Azure ExpressRoute

Gayatri BarhateGayatri Barhate
6 min read

Table of contents

ExpressRoute connections don't go over the public Internet. This allows ExpressRoute connections to offer more reliability, faster speeds, consistent latencies, and higher security than typical connections over the Internet. ExpressRoute lets you extend your on-premises networks into the Microsoft Cloud over a private connection with the help of a connectivity provider. With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure and Microsoft 365.

Image by Microsoft Learn

Features

Layer 3 connectivity

Microsoft uses BGP, an industry-standard dynamic routing protocol, to exchange routes between your on-premises network, your instances in Azure, and Microsoft public addresses.

Redundancy

Each ExpressRoute circuit consists of two connections to two Microsoft Enterprise edge routers (MSEEs) at an ExpressRoute Location from the connectivity provider or your network edge. Microsoft requires dual BGP connections from the connectivity provider or your network edge – one to each MSEE.

Connectivity to Microsoft Cloud services

ExpressRoute connections enable access to the following services:

  • Microsoft Azure services

  • Microsoft 365 services

Connectivity to all regions within a geopolitical region

If you connect to Microsoft in Amsterdam through ExpressRoute. You'll have access to all of Microsoft cloud services hosted in North and West Europe.

Global connectivity with ExpressRoute Premium

You can enable ExpressRoute Premium to extend connectivity across geopolitical boundaries. For example, you'll have access to services deployed in West US or Australian East the same way you access North and West Europe regions. National clouds are excluded.

Local connectivity with ExpressRoute Local

You can transfer data cost-effectively by enabling the Local SKU. With Local SKU, you can bring your data to an ExpressRoute location near the Azure region you want.

Connectivity to national clouds

Microsoft operates isolated cloud environments for special geopolitical regions and customer segments.

ExpressRoute Direct

ExpressRoute Direct provides customers the opportunity to connect directly into Microsoft’s global network at peering locations strategically distributed across the world. ExpressRoute Direct provides dual 100-Gbps connectivity, which supports Active/Active connectivity at scale.

Bandwidth options

You can purchase ExpressRoute circuits for a wide range of bandwidths. The supported bandwidths are listed as followed. Be sure to check with your connectivity provider to determine the bandwidths they support.

  • 50 Mbps

  • 100 Mbps

  • 200 Mbps

  • 500 Mbps

  • 1 Gbps

  • 2 Gbps

  • 5 Gbps

  • 10 Gbps

Dynamic scaling of bandwidth

You can increase the ExpressRoute circuit bandwidth without having to tear down your connections.

Flexible billing models

You can select a billing model that works best for you:

  • Unlimited data. Billing is based on a monthly fee; all inbound and outbound data transfer is included free of charge.

  • Metered data. Billing is based on a monthly fee; all inbound data transfer is free of charge. Outbound data transfer is charged per GB of data transfer. Data transfer rates vary by region.

ExpressRoute premium add-on. ExpressRoute premium is an add-on to the ExpressRoute circuit. The ExpressRoute premium add-on provides the following capabilities:

  • Increased route limits for Azure public and Azure private peering from 4,000 routes to 10,000 routes.

  • Global connectivity for services. An ExpressRoute circuit created in any region (excluding national clouds) will have access to resources across every other region in the world. For example, a virtual network created in West Europe can be accessed through an ExpressRoute circuit provisioned in Silicon Valley.

  • Increased the number of VNet links per ExpressRoute circuit from 10 to a larger limit, depending on the bandwidth of the circuit.

Quickstart: Create and modify an ExpressRoute circuit using Azure CLI

Sign in to your Azure account and select your subscription. On the top-right, you will see an icon that will say, Cloud Shell. Click on it and switch to bash.

Get the list of supported providers, locations, and bandwidths

Before you create an ExpressRoute circuit, you need the list of supported connectivity providers, locations, and bandwidth options.

az network express-route list-service-providers

Output:

 {
    "bandwidthsOffered": [
      {
        "offerName": "50Mbps",
        "valueInMbps": 50
      },
      {
        "offerName": "100Mbps",
        "valueInMbps": 100
      },
      {
        "offerName": "200Mbps",
        "valueInMbps": 200
      },
      {
        "offerName": "500Mbps",
        "valueInMbps": 500
      },
      {
        "offerName": "1Gbps",
        "valueInMbps": 1000
      },
      {
        "offerName": "2Gbps",
        "valueInMbps": 2000
      },
      {
        "offerName": "5Gbps",
        "valueInMbps": 5000
      },
      {
        "offerName": "10Gbps",
        "valueInMbps": 10000
      }
    ],
    "id": "/subscriptions//resourceGroups//providers/Microsoft.Network/expressRouteServiceProviders/",
    "name": "Telstra Corporation",
    "peeringLocations": [
      "Melbourne",
      "Singapore",

      "Sydney"
    ],
    "provisioningState": "Succeeded",
    "resourceGroup": "",
    "type": "Microsoft.Network/expressRouteServiceProviders"
  },

Check the response to see if your connectivity provider is listed. Make a note of the following information, which you'll need when you create a circuit:

  • Name

  • PeeringLocations

  • BandwidthsOffered

You're now ready to create an ExpressRoute circuit.

Note: Your ExpressRoute circuit is billed from the moment a service key is issued. Perform this operation when the connectivity provider is ready to provision the circuit.

Create an ExpressRoute circuit

Create a Resource Group.

az group create -n ExpressRouteResourceGroup -l "East US 2"

Now create an ExpressRoute circuit

az network express-route create --bandwidth 200 -n MyFirstCircuit --peering-location "Sydney" -g ExpressRouteResourceGroup --provider "Telstra Corporation" -l "East US 2" --sku-family MeteredData --sku-tier Standard

  • Bandwidth: 200 Mbps

  • Circuit Name: MyFirstcircuit

  • Location: Choose one of the locations as many will be provided

  • Specify Resource Group

  • Connectivity Provider name

  • Location

  • SKU tier

Output:

{
  "allowClassicOperations": false,
  "authorizations": [],
  "circuitProvisioningState": "Enabled",
  "etag": "W/\"ca3a6985-edfb-4fe3-b209-c666162f6e0d\"",
  "gatewayManagerEtag": "",
  "globalReachEnabled": false,
  "id": "/subscriptions/9605207f-d7dd-4101-a792-949e2ca2e234/resourceGroups/ExpressRouteResourceGroup/providers/Microsoft.Network/expressRouteCircuits/MyFirstCircuit",
  "location": "eastus2",
  "name": "MyFirstCircuit",
  "peerings": [],
  "provisioningState": "Succeeded",
  "resourceGroup": "ExpressRouteResourceGroup",
  "serviceKey": "cdab9ddb-7c34-4226-850a-a39bf659376c",
  "serviceProviderProperties": {
    "bandwidthInMbps": 200,
    "peeringLocation": "Sydney",
    "serviceProviderName": "Telstra Corporation"
  },
  "serviceProviderProvisioningState": "NotProvisioned",
  "sku": {
    "family": "MeteredData",
    "name": "Standard_MeteredData",
    "tier": "Standard"
  },
  "stag": 2,
  "type": "Microsoft.Network/expressRouteCircuits"
}

The response contains the service key.

List all ExpressRoute circuits

To get a list of all the ExpressRoute circuits that you created, run the az network express-route list command. You can retrieve this information at any time by using this command. To list all circuits, make the call with no parameters.

az network express-route list

Your service key is listed in the ServiceKey field of the response.

[
  {
    "allowClassicOperations": false,
    "authorizations": [],
    "circuitProvisioningState": "Enabled",
    "etag": "W/\"ca3a6985-edfb-4fe3-b209-c666162f6e0d\"",
    "gatewayManagerEtag": "",
    "globalReachEnabled": false,
    "id": "/subscriptions/9605207f-d7dd-4101-a792-949e2ca2e234/resourceGroups/ExpressRouteResourceGroup/providers/Microsoft.Network/expressRouteCircuits/MyFirstCircuit",
    "location": "eastus2",
    "name": "MyFirstCircuit",
    "peerings": [],
    "provisioningState": "Succeeded",
    "resourceGroup": "ExpressRouteResourceGroup",
    "serviceKey": "cdab9ddb-7c34-4226-850a-a39bf659376c",
    "serviceProviderProperties": {
      "bandwidthInMbps": 200,
      "peeringLocation": "Sydney",
      "serviceProviderName": "Telstra Corporation"
    },
    "serviceProviderProvisioningState": "NotProvisioned",
    "sku": {
      "family": "MeteredData",
      "name": "Standard_MeteredData",
      "tier": "Standard"
    },
    "stag": 2,
    "type": "Microsoft.Network/expressRouteCircuits"
  }
]

Send the service key to your connectivity provider for provisioning

'ServiceProviderProvisioningState' provides information about the current state of provisioning on the service-provider side.

When you create a new ExpressRoute circuit, the circuit is following:

Output

"serviceProviderProvisioningState": "NotProvisioned"
"circuitProvisioningState": "Enabled"

The circuit changes to the following state when the connectivity provider is currently enabling it for you:

Output

"serviceProviderProvisioningState": "Provisioning"
"circuitProvisioningState": "Enabled"

To use the ExpressRoute circuit, it must be in the following state:

Output

"serviceProviderProvisioningState": "Provisioned"
"circuitProvisioningState": "Enabledhgzhag

Periodically check the status and the state of the circuit key

After the circuit has been configured, ServiceProviderProvisioningState appears as Provisioned

az network express-route show --resource-group ExpressRouteResourceGroup --name MyFirstCircuit

{
  "allowClassicOperations": false,
  "authorizations": [],
  "circuitProvisioningState": "Enabled",
  "etag": "W/\"ca3a6985-edfb-4fe3-b209-c666162f6e0d\"",
  "gatewayManagerEtag": "",
  "globalReachEnabled": false,
  "id": "/subscriptions/9605207f-d7dd-4101-a792-949e2ca2e234/resourceGroups/ExpressRouteResourceGroup/providers/Microsoft.Network/expressRouteCircuits/MyFirstCircuit",
  "location": "eastus2",
  "name": "MyFirstCircuit",
  "peerings": [],
  "provisioningState": "Succeeded",
  "resourceGroup": "ExpressRouteResourceGroup",
  "serviceKey": "cdab9ddb-7c34-4226-850a-a39bf659376c",
  "serviceProviderProperties": {
    "bandwidthInMbps": 200,
    "peeringLocation": "Sydney",
    "serviceProviderName": "Telstra Corporation"
  },
  "serviceProviderProvisioningState": "NotProvisioned",
  "sku": {
    "family": "MeteredData",
    "name": "Standard_MeteredData",
    "tier": "Standard"
  },
  "stag": 2,
  "type": "Microsoft.Network/expressRouteCircuits"
}

To update the ExpressRoute circuit bandwidth

az network express-route update -n MyFirstCircuit -g ExpressRouteResourceGroup --bandwidth 1000

To move the SKU from metered to unlimited

az network express-route update -n MyFirstCircuit -g ExpressRouteResourceGroup --sku-family UnlimitedData

Hence we have created an ExpressRoute Circuit or path that uses Microsoft's global private network.

Clean up resources

az network express-route delete  -n MyFirstCircuit -g ExpressRouteResourceGroupcode

Stay tuned for more Azure Network Services Tutorials!

Follow me here Gayatri Barhate

0
Subscribe to my newsletter

Read articles from Gayatri Barhate directly inside your inbox. Subscribe to the newsletter, and don't miss out.

AzureCloudReliabilityExpressroutebandwidth

Written by

Gayatri Barhate
Gayatri Barhate

My name is Gayatri Barhate, and I am an IT professional with a focus on Azure. I enjoy exploring cloud computing concepts and sharing my insights through blogging. My writing covers various Azure topics, from basic principles to advanced features, aiming to help readers understand and leverage Azure technologies effectively. I am passionate about continuous learning and strive to create content that is both informative and accessible to all skill levels.