Az 104 — Azure ExpressRoute

· Azure ExpressRoute lets you seamlessly extend your on-premises networks into the Microsoft cloud.

· This connection between your organization and Azure is dedicated and private.

· Establishing an ExpressRoute connection enables you to connect to Microsoft cloud services like Azure, Office 365, and Dynamics 365.

· Security is enhanced, connections are more reliable, latency is minimal, and throughput is greatly increased.

· ExpressRoute provides Layer 3 (address-level) connectivity between your on-premises network and the Microsoft cloud through connectivity partners.

· These connections can be from a point-to-point, any-to-any network, or they can be virtual cross-connections through an exchange.

· ExpressRoute uses the Border Gateway Protocol (BGP) routing protocol.

· ExpressRoute supports three models that you can use to connect your on-premises network to the Microsoft cloud:

o CloudExchange co-location

o Point-to-point Ethernet connection

o Any-to-any connection

· Even if you have an ExpressRoute connection, DNS queries, certificate revocation list checking, and Azure Content Delivery Network requests are still sent over the public internet.

· ExpressRoute is supported across all regions and locations.

· To implement ExpressRoute, you need to work with an ExpressRoute partner

· A circuit provides a physical connection for transmitting data through the ExpressRoute provider’s edge routers to the Microsoft edge routers.

· A circuit is established across a private wire rather than the public internet.

· To support these peerings, ExpressRoute has a number of network and routing requirements:

o Ensure that BGP sessions for routing domains have been configured.

o Depending on your partner, this might be their or your responsibility.

o Additionally, for each ExpressRoute circuit, Microsoft requires redundant BGP sessions between Microsoft’s routers and your peering routers.

o You or your providers need to translate the private IP addresses used on-premises to public IP addresses by using a NAT service.

o Microsoft will reject anything except public IP addresses through Microsoft peering.

o Reserve several blocks of IP addresses in your network for routing traffic to the Microsoft cloud.

o You configure these blocks as either a /29 subnet or two /30 subnets in your IP address space.

· Circuit creation can take several minutes.

· After the circuit has been provisioned, you can use the Azure portal to view the properties.

· You’ll see that Circuit status is enabled, meaning that the Microsoft side of the circuit is ready to accept connections.

· Provider status will be Not provisioned initially.

· This is because the provider hasn’t configured their side of the circuit for connecting to your network.

· You send the provider the value in the Service key field to enable them to configure the connection.

· This can take several days.

· You can revisit this page to check the provider status.

· In each ExpressRoute circuit, there are two connections from the connectivity provider to two different Microsoft edge routers.

· This configuration occurs automatically.

· It provides a degree of availability within a single location.

· Microsoft also provides an ultra-high-speed option called ExpressRoute Direct.

· This service enables dual 100-Gbps connectivity.

· It’s suitable for scenarios that involve massive and frequent data ingestion.

· It’s also suitable for solutions that require extreme scalability, such as banking, government, and retail.

· ExpressRoute Direct supports FastPath.

When FastPath is enabled, it sends network traffic directly to a virtual machine that’s the intended destination