When we are talking about ExpressRoute, we are talking about a common Internet Service Provider (ISP) technology called Multi Protocol Label Switching (MPLS) or ISP IP VPN.
MPLS is a type of data-carrying technique for telecommunications networks that directs data from one network to the next based on short path labels rather than long network addresses. This technology avoids long and complex routing tables. The labels identify virtual links between distant nodes. MPLS can encapsulate packets of various network protocols; that's why it is named multiprotocol. MPLS supports nearly all common access technologies, including T1/E1, ATM, frame relay, and dark fiber connects, into points of presence or DSL.
The routing within those networks is based on Border Gateway Protocol (BGP) routing. BGP is a standardized gateway protocol designed to exchange routing and reachability information among autonomous systems on the Internet. The protocol is often classified as a path vector protocol but is sometimes also classed as a distance-vector routing protocol. The BGP makes routing decisions based on paths, network policies, or rule sets configured by a network provider and makes core routing decisions.
Normally you see MPLS when connecting a range of offices or data centers with very complex routing or mashed networks between the network sites. MPLS also does not terminate Quality of Service (QoS) settings at the gateway; all settings can be transported from network site to network site. The following diagram shows an example for such a mashed environment:
Microsoft offers with ExpressRoute the option to connect your Azure and Office 365 environment directly to your MPLS network.
When you configure, you will be able to configure the different peering's. The three peering types are:
- Private peering: Azure compute services, namely virtual machines and cloud services that are deployed within a virtual network can be connected through the private peering domain. The private peering domain is considered to be a trusted extension of your core network into Microsoft Azure. You can set up bidirectional connectivity between your network and Azure virtual networks.
- Microsoft peering: Services such as Azure Storage, SQL databases, and websites are offered on public IP addresses. You can privately connect to services hosted on public IP addresses, including VIPs of your cloud services, through the public peering routing domain. You can connect the public peering domain to your DMZ and connect to all Azure services on their public IP addresses from your WAN without having to connect through the Internet. It also connects to all other Microsoft online services (such as Office 365 or Dynamics CRM). You can enable bi-directional connectivity between your WAN and Microsoft cloud services through the Microsoft peering routing domain.
The following diagram shows the basic schema on the Microsoft site:
What basically happens is that your ISP connects your network to the network of Microsoft. Those connections happen at most of the Point of Presence (PoP), Meet Me Locations or Private Network Interconnect hubs all over the globe. The following diagram shows how this happens within the Azure data center:
Microsoft also started to maintain a list of direct through ISPs, those ISP who leverage Equinix, Interxion, e-shelter, and so on, to connect to Azure ExpressRoute. The list can be found in the Azure Documentation visiting following website https://docs.microsoft.com/en-us/azure/expressroute/expressroute-locations-providers#a-namec1partnersaconnectivity-through-service-providers-not-listed.
Another point Microsoft also started is to name certified and qualified Solution Integrator for ExpressRoute which support customers with planning, deploying and maintaining ExpressRoute in a customer environment. Microsoft maintains the list of those Partners on their Azure documentation website https://docs.microsoft.com/en-us/azure/expressroute/expressroute-locations-providers#expressroute-system-integrators.
Microsoft offers ExpressRoute in the following two service levels: Standard SLA and Premium SLA. As described next, the premium offering expands the standard offering in the following limits:
- Increased routing table limit from 4K routes to 10K routes for private peering.
- Increased number of VNets that can be connected to the ExpressRoute circuit (default is 10).
- Global connectivity over the Microsoft core network. You will now be able to link a VNet in one geopolitical region with an ExpressRoute circuit in another region. Example: You can link a VNet created in Europe West to an ExpressRoute circuit created in Silicon Valley.
- Connectivity to Office 365 services and CRM Online.
Depending on the bought ExpressRoute service level there are different limitations:
|
Resource |
Default limit |
|
ExpressRoute circuits per subscription |
10 |
|
ExpressRoute circuits per region per subscription for ARM |
10 |
|
Maximum number of routes for Azure private peering with ExpressRoute standard |
4,000 |
|
Maximum number of routes for Azure private peering with ExpressRoute premium add-on |
10,000 |
|
Maximum number of routes for Azure public peering with ExpressRoute standard |
200 |
|
Maximum number of routes for Azure public peering with ExpressRoute premium add-on |
200 |
|
Maximum number of routes for Azure Microsoft peering with ExpressRoute standard |
200 |
|
Maximum number of routes for Azure Microsoft peering with ExpressRoute premium add-on |
200 |
Depending on the ISP and network location, Microsoft offers the following bandwidths and connections:
|
Circuit size |
Number of VNet links for standard |
Number of VNet links with premium add-on |
|
50 Mbps |
10 |
20 |
|
100 Mbps |
10 |
25 |
|
200 Mbps |
10 |
25 |
|
500 Mbps |
10 |
40 |
|
1 Gbps |
10 |
50 |
|
2 Gbps |
10 |
60 |
|
5 Gbps |
10 |
75 |
|
10 Gbps |
10 |
100 |
ExpressRoute is highly recommended for enterprise environments which need a guarantee for latency and bandwidth for their Azure environment.
An Azure ExpressRoute circuit is represented in the Azure portal with the following symbol:
Later on in the chapter, I will explain how to deploy an ExpressRoute circuit.