There are multiple ways to access Microsoft Azure via a secure network connection, including Point-to-Site VPN, Site-to-Site VPN, and ExpressRoute (ExR), a less descriptive name to a private link that allows you to interconnect Data Centers to Azure or Office 365 offerings. ExR is a great choice for customers looking to isolate the traffic to Azure from the internet, increase the bandwidth, and reduce latency. Other cloud providers have similar options.
But let’s focus on the reason we’re here today – to talk about a great feature that allows ExR customers to use Microsoft’s network backbone, one of the largest networks in the world, to interconnect dispersed regions.
Azure has several regions, and for discussion sake, let’s assume you have a workload in US West, and another workload in North Europe, and for some reason, they have a requirement to connect to each other. In a normal situation, you would use the internet to interconnect both environments, either through VPN or not. That option poses few challenges, including latency and the fact you are sending the traffic over the internet, which requires you to take additional measures to protect your information as it leaves from one region to another.
But what if you could use Microsoft’s backbone, with built-in security and better latency than the Internet? In case you have ExR, connecting VNets from different regions is possible, making them part of the same routing domain and they will use Microsoft’s backbone for network traffic. That simplifies your setup and it makes the VNets sharing the same ExR circuit as part of the same routing domain. The following diagram illustrates what we’re talking about:
In our example there are two regions, “US West” and “North Europe”, and because we configured them to share the same ExR circuit, they are now part of the same routing domain, allowing networks 10.82.0.0/16 and 192.168.0.0/16 to reach each other without any added complexity to the configuration. For this example, there is a caveat though, both regions are part of what we call different ExR geopolitical region, requiring you to have have Premium ExR to benefit from such capability. If you want to interconnect VNets from different regions within the same geopolitical region, e.g.: “US West” to “US East”, you don’t need to have Premium ExR.
One of the reasons I find this a great capability, is the fact you don’t need to order an ExR circuit for both regions – in our example, you may have a circuit connecting your Data Center to US West, and then you are entitled to use Microsoft’s backbone everywhere else.
Note: Regions with data residency or sovereignty requirements such as Azure China, Azure Germany, and Azure Government, are not allowed to interconnect with other regions in that model.
To accomplish such configuration, you can use Azure Portal or PowerShell, and the following examples illustrates how to do it via PowerShell:
# Stores the information from a circuit called "MyCircuit" into a variable name $circuit $circuit = Get-AzureRmExpressRouteCircuit -Name "MyCircuit" -ResourceGroupName "MyRG" # Stores the information from a virtual network gateway called "ExpressRouteGw" into a vriable named $gw $gw = Get-AzureRmVirtualNetworkGateway -Name "ExpressRouteGw" -ResourceGroupName "MyRG" # Connects the VNet gateway to an existing circuit $connection = New-AzureRmVirtualNetworkGatewayConnection -Name "ERConnection" -ResourceGroupName "MyRG" -Location "East US" -VirtualNetworkGateway1 $gw -PeerId $circuit.Id -ConnectionType ExpressRoute
The scenario above considers that both VNets are in the same subscription, which is equivalent to having two VPCs in the same root account at AWS (yes, we speak Cloud with no religion!), but let’s assume they are in different subscriptions, would that be supported? The answer is yes! There are some additional steps you should perform, e.g.: authorizing a given subscription to access the ExR circuit as explained here.
This is a cool feature that I realize not everyone is aware of it, and in case you already have ExR, I encourage you to try it out and see for yourself how Microsoft’s backbone, one of the largest networks in the world, can be at your service!
Last but not least, as of 04/2017, the ExR pricing documentation informs that there is no additional cost over existing plan charges for interconnecting to other regions, with the caveat that you need premium add-on for inter geo connections.
Can’t believe what an amazing article you wrote. Very inspiring and well thought out. We are currently searching for content writers. Contact me if your interested.
Thanks for your comments and feedback.
Its lіke you read my mind! You seem to know so muϲh
aboᥙt tһis, like you wrote the book in it or something.
I think that you can do with some pics to drive the message һome a little bit, but оther than that, this is excellent blog.
An excellent rеad. I’ll certainly be back.
Thank you, I appreciate your comment and feedback.
Nice post. I be taught one thing more challenging on different blogs everyday. It is going to always be stimulating to learn content from other writers and follow slightly something from their store. I’d choose to use some with the content material on my blog whether or not you don’t mind. Natually I’ll provide you with a hyperlink in your internet blog. Thanks for sharing.
Hi, thanks for your comment. Sure, feel free to use the content.
Thanks for the sensible critique. Me and my neighbor were just preparing to do a little research on this. We got a grab a book from our area library but I think I learned more clear from this post. I am very glad to see such excellent information being shared freely out there.
Thanks for your comments and feedback. I’m planning on coming back. 🙂
WordPress works great for me. 🙂
Appreciate this post. Will try it out.
It’s very straightforward to find out any topic on web as compared to textbooks,
as I found this paragraph at this site.
This excellent website truly has all of the info I wanted
about this subject and didn’t know who to ask.
It is really a nice and helpful piece of information. I’m happy that you simply shared this useful info
with us. Please stay us informed like this. Thank you for
sharing.
Incredible points. Sound arguments. Keep up the amazing effort.
Hi there to all, the contents existing at this web page are actually remarkable for people knowledge, well,
keep up the nice work fellows.
Hello would you mind sharing which blog platform you’re using?
I’m going to start my own blog in the near future but I’m
having a hard time making a decision between BlogEngine/Wordpress/B2evolution and Drupal.
The reason I ask is because your layout seems different then most blogs and I’m looking for something completely unique.
P.S My apologies for being off-topic but I had to ask!
Hi, I’m using wordpress.
Morning, here from baidu, i enjoyng this, I come back soon.
Very energetic article, I loved that bit. Will there be a part 2?
I love reading through and I believe this website got some genuinely utilitarian stuff on it! .
Loving the information on this internet site, you have done outstanding job on the content.