Introduction & Overview
Designing an ExpressRoute Solution
Implementing an ExpressRoute Solution
The course is part of these learning paths
As dependency on cloud services grows, so does the need for a reliable, low-latency network connection to the cloud. Also, some organizations and government agencies require a dedicated connection that does not pass network traffic over the public internet. Azure ExpressRoute provides a dedicated, redundant connection to Azure cloud services.
In this course, we examine Azure ExpressRoute. Azure ExpressRoute creates a reliable, dedicated connection between an organization's on-premises environment and Microsoft Azure. We cover design considerations when planning for ExpressRoute, requirements for installing ExpressRoute, and management and troubleshooting tasks. The learning objectives for this course map to the Azure AZ-700: Designing and Implementing Microsoft Azure Networking Solutions exam.
- Choose between provider and direct model (ExpressRoute Direct)
- Design and implement Azure cross-region connectivity between multiple ExpressRoute locations
- Select an appropriate ExpressRoute SKU and tier
- Design and implement ExpressRoute Global Reach and ExpressRoute FastPath
- Choose between private peering only, Microsoft peering only, or both
- Configure private peering and Microsoft peering
- Create and configure an ExpressRoute gateway
- Connect a virtual network to an ExpressRoute circuit
- Recommend a route advertisement configuration
- Configure encryption over ExpressRoute
- Implement Bidirectional Forwarding Detection
- Diagnose and resolve ExpressRoute connection issues
- System or network administrators with responsibilities for connecting an on-premises network to Azure
- Anyone preparing for the Azure AZ-700: Designing and Implementing Microsoft Azure Networking Solutions exam
- A basic understanding of networking, routing, and VPN concepts
In this section, we review Azure ExpressRoute Global Reach. We went over the diagram on the screen in the last lecture. In the current configuration, each local site can pass traffic to the VNets in each subscription by cross-connecting the VNets to multiple ExpressRoute gateways. We also added VNet peering to connect the two VNets in different subscriptions. But there's one item missing. The on-premises sites, Business Inc. and Company LLC, can't pass traffic between them, at least not in the current configuration. We can address this with ExpressRoute Global Reach.
ExpressRoute Global Reach provides connectivity between different ExpressRoute Circuits, allowing on-premises locations to pass traffic over ExpressRoute. Global Reach connects ExpressRoute sites over Microsoft's Global network. Microsoft has over 130,000 miles of fiber-optic cables across six continents. Global Reach creates a secure, private connection on that network, bypassing the internet. When a site is connected by Global Reach, the on-premises networks are advertised to Azure Subnets and other connected on-premises locations with BGP.
ExpressRoute Global Reach provides connectivity over the secure, highly redundant Microsoft network, connecting remote sites, leveraging existing ExpressRoute Circuits without relying on VPNs over public internet for site-to-site connectivity. There are some requirements and other details to be aware of with Global Reach. ExpressRoute Standard is required for Global Reach between circuits in the same geopolitical region. ExpressRoute premium is required for circuits that are outside of a geopolitical region.
Global Reach is billed separately from ExpressRoute circuits. It's an add-on service. Also, Connections are not transitive. Let's take a look at what that means. In this diagram, all sites are connected to each other with Global Reach. If the connection between North and South America is removed, North America and Europe can pass traffic, as well as South America and Europe. But North America and South America cannot pass traffic. Likewise, if we add a fourth site, a Global Reach connection has to be established to each of the other sites for full connectivity.
ExpressRoute Global Reach is just one of the WAN solutions available from Microsoft. Azure Virtual WAN is another option. Both leverage Microsoft's private network for connecting on-premises and cloud resources.
Travis Roberts is a Cloud Infrastructure Architect at a Minneapolis consulting firm, a Microsoft MVP, MCT, and author. Travis has 20 years of IT experience in the legal, pharmaceutical, and marketing industries and has worked with IT hardware manufacturers and managed service providers. In addition, Travis has held numerous technical certifications throughout his career from Microsoft, VMware, Citrix, and Cisco.