Configure ExpressRoute Exchange Peering

Understanding Exchange Peering

ExpressRoute Exchange Peering connects your on-premises network or cloud environment to Microsoft's global network via a supported network provider at an internet exchange. This peering type is ideal for:

• Connecting to Microsoft Peering (for access to Azure services).
• Connecting to Public Peering (for access to Microsoft 365 and Dynamics 365).
• Connecting to Private Peering (for direct access to Azure virtual networks).

The primary advantage of Exchange Peering is the ability to establish connectivity with Microsoft services directly from a colocation facility, often resulting in lower latency and higher throughput compared to connecting over the public internet.

Steps to Configure Exchange Peering

1. Obtain Circuit Information from your Connectivity Provider

Before you can configure Exchange Peering, you need to work with your network service provider. They will provide you with essential information for your ExpressRoute circuit, including:

• Service Key (or Circuit ID): A unique identifier for your ExpressRoute circuit.
• VLAN ID: The specific VLAN to be used for the peering.
• Provider's BGP ASN: The Autonomous System Number (ASN) used by your provider for the peering.
• Provider's IP Prefixes: The IP address ranges your provider will use for the BGP session.

2. Create an ExpressRoute Circuit (if not already done)

If you haven't already created an ExpressRoute circuit, you can do so via the Azure portal, Azure CLI, or PowerShell.

Using Azure CLI:

az network express-route create --name MyExpressRouteCircuit \
    --resource-group MyResourceGroup \
    --location "East US" \
    --provider "Equinix" \
    --peering-location "New York" \
    --bandwidth 100 \
    --sku Standard

            

3. Configure the Exchange Peering

Once your circuit is provisioned and you have the necessary information, you can configure the Exchange Peering. This typically involves creating a peering configuration on your ExpressRoute circuit.

3.1 Using the Azure Portal

1. Navigate to your ExpressRoute circuit in the Azure portal.
2. Under "Settings", select "Peerings".
3. Click "+ Add" to add a new peering.
4. Select "Exchange" as the Peering Type.
5. VLAN ID: Enter the VLAN ID provided by your connectivity provider.
6. Microsoft Peering:
• Enable "Microsoft Peering".
• Peer ASN: Enter your provider's BGP ASN.
• VLAN ID: Enter the VLAN ID for Microsoft peering.
• Advertised Public Prefixes: Enter your public IP prefixes (e.g., your registered public IP block).
• Secondary Peer ASN (optional): If your provider supports it, enter the secondary ASN.
• Secondary VLAN ID (optional): If your provider supports it, enter the secondary VLAN ID.
• Secondary Advertised Public Prefixes (optional): Enter your secondary public IP prefixes.
7. Azure Private Peering (optional):
• Enable "Azure Private Peering".
• Peer ASN: Enter your provider's BGP ASN.
• VLAN ID: Enter the VLAN ID for private peering.
8. Azure Public Peering (optional):
• Enable "Azure Public Peering".
• Peer ASN: Enter your provider's BGP ASN.
• VLAN ID: Enter the VLAN ID for public peering.
• Advertised Public Prefixes: Enter your public IP prefixes.
9. Click "Add" to create the peering configuration.

3.2 Using Azure CLI

To add Microsoft peering:

az network express-route peering create --circuit-name MyExpressRouteCircuit \
    --resource-group MyResourceGroup \
    --name "MicrosoftPeering" \
    --peering-type "Microsoft" \
    --vlan-id 200 \
    --peer-asn 12345 \
    --advertised-public-prefixes "x.x.x.x/y"

            

To add Private peering:

az network express-route peering create --circuit-name MyExpressRouteCircuit \
    --resource-group MyResourceGroup \
    --name "AzurePrivatePeering" \
    --peering-type "AzurePrivate" \
    --vlan-id 100 \
    --peer-asn 12345

            

3.3 Using Azure PowerShell

To add Microsoft peering:

$gwipconfig = New-Object Microsoft.Azure.Commands.Network.Models.ExpressRouteCircuitPeeringConfig
$gwipconfig.PrimaryPeerPrefix = "x.x.x.x/y"
$gwipconfig.SecondaryPeerPrefix = "a.a.a.a/b"
$gwipconfig.PeerAsn = 12345
$gwipconfig.VlanId = 200

Add-AzExpressRouteCircuitPeeringConfig -Name "MicrosoftPeering" -ExpressRouteCircuitName MyExpressRouteCircuit -ResourceGroupName MyResourceGroup -PeeringType Microsoft -VlanId 200 -PeerAsn 12345 -PeerPrefix "x.x.x.x/y"

            

To add Private peering:

Add-AzExpressRouteCircuitPeeringConfig -Name "AzurePrivatePeering" -ExpressRouteCircuitName MyExpressRouteCircuit -ResourceGroupName MyResourceGroup -PeeringType AzurePrivate -VlanId 100 -PeerAsn 12345

            

Verification

After configuration, it's crucial to verify the peering status:

• Azure Portal: Check the "Peerings" section of your ExpressRoute circuit. The status should indicate "Provisioned" or similar.
• BGP Status: Use the Azure CLI or PowerShell to check the BGP session status. It should show as "Established".
• Connectivity: Test connectivity to Microsoft services or your connected resources.

Verifying BGP status with Azure CLI:

az network express-route show-circuit \
    --name MyExpressRouteCircuit \
    --resource-group MyResourceGroup \
    --query "peerings[?name=='MicrosoftPeering'].connections[0].bgpPeeringStatus"

            

Important Considerations

• Public IP Prefixes: Ensure you use globally unique and registered public IP address ranges for Microsoft and Public peering.
• ASN: Use your own private ASN (64512-65534, 4200000000-4294967294) for private peering if you're not using your provider's ASN. For Microsoft and Public peering, you typically use your provider's ASN or a public ASN you own.
• Redundancy: For high availability, consider configuring a secondary ExpressRoute circuit and ensuring your connectivity provider offers redundant paths.
• Subnet Sizes: For private peering, use small subnets (e.g., /30) for the point-to-point links between your router and the Azure edge router.