Introduction & Overview
Designing an ExpressRoute Solution
Implementing an ExpressRoute Solution
The course is part of these learning paths
As dependency on cloud services grows, so does the need for a reliable, low-latency network connection to the cloud. Also, some organizations and government agencies require a dedicated connection that does not pass network traffic over the public internet. Azure ExpressRoute provides a dedicated, redundant connection to Azure cloud services.
In this course, we examine Azure ExpressRoute. Azure ExpressRoute creates a reliable, dedicated connection between an organization's on-premises environment and Microsoft Azure. We cover design considerations when planning for ExpressRoute, requirements for installing ExpressRoute, and management and troubleshooting tasks. The learning objectives for this course map to the Azure AZ-700: Designing and Implementing Microsoft Azure Networking Solutions exam.
- Choose between provider and direct model (ExpressRoute Direct)
- Design and implement Azure cross-region connectivity between multiple ExpressRoute locations
- Select an appropriate ExpressRoute SKU and tier
- Design and implement ExpressRoute Global Reach and ExpressRoute FastPath
- Choose between private peering only, Microsoft peering only, or both
- Configure private peering and Microsoft peering
- Create and configure an ExpressRoute gateway
- Connect a virtual network to an ExpressRoute circuit
- Recommend a route advertisement configuration
- Configure encryption over ExpressRoute
- Implement Bidirectional Forwarding Detection
- Diagnose and resolve ExpressRoute connection issues
- System or network administrators with responsibilities for connecting an on-premises network to Azure
- Anyone preparing for the Azure AZ-700: Designing and Implementing Microsoft Azure Networking Solutions exam
- A basic understanding of networking, routing, and VPN concepts
In this lecture, we connected a virtual network to an ExpressRoute Circuit. Let's recap what we did in the previous lecture and how it relates to this one. Previously, we connected an ExpressRoute Circuit to a Virtual Network Gateway and virtual network. This is all good, but we're not limited to the one ExpressRoute circuit and virtual network, we can connect other virtual networks to the circuit as well. For example, we can link up to 10 virtual networks to a standard ExpressRoute circuit.
All virtual networks must be in the same geopolitical region with Standard. Also, a single virtual network can be linked to up to 16 different ExpressRoute Circuits. These ExpressRoute Circuits can be in the same or a different subscription. Adding the ExpressRoute Premium add-on increases the number of virtual networks that can connect to an ExpressRoute circuit, the total number depends on the bandwidth. Also, Premium expands the locations beyond a geopolitical region.
Let's take a look at how to create a connection from the Same Subscription. To start, make sure the circuit is provisioned and peering as configured. Go to Connections and Add a connection. Give the connection a name, ERLabConnection01 for this example and then go to Settings. Select the virtual network gateway. Go to review and create and create the connection. Once finished, the connection will have the status of succeeded under connections. Those are the steps to connect a virtual network in the same subscription.
Let's see how to do the same when the virtual network and the ExpressRoute circuit are in different subscriptions. Before we get into the steps, we need to identify the two roles involved with connecting VNets to ExpressRoute circuits in different subscription, a circuit owner and a circuit user. The circuit owner is the administrator of the ExpressRoute circuit. They can create authorizations to use the circuit. Also, the circuit owner is responsible for bandwidth charges on the circuit.
A Circuit User owns and administrators the Virtual Network Gateway that connects to the ExpressRoute circuit. Circuit users can redeem the authorization to connect the virtual network to the ExpressRoute circuit. These roles are important to understand because it sets the order for connecting the VNet to the Circuit in different subscriptions. The circuit owner first crates the authorization, then the user redeems that to finish the connection.
Let's review the steps for connecting a virtual network to an ExpressRoute circuit in a different subscription. We'll start out as the Circuit Owner at the ExpressRoute Circuit in the portal. Go to Authorization and give the authorization a name. ERDemoAuth for this example. Click Save. The Circuit user will need the resource ID and the authorization key to finish the steps. Please also note the authorization can be revoked by deleting it in this page.
The next steps are for the Circuit User. We'll use the Resource ID and the Authorization key from the previous steps to connect to a virtual network in a different subscription. Go to Create a Resource and search for Connection. Create a new connection. Provide a resource group, set the connection type to ExpressRoute and give it a name. ERConnection01 for this example. Set the location, the location has to be the same region of the Virtual Network Gateway we're creating the connection for.
Go to Settings. In settings, select the Virtual Network Gateway we're creating the connection for and select Redeem Authorization. Add the Authorization key and peer Circuit URI. We created these in a previous step. The authorization key and circuit URI are supplied by the circuit owner. Go to Review and Create and create the connection. Once finished, the status will change form Available to Used. That is how to connect additional virtual networks to an ExpressRoute Circuit in the same and a different subscription.
Travis Roberts is a Cloud Infrastructure Architect at a Minneapolis consulting firm, a Microsoft MVP, MCT, and author. Travis has 20 years of IT experience in the legal, pharmaceutical, and marketing industries and has worked with IT hardware manufacturers and managed service providers. In addition, Travis has held numerous technical certifications throughout his career from Microsoft, VMware, Citrix, and Cisco.