Create an ExpressRoute Gateway

This article guides you through the process of creating an ExpressRoute gateway in Azure. An ExpressRoute gateway is a specific type of virtual network gateway used for ExpressRoute circuits.

Prerequisites

• An existing Azure Virtual Network.
• An existing ExpressRoute circuit with an active provider status.

Steps to Create an ExpressRoute Gateway

You can create an ExpressRoute gateway using the Azure portal, Azure CLI, or Azure PowerShell.

Using the Azure Portal

1. Sign in to the Azure portal.
2. Navigate to Virtual Network Gateways. In the search bar at the top, type "Virtual network gateways" and select it from the results.
3. Click "+ Create". This will open the "Create a virtual network gateway" blade.
4. Configure the Basics tab:
   • Subscription: Select your Azure subscription.
   • Resource group: Choose an existing resource group or create a new one.
   • Name: Provide a unique name for your gateway (e.g., ERGateway01).
   • Region: Select the same region as your virtual network.
   • Gateway type: Select ExpressRoute.
   • SKU: Choose an appropriate SKU based on your performance and connectivity requirements (e.g., Standard, HighPerformance, UltraPerformance).
   • Generation: Select the generation that corresponds to your chosen SKU.
   • Virtual network: Select the virtual network to which you want to associate the gateway.
   • Gateway subnet address range: This will auto-populate based on your virtual network. If it doesn't, you'll need to create a dedicated subnet named GatewaySubnet within your virtual network with an address space of at least /27.
   • Public IP address: Select "Create new" and provide a name for the public IP address (e.g., ERGatewayPublicIP). The SKU for the public IP must be Standard.
   • Enable active-active mode: Choose Disabled unless you require a highly available setup with two gateway instances.
   • Configure BGP: Select Enabled if you plan to use BGP for routing with your ExpressRoute circuit. Provide your ASN and BGP peer IP address if prompted.
5. Review and Create. After validation, click "Create". The deployment can take 30-45 minutes or longer.

Using Azure CLI

First, ensure you have the Azure CLI installed and are logged in. You'll need the resource group name, virtual network name, and the name for your gateway and public IP.

# Variables
RESOURCE_GROUP="myResourceGroup"
VNET_NAME="myVNet"
GW_NAME="myExpressRouteGateway"
GW_PUBLIC_IP_NAME="myExpressRouteGatewayPublicIP"
LOCATION="eastus" # Replace with your region
VNET_GW_TYPE="ExpressRoute"
GW_SKU="Standard" # Or HighPerformance, UltraPerformance, etc.
BGP_PEERING_ADDRESS="10.0.1.254" # Example, use your planned BGP IP
ASN="65515" # Example, use your private ASN

# Create a public IP address for the gateway
az network public-ip create \
  --name $GW_PUBLIC_IP_NAME \
  --resource-group $RESOURCE_GROUP \
  --location $LOCATION \
  --sku Standard \
  --allocation-method Static

# Get the resource ID of the virtual network
VNET_ID=$(az network vnet show --name $VNET_NAME --resource-group $RESOURCE_GROUP --query id -o tsv)

# Get the resource ID of the public IP address
PUBLIC_IP_ID=$(az network public-ip show --name $GW_PUBLIC_IP_NAME --resource-group $RESOURCE_GROUP --query id -o tsv)

# Create the ExpressRoute gateway
az network vnet-gateway create \
  --name $GW_NAME \
  --resource-group $RESOURCE_GROUP \
  --location $LOCATION \
  --type $VNET_GW_TYPE \
  --sku $GW_SKU \
  --vnet $VNET_ID \
  --public-ip-address $PUBLIC_IP_ID \
  --enable-bgp true \
  --bgp-settings "$ASN,$BGP_PEERING_ADDRESS"

echo "ExpressRoute Gateway $GW_NAME created successfully."
                

Connecting the Gateway to an ExpressRoute Circuit

Once the gateway is created, you need to connect it to your ExpressRoute circuit. This is typically done by creating a connection resource.

Azure Portal

1. Navigate to your ExpressRoute circuit.
2. Under Settings, click Circuit connections.
3. Click + Add connection.
4. Provide a name for the connection, select your Virtual network gateway, and specify the bandwidth for the connection.
5. Click Add.

Azure CLI

# Variables
CIRCUIT_NAME="myExpressRouteCircuit"
CONNECTION_NAME="ERCircuitConnection"
CONNECTION_TYPE="ExpressRoute" # Must be ExpressRoute for ExpressRoute gateway
CIRCUIT_RESOURCE_GROUP="myExpressRouteResourceGroup" # Resource group of your circuit
GW_RESOURCE_GROUP="myResourceGroup" # Resource group of your gateway

# Get the ExpressRoute circuit resource ID
CIRCUIT_ID=$(az network express-route circuit show --name $CIRCUIT_NAME --resource-group $CIRCUIT_RESOURCE_GROUP --query id -o tsv)

# Get the ExpressRoute gateway resource ID
GW_ID=$(az network vnet-gateway show --name $GW_NAME --resource-group $GW_RESOURCE_GROUP --query id -o tsv)

# Create the connection
az network express-route circuit connection create \
  --circuit-name $CIRCUIT_NAME \
  --name $CONNECTION_NAME \
  --resource-group $CIRCUIT_RESOURCE_GROUP \
  --gateway-custom-route-url "" \
  --express-route-circuit $CIRCUIT_ID \
  --linked-virtual-network-gateway $GW_ID \
  --connection-type $CONNECTION_TYPE

echo "Connection $CONNECTION_NAME created successfully."
                

Verification

After deployment and connection creation, verify the status:

• Azure Portal: Navigate to your ExpressRoute gateway and check its status. You can also view the circuit connection status.
• Azure CLI:

  
  az network vnet-gateway show --name $GW_NAME --resource-group $RESOURCE_GROUP --query "{Name:name, ProvisioningState:provisioningState, GatewayType:gatewayType}"
  az network express-route circuit connection show --circuit-name $CIRCUIT_NAME --name $CONNECTION_NAME --resource-group $CIRCUIT_RESOURCE_GROUP --query "{Name:name, ProvisioningState:provisioningState, ConnectionType:connectionType}"
                          

Next Steps

• Configure routing for your ExpressRoute circuit.
• Set up connections to your on-premises network.
• Explore ExpressRoute Global Reach for connecting multiple VNETs across different regions.