location.
  3. Configure ExpressRoute circuits in Azure: Once the physical connection is established, you'll provision the ExpressRoute circuit resource in your Azure subscription.
  4. Configure peering: Set up private, public, or Microsoft peering as required for your connectivity needs.
  5. Configure your on-premises router: Ensure your network devices are configured to route traffic over the ExpressRoute connection.

Here's a simplified example of how you might configure routing on a Cisco router (for illustrative purposes only):


interface GigabitEthernet0/1
 description ExpressRoute Connection to Azure
 ip address 10.0.0.1 255.255.255.252
 no shutdown
!
router bgp 65000
 neighbor 10.0.0.2 remote-as 12076
 ! Advertise your on-premises subnets
 network 192.168.1.0 mask 255.255.255.0

Always consult your network equipment vendor's documentation and the official Azure ExpressRoute documentation for precise configuration details.

Best Practices

  • Redundancy: Always provision at least two ExpressRoute circuits for high availability. Connect them to different peering locations or through different providers.
  • Monitor Performance: Regularly monitor bandwidth utilization, latency, and packet loss to ensure optimal performance.
  • Choose the Right SKU: Select a SKU that matches your current and anticipated bandwidth needs. You can upgrade later if necessary.
  • Secure Your Traffic: Use private peering for your Azure Virtual Networks and consider encrypting sensitive data if required.
  • Plan Your IP Addressing: Ensure your on-premises IP address space does not overlap with Azure VNet address spaces.

Troubleshooting Common Issues

Common issues include BGP peering problems, route advertisement issues, and performance degradation. Use Azure Network Watcher and your on-premises network monitoring tools to diagnose connectivity problems.

Common BGP Issues:

  • Incorrect ASNs (Autonomous System Numbers)
  • Incorrect IP addresses for BGP neighbors
  • Firewall blocking BGP traffic

The Azure portal provides detailed diagnostic tools for ExpressRoute circuits. Familiarize yourself with these tools for efficient troubleshooting.