Configure Microsoft Peering for ExpressRoute
This document guides you through the steps to configure Microsoft peering for your Azure ExpressRoute circuit. Microsoft peering allows you to connect to Microsoft cloud services such as Microsoft 365, Dynamics 365, and other SaaS services hosted on Azure.
On This Page
Prerequisites
- An active Azure ExpressRoute circuit.
- A supported ExpressRoute provider.
- An Azure subscription.
- An Autonomous System Number (ASN) for your network.
- A block of public IP address prefixes that you own.
Configuration Steps
-
Navigate to your ExpressRoute Circuit
In the Azure portal, search for and select "ExpressRoute circuits". Choose the circuit you want to configure.
-
Add a Peering Configuration
In the circuit overview page, select "Peerings" from the left-hand menu. Click the "+ Add" button to create a new peering configuration.
-
Configure Peering Type
In the "Add peering" pane, select "Microsoft" as the peering type.
-
Provide Peering Details
- Peering location: This should match the location of your ExpressRoute circuit.
- Service provider: Select your ExpressRoute provider.
- Bandwidth: Ensure this matches your circuit's bandwidth.
- VLAN ID: A unique VLAN ID for this peering.
- Peer ASN: Your registered Autonomous System Number (ASN).
- VLAN ID: Enter a unique VLAN ID for this peering.
- Microsoft Peering Configuration:
- Primary Peer Subnet: The /30 or /31 subnet for the primary link (e.g., 192.168.10.0/30).
- Secondary Peer Subnet: The /30 or /31 subnet for the secondary link (e.g., 192.168.10.4/30).
- Primary Microsoft Azure Announced Prefixes: Your public IP address prefixes to be advertised to Microsoft (e.g., 203.0.113.0/24).
- Secondary Microsoft Azure Announced Prefixes: Your public IP address prefixes for the secondary path.
- Microsoft Peering Service: Select the Microsoft services you wish to access (e.g., Microsoft 365).
-
Save Configuration
Click "Add" to create the Microsoft peering configuration.
Tip: Ensure that the public IP prefixes you announce are valid and registered to your organization. Incorrect prefixes can lead to routing issues.
Important Considerations
- IP Address Space: You must use your own public IP address space for Microsoft peering. Do not use RFC 1918 private address space or IP addresses assigned by Microsoft.
- Subnet Sizes: Use /30 or /31 subnets for the peer IP addresses. This is crucial for proper BGP session establishment.
- BGP Session: A BGP session will be established between your router and Microsoft's edge routers. Ensure your router is configured to accept BGP advertisements.
- Route Filters: Implement route filters to control which prefixes you receive from Microsoft and to prevent accidental advertisement of unwanted prefixes.
- Service Endpoints: For accessing certain Azure PaaS services like Storage and SQL Database, you might still need to configure service endpoints on your virtual networks. Microsoft peering for ExpressRoute complements this by providing private connectivity.
Warning: Incorrectly configured Microsoft peering can lead to connectivity issues and potential security vulnerabilities. Double-check all IP addresses, ASNs, and VLAN IDs before saving.