For those of you that might have been living under a rock, ExpressRoute is Microsoft's network service for connecting on-premises environments to services within Microsoft’s cloud, Azure, and Office 365. Sometimes it can be confusing where to start. ExpressRoute provides guaranteed bandwidth and latency and can give you predictable performance when accessing Azure and Microsoft cloud services.
So, what do I need to do? ExpressRoute involves configuration and components both on-premises and in the cloud.
The key elements of ExpressRoute?
- A physical connection through a connectivity provider (if you’re in Australia and are in federal government and have access to ICON, contact CDC directly)
- A circuit
- A peering relationship
- An ExpressRoute Gateway.
- Increased business capability through integration between on-premises and cloud services.
- The ability to leverage cloud capabilities for backup and disaster recovery at greatly reduced costs
- Faster deployment of new applications and services
- Reduced management costs through consolidated cloud and on-premises management tools.
The first thing you need is a physical connection from your network to the Microsoft network. This physical link is obtained through a registered connectivity provider.
There are three models for the physical link; Cloud Exchange Co-Location, Point-to- Cloud Exchange Co-Location, Point-to-Point Ethernet, and Any-to-any (IPVPN). For federal government in Canberra, this might also mean ICON.
Cloud Exchange Co-Location is when you are in the same data centre as the Connectivity Provider and just need cables run from their rack to yours. See also ICON – we can help you out with this scenario.
Point-to-Point Ethernet is when you might want to connect one on-premises location and the Connectivity Provider gives you a link from your site to their data centre and extends it into Microsoft. Lastly, the any-to-any (IPVPN) is where you have multiple sites connected through a WAN and the Connectivity Provider adds a connection from your WAN to Microsoft.
In addition to the physical link, ExpressRoute requires a ‘circuit’, which is your dedicated path through the Microsoft backbone network. The circuit is configured through the Azure portal and the key configuration items are the connectivity provider, peering location and bandwidth (from 50 Mbps to 10 Gbps). With the physical link and circuit in place, you’ll now need two Border Gateway Protocol (BGP) routers to manage the logical connections and exchange routes with the Microsoft routers. You also need to define two /30 subnets, one for each router.
The IP addresses that you use for these subnets depends on the type of peering you want to set up. There are two types of peering; ‘Private Peering’ and ‘Microsoft Peering’.
Private Peering is used to connect your on-premises networks to your private Virtual Networks (VNets) in your Azure subscriptions. Microsoft Peering is used to connect to Azure Platform as a Service (PaaS) offerings such as SQL DB and Storage, as well as Office 365 services including Exchange Online, Dynamics 365 and SharePoint Online.
With Microsoft Peering, no services are available by default and must be specifically added based on your requirements. Office 365 services also require specific authorisation. Private Peering can be configured with private IP addresses, but Microsoft Peering requires public IP addresses. This is important!
With the physical link, circuit and peering in place, you now need to connect your Azure virtual networks to the circuit to provide end-to-end connectivity. This requires an ExpressRoute Gateway, which is available through the Azure Marketplace.
The ExpressRoute Gateway is available in 1 Gbps, 2 Gbps and 9 Gbps and is configured with a connection to the circuit. You can only have one ExpressRoute Gateway per virtual network, and you can specify which IP subnets on-premises and in your virtual networks are reachable through the ExpressRoute connection. For government customers who understand “…you can’t just connect government to cloud”, reach out so we can explain to you how we’re enabling public cloud adoption in the public sector.