Azure ExpressRoute

Introduction to ExpressRoute

ExpressRoute allows you to extend your on-premises networks into the Microsoft cloud over a dedicated private connection. This connection is facilitated by a connectivity provider at a co-location facility. ExpressRoute does not traverse the public internet, offering higher security, reliability, and speeds. It's ideal for mission-critical workloads, large data transfers, and scenarios requiring predictable performance.

Key benefits include:

• Increased Reliability: Dedicated circuits ensure consistent network performance.
• Faster Speeds: Support for bandwidths from 50 Mbps to 10 Gbps.
• Lower Latency: Reduced network hops compared to internet-based connections.
• Enhanced Security: Traffic bypasses the public internet.
• Global Reach: Connect to Azure regions worldwide through a network of partners.

Key Concepts

Connectivity Providers

ExpressRoute circuits are established through partnerships with various network service providers. You choose a provider that has a presence in your desired co-location facility.

Peering Locations

These are physical locations where you connect your network to Microsoft's network. Common locations include major data centers and internet exchange points.

Circuit

An ExpressRoute circuit represents the physical connection between your network and Microsoft's network. It's provisioned by your connectivity provider.

SKUs and Bandwidth

ExpressRoute offers different service tiers (SKUs) and bandwidth options to meet varying needs and budgets.

Provider and Microsoft Peering

You can configure different types of peering to connect to Azure services, Microsoft 365, or your own virtual networks.

Features

• ExpressRoute Premium: Offers faster routing, increased limits on BGP prefixes, and global connectivity.
• ExpressRoute Direct: Connect directly to Microsoft's network at specific Microsoft peering locations, offering higher port speeds and simpler billing.
• Dynamic Bandwidth Allocation: Adjust bandwidth on demand without physical circuit changes.
• IPv4 and IPv6 Support: Supports both IP address families for broader compatibility.
• Data Encryption: Integrates with MACsec for data encryption over the ExpressRoute circuit.

Getting Started with ExpressRoute

1. Choose a connectivity provider: Select a partner that offers ExpressRoute services in your region.
2. Order an ExpressRoute circuit: Work with your provider to provision a circuit with your desired bandwidth and SKU.
3. Configure peering: Set up private, public, or Microsoft peering to connect to Azure resources.
4. Provision ExpressRoute Gateways: Create and connect Virtual Networks (VNets) to your ExpressRoute circuit using ExpressRoute gateways.

Refer to the ExpressRoute pricing page for detailed cost information.

Configuration Examples

Creating an ExpressRoute Circuit (Azure CLI)

az network express-route create --resource-group MyResourceGroup --name MyExpressRouteCircuit --location westus --providername "Equinix" --peeringlocation "Silicon Valley" --bandwidth 100
                    

Configuring Private Peering

Private peering allows you to connect to your Azure virtual networks. You'll need to configure BGP on your on-premises router and within Azure.

Example BGP ASN configuration:

• On-premises router: BGP ASN 65001
• Azure VNet Gateway: BGP ASN 65500

IP addresses for the peer link should be from a private range.

Troubleshooting Common Issues

• Connectivity Problems: Verify BGP peering status, firewall rules, and physical link status.
• Performance Degradation: Monitor bandwidth utilization and latency. Consider upgrading bandwidth or optimizing routing.
• IP Address Conflicts: Ensure unique IP address spaces are used across your on-premises network and Azure VNets.

Use Azure Network Watcher for advanced diagnostics.

API Reference