Azure Documentation

Virtual Networks: ExpressRoute Gateways

Manage ExpressRoute Gateway

This document provides comprehensive guidance on managing your Azure ExpressRoute gateways. ExpressRoute gateways are a crucial component for establishing private, high-throughput connections between your on-premises network and Azure.

Effectively managing your ExpressRoute gateway ensures optimal performance, reliability, and security for your hybrid cloud connectivity.

Prerequisites

  • An active Azure subscription.
  • An existing ExpressRoute circuit.
  • Appropriate permissions to manage virtual networks and gateways.
  • The Azure CLI or Azure PowerShell module installed and configured (optional, but recommended for scripting).

Creating an ExpressRoute Gateway

Before you can manage an ExpressRoute gateway, you need to create one. This is typically done through the Azure portal or using Azure CLI/PowerShell.

Steps in Azure Portal:

  1. Navigate to your Virtual Network.
  2. Under 'Settings', select 'Gateway subnet'. Ensure a subnet named GatewaySubnet exists and has adequate IP addresses.
  3. Go back to the Virtual Network's overview and select 'Create virtual network gateway'.
  4. Fill in the required details: Subscription, Resource Group, Name, Region, Gateway type (ExpressRoute), SKU, Generation, Virtual network, and Connected ExpressRoute circuit.
  5. Click 'Review + create' and then 'Create'.

For CLI commands, refer to the Azure CLI documentation.

Create ExpressRoute Gateway Guide

Managing an Existing Gateway

Once your ExpressRoute gateway is provisioned, you can manage its various aspects.

Viewing Status and Configuration

You can monitor the health and configuration of your ExpressRoute gateway from the Azure portal.

  • Navigate to your ExpressRoute gateway resource in the Azure portal.
  • The 'Overview' blade displays the gateway's provisioning state, SKU, IP address, and associated ExpressRoute circuits.
  • The 'Connection' section shows the status of connections to your ExpressRoute circuits.
Note: Ensure your gateway's provisioning state is 'Succeeded' for optimal performance.

Scaling the Gateway

ExpressRoute gateways are available in various SKUs, each offering different levels of performance (bandwidth and connections). You can scale your gateway by changing its SKU.

To scale your gateway:

  1. Navigate to your ExpressRoute gateway in the Azure portal.
  2. Under 'Settings', select 'SKU'.
  3. Choose a higher or lower SKU based on your performance requirements. Note that scaling up or down may involve a gateway restart and a brief downtime.
  4. Click 'Apply'.
SKU Max Bandwidth (Gbps) Max Circuits
Standard 1 10
HighPerformance 2 20
UltraPerformance 10 40

Updating the Gateway

You can update certain properties of your ExpressRoute gateway, such as the associated ExpressRoute circuits.

  • To add or remove connections to ExpressRoute circuits, navigate to the 'Connections' section of your gateway resource.
  • Click 'Add' to link a new circuit or select an existing connection and click 'Delete' to remove it.

Deleting the Gateway

If you no longer require the ExpressRoute gateway, you can delete it to stop incurring charges.

Important: Deleting the gateway will also delete all associated connections.

  1. Navigate to your ExpressRoute gateway resource in the Azure portal.
  2. Click the 'Delete' button at the top of the overview page.
  3. Confirm the deletion by typing the gateway name.

Best Practices

  • Choose the Right SKU: Select a gateway SKU that matches your current and projected bandwidth and connection needs.
  • Monitor Performance: Regularly monitor gateway metrics (CPU, bandwidth, active sessions) to ensure optimal performance.
  • Use Private IP Addressing: For ExpressRoute connections, always use private IP addressing for your on-premises and Azure resources.
  • Plan for Downtime: If scaling or updating the gateway requires a restart, plan accordingly to minimize impact on your services.
  • Secure your Gateway: Implement Network Security Groups (NSGs) and Azure Firewall for enhanced security on your virtual network.
Tip: Consider using Azure Monitor and Azure Advisor for proactive performance tuning and issue detection.

Troubleshooting

Common issues and their resolutions:

  • Gateway Not Provisioned: Check the gateway subnet configuration, resource group, and permissions.
  • Connectivity Issues: Verify ExpressRoute circuit status, BGP peering, and routing configurations. Use Azure Network Watcher tools.
  • Performance Degradation: Ensure the gateway SKU is sufficient for the traffic load. Check for network congestion.

For detailed troubleshooting steps, refer to the ExpressRoute Gateway Troubleshooting Guide.