Azure ExpressRoute Concepts

This document provides an in-depth look at the core concepts behind Azure ExpressRoute. Understanding these concepts is crucial for designing and implementing a robust and efficient hybrid cloud connectivity solution.

What is ExpressRoute?

Azure ExpressRoute allows you to create private connections between Azure datacenters and your on-premises infrastructure or co-location environment. This connection is not over the public internet, offering higher reliability, faster speeds, lower latencies, and increased security.

Key Components of ExpressRoute

ExpressRoute relies on a few key components working together:

ExpressRoute Circuit: This is the foundational element of your ExpressRoute connection. A circuit is provisioned by a connectivity provider and establishes a Layer 2 or Layer 3 connection from your premises to a Microsoft Enterprise Edge (MSEE) router. Circuits are available in different bandwidths and offer varying levels of redundancy.
Connectivity Provider: These are partners of Microsoft who provide the physical network connectivity to connect your on-premises network to an ExpressRoute location. They offer various services, including direct connections, Ethernet exchange connections, and IP VPN connections.
ExpressRoute Location: These are the physical points of presence (PoPs) where Microsoft and connectivity providers interconnect. You can connect to Azure through one or more of these locations.
Microsoft Enterprise Edge (MSEE) Router: These are Microsoft-managed routers at ExpressRoute locations that provide the gateway between your network and Azure.
Local, Standard, and Premium SKUs: ExpressRoute circuits come in different SKUs, each offering different features and capabilities.
- Local: Offers connectivity within a metropolitan area, with limited global reach.
- Standard: Provides global connectivity, allowing access to all Azure regions.
- Premium: Extends the Standard SKU by offering global routing, larger address spaces, and increased peerings.
SKU Capacity: Refers to the available bandwidth of the ExpressRoute circuit, ranging from 50 Mbps to 10 Gbps.

Connectivity Models

ExpressRoute supports several connectivity models, each catering to different requirements:

Provider's Network: You connect to your connectivity provider's network, and they route the traffic to Azure. This is a common model leveraging existing MPLS or VPN services.
Any-to-Any (IP VPN): Your connectivity provider offers an IP VPN service that connects your on-premises locations and Azure.
Co-location: You establish a direct physical connection from your equipment in a co-location facility to a Microsoft MSEE router.

Peerings

Azure Private Peering

This peering is used to connect to your Azure virtual networks (VNets). You'll use private IP addresses within your VNets. This is the most common peering type for hybrid connectivity.

Allows connectivity to VNets.
Uses private IP addressing.
Requires BGP for route exchange.

Azure Public Peering

This peering allows you to connect to Microsoft public services, such as Azure storage, Azure SQL Database, and Microsoft 365. You'll use public IP addresses for this peering.

Allows connectivity to Microsoft public services.
Uses public IP addressing.
Requires BGP for route exchange.
Note: Microsoft is deprecating public peering for new circuits. Customers are encouraged to use private peering with Microsoft peering for future deployments.

Microsoft Peering

This peering allows you to connect to Microsoft public services and SaaS applications (e.g., Microsoft 365, Dynamics 365) over Microsoft's global network. It provides a more direct and potentially lower-latency path than public peering through your ISP.

Allows connectivity to Microsoft public services and SaaS.
Uses public IP addressing.
Requires BGP for route exchange.
Recommended for accessing Microsoft services.

Border Gateway Protocol (BGP)

BGP is a critical routing protocol used by ExpressRoute to exchange routes between your on-premises network and Azure. Each peering (Private, Public, Microsoft) requires its own BGP session. You'll need to configure Autonomous System Numbers (ASNs) and IP addresses for your BGP configuration.

Important: You must use private ASNs (64512-65534) if you are using your own ASN for ExpressRoute. Microsoft uses its own ASNs (12076 for public services, 650XX for private services) and will advertise routes to you.

Key Considerations

Redundancy: Implement redundant ExpressRoute circuits and connectivity providers to ensure high availability.
Bandwidth: Select a bandwidth that meets your current and future needs. You can upgrade bandwidth without downtime.
Geographic Reach: Choose the SKU (Local, Standard, Premium) that provides the required geographic coverage for your services.
Security: ExpressRoute traffic is isolated from the public internet, providing a secure connectivity option.
Latency: ExpressRoute offers lower latency compared to VPNs over the internet, which is crucial for latency-sensitive applications.

Use Cases

Connecting on-premises datacenters to Azure VNets.
Migrating workloads to Azure.
Disaster recovery and business continuity.
Hybrid cloud scenarios.
Accessing Microsoft 365 services.

By understanding these fundamental concepts, you can effectively leverage Azure ExpressRoute to build secure, reliable, and high-performance network connections for your hybrid cloud strategy.