ExpressRoute Technical Overview in AZURE

ExpressRoute – S2S VPN

ExpressRoute is currently in Preview.

Windows Azure ExpressRoute allows you to create private connections between Azure datacenters and infrastructure that’s on your premises or in a co-location environment. With ExpressRoute, you can establish connections to Azure at an ExpressRoute partner co-location facility or directly connect to Azure from your existing WAN network (such as a MPLS VPN provided by a Network Service Provider). In order to configure ExpressRoute, you’ll have to meet the Required Prerequisites.

ExpressRoute connections do not go over the public Internet. ExpressRoute connections offer higher security, more reliability, faster speeds and lower latencies than typical connections over the Internet. In some cases, using ExpressRoute connections to transfer data between on-premises and Azure can also yield significant cost benefits. Use ExpressRoute to extend your network to Windows Azure and unlock hybrid IT scenarios. See the ExpressRoute FAQ for more details.

Connection Types

ExpressRoute ConnectionsThere are two connectivity options for ExpressRoute. You can select Direct Layer 3 connectivity through an Exchange Provider between your network and services hosted in Azure (compute, storage, media services, websites and other services), or Layer 3 connectivity through a network service provider between your network and services hosted in Azure (compute, storage, media services, websites and other services). Or you can choose both. The tables below outline the bandwidth options and requirements for each type of connection.Network service provider and exchange provider connectivity comparison

Properties Connectivity through Network Service Providers Connectivity through Exchange Providers
Supported Service Providers AT&T, Level 3 MPLS VPN Equinix, Level 3
Supported Bandwidth Options 10 Mbps, 50 Mbps, 100 Mbps, 500 Mbps, 1 Gbps 200 Mbps, 500 Mbps, 1Gbps, 10Gbps (will be added for General Availability)
Pricing Pricing Details Pricing Details
Routing Managed by Network Service Provider Customer managed
High Availability Network Service Provider offers redundant connectivity in the same location Customer must establish a pair of cross connects through the exchange provider

Service providers and locations

Service Provider Type Location
AT&T NetBond Network service provider Washington, D.C.Silicon Valley, CA
Equinix Exchange provider Washington, D.C.Silicon Valley, CA
Level 3 Exchange provider To be announced

Required Prerequisites

In order to connect, the following prerequisites are required:

  1. An active Windows Azure subscription enabled for ExpressRoute. You must request this through the Windows Azure Preview Services.
  • A relationship with a network service provider or an exchange provider from the supported list above through whom connectivity needs to be facilitated. You must have an existing business relationship with the network service provider or exchange provider to be eligible to participate in the preview program. You’ll need to make sure that the service you use is compatible with ExpressRoute.
  • Contact your Microsoft account team. We recommend contacting your Microsoft account team to let them know you’ve self-nominated to join ExpressRoute Preview. Your account team can work with you and your service provider to prioritize your request.
  • Connectivity to the service provider’s infrastructure. You must meet the criteria of at least one of the following items listed:
    • You are a VPN customer of the network service provider and have at least one on-premises site connected to the network service provider’s VPN infrastructure. Check with your network service provider to see if your VPN service meets the need for ExpressRoute.
    • Your infrastructure is co-located in the exchange provider’s datacenter.
    • You have Ethernet connectivity to the exchange provider’s Ethernet exchange infrastructure.
  • IP addresses and AS numbers for routing configuration.
    • You must use your own public AS numbers for configuring BGP sessions with Windows Azure.
    • You can use private AS numbers. If you choose to do so, it must be > 65000. Note that 65515 is used by Windows Azure and will be blocked. For more information about AS numbers, see Autonomous System (AS) Numbers.
    • IP addresses to configure routes. A /28 subnet is required. This must not overlap with any IP address ranges used in your on-premises or in Azure.

Connectivity Overview

The figure below provides a logical representation of connectivity between your infrastructure and Windows Azure. You must order a circuitto connect your infrastructure to Windows Azure through a connectivity provider. A connectivity provider can be either a network service provider or an exchange provider.

Connectivity Overview

In the diagram, a circuit represents a redundant pair of logical cross connections between your network and Windows Azure configured in Active-Active configuration. The circuit will be partitioned to 2 sub-circuits to isolate traffic.
The following traffic is isolated:

  • Traffic is isolated between your premises and Windows Azure compute services. Windows Azure compute services, namely virtual machines (IaaS) and cloud services (PaaS) deployed within a virtual network are covered.
  • Traffic is isolated between your premises and Windows Azure services hosted on public IP addresses.
    The services that are supported are:- Compute (Virtual Network, Cloud Services, and Virtual Machines)- Storage

You can choose to enable one or both types of connectivity through your circuit. You will be able to connect to all supported Windows Azure services through the circuit only if you configure both options mentioned above.
Note the following:

  • If you connect to Windows Azure through a network service provider, the networks service provider takes care of configuring routes to all the services. Work with your network service provider to have routes configured appropriately.
  • If you are connecting to Windows Azure through an exchange provider location, you will need a pair of physical cross-connections and on each of them you will need to configure a pair of BGP sessions per physical cross connection (one public peering and one for private peering) in order to have a highly available link.

Connecting Through an Exchange Provider – Workflow

The flow diagram below lists out the steps you must perform in order to enable connectivity to Windows Azure through an exchange provider. Before you start your configuration in Windows Azure, you must ensure that you have a pair of 1Gbps/10Gbps cross connections established between your network and the exchange provider’s Ethernet exchange infrastructure.

After you understand the workflow below, see Configure an ExpressRoute Connection through an Exchange Provider for step-by-step configuration instructions.

Connectivity_ExchangeProvider

Advertisements