ExpressRoute Peering Options

Azure ExpressRoute enables you to create private connections between Azure datacenters and your on-premises infrastructure or other private cloud environments. Understanding the different peering options is crucial for establishing the optimal connectivity for your specific needs.

Public Peering

Public peering allows you to connect to Microsoft public IP address spaces. This includes accessing all Azure services that are exposed through public IPs, such as Azure Storage, Azure SQL Database, and Azure App Service.

Use Case: Connecting to public Azure services.
Benefits: Access to a wide range of Azure services.
Considerations: Traffic traverses the public internet (albeit over the ExpressRoute private connection).

Private Peering

Private peering is used to connect to your Azure Virtual Network (VNet) resources. This is the most common peering type and provides direct, private connectivity to your deployed applications and services within Azure.

Use Case: Connecting to resources within your Azure VNets.
Benefits: High bandwidth, low latency, and enhanced security for VNet resources.
Requirements: Requires a Microsoft Enterprise Edge (MSEE) router on your network and an Azure VNet configured with an address space that does not overlap with your on-premises network.

Microsoft Peering

Microsoft peering allows you to connect to Microsoft 365 services (e.g., Exchange Online, SharePoint Online, Skype for Business) and other Microsoft cloud services. This peering type is optimized for accessing Microsoft's SaaS offerings.

Use Case: Connecting to Microsoft 365 and other Microsoft online services.
Benefits: Optimized path to Microsoft cloud services, potentially reducing latency and improving performance for these applications.
Considerations: Requires careful route advertisement to avoid conflicts with public or private peering.

Important: You can configure up to two peerings per ExpressRoute circuit. The type of peering you choose depends on the Azure resources you need to access.

Peering Configuration Workflow

The general workflow for configuring peering on an ExpressRoute circuit involves the following steps:

Establish an ExpressRoute Circuit: Work with a connectivity provider to provision an ExpressRoute circuit.
Configure Routing: Configure routing information for the chosen peering type. This involves advertising your on-premises IP prefixes.
Establish Peering: Once the physical connection is active, you can configure the peering sessions through the Azure portal or Azure CLI.
Verify Connectivity: Test connectivity to ensure your resources are reachable through the configured peering.