Azure ExpressRoute Speaker Title 9/21/2018 8:43 AM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Customer’s connection ExpressRoute Unified connectivity to all Microsoft Cloud Services Predictable performance Enterprise-grade resiliency and with SLA for availability Large ExpressRoute partner ecosystem Customer’s network Customer’s connection Traffic to public IP addresses in Azure Traffic to Virtual Networks Traffic to Office 365 Services and soon CRM Online Microsoft Edge Partner Edge
ExpressRoute connectivity models Microsoft AzureCon 2015 9/21/2018 8:43 AM ExpressRoute connectivity models ExpressRoute ExpressRoute ExpressRoute WAN Cloud Exchange Co-location Point-to-point Ethernet Connection Any-to-any (IPVPN) Connection © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
ExpressRoute billing Bandwidth Microsoft Azure Bill Unlimited Data Metered Data 10 Mbps 50 Mbps 100 Mbps 200 Mbps 500 Mbps 1 Gbps 2 Gbps 5 Gbps 10 Gbps Service sold side-by-side with a connectivity provider Connectivity provider charges apply in addition to Microsoft charges Customer picks billing model at circuit creation time Billing models Unlimited data: includes all data transfer Fixed data: Customer pays per GB of data transferred out
ExpressRoute sites and partners Microsoft AzureCon 2015 9/21/2018 8:43 AM ExpressRoute sites and partners Atlanta Chicago Chicago (Gov Cloud) Dallas LA NY Seattle Silicon Valley Washington DC Washington DC (Gov Cloud) Amsterdam Dublin* London Chennai Hong Kong Mumbai Melbourne Osaka Singapore Sydney Tokyo Sao Paulo © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Routing domains Microsoft Cloud Customer’s premises Internet Core Network DMZ / Extranet Internet edge Customer’s premises ExpressRoute Circuit Azure Public Peering Azure Private Peering Microsoft Peering Microsoft Cloud Routing domains
ExpressRoute for Office 365 and CRM Online Microsoft AzureCon 2015 9/21/2018 8:43 AM ExpressRoute for Office 365 and CRM Online What is it? Prerequisites Private connectivity to all Microsoft cloud services Existing circuits can be updated to connect to Office 365 Experience similar to having Office 365 deployed in a branch office Predictable performance and quality of service for Azure subscription to setup and manage ExpressRoute Relationship with a connectivity provider IP address and AS number ownership if managing routing Ability to manage routing and configure NAT if using a layer 2 connectivity provider WAN with multiple Classes of Service (CoS) to support VOIP ExpressRoute for Office 365 will include both inbound and outbound scenarios. Supported workloads Exchange Online & Exchange Online Protection SharePoint Online, OneDrive for Business, Office 365 Video, Delve Skype for Business Online Office Online Power BI and Project Online CRM Online (preview) © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Route tables, IP addresses, and ASN requirements ER Circuit PEs Private or public MSEEs Public Addresses and AS numbers IPv4 addresses only Support for 2 and 4 byte AS numbers Azure private peering Support for up to 10,000 prefixes for private peering with premium add-on Private IP addresses and AS numbers allowed Azure public and Microsoft peering Only public AS numbers (2 and 4 byte) and public IP addresses accepted Public IP address ownership will be validated against RIRs and IRRs Only validated prefixes will be accepted Traffic to Office 365 Services Traffic to public IP addresses in Azure Traffic to Virtual Networks
NAT for Microsoft Peering (Office 365) Customer Network Connectivity Provider Microsoft Cloud ExpressRoute Microsoft Cloud Services NAT Client connectivity to Microsoft Cloud services (Microsoft peering) Customer must NAT all traffic into Microsoft with valid public IPv4 addresses Microsoft must be able to validate the ownership of the IPv4 Connectivity from Microsoft to Customer servers on public IPs (Microsoft peering) Example: ADFS server Customer must NAT all traffic into from Microsoft destined to valid IPv4 addresses within the customer network Partner Edge Microsoft Edge
Quality of Service (QoS) Voice, video, data transfers need to be treated differently Voice and video sensitive to latency and jitter Classify traffic and tag with appropriate DSCP value Separate queue each traffic class Voice Video and interactive Best effort
Availability and performance
Global connectivity (ExpressRoute Premium add-on)
Influence Routing with standard BGP tricks Standard BGP methods work BGP Local preference to influence path from on-premises to Microsoft AS-PATH prepending to influence return traffic MSEE 0 MSEE 1 PE 0 PE 1 Azure VNet 10.1.0.0/16 VM On-prem 10.2.0.0/16 Local Preference 400 Local Preference 100 AS PATH: 1234 AS PATH: 1234 1234 MPLS US West US Eest 10.1.0.0/16 10.2.0.0/16 MSEE PE Office in LA Office in NY 10.3.0.0/16 AS PATH 321 AS PATH 321 x y z
BGP community values per region and service Geopolitical Region Microsoft Azure region BGP community value US East US 12076:3004 East US 2 12076:3005 West US 12076:3006 Central US 12076:3009 North Central US 12076:3007 South Central US 12076:3008 South America Brazil South 12076:3014 Europe North Europe 12076:3003 West Europe 12076:3002 Asia Pacific East Asia 12076:3010 Southeast Asia 12076:3011 Japan Japan East 12076:3012 Japan West 12076:3013 Australia Australia East 12076:3015 Australia Southeast 12076:3016 India India South 12076:3019 India West 12076:3018 India Central 12076:3017 10.1.0.0/16 10.2.0.0/16 12076:3004 MPLS US West US East MSEE PE Office in LA Office in NY 12076:3006 Preferred Service BGP community value Exchange 12076:5010 SharePoint 12076:5020 Skype For Business 12076:5030 CRM Online 12076:5040 Other Office 365 Services 12076:5100 Global prefixes 12076:5200
Takeaways Scenario requirements define connectivity choices Which Cloud services do I need to access: Virtual Network, other Azure services, Office 365? Performance and compliance concerns: Bandwidth, latency, cost, internet Deployment topologies, routing, NAT and QoS are key for optimal experience Connectivity partners, cross-geo coverage, reachability to other endpoints
References Great web links for more information Other related services 9/21/2018 8:43 AM References Great web links for more information ExpressRoute Technical Documentation: https://azure.microsoft.com/en-us/documentation/services/expressroute/ ExpressRoute for Office 365: https://support.office.com/en-us/article/Azure-ExpressRoute-for-Office-365-6d2534a2-c19c-4a99-be5e-33a0cee5d3bd Other related services Microsoft Cloud Services and Network Security: https://azure.microsoft.com/en-us/documentation/articles/best-practices-network-security.html Azure Virtual Networks: https://azure.microsoft.com/en-us/documentation/services/virtual-network/ Network Security Groups: https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-nsg/ User Defined Routing: https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-udr-overview/ Azure Virtual Gateways: https://azure.microsoft.com/en-us/documentation/services/vpn-gateway/ Site-to-Site VPNs: https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-site-to-site-create/ Most of these links are on the Azure.com website under the documentation heading covering many of the topics I've discussed today. There are links to Getting Started and How To’s that are very informative. Most of the examples we’ve seen today are from the bottom link, Microsoft Cloud Services and Network Security, a Best Practices white paper the link takes you to high level overviews, some of what we’ve covered today, and links to detailed instructions on how to build the each of the examples I’ve discussed today and more. The detailed examples use both the classic PowerShell scripting and the new ARM template methods. Ok, with that, I thank you for your time and interest in these topics. Good bye and happy networking with Azure and Azure Virtual Networks! © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
9/21/2018 8:43 AM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.