Introduction & Overview
Designing an ExpressRoute Solution
Implementing an ExpressRoute Solution
The course is part of these learning paths
As dependency on cloud services grows, so does the need for a reliable, low-latency network connection to the cloud. Also, some organizations and government agencies require a dedicated connection that does not pass network traffic over the public internet. Azure ExpressRoute provides a dedicated, redundant connection to Azure cloud services.
In this course, we examine Azure ExpressRoute. Azure ExpressRoute creates a reliable, dedicated connection between an organization's on-premises environment and Microsoft Azure. We cover design considerations when planning for ExpressRoute, requirements for installing ExpressRoute, and management and troubleshooting tasks. The learning objectives for this course map to the Azure AZ-700: Designing and Implementing Microsoft Azure Networking Solutions exam.
- Choose between provider and direct model (ExpressRoute Direct)
- Design and implement Azure cross-region connectivity between multiple ExpressRoute locations
- Select an appropriate ExpressRoute SKU and tier
- Design and implement ExpressRoute Global Reach and ExpressRoute FastPath
- Choose between private peering only, Microsoft peering only, or both
- Configure private peering and Microsoft peering
- Create and configure an ExpressRoute gateway
- Connect a virtual network to an ExpressRoute circuit
- Recommend a route advertisement configuration
- Configure encryption over ExpressRoute
- Implement Bidirectional Forwarding Detection
- Diagnose and resolve ExpressRoute connection issues
- System or network administrators with responsibilities for connecting an on-premises network to Azure
- Anyone preparing for the Azure AZ-700: Designing and Implementing Microsoft Azure Networking Solutions exam
- A basic understanding of networking, routing, and VPN concepts
We now understand that ExpressRoute circuit provides a direct connection between an on-premises location and Microsoft, and Azure services. There are a couple of different models for how a circuit is provisioned, a provider model and a direct model. The first is the provider model. The provider model uses a third-party provider to supply the connection between the private network and Azure. This model integrates with Ethernet and MPLS providers with bandwidth from 50 megabits per second to 10 gigabits per second. This type of connection is optimized for a single tenant.
The second model is Express Route Direct. With Express Route Direct, the client connects directly into Microsoft's globally distributed peering locations with a 10, or a 100 gigabits per second connection. With Express Route Direct, there's no third-party provider bridging the connection between the organization's private network and the Microsoft, or Azure network.
Express Route Direct is optimized for organizations with complex business unit structures or networks. The 10 gigabit per second circuit support SKUs for one, two, five or 10 gigabits per second ExpressRoute connections. A 100 gigabits per second circuit support SKUs for five, 10, 40, or 100 gigabits per second. While the direct model provides a direct ExpressRoute connection. The provider model relies on a third party for ExpressRoute connectivity.
There are three options with the provider model to establish connectivity. Cloud Exchange Co-location. Point-to-point Ethernet Connection. And Any-to-any IPVPN Connection. The first provider model is cloud exchange co-location. Managing a data center is no trivial task. For many, it makes sense to move infrastructure into a co-location data center facility where power cooling access and space are managed by the co-location. These facilities often have established support for connectivity to cloud providers like Microsoft.
In this case, the co-location can provide a Layer 2, or manage Layer 3 network cross connection between the private network and Microsoft. If the organization is not in a data center, or the data center does not offer ExpressRoute, Point-to-point Ethernet is another option. With a point-to-point connection, a carrier provides a Layer 2, or manage Layer 3 connectivity between the remote site and the Microsoft cloud.
Organizations with an existing WAN that connects multiple sites can leverage an Any-to-any IPVPN connection. Some organizations may use an MPLS to connect multiple sites. If an organization has MPLS, ExpressRoute can be connected into the WAN and treated like another branch on that WAN network. Choosing the correct model depends on the existing infrastructure and the organization's requirements.
If high bandwidth, low latency on a dedicated connection is required, the direct model is the best option. The service provider model is a better option for organizations and a co-location that provides ExpressRoute connectivity, have an on-premise or other location that can use a point-to-point Ethernet connection or an existing WAN with the option to add an Any-to-any IPVPN connect.
Travis Roberts is a Cloud Infrastructure Architect at a Minneapolis consulting firm, a Microsoft MVP, MCT, and author. Travis has 20 years of IT experience in the legal, pharmaceutical, and marketing industries and has worked with IT hardware manufacturers and managed service providers. In addition, Travis has held numerous technical certifications throughout his career from Microsoft, VMware, Citrix, and Cisco.