Microsoft AZ-700: Explore Azure ExpressRoute

Reading Time: 3 minutes

Notes from MS Learn AZ-700 Module 3: Design and Implement Azure ExpressRoute – Unit 2: Explore Azure ExpressRoute

ExpressRoute extends on-prem to Microsoft cloud via private connection with assistance of a provider. Creates connections to MS Cloud Services like Azure and MS 365. It can be any-to-any (IP VPN), point-to-point Ethernet, or virtual cross-connect through provider colo. Since no internet ExpressRoute connections are more reliable, faster, latency consistent, higher security.

  • ExpressRoute Capabilities
    • Key benefits
      • L3 connection between on-prem and MS Cloud via provider
      • Can be any-to-any (IPVPN), Point-to-Point Ethernet, Virtual Cross-Connect through an Ethernet Exchange
      • Connection to MS Cloud Services over all regions in a geopolitical region
      • Global connectivity to MS across all regions (with ExpressRoute premium)
      • Built-in redundancy in every peering location
    • Used to create private connectivity between Azure DC/infrastructure on-prem or a colo
    • Increased reliability, speed, and lower latency since it doesn’t go over the internet
  • Understand Use Cases for Azure ExpressRoute
    • Faster/Reliable connection to Azure
      • Not reliant on internet
      • Can be cheaper for on-prem or colo facility data transfer to Azure
    • Storage/Backup/Recovery
      • Gast Reliable connection to Azure
      • Bandwidths up to 100 Gbps
      • Great for periodic data migration/replication/DR/addition HA strategy
    • Extend DC Capabilities
      • Connect and add computer/storage capacity to existing DCs
      • High throughput and low latencies feel like natural extension
    • Predictable/reliable/high throughput connectivity
      • Build apps that span on-prem and Azure without compromising privacy/performance
      • Example run intranet app in Azure with auth against on-prem AD
      • Corp customers don’t have to route over public internet
  • ExpressRoute Connectivity Models
    • Many models available for on-prem/colo to the cloud in Azure. Examples
      • Co-location at Cloud Exchange
        • Facility with cloud exchange virtual cross-connects to MS cloud from providers Ethernet exchange
        • Colo provider offer either L2 or managed L3 cross connection between infrastructure and MS Cloud
      • Point-to-Point Ethernet
        • Provider can offer L2 or L3 between on-prem and MS Cloud
      • Any-to-Any (IPVPN)
        • Provider offer any-to-any between branch offices and DCs
        • MS Cloud can be interconnected to your WAN to look as a branch office
        • WAN provider typically offer manage L3
      • Direct from ExpressRoute
        • Dual 100 GbPS or 10Gbps
        • Active/Active at scale
  • Design Consideration for ExpressRoute Deployments
    • Choose model based on key considerations
      • ExpressRoute Direct
        • Connects direct to MS global network at peering location (distributed around world)
        • Dual 100 or 10 Gbps
        • Active/Active
        • Can work with any SP for ExpressRoute Direct
        • Features
          • Massive Data Ingest into services E.g. Storage and Cosmos DB
          • Physical isolation for regulated industries E.g. Bank, Gov, Retail
          • Granular control of circuit distribution per business unit
        • ExpressRoute Direct vs. Service Provider (Table from MS Learn)
  • Design Redundancy for an ExpressRoute deployment
    • Two ways to plan redundancy
      • Configure ExpressRoute and Site-to-Site coexisting
        • Advantages
          • Secure failover path for ExpressRoute
          • Connect to sites not connected through ExpressRoute
          • Zero downtime when adding new gateway or gateway connection
        • Network Limits and limitations
          • Route-Based VPN gateways only
          • ASN of Azure VPN Gateway must be 65515
          • Gateway subnet must be /27 or shorter
          • Dual stack VNet not supported
      • Create zone redundant virtual network gateway in Azure Availability Zones
        • VPN and ExpressRoute gateways can be deployed in Availability Zones
        • This physically and logically separates gateways in a region
        • Protects on-prem to Azure from zone-level failures
        • Zone-redundant gateways
          • Automatically deploy virtual network gateways across availability zones by using zone-redudant virtual gateways.
          • These benefit from zone-resiliency for mission critical services in Azure
        • Zonal Gateways
          • Used to. Deploy gateway in specific zone
          • When deployed, all instance deployed in same Availability Zone
        • Gateway SKUs
          • SKUs similar to corresponding existing SKKUs for ExpressRoute and VPN Gateway
          • Exception: they are specific SKU’s identifiable by AZ in SKU name
        • Public IP SKUs
          • Both Zone-redundant and Zonal GW require Azure Public IP resource Standard
  • Configure a Site-to-Site VPN as a Failover Path for ExpressRoute
    • Applies only to VNets linked to Azure private peering path
    • No VPN-based failover for services reachable through Azure MS Peering
    • ExpressRoute circuit always primary
    • Data through Site-to-Site VPN only if ExpressRoute circuit failure
    • Avoid asymmetrical routing, local config should also prefer ExpressRoute over Site-to-Site path
    • Set higher local pref to ExpressRoute received routes
Share this article:

Permanent link to this article: https://www.packetpilot.com/microsoft-az-700-explore-azure-expressroute/

Leave a Reply

Your email address will not be published.