Azure ExpressRoute allows you to create private connections between Azure datacenters and infrastructure that’s on your premises or in a co-location environment. With ExpressRoute, you can establish connections to Azure at an ExpressRoute partner co-location facility or directly connect to Azure from your existing WAN network (such as a MPLS VPN provided by a Network Service Provider). In order to configure ExpressRoute, you’ll have to meet the Required prerequisites.
ExpressRoute connections do not go over the public Internet. ExpressRoute connections offer higher security, more reliability, faster speeds and lower latencies than typical connections over the Internet. In some cases, using ExpressRoute connections to transfer data between on-premises and Azure can also yield significant cost benefits. Use ExpressRoute to extend your network to Azure and unlock hybrid IT scenarios. See the ExpressRoute FAQ for more details.
In the diagram, a circuit represents a redundant pair of logical cross connections between your network and Azure configured in Active-Active configuration. The circuit will be partitioned to 2 sub-circuits to isolate traffic.
The following traffic is isolated:
- Traffic is isolated between your premises and Azure compute services. Azure compute services, namely virtual machines (IaaS) and cloud services (PaaS) deployed within a virtual network are covered.
- Traffic is isolated between your premises and Azure services hosted on public IP addresses.
The services that are supported are:
– Virtual Network, Cloud Services, and Virtual Machines
You can choose to enable one or both types of connectivity through your circuit. You will be able to connect to all supported Azure services through the circuit only if you configure both options mentioned above.
Note the following:
- If you connect to Azure through a network service provider, the networks service provider takes care of configuring routes to all the services. Work with your network service provider to have routes configured appropriately.
- If you are connecting to Azure through an exchange provider location, you will need a pair of physical cross-connections and on each of them you will need to configure a pair of BGP sessions per physical cross connection (one public peering and one for private peering) in order to have a highly available link.