AZURE ExpressRoute
ExpressRoute Connections
ExpressRoute
Azure ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a
dedicated private connection facilitated by a connectivity provider. With ExpressRoute, you can
establish connections to Microsoft cloud services, such as Microsoft Azure, Office 365, and CRM
Online.
Make your connections fast, reliable, and private
Use Azure ExpressRoute to create private connections between Azure datacenters and infrastructure
on your premises or in a colocation environment. ExpressRoute connections don't go over the public
Internet, and they offer more reliability, faster speeds, and lower latencies than typical Internet
connections. In some cases, using ExpressRoute connections to transfer data between on-premises
systems and Azure can give you significant cost benefits.
With ExpressRoute, establish connections to Azure at an ExpressRoute location, such as an Exchange
provider facility, or directly connect to Azure from your existing WAN network, such as a multiprotocol
label switching (MPLS) VPN, provided by a network service provider.
Use a virtual private cloud for storage, backup, and recovery
ExpressRoute gives you a fast and reliable connection to Azure with bandwidths up to 100 Gbps, which
makes it excellent for scenarios like periodic data migration, replication for business continuity,
disaster recovery, and other high-availability strategies. It can be a cost-effective option for
transferring large amounts of data, such as datasets for high-performance computing applications, or
moving large virtual machines between your dev-test environment in an Azure virtual private cloud
and your on-premises production environments.
Extend and connect your datacenters
Use ExpressRoute to both connect and add compute and storage capacity to your existing datacenters.
With high throughput and fast latencies, Azure will feel like a natural extension to or between your
datacenters, so you enjoy the scale and economics of the public cloud without having to compromise
on network performance.
�Build hybrid applications
With predictable, reliable, and high-throughput connections offered by ExpressRoute, build
applications that span on-premises infrastructure and Azure without compromising privacy or
performance. For example, run a corporate intranet application in Azure that authenticates your
customers with an on-premises Active Directory service, and serve all of your corporate customers
without traffic ever routing through the public Internet.
ExpressRoute Capabilities
ExpressRoute is supported across all Azure regions and locations. The following map provides a list of
Azure regions and ExpressRoute locations. ExpressRoute locations refer to those where Microsoft
peers with several service providers. You will have access to Azure services across all regions within a
geopolitical region if you connected to at least one ExpressRoute location within the geopolitical
region.
ExpressRoute benefits
Layer 3 connectivity
Microsoft uses BGP, an industry standard dynamic routing protocol, to exchange routes between your
on-premises network, your instances in Azure, and Microsoft public addresses. We establish multiple
BGP sessions with your network for different traffic profiles.
Redundancy
Each ExpressRoute circuit consists of two connections to two Microsoft Enterprise edge routers
(MSEEs) from the connectivity provider/your network edge. Microsoft requires dual BGP connection
from the connectivity provider/your network edge – one to each MSEE. The graphic on the previous
topics shows the primary and secondary connection.
�Connectivity to Microsoft cloud services
ExpressRoute connections enable access to the following services: Microsoft Azure services, Microsoft
Office 365 services, and Microsoft Dynamics 365. Office 365 was created to be accessed securely and
reliably via the Internet, so ExpressRoute requires Microsoft authorization.
Connectivity to all regions within a geopolitical region
You can connect to Microsoft in one of our peering locations and access regions within the geopolitical
region. For example, if you connect to Microsoft in Amsterdam through ExpressRoute, you'll have
access to all Microsoft cloud services hosted in Northern and Western Europe.
Global connectivity with ExpressRoute premium add-on
You can enable the ExpressRoute premium add-on feature to extend connectivity across geopolitical
boundaries. For example, if you connect to Microsoft in Amsterdam through ExpressRoute, you will
have access to all Microsoft cloud services hosted in all regions across the world (national clouds are
excluded).
Across on-premises connectivity with ExpressRoute Global Reach
You can enable ExpressRoute Global Reach to exchange data across your on-premises sites by
connecting your ExpressRoute circuits. For example, if you have a private data center in California
connected to ExpressRoute in Silicon Valley, and another private data center in Texas connected to
ExpressRoute in Dallas, with ExpressRoute Global Reach, you can connect your private data centers
together through two ExpressRoute circuits. Your cross-data-center traffic will traverse through
Microsoft's network.
Bandwidth options
You can purchase ExpressRoute circuits for a wide range of bandwidths from 50 Mbps to 10 Gbps. Be
sure to check with your connectivity provider to determine the bandwidths they support.
Flexible billing models
You can pick a billing model that works best for you. Choose between the billing models listed below:
● Unlimited data - Billing is based on a monthly fee; all inbound and outbound data transfer is included
free of charge.
● Metered data - Billing is based on a monthly fee; all inbound data transfer is free of charge.
Outbound data transfer is charged per GB of data transfer. Data transfer rates vary by region.
● ExpressRoute premium add-on - This add-on includes increased routing table limits, increased
number of VNets, global connectivity, and connections to Office 365 and Dynamics 365.
Coexisting Site-to-Site and ExpressRoute
ExpressRoute is a direct, private connection from your WAN (not over the public Internet) to Microsoft
Services, including Azure. Site-to-Site VPN traffic travels encrypted over the public Internet. Being able
to configure Site-to-Site VPN and ExpressRoute connections for the same virtual network has several
advantages. You can configure a Site-to-Site VPN as a secure failover path for ExpressRoute or use
Site-to-Site VPNs to connect to sites that are not part of your network, but that are connected through
ExpressRoute. Notice that this configuration requires two virtual network gateways for the same
virtual network, one using the gateway type VPN, and the other using the gateway type ExpressRoute.
�ExpressRoute And VPN Gateway Coexisting Connections Example
ExpressRoute connection models
You can create a connection between your on-premises network and the Microsoft cloud in three
different ways, Co-located at a cloud exchange, Point-to-point Ethernet Connection, and Any-to-any
(IPVPN) Connection. Connectivity providers can offer one or more connectivity models. You can work
with your connectivity provider to pick the model that works best for you.
Co-located at a cloud exchange
If you are co-located in a facility with a cloud exchange, you can order virtual cross-connections to the
Microsoft cloud through the co-location provider’s Ethernet exchange. Co-location providers can offer
either Layer 2 cross-connections, or managed Layer 3 cross-connections between your infrastructure
in the co-location facility and the Microsoft cloud.
Point-to-point Ethernet connections
You can connect your on-premises datacenters/offices to the Microsoft cloud through point-to-point
Ethernet links. Point-to-point Ethernet providers can offer Layer 2 connections, or managed Layer 3
connections between your site and the Microsoft cloud.
Any-to-any (IPVPN) networks
You can integrate your WAN with the Microsoft cloud. IPVPN providers, typically Multiprotocol Label
Switching (MPLS) VPN, offer any-to-any connectivity between your branch offices and datacenters.
The Microsoft cloud can be interconnected to your WAN to make it appear just like any other branch
office. WAN providers typically offer managed Layer 3 connectivity.
✔️ Currently, the deployment options for S2S and ExpressRoute coexisting connections are only
possible through PowerShell, and not the Azure portal.
�Intersite Connections Comparison
There are many intersite connection choices.
Virtual WANs
Azure Virtual WAN is a networking service that provides optimized and automated branch connectivity
to, and through, Azure. Azure regions serve as hubs that you can choose to connect your branches to.
You can leverage the Azure backbone to also connect branches and enjoy branch-to-VNet
connectivity. There is a list of partners that support connectivity automation with Azure Virtual WAN
VPN.
Azure Virtual WAN brings together many Azure cloud connectivity services such as site-to-site VPN,
User VPN (point-to-site), and ExpressRoute into a single operational interface. Connectivity to Azure
VNets is established by using virtual network connections. It enables global transit network
architecture based on a classic hub-and-spoke connectivity model where the cloud hosted network
‘hub’ enables transitive connectivity between endpoints that may be distributed across different types
of 'spokes'.
�Virtual WAN advantages
● Integrated connectivity solutions in hub and spoke – Automate site-to-site configuration and
connectivity between on-premises sites and an Azure hub.
● Automated spoke setup and configuration – Connect your virtual networks and workloads to the
Azure hub seamlessly.
● Intuitive troubleshooting – You can see the end-to-end flow within Azure, and then use this
information to take required actions.
Virtual WAN types
There are two types of virtual WANs: Basic and Standard.
*****
