November 27, 2020 3 min read

Azure ExpressRoute: Private Connectivity to Azure

ExpressRoute creates private connections between your datacenter and Azure. Dedicated bandwidth, predictable latency, no public internet exposure.

ExpressRoute Models

Model	Description
CloudExchange	Co-location at exchange provider
Point-to-Point	Ethernet connection to Azure
Any-to-Any	MPLS/IPVPN integration
ExpressRoute Direct	Direct 10/100 Gbps ports

Creating ExpressRoute Circuit

# Create circuit
az network express-route create \
    --name my-expressroute \
    --resource-group myRG \
    --location eastus \
    --bandwidth 1000 \
    --peering-location "Silicon Valley" \
    --provider "Equinix" \
    --sku-tier Standard \
    --sku-family MeteredData

Peerings

Azure Private Peering

# Connect to VNets
az network express-route peering create \
    --circuit-name my-expressroute \
    --resource-group myRG \
    --peering-type AzurePrivatePeering \
    --peer-asn 65100 \
    --primary-peer-subnet 192.168.1.0/30 \
    --secondary-peer-subnet 192.168.2.0/30 \
    --vlan-id 100 \
    --shared-key "secretkey123"

Microsoft Peering

# Connect to Microsoft 365, Dynamics
az network express-route peering create \
    --circuit-name my-expressroute \
    --resource-group myRG \
    --peering-type MicrosoftPeering \
    --peer-asn 65100 \
    --primary-peer-subnet 203.0.113.0/30 \
    --secondary-peer-subnet 203.0.113.4/30 \
    --vlan-id 200 \
    --advertised-public-prefixes 203.0.113.0/24

Link to Virtual Network

# Create gateway subnet
az network vnet subnet create \
    --vnet-name myVNet \
    --resource-group myRG \
    --name GatewaySubnet \
    --address-prefix 10.0.255.0/27

# Create ExpressRoute gateway
az network vnet-gateway create \
    --name myERGateway \
    --resource-group myRG \
    --vnet myVNet \
    --gateway-type ExpressRoute \
    --sku Standard

# Create connection
az network vpn-connection create \
    --name myERConnection \
    --resource-group myRG \
    --vnet-gateway myERGateway \
    --express-route-circuit2 /subscriptions/.../expressRouteCircuits/my-expressroute

ExpressRoute Global Reach

Connect circuits across regions:

az network express-route peering connection create \
    --circuit-name circuit1 \
    --peering-name AzurePrivatePeering \
    --resource-group myRG \
    --name globalreach-connection \
    --peer-circuit /subscriptions/.../expressRouteCircuits/circuit2 \
    --address-prefix 10.0.0.0/29

FastPath

Ultra-low latency for performance-critical workloads:

az network vpn-connection update \
    --name myERConnection \
    --resource-group myRG \
    --express-route-gateway-bypass true

Redundancy

On-Premises          Azure
┌─────────┐         ┌─────────┐
│         │ Circuit1│         │
│  Router ├────────→│ ER GW   │
│    1    │         │    1    │
└─────────┘         └─────────┘
┌─────────┐         ┌─────────┐
│         │ Circuit2│         │
│  Router ├────────→│ ER GW   │
│    2    │         │    2    │
└─────────┘         └─────────┘

Monitoring

# Get circuit stats
az network express-route get-stats \
    --name my-expressroute \
    --resource-group myRG

# Check peering state
az network express-route peering show \
    --circuit-name my-expressroute \
    --resource-group myRG \
    --name AzurePrivatePeering \
    --query "peeringState"

Bandwidth SKUs

Bandwidth	Monthly Cost (MeteredData)
50 Mbps	~$55
100 Mbps	~$110
200 Mbps	~$220
500 Mbps	~$550
1 Gbps	~$1,100
10 Gbps	~$5,500

ExpressRoute: enterprise-grade private connectivity to Azure.