Notes from MS Learn AZ-700 Module 3: Design and Implement Azure ExpressRoute – Unit 10: Troubleshoot ExpressRoute Connection Issues
Azure net eng supporting ExpressRoute will have to diag and resolve connection issues.
ExpressRoute connectivity has 3 traditional zones
- Customer Network
- Provider Network
- MS DC
Offered with ExpressRoute Direct (10/100Gbps) customer can connect to MS Enterprise Edge routers directly meaning no provider network zone
- Verify circuit provisioning and state via Azure Portal
- Provisioning ExpressRoute creates redundant L2 connections between CE/PE-MSEE (2)/(4) and MSEE (5)
- Service Key is unique ID for ExpressRoute Circuit – required by partner to tshoot if assistance needed
- Steps
- In Azure Portal find ExpressRoute Circuit
- Under essentials status and enabled values are displayed
- Circuit status = MS side status
- Provider status = Provisions or Not provisioned
- Must be Circuit status:Enabled and Provider status: Provisioned to be operational
- Under essentials status and enabled values are displayed
- In Azure Portal find ExpressRoute Circuit
- Provisioning ExpressRoute creates redundant L2 connections between CE/PE-MSEE (2)/(4) and MSEE (5)
- Validate peering config
- Once SP provisions ExpressRoute Circuit, multiple eBGP routing configs possible between Ces/MSEE-Pes and MSEEs as noted above
- Each ExpressRoute circuit can have
- Azure private peering
- Microsoft peering
- Both
- Check peering under the ExpressRoute in Azure Portal
- In IPVPN model, SP handles config of peer (L3)
- After configured if peering blank refresh to pull current routing config from circuit
- Validate ARP
- ARP (RFC 826) is L2 mapping of MAC to IP. Used to validate L2 config and tshoot basic L2 issues
- ARP Table provides mapping for individual peering’s.
- Map of on-prem router int IP to MAC
- Map of ExpressRoute router int to MAC
- Age of mapping ARP can validate L2 config and tshoot basic L2 connectivity
- Next Steps
- Validate L3 config of ExpressRoute Circuit
- Get route summary for BGP status validation
- Get route table to see prefixes advertised via ExpressRoute
- Validate in/out bytes
- Open MS Support ticket if still issues
- Validate L3 config of ExpressRoute Circuit
- ExpressRoute monitoring tools
- Uses Network insights for detailed topo mapping of all ExpressRoute components such as peering’s, connections, gateways). Also has preloaded metrics dashboard for availability, throughput, drops, gateway metrics.
- Analyze metric for ExpressRoute from other Azure services using explorer
- Open Metrics from Azure Monitor menu
- View ExpressRoute metrics: filter by resource type ExpressRoute circuits
- View Global Reach metrics: filter by resource type ExpressRoute circuits > select ExpressRoute circuit that has Global Reach enabled
- View ExpressRoute Direct metrics: filter by resource type > ExpressRoute Ports
- Open Metrics from Azure Monitor menu