Microsoft Azure ExpressRoute is a connector that uses a connectivity provider to extend your on-premises networks into the Microsoft Azure and Microsoft 365 clouds over a private connection.
Azure ExpressRoute supports any-to-any (IP VPN) network and point-to-point Ethernet networks. If you are using a colocation facility, you can take advantage of virtual cross-connection via a connectivity provider.
ExpressRoute achieves connections that are typically faster and more secure by connections, never going over the public Internet.
Requirements for Using Azure ExpressRoute
Once all requirements for running ExpressRoute are met, your connections will work the following way.
How ExpressRoute Connections Work
Source: Microsoft
For using Microsoft cloud services through ExpressRoute, you need to make sure that the below prerequisites are in place:
Azure Account Requirements
- You need an active Microsoft Azure account. You set up the ExpressRoute circuits, which are resources within your Azure subscriptions through your Azure account. An Azure subscription is required for Microsoft 365 cloud services too.
- You need an active Microsoft 365 subscription for Microsoft 365 services in the cloud.
Connectivity Provider Requirements
- You need an ExpressRoute connectivity provider to connect to the Microsoft cloud.
- You need a cloud exchange provider to connect to the Microsoft cloud if your provider is not an ExpressRoute connectivity partner.
Network Requirements
Azure ExpressRoute comes with a number of network requirements your organization should meet before you can use this tool.
- You need to establish redundant BGP sessions between Microsoft’s routers and the peering routers on each ExpressRoute circuit. This requirement is in force even when you run only one physical connection to a cloud exchange.
- You need to have at least two ExpressRoute circuits in different peering locations to establish an adequate redundancy level.
- You or your provider should set up and manage the BGP sessions for routing domains.
- You need to translate any private IP addresses you are using within your on-premises network into public IP addresses.
- You need to follow the QoS requirements for services such as Skype for Business to work.
Core Features of Azure ExpressRoute
ExpressRoute offers a variety of advanced networking functionalities to expand your on-premises networks in the Microsoft cloud. Some of the core features of Azure ExpressRoute include.
Layer 3 Connectivity
Azure ExpressRoute is using the BGP dynamic routing protocol to exchange routes between your on-premises network, your instances in Azure and public Microsoft IP addresses. Different traffic profiles use multiple BGP sessions.
Redundancy
An ExpressRoute circuit always has two connections to two Microsoft Enterprise edge routers (MSEEs) at an ExpressRoute Location. Connectivity providers employ redundant devices to ensure redundancy of your connections to Microsoft. You must have a redundant Layer 3 connectivity configuration to make sure Microsoft’s Service Level Agreement (SLA) is valid.
Connectivity
Azure ExpressRoute offers rich connectivity options for both your on-premises networks and regional and global Microsoft cloud-based networks. With a valid Azure account and if all requirements are met, you can have connections to the Microsoft Azure and Microsoft 365 services.
These services in turn enable you to benefit from the following connectivity options:
Access Regions within a Geopolitical Region
When you connect to Microsoft in one of their peering locations, you get immediate access to regions within the respective geopolitical region.
What it means is that if you connect in Milan, you will have access to all cloud services hosted across Northern and Western Europe.
Premium Global Connectivity
If you need to have access to service outside the boundaries of a geopolitical region, you can activate ExpressRoute Premium to get extend connectivity.
This service tier enables you to access all Microsoft cloud services hosted in all regions all over the world.
Local Connectivity
A feature called Local SKU enables you to transfer your data to an ExpressRoute location near an Azure region you select. Thus, you get cost efficiency while data transfer is included in the ExpressRoute port fees.
On-premises Connectivity
With ExpressRoute Global Reach, you can exchange data across your on-premises sites. ExpressRoute Global Reach enables you to connect confidential data centers through your ExpressRoute circuits while the cross-data-center traffic will pass through Microsoft's network.
National Clouds
You can connect to an isolated cloud environment, which operates in a specific geopolitical region or customer segment.
ExpressRoute Direct
With ExpressRoute Direct, you can benefit from direct connections to Microsoft’s global network at peering locations across the world. ExpressRoute Direct supports dual 100-Gbps connectivity, which enables for Active/Active connectivity at scale.
ExpressRoute Pricing and Billing
Azure ExpressRoute offers three billing models designed to fit the needs of different organizations and use case scenarios.
- Unlimited data.
- You pay a monthly fee while all inbound and outbound data transfer is free of charge.
- Metered data.
- You pay a monthly fee and all inbound data transfer is free of charge. You are charged per GB of outbound data transfer while rates vary by region.
- ExpressRoute premium add-on.
- ExpressRoute premium is an add-on that increases routes from 4,000 to 10,000 for Azure public and private peering, provides global connectivity for services and increases the number of VNet links per ExpressRoute circuit.
How Unlimited Data Plans Work in ExpressRoute
Source: Microsoft
Conclusion
Azure ExpressRoute provides your organization with several benefits concerning the expandability of your on-premises networks with the Azure and Microsoft 365 cloud infrastructures.
It enables you to connect to cloud services locally and globally while getting a scalable and redundant service.
Interested in Microsoft Azure Sentinel?
Datashield has helped clients successfully implement Microsoft Azure Sentinel.