ExpressRoute Public Peering Configuration

Configuring ExpressRoute Public Peering

This document provides detailed instructions on how to configure ExpressRoute public peering, enabling you to connect to Microsoft's public services (like Office 365, Dynamics 365, and Azure public endpoints) over a private, dedicated connection.

Note: ExpressRoute Public Peering is being deprecated. We recommend using Microsoft peering for connecting to Microsoft's public services. However, this document remains for reference purposes.

Prerequisites

An active Azure subscription.
An existing ExpressRoute circuit.
A peering location and connection to a supported network service provider.
An AS number (ASN) for your on-premises network. You can use a public or private ASN.
A /30 IPv4 subnet for the router interface on your side of the peering.
A /30 IPv6 subnet (if using IPv6) for the router interface on your side of the peering.

Steps to Configure Public Peering

1. Create a Public Peering within Your ExpressRoute Circuit

You can configure public peering directly through the Azure portal, PowerShell, or Azure CLI.

Using Azure Portal:

Navigate to your ExpressRoute circuit resource in the Azure portal.
Under "Settings," select "Peerings."
Click "+ Add" to create a new peering.
For "Peering type," select "Public."
Configure the following settings:
- VLAN ID: A unique identifier for this peering (1-4094).
- Peer ASN: Your on-premises Autonomous System Number (ASN).
- IPv4 Advertisement Prefix: Your public IPv4 address block that you will advertise to Microsoft. This must be a registered public IP address block.
- IPv6 Advertisement Prefix (Optional): Your public IPv6 address block if you plan to use IPv6.
Click "Add" to create the peering.

Using Azure CLI:

Use the following command to add public peering:

az network express-route peering create --circuit-name  --name AzurePublicPeering --resource-group  --peering-type Public --azure-asn 12076 --peer-asn  --vlan-id  --ipv4-prefix  --metro-location

Replace placeholders like <YourCircuitName>, <YourResourceGroupName>, <YourPeerASN>, <VLAN_ID>, <YourIPv4Prefix>, and <MetroLocation> with your specific values.

2. Configure Your Network Edge Device

Once the peering is established in Azure, you need to configure your network edge router to establish BGP sessions. This typically involves:

Configuring a BGP neighbor relationship with Microsoft's edge router using the assigned IP addresses from the /30 subnet.
Advertising your public IP address prefixes to Microsoft.
Receiving Microsoft's public IP address prefixes.

Tip: For detailed router configuration examples, consult the documentation provided by your network service provider or router vendor. Microsoft's BGP ASN for public peering is typically 12076.

3. Verifying Connectivity

After configuration, you can verify the status of your peering and BGP session:

Azure Portal: Check the "Peerings" section of your ExpressRoute circuit for status indicators.
Azure CLI: Use az network express-route peering show commands.
Network Monitoring Tools: Use your own network monitoring tools to check BGP status and traffic flow.

Important Considerations

IP Address Space: Ensure all IP address prefixes advertised are globally unique and registered to your organization.
BGP Attributes: Understand BGP attributes like AS_PATH and MED to influence route selection.
Redundancy: Implement redundant connections and peering for high availability.
Security: While ExpressRoute provides a private connection, it's crucial to implement security measures at your network edge.

Warning: Public peering is being phased out. For new deployments and for accessing Microsoft public services, please use Microsoft peering. Refer to the Microsoft Peering documentation for more details.