Introduction & Overview
Designing an ExpressRoute Solution
Implementing an ExpressRoute Solution
The course is part of these learning paths
As dependency on cloud services grows, so does the need for a reliable, low-latency network connection to the cloud. Also, some organizations and government agencies require a dedicated connection that does not pass network traffic over the public internet. Azure ExpressRoute provides a dedicated, redundant connection to Azure cloud services.
In this course, we examine Azure ExpressRoute. Azure ExpressRoute creates a reliable, dedicated connection between an organization's on-premises environment and Microsoft Azure. We cover design considerations when planning for ExpressRoute, requirements for installing ExpressRoute, and management and troubleshooting tasks. The learning objectives for this course map to the Azure AZ-700: Designing and Implementing Microsoft Azure Networking Solutions exam.
- Choose between provider and direct model (ExpressRoute Direct)
- Design and implement Azure cross-region connectivity between multiple ExpressRoute locations
- Select an appropriate ExpressRoute SKU and tier
- Design and implement ExpressRoute Global Reach and ExpressRoute FastPath
- Choose between private peering only, Microsoft peering only, or both
- Configure private peering and Microsoft peering
- Create and configure an ExpressRoute gateway
- Connect a virtual network to an ExpressRoute circuit
- Recommend a route advertisement configuration
- Configure encryption over ExpressRoute
- Implement Bidirectional Forwarding Detection
- Diagnose and resolve ExpressRoute connection issues
- System or network administrators with responsibilities for connecting an on-premises network to Azure
- Anyone preparing for the Azure AZ-700: Designing and Implementing Microsoft Azure Networking Solutions exam
- A basic understanding of networking, routing, and VPN concepts
Despite our best efforts, sometimes problems occur. In this lecture, we examine some troubleshooting steps and tools used to identify and resolve issues. Networks can be quite complex. For example, an organization may have one or more sites connected over a WAN. Each one of these locations may have multiple subnets and routers connecting to the WAN. That connects to customer or provider edge equipment for ExpressRoute, and that connects to the Microsoft Edge Routers. There's also the provider network that facilitates the ExpressRoute connection. The provider may manage the Customer Edge Equipment or provide connectivity to customer managed equipment.
From there, ExpressRoute peers to Azure services with Azure Private Peering and Microsoft services with Microsoft peering. This example shows a high-level map of a, somewhat generic configuration. An actual example would also have BGP settings such as BGP Communities, VNet Gateways, DMZ's, firewall rules, network interfaces and subnets. The point to showing this is that having a detail map of the ExpressRoute configuration and connected services and networks is important.
Take time to create a detailed map when designing and implanting an ExpressRoute circuit. It will be extremely valuable when troubleshooting issues as well as communicating the environment to others that may be helping with troubleshooting efforts. Should you experience an issue with ExpressRoute, one of the first steps is to verify the ExpressRoute Circuit is enabled and the provider status is provisioned. Also, make sure peering shows provisioned for all peering's implemented. The status in the Overview page of the ExpressRoute circuit is a good spot to verify if there are ane problems with the circuit or peering.
Next, we have some PowerShell commands that can help us gather information and troubleshoot the environment. First is Get-Az Express Route Circuit Route Table command. This commands gets the routing table from the primary path of the private routing context from the Microsoft Edge Equipment. An example of the command in the output is on the screen. Use this to verify routing information is correct on the Microsoft Edge Equipment. The next command is Get-Az ExpressRoute Circuit Stats. This, as the name implies, gets the traffic statistics for an ExpressRoute circuit. Use this to verify traffic flow on the circuit. An example of the command and the output is on the screen.
Next is the Azure Connectivity Toolkit, or AzureCT. AzureCT has two components, one to test for availability and the other for performance testing. This example is an overview of performance testing. There are three steps to using the tool, first is to download and install the PowerShell module. Next is to install the supporting applications, iPerf and PSPing. Finally, run the test. The test requires two servers, one at each end of the link, one as the source and the other as the destination. Performance is tested between the two servers. Both servers need AzureCT to run the test.
Let's start by downloading the PowerShell Module with the invoke-expression command. This creates a new object with the source URL for the module, then downloads it. Next, install the supporting applications with the Install-LinkPerfomrance command. Enter y to continue when prompted. Run these two steps on the source and target computer. Also, make sure traffic is allowed for port 5,201 on the source and destination computer. One of the applications installed was iperf3.exe. We need to start that application in server mode on the target computer.
Log in and run iPerf by going to the installation directory, the default is ACTools at the root of the C drive, and run iperf3.exe-s. That starts the target server. The next step is to start the test. This will measure performance between the source and the target computer. Run the source computer, run the command the command get link performance supplying the remote host, the IP address of the target, and the duration of the test in seconds. Once finished, the output will look like what's on the screen. This test provides information on bandwidth, packet loss and latency for a ping and tests with one to 32 threads.
Use AzureCT to test new circuits and establish a baseline. It helps to know and document what is normal if you need to test performance issues in the future. Sometimes things go wrong. If an operation on an ExpressRoute circuit doesn't complete successfully, it may go into a failed state. The first step to resolve a failed circuit is to reset it. Be sure you're logged into the ExpressRoute subscription with an account that has rights to manage ExpressRoute. And start by getting the circuit and adding it to a variable, $ckt for this example.
Next, reset the circuit with the Set-AzExpressRouteCircuit command, passing in the circuit variable as the target. Finally, if the problem persists despite your efforts, reach out for help. Check with the ExpressRoute provider and Microsoft for support. They may have visibility and tools to help troubleshoot advanced issues. I hope this information is helpful should you run into problems. Thank you for joining me in this lecture.
Travis Roberts is a Cloud Infrastructure Architect at a Minneapolis consulting firm, a Microsoft MVP, MCT, and author. Travis has 20 years of IT experience in the legal, pharmaceutical, and marketing industries and has worked with IT hardware manufacturers and managed service providers. In addition, Travis has held numerous technical certifications throughout his career from Microsoft, VMware, Citrix, and Cisco.