ExpressRoute Peering

ExpressRoute enables you to create private connections between Azure datacenters and infrastructure that is either on-premises or in a co-location environment. ExpressRoute circuits provide a high-throughput, low-latency connection that doesn't traverse the public internet.

Peering is the configuration of how your network connects to the Azure backbone network through an ExpressRoute circuit. There are three types of peering you can configure:

1. Azure Public Peering

Azure public peering allows you to connect to Microsoft cloud services, such as Azure services hosted in the public Azure datacenters (e.g., Azure Storage, Azure SQL Database). Traffic destined for Microsoft public IP address spaces uses this peering.

Scope: Global
Services accessible: All public Microsoft services.
IP Addressing: You must use public IP addresses.
BGP: Required for route exchange.

2. Azure Private Peering

Azure private peering is used to connect to Azure resources deployed in your virtual networks (VNets). This provides a direct, private connection to your Azure services without traversing the public internet.

Scope: Regional (per Azure region)
Services accessible: Resources within your Azure VNets.
IP Addressing: You can use public or private IP addresses.
BGP: Required for route exchange.

Note: Azure private peering requires a dedicated ExpressRoute circuit and is typically used for hybrid cloud connectivity.

3. Microsoft Peering

Microsoft peering is used to connect to Microsoft 365 services (e.g., Exchange Online, SharePoint Online, Skype for Business Online) and Dynamics 365. This peering type offers optimized routing for these specific Microsoft cloud services.

Scope: Global
Services accessible: Microsoft 365 and Dynamics 365 services.
IP Addressing: You must use public IP addresses and they must be allocated to your organization.
BGP: Required for route exchange.

Diagram showing ExpressRoute peering types

Figure 1: ExpressRoute Peering Options

Configuring ExpressRoute Peering

Peering is configured on an ExpressRoute circuit. You can create up to three peerings per circuit (one of each type). Each peering requires its own autonomous system number (ASN) and IP address space.

The configuration involves specifying:

Primary/Secondary PE: Specifies the primary or secondary path for the connection.
VLAN ID: A unique identifier for the Layer 2 connection.
BGP ASN: Your autonomous system number.
BGP IP Addresses: IP addresses used for the BGP session.

Tip: For high availability, configure both primary and secondary connections for each peering type.

Key Considerations

Each peering type has specific requirements for IP addressing and service accessibility.
Ensure your network infrastructure is configured to support BGP routing for your ExpressRoute connections.
Plan your IP address allocation carefully, especially for private and Microsoft peering.

Understanding the differences and configuration requirements for each peering type is crucial for designing an effective ExpressRoute solution that meets your connectivity needs.