This document is the second part of on-boarding: Azure Infrastructure document. In the previous document “What should we know about ExpressRoute” has been explained. Here is explained how to configure ExpressRoute.
ExpressRoute peering requirements
- BGP sessions for routing domains have to be configured (either by organization or expressroute provider)
- For each expressroute circuite, mirosoft requires redundant BGP sessions between Microsoft’s router and your peering router.
- Either organization or expressroute provider needs to translate on-prem private Ip addresses to public IP addresses by using a NAT service (Microsoft peering accepts only public IP addresses).
- Reserve several blocks of IPs in network for routing traffic to microsoft cloud
- two /30 subnets for primary and secondary circuites
- first address in subnet for communicate with cloud services
- second address to establish a BGP session
ExpressRoute peering schemes
Private peering
- to connect to Iaas and Paas that are developed in vnet. Resources must be deployed in vnet with private IP. We cannot access resources with public IP over private peering.
Microsoft peering
- to connect to azure pass services e.g. office 365, dynamic 365
Create ExpressRoute Circuite and Peering
- Creating by Azure UI, CLI, and Powershell
- Circuite name, Provider, Peering location, Bandwidth, Sku, Billing model, subscription, Resource Group, Location
- Sku Standard : for up to 10 vnet and connect to resources in the same geopolitical regions
- Provider status must be provisioned and circuit status must be enabled
- Service key must be shared with provider. It’s the only authentication method.
