Author : MD TAREQ HASSAN | Updated : 2021/09/01
What is ExpressRoute?
- ExpressRoute is an Azure service that let us to create private connections between Microsoft datacenters and on-premises infrastructure
- Unlike VPN, ExpressRoute connections don’t go over the public Internet, and offer higher security, reliability, and speeds with lower latencies than typical connections over the Internet
- With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure and Microsoft 365
- Private connection is created with the help of a connectivity provider.
- Connectivity providers may offer one or more connectivity models
- See: ExpressRoute connectivity models
[Image courtesy: Microsoft doc.]
What is ExpressRoute Direct?
- ExpressRoute Direct connects directly into Microsoft’s global network at peering locations strategically distributed around the world
- ExpressRoute Direct does not require connectivity provider (service provider), it directly connects to Microsoft Edge Routers
- ExpressRoute Direct provides dual 100 Gbps or 10-Gbps connectivity, which supports Active/Active connectivity at scale
- See: About ExpressRoute Direct
ExpressRoute vs ExpressRoute Direct
| ExpressRoute using a service provider | ExpressRoute Direct |
|---|---|
| Uses service providers to enable fast onboarding and connectivity into existing infrastructure | Requires 100 Gbps/10 Gbps infrastructure and full management of all layers |
| Integrates with hundreds of providers including Ethernet and MPLS | Direct/Dedicated capacity for regulated industries and massive data ingestion |
| Circuits SKUs from 50 Mbps to 10 Gbps | A combination of circuit SKUs (100-Gbps ExpressRoute Direct: 5 Gbps, 10 Gbps, 40 Gbps, 100 Gbps or 10-Gbps ExpressRoute Direct: 1 Gbps, 2 Gbps, 5 Gbps, 10 Gbps |
| Optimized for single tenant | Optimized for single tenant with multiple business units and multiple work environments |
What is FastPath?
- FastPath is an additional feature that can be used with ExpressRoute Direct
- When enabled, FastPath sends network traffic directly to virtual machines in the virtual network, bypassing the gateway (ExpressRoute gateway is still needed though)
- FastPath improves data path performance between on-premises network and Azure virtual network
- See: about FastPath
Why to Use ExpressRoute?
- Allows secured/private connect to following services:
- Microsoft Azure services
- Microsoft 365 services (Microsoft 365 is supposed to be accessed securely and reliably via the Internet. Therefore, it is recommend to use ExpressRoute for specific scenarios only)
- Some complience or policy might require private connection between on-premises and Azure cloud (Azure VNet)
- Global Connectivity (regions across the world) and ExpressRoute Global Reach (exchange data across on-premises sites in different locations)
- Dynamic routing between your network and Microsoft via BGP
- Built-in redundancy in every peering location for higher reliability
Understanding Circuits and Peering
Circuit
- ExpressRoute circuit is a logical connection between on-premises infrastructure and Microsoft cloud services through a connectivity provider
- ExpressRoute circuits do not map to any physical entities
- A circuit is uniquely identified by a standard GUID called as a service key (s-key)
- There is a 1:1 mapping between an ExpressRoute circuit and the s-key
- The service key is the only piece of information exchanged between Microsoft, the connectivity provider, and you (s-key is not a secret for security purposes)
- The underlaying physical connection for a circuit may vary depending on Connectivity Model. See: ExpressRoute connectivity models
- A circuit consists of 2 connections
- Primary connection: main
- Secondary connection: redundent for high availability
Peering
- A peering is the interconnection between on-premise network and Microsoft cloud services (Azure, Microsoft 365)
- ExpressRoute circuits can include two independent peerings:
- Private peering: Azure VNet
- Microsoft peering: Microsoft 365, Dynamics 365 etc.
- Each peering is a pair of independent BGP sessions and each of those “independent BGP sessions” is configured redundantly for high availability
- Each circuit has a fixed bandwidth (50 Mbps, 100 Mbps, 200 Mbps, 500 Mbps, 1 Gbps, 10 Gbps) and is mapped to a connectivity provider and a peering location
- The selected bandwidth for a circuit is shared across all peerings in that circuit
See:
- Circuit and Peering details: https://docs.microsoft.com/en-us/azure/expressroute/expressroute-circuit-peerings