Cheatography
https://cheatography.com
Azure ExpressRoute Cheatsheet
Create an ExpressRoute circuit and peering
Where is the menu to config ExpressRoute circuit in Azure portal? |
Create a resource > Networking > ExpressRoute. |
What we do after we create a circuit on Azure Portal? |
Send the provider the value in the Service key field to enable them to configure the connection. |
What we do after the provider status is reported as Provisioned? |
For Layer 2 connectivity, configure the routing for the peerings. For L3, the provider will configure that. |
ExpressRoute Circuit Properties
Circuit name |
A meaningful name for your circuit, without any white space or special characters. |
Provider |
The ExpressRoute provider with which you've registered your subscription. |
Peering location |
A location enabled by the ExpressRoute provider in which to create your circuit. |
Bandwidth |
Select your bandwidth, from 50 Mbps up to 10 Gbps. Start with a low value. You can increase it later with no interruption to service. However, you can't reduce the bandwidth if you set it too high initially. |
SKU |
Select Standard if you have up to 10 virtual networks and only need to connect to resources in the same geopolitical region. Otherwise, select Premium. |
Billing model |
Select Unlimited to pay a flat fee regardless of usage. Or select Metered to pay according to the volume of traffic that enters and exits the circuit. |
Subscription |
The subscription you've registered with your ExpressRoute provider. |
Resource group |
The Azure resource group in which to create the circuit. |
Location |
The Azure location in which to create the circuit. |
Configure Private Peering
Peer ASN |
The autonomous system number for your side of the peering. This ASN can be public or private, and 16 bits or 32 bits. |
Primary subnet |
This is the address range of the primary /30 subnet that you created in your network. You'll use the first IP address in this subnet for your router. Microsoft uses the second for its router. |
Secondary subnet |
This is the address range of your secondary /30 subnet. This subnet provides a secondary link to Microsoft. The first two addresses are used to hold the IP address of your router and the Microsoft router. |
VLAN ID |
This is the VLAN on which to establish the peering. The primary and secondary links will both use this VLAN ID. |
Shared key |
This is an optional MD5 hash that's used to encode messages passing over the circuit |
Use private peering to connect your network to your virtual networks running in Azure.
Configure Microsoft Peering
Advertised public prefixes |
This is a list of the address prefixes that you use over the BGP session. These prefixes must be registered to you, and must be prefixes for public address ranges. |
Customer ASN |
This is optional. It's the client-side autonomous system number to use if you are advertising prefixes that aren't registered to the peer ASN. |
Routing registry name |
This name identifies the registry in which the customer ASN and public prefixes are registered. |
Use Microsoft peering to connect to Office 365 and its associated services.
Connect a VNet to an ExpressRoute circuit
What we create before connect to a private circuit? |
Must create an Azure virtual network gateway by using a subnet on one of your Azure virtual networks. |
What a virtual network gateway provides |
Provides the entry point to network traffic that enters from your on-premises network. It directs incoming traffic through the virtual network to your Azure resources. |
What we use to control traffic that's routed from on-premises network? |
Network security groups and firewall rules |
How many virtual networks can be linked to an ExpressRoute circuit |
Up to 10 virtual networks, but these virtual networks must be in the same geopolitical region as the ExpressRoute circuit. |
How many ExpressRoute circuit can a single virtual network can connect to? |
You can link a single virtual network to four ExpressRoute circuits if necessary. |
What is Connection Weight property? |
If there are multiple circuits across different providers to prefer one circuit to another. |
What is ExpressRoute Direct option? |
An ultra-high-speed option from Microsoft. |
How is ExpressRoute Direct different with ExpressRoute? |
It provides dual 100-Gbps connectivity |
What is FastPath |
When FastPath is enabled, it sends network traffic directly to a virtual machine that's the intended destination. The traffic bypasses the virtual network gateway, improving the performance between Azure virtual networks and on-premises networks. |
What FastPath doesn't support? |
FastPath doesn't support virtual network peering (where you have virtual network peering. It also doesn't support user-defined routes on the gateway subnet. |
|
|
Architecture of ExpressRoute
A circuit provides a physical connection for transmitting data through the ExpressRoute provider's edge routers to the Microsoft edge routers.
How Azure ExpressRoute works
Where ExpressRoute is supported? |
across all regions and locations |
Why we need to work with an ExpressRoute partner to implement ExpressRoute? |
The partner provides the edge service: an authorized and authenticated connection that operates through a partner-controlled router. The edge service is responsible for extending your network to the Microsoft cloud. |
What are circuits? |
The connections to an endpoint in an ExpressRoute location that enable customer to peer on-premises networks with the virtual networks available through the endpoint. |
What a circuit provides? |
provides a physical connection for transmitting data through the ExpressRoute provider's edge routers to the Microsoft edge routers. |
Do circuit establishes via public internet? |
No, A circuit is established across a private wire rather than the public internet. |
What are the prerequisites for ExpressRoute |
- An ExpressRoute connectivity partner or cloud exchange provider that can set up a connection from your on-premises networks to the Microsoft cloud.
- An Azure subscription that is registered with your chosen ExpressRoute connectivity partner.
- An active Microsoft Azure account to request an ExpressRoute circuit.
- An active Office 365 subscription
|
ExpressRoute network and routing requirements |
- Ensure that BGP sessions for routing domains have been configured. For each ExpressRoute circuit, Microsoft requires redundant BGP sessions between Microsoft’s routers and customer peering routers.
- Using NAT to IP Public is mandatory to connect through Microsoft peering. Microsoft will reject anything except public IP addresses through Microsoft peering.
- Reserve several blocks of IP addresses in your network for routing traffic to the Microsoft cloud. 1 /29 or 2 /30.
- One of these subnets is used to configure the primary circuit to the Microsoft cloud, and the other implements a secondary circuit.
- Use the first address in these subnets to communicate with services in the Microsoft cloud. Microsoft uses the second address to establish a BGP session. |
ExpressRoute supports two peering schemes: |
- private peering to connect to Azure IaaS and PaaS services deployed inside Azure virtual networks.
- Microsoft peering to connect to Azure PaaS services, Office 365 services, and Dynamics 365. |
What is the constraint of ExpressRoute private peering? |
The resources that customer access must all be located in one or more Azure virtual networks with private IP addresses. Customer can't access resources through their public IP address over a private peering. |
ExpressRoute availability |
Microsoft guarantees a minimum of 99.95 percent availability for an ExpressRoute dedicated circuit. |
ExpressRoute Peering
- private peering to connect to Azure IaaS and PaaS services deployed inside Azure virtual networks.
- Microsoft peering to connect to Azure PaaS services, Office 365 services, and Dynamics 365.
Create a New Circuit Connection
|
Created By
www.packetnotes.com
Metadata
Comments
No comments yet. Add yours below!
Add a Comment
Related Cheat Sheets
More Cheat Sheets by ilperdan0