Understanding MS Azure ExpressRoute Circuits and Peering

Blog ENG - MS Azure - Post 1 2024

In today’s cloud-centric world, seamless and secure connectivity between on-premises infrastructure and cloud services is crucial. Microsoft Azure’s ExpressRoute offers a robust solution for this need. Let’s dive into the details of ExpressRoute circuits and peering to understand how they work and their benefits.

What is an ExpressRoute Circuit?
An ExpressRoute circuit is a logical connection that links your on-premises infrastructure to Microsoft cloud services through a connectivity provider. You can have multiple ExpressRoute circuits, each potentially in different regions and connected through various connectivity providers. Each circuit is identified by a unique service key (s-key), a standard GUID used for communication between Microsoft, the connectivity provider, and you.

Key Features of ExpressRoute Circuits

Multiple Circuits: You can establish multiple circuits, each with different connectivity providers and regions.
Service Key (s-key): A unique identifier for each circuit, facilitating communication and management.
Independent Peerings: New circuits can include two independent peerings—Private and Microsoft—each with redundant BGP sessions for high availability.
Fixed Bandwidth: Circuits come with fixed bandwidth options ranging from 50 Mbps to 10 Gbps, shared across all peerings.

ExpressRoute Peering
ExpressRoute circuits support two primary routing domains or peerings: Azure Private and Microsoft. Each peering is configured identically on a pair of routers to ensure high availability.

Azure Private Peering
Azure Private Peering connects your on-premises network to Azure compute services, such as virtual machines (IaaS) and cloud services (PaaS), within a virtual network. This peering acts as a trusted extension of your core network into Azure, allowing bi-directional connectivity between your core network and Azure virtual networks (VNets). You can connect multiple VNets to the private peering domain, enabling direct access to virtual machines and cloud services via their private IP addresses.

Microsoft Peering
Microsoft Peering is designed for accessing Microsoft online services, including Microsoft 365, Azure PaaS services, and Microsoft PSTN services. This peering enables bi-directional connectivity between your WAN and Microsoft cloud services over public IP addresses. It’s essential to adhere to all defined rules and ensure that the public IP addresses are owned by you or your connectivity provider.

Peering Comparison
When comparing Private Peering and Microsoft Peering, there are several key differences to consider:

Maximum Number of IPv4 Prefixes: Private Peering supports up to 4000 IPv4 prefixes by default, and up to 10,000 with ExpressRoute Premium. In contrast, Microsoft Peering supports up to 200 IPv4 prefixes.
Maximum Number of IPv6 Prefixes: Private Peering supports up to 100 IPv6 prefixes, while Microsoft Peering supports up to 200 IPv6 prefixes.
IP Address Ranges: Private Peering supports any valid IP address within your WAN, whereas Microsoft Peering requires public IP addresses owned by you or your connectivity provider.
AS Number Requirements: For Private Peering, you can use private and public AS numbers, but you must own the public AS number if you choose to use one. For Microsoft Peering, you can set private and public AS numbers for peer ASN, but you must prove ownership of public IP addresses.
IP Protocols Supported: Both peerings support IPv4 and IPv6.
Routing Interface IP Addresses: Private Peering supports RFC1918 and public IP addresses, while Microsoft Peering requires public IP addresses registered to you in routing registries.
MD5 Hash Support: Both peerings support MD5 hash.

Monitoring ExpressRoute Health
Monitoring the health and performance of your ExpressRoute circuits is crucial. ExpressRoute Network Insights provides tools to monitor availability, connectivity to VNets, and bandwidth utilization. Additionally, Connection Monitor for ExpressRoute helps track the health of both Azure Private Peering and Microsoft Peering.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.