Az 104 — Azure ExpressRoute
· Azure ExpressRoute lets you seamlessly extend your on-premises networks into the Microsoft cloud.
· This connection between your organization and Azure is dedicated and private.
· Establishing an ExpressRoute connection enables you to connect to Microsoft cloud services like Azure, Office 365, and Dynamics 365.
· Security is enhanced, connections are more reliable, latency is minimal, and throughput is greatly increased.
· ExpressRoute provides Layer 3 (address-level) connectivity between your on-premises network and the Microsoft cloud through connectivity partners.
· These connections can be from a point-to-point, any-to-any network, or they can be virtual cross-connections through an exchange.
· ExpressRoute uses the Border Gateway Protocol (BGP) routing protocol.
· ExpressRoute supports three models that you can use to connect your on-premises network to the Microsoft cloud:
o CloudExchange co-location
o Point-to-point Ethernet connection
o Any-to-any connection
· Even if you have an ExpressRoute connection, DNS queries, certificate revocation list checking, and Azure Content Delivery Network requests are still sent over the public internet.
· ExpressRoute is supported across all regions and locations.
· To implement ExpressRoute, you need to work with an ExpressRoute partner
· A circuit provides a physical connection for transmitting data through the ExpressRoute provider’s edge routers to the Microsoft edge routers.
· A circuit is established across a private wire rather than the public internet.
· To support these peerings, ExpressRoute has a number of network and routing requirements:
o Ensure that BGP sessions for routing domains have been configured.
o Depending on your partner, this might be their or your responsibility.
o Additionally, for each ExpressRoute circuit, Microsoft requires redundant BGP sessions between Microsoft’s routers and your peering routers.
o You or your providers need to translate the private IP addresses used on-premises to public IP addresses by using a NAT service.
o Microsoft will reject anything except public IP addresses through Microsoft peering.
o Reserve several blocks of IP addresses in your network for routing traffic to the Microsoft cloud.
o You configure these blocks as either a /29 subnet or two /30 subnets in your IP address space.
· Circuit creation can take several minutes.
· After the circuit has been provisioned, you can use the Azure portal to view the properties.
· You’ll see that Circuit status is enabled, meaning that the Microsoft side of the circuit is ready to accept connections.
· Provider status will be Not provisioned initially.
· This is because the provider hasn’t configured their side of the circuit for connecting to your network.
· You send the provider the value in the Service key field to enable them to configure the connection.
· This can take several days.
· You can revisit this page to check the provider status.
· In each ExpressRoute circuit, there are two connections from the connectivity provider to two different Microsoft edge routers.
· This configuration occurs automatically.
· It provides a degree of availability within a single location.
· Microsoft also provides an ultra-high-speed option called ExpressRoute Direct.
· This service enables dual 100-Gbps connectivity.
· It’s suitable for scenarios that involve massive and frequent data ingestion.
· It’s also suitable for solutions that require extreme scalability, such as banking, government, and retail.
· ExpressRoute Direct supports FastPath.
When FastPath is enabled, it sends network traffic directly to a virtual machine that’s the intended destination
