Azure ExpressRoute: Virtual Private Cloud Connections

Organizations are using cloud services in a big way to handle workloads efficiently and quickly. This may contain sensitive information which is flowing over the public internet in the cloud and can make it vulnerable to attacks. A secure private connection to cloud services is required to enhance security. 

Cloud integration solutions are a key component of connectivity between service provider data centres and on premises or co-hosted environments. These provide higher security, more reliability, faster speed and lower latencies than a typical on premises to cloud environments. This also facilitates moving large virtual machines or servers across cloud environments. 

Today we look more in detail about the Azure ExpressRoute solution, its features and use cases, advantages and disadvantages and so on.  

What is Azure ExpressRoute?

Microsoft Azure ExpressRoute solution provides dedicated private network connection between Microsoft data centres and on-premises or cloud hosted deployments. It lets you expand your on-premises network and establish connections with Microsoft cloud services such as Microsoft Azure, office 365, and CRM online. 

Connectivity could be of any to any (IP VPN) network, Point to point Ethernet network, virtual cross connection via a connectivity provider or ISP at co-located facility. Azure ExpressRoute offers 

  • more reliability due to supporting a variety of connections, 
  • lower latency and 
  • higher security as compared to standard connections over the Internet. 

Two types of vendors can connect you to Azure ExpressRoute 

  • Exchange providers who have an exchange route circuit in their data centre.
  • Network service providers who give you connection (ISP) and then relay you to Microsoft edge data centre

Traffic over ExpressRoute is not encrypted hence bring your own key from data sneaking perspective.  

Azure ExpressRoute: Connectivity Options

Azure ExpressRoute offers different types of connectivity options. We would look more in detail about them. 

  • Co-located at Cloud exchange – if you are co-located in cloud exchange facility you can order virtual cross connections via Microsoft cloud through the colocation provider’s Ethernet exchange using either layer 2 cross connections or layer 3 cross connections between your infrastructure and co-hosted facility and Microsoft cloud.
  • Point to Point Ethernet connection – they offer layer 2 or managed layer 3 connection between your site and Microsoft cloud
  • Any to Any (IP VPN) networks – it involves integration of your WAN with Microsoft cloud. IP VPN or MPLS providers offer any to any connectivity between branch offices and datacenters. It offers managed layer 3 connections. 

Azure ExpressRoute: Features

  • Layer 3 connectivity – industry standard dynamic routing protocol (BGP) is used to exchange route information between on premises networks. Multiple BGP sessions are established to handle different traffic profiles. 
  • Redundancy –  each Azure ExpressRoute circuit comprises two connections to two Microsoft Enterprise Edge routers (MSEEs) from connectivity provider /network edge. (Dual connections are required). Connectivity providers may use redundant devices to ensure connections are handed over to Microsoft in a reliable manner. 
  • Dynamic bandwidth scaling – Azure ExpressRoute circuit bandwidth can be scaled up without tearing down connections
  • Microsoft cloud services access via Azure ExpressRoute – it enables access to various services: Microsoft Azure services, Microsoft office 365 and Microsoft CRM online services
  • Within geopolitical region connectivity to all regions – Once you connect to Microsoft peering location you can access all regions within the geopolitical region. 
  • Global connectivity with Azure ExpressRoute premium add on – premium add on feature lets you extend connectivity beyond geopolitical boundaries. 
  • Rich connectivity partner ecosystem – it has a rich ecosystem of connectivity providers and ISPs.
  • Connectivity to national cloud – for special geopolitical regions and specific customer segments Microsoft operates isolated cloud environments 
  • Bandwidth options supported – wide range of bandwidths are supported. Starting from 50 Mbps to 10 Gbps. 
  • Round trip time (RTT) – is dependent on locations and regions which are going to get connected. 
  • Virtual Network gateways – Several gateway SKUs are available. The higher SKU means more CPUs and bandwidth will be allocated to the gateway hence it can support greater throughput to the virtual network. The SKUs available are standard SKU (1000 Mbps), High performance SKU (2000 Mbps) and Ultra performance SKU (9000 Mbps).
  • Availability and failover – for failover it is possible to have two different virtual private gateways – one for backup VPN and one for Azure ExpressRoute. They both can coexist on one virtual network. Each virtual network can have only one virtual network gateway per gateway type like one Azure ExpressRoute and one VPN gateway.
  • Site to site VPN failover – Site to site VPN failover can be configured as backup for Azure ExpressRoute but only possible for services accessible via azure public and Microsoft peering. However, it has some limitations such as it does not support transit routing, basic SKU gateway is not supported, only route-based VPN gateway is supported, Static route configuration is required on your VPN gateway and Azure ExpressRoute need to be configured first and linked to the circuit before adding site to site VPN gateway. 
  • Monitoring – Azure provides metrics for ExpressRoute monitoring so you can visualize or create alerts. 

Leave a Comment

Select your currency
USD United States (US) dollar