This document is the second part of on-boarding: Azure Infrastructure document. In the previous document “What should we know about ExpressRoute” has been explained. Here is explained how to configure ExpressRoute.
ExpressRoute peering requirements
- BGP sessions for routing domains have to be configured (either by organization or expressroute provider)
- For each expressroute circuite, mirosoft requires redundant BGP sessions between Microsoft’s router and your peering router.
- Either organization or expressroute provider needs to translate on-prem private Ip addresses to public IP addresses by using a NAT service (Microsoft peering accepts only public IP addresses).
- Reserve several blocks of IPs in network for routing traffic to microsoft cloud
- two /30 subnets for primary and secondary circuites
- first address in subnet for communicate with cloud services
- second address to establish a BGP session
ExpressRoute peering schemes
- to connect to Iaas and Paas that are developed in vnet. Resources must be deployed in vnet with private IP. We cannot access resources with public IP over private peering.
- to connect to azure pass services e.g. office 365, dynamic 365
Create ExpressRoute Circuite and Peering
- Creating by Azure UI, CLI, and Powershell
- Circuite name, Provider, Peering location, Bandwidth, Sku, Billing model, subscription, Resource Group, Location
- Sku Standard : for up to 10 vnet and connect to resources in the same geopolitical regions
- Provider status must be provisioned and circuit status must be enabled
- Service key must be shared with provider. It’s the only authentication method.