Azure Documentation

Troubleshooting Azure ExpressRoute Connectivity

This guide provides common troubleshooting steps and scenarios for resolving connectivity issues with Azure ExpressRoute. ExpressRoute enables private, high-throughput connections between your on-premises network and Microsoft Azure.

Common Issues and Resolutions

1. Loss of Connectivity

If you've lost all connectivity over your ExpressRoute circuit, consider the following:

• Check your local network: Verify the physical connectivity and status of your routers and network devices. Ensure they are powered on and operating correctly.
• Verify BGP status: Log in to your network edge router and check the Border Gateway Protocol (BGP) status. Look for established sessions with Microsoft's edge routers.

  show ip bgp summary

• Check IP address reachability: Ping the Microsoft edge router IP addresses if possible, or use tools like traceroute to diagnose the path.
• Service Key Verification: Ensure the Service Key used for provisioning is correctly entered and active.
• Circuit Status in Azure Portal: Check the ExpressRoute circuit status in the Azure portal. It should show as 'Provisioned' and 'Enabled'.

2. Slow Performance or Intermittent Connectivity

When performance is degraded or connectivity is unreliable, investigate these areas:

• Bandwidth Utilization: Monitor bandwidth usage on both your on-premises network and within Azure. High utilization can lead to congestion and packet loss.

  Tools like iperf or your network monitoring tools can help assess throughput.

• Latency: High latency can significantly impact application performance. Check latency between your on-premises network and Azure virtual networks.

  ping -t 

• MTU (Maximum Transmission Unit): Ensure MTU settings are consistent across your network path. An incorrect MTU can cause fragmentation and connectivity issues. The recommended MTU for ExpressRoute is 1500 bytes.
• Network Congestion: Identify if the congestion is within your network, at the peering location, or within Azure.
• Service Provider Issues: If you are using a connectivity provider, check their network status and performance metrics.

3. IP Address Prefix Advertisement Issues

Problems with advertising your on-premises IP address prefixes to Azure can prevent resources from being reachable.

• BGP Advertisement: Confirm that your BGP configuration is correctly advertising the intended IP address prefixes.
• Route Filters: Verify that no route filters are inadvertently blocking the advertisement of your prefixes to Microsoft.
• Azure Route Table: Check the effective routes on your Azure Virtual Network gateway to ensure it's receiving the correct prefixes.

4. Connectivity to Specific Azure Services

If you can reach VMs but not specific services (e.g., Azure Storage, Azure SQL Database), consider:

• Service Endpoints: Ensure you have configured Service Endpoints for the specific services if you are using them.
• Firewall Rules: Check Azure Network Security Groups (NSGs) and your on-premises firewalls for any rules blocking access to these services.
• Private Endpoints: If using Private Endpoints, verify their configuration and DNS resolution.

Key Tools and Commands

• Azure Portal: For circuit status, peering configurations, and service health.
• BGP commands (on your router): show ip bgp summary, show ip route bgp
• Ping: To test basic reachability and latency.
• Traceroute/Tracert: To diagnose the network path.
• iperf: To measure network bandwidth.
• Azure Network Watcher: For advanced diagnostics.

Further Assistance

If you are unable to resolve the issue, consider opening a support ticket with Azure Support. Ensure you have gathered all relevant diagnostic information before submitting the ticket.

Refer to the official Azure ExpressRoute documentation for detailed configuration and advanced troubleshooting topics.