Configuring Azure ExpressRoute using PowerShell


Microsoft Azure ExpressRoute is a private connection from on-premises networks to the Microsoft cloud over a private peering facilitated by a network service provider. With ExpressRoute, you can establish a faster, low latencies and reliable connection to Microsoft cloud services, such as Microsoft Azure, Office 365, and Dynamics 365. ExpressRoute is available to all continent and in all geopolitical boundaries.

ExpressRoute Circuit Connectivity Model

  • Co-located at a cloud exchange- The on-premises infrastructure is co-located in a facility with Microsoft Azure Cloud, you can order virtual cross-connections to the Microsoft cloud through the co-location provider’s Ethernet exchange. Data center providers can offer either Layer 2 cross-connections, or managed Layer 3 cross-connections between your infrastructure in the colocation facility and the Microsoft cloud.
  • Point-to-point Ethernet connections- You can connect your on-premises infrastructure to the Microsoft cloud through point-to-point Ethernet links. Point-to-point Ethernet providers can offer Layer 2 connections, or managed Layer 3 connections between your site and the Microsoft cloud.
  • Any-to-any (IPVPN) networks- You can integrate company WAN with the Microsoft cloud. IPVPN providers are typically MPLS connection between your branch offices and data centers. The Microsoft cloud can be interconnected to company WAN to make it look just like another branch office.

Key Features:

  • Layer 3 connectivity between your on-premises network and the Microsoft Cloud through a connectivity provider.
  • Connectivity to Microsoft cloud services across all regions in the geopolitical region.
  • Global connectivity to Microsoft services across all regions with an ExpressRoute premium add-on.
  • Dynamic routing between your network and Microsoft over industry standard protocols (BGP).
  • Built-in redundancy in every peering location for higher reliability.
  • QoS support for Skype for Business.
  • Bandwidth starting from 50Mbps to 10Gbps

Subscription requirements:

  • A valid and active Microsoft Azure account or an active Office 365 subscription. This account is required to set up the ExpressRoute circuit. ExpressRoute circuits are resources within Azure subscriptions.

Partners Requirements:

Network requirements:

  • Redundant connectivity-Microsoft requires redundant BGP sessions to be set up between Microsoft’s routers and the peering routers, even when you have just one physical connection to a cloud exchange.
  • Routing-ExpressRoute provider needs to set up and manage the BGP sessions for routing domains. Some Ethernet connectivity provider or cloud exchange provider may offer BGP management as a value-add service.
  • NAT-Microsoft only accepts public IP addresses through Microsoft peering. If you are using private IP addresses in your on-premises network, you or your provider need to translate the private IP addresses to the public IP addresses using the NAT.
  • QoS-Skype for Business has various services (for example; voice, video, text) that require differentiated QoS treatment. You and your provider should follow the QoS requirements.
  • Network Security- consider network security when connecting to the Microsoft Cloud via ExpressRoute.

ExpressRoute Peering

  • Private peering- The private peering domain is considered to be a trusted extension of on-premises core network into Microsoft Azure. You can set up bi-directional connectivity between your core network and Azure virtual networks.
  • Public peering- In a simple terminology, the public peering is a network peering between public domain to on-premises DMZ and connect to all Azure services on their public IP addresses from company WAN without having to connect to the internet.
  • Microsoft peering- ExpressRoute provides private network connectivity to Microsoft cloud services. Infrastructure and platform services running in Azure often benefit by addressing network architecture and performance considerations. Therefore, we recommend enterprises use ExpressRoute for Azure.
  • Microsoft peering is used specifically for SaaS like Office 365 and Dynamics 365, were created to be accessed securely and reliably via the Internet. Therefore, we only recommend ExpressRoute for these applications in specific scenarios.

 Provisioning an ExpressRoute

Step1: Login and Select the subscription

Login-AzureRmAccount

Get-AzureRmSubscription

Copy the name of the subscription to be used for next command.

Select-AzureRmSubscription -SubscriptionId “Company Default”

Step2: Copy the name of the ExpressRoute Provider information to be used for next command.

Name, PeeringLocations, BandwidthsOffered, Sku

Get-AzureRmExpressRouteServiceProvider

Step3: Create new ExpressRoute

New-AzureRmExpressRouteCircuit -Name “On-premtoAzureCloud” -ResourceGroupName “ExpressRouteRG” -Location “Australia East” -SkuTier Standard -SkuFamily MeteredData -ServiceProviderName “Equinix” -PeeringLocation “Sydney” -BandwidthInMbps 200

Once you have created new ExpressRoute, you will see the below status of ExpressRoute.

NotProvisioned & Enabled, Provisioning & Enabled, Provisioned & Enabled

Step4: Record Subscription ID, service Key, Location and send this information to your ExpressRoute circuit provider to provision and activate services.

get-help New-AzureRmExpressRouteCircuit –detailed

Step5: List of All ExpressRoute and record the information for next command

Get-AzureRmExpressRouteCircuit -Name “ExpressRouteARMCircuit” -ResourceGroupName “ExpressRouteResourceGroup”

Step5: Connect a virtual network in the same subscription to a circuit

$circuit = Get-AzureRmExpressRouteCircuit -Name “MyCircuit” -ResourceGroupName “MyRG”

$gw = Get-AzureRmVirtualNetworkGateway -Name “ExpressRouteGw” -ResourceGroupName “MyRG”

$connection = New-AzureRmVirtualNetworkGatewayConnection -Name “ERConnection” -ResourceGroupName “MyRG” -Location “East US” -VirtualNetworkGateway1 $gw -PeerId $circuit.Id -ConnectionType ExpressRoute

Step6: Create Azure private peering for Azure Services

Make sure that you have the following items before you proceed with the next steps:

  • A /30 subnet for the primary and secondary link. This must not be part of any address space reserved for virtual networks.
  • A valid VLAN ID to establish this peering on. Ensure that no other peering in the circuit uses the same VLAN ID.
  • AS number for peering. You can use both 2-byte and 4-byte AS numbers. You can use a private AS number for this peering. Ensure that you are not using 65515.

$ckt = Get-AzureRmExpressRouteCircuit -Name “ExpressRouteARMCircuit” -ResourceGroupName “ExpressRouteResourceGroup”

Add-AzureRmExpressRouteCircuitPeeringConfig -Name “AzurePrivatePeering” -ExpressRouteCircuit $ckt -PeeringType AzurePrivatePeering -PeerASN 100 -PrimaryPeerAddressPrefix “10.0.0.0/30” -SecondaryPeerAddressPrefix “10.0.0.4/30” -VlanId 200

Set-AzureRmExpressRouteCircuit -ExpressRouteCircuit $ckt

Get-AzureRmExpressRouteCircuitPeeringConfig -Name “AzurePrivatePeering” -Circuit $ckt

Step7: Configure Azure public peering for the circuit if you require a public peering refer to the explanation section.

  • Make sure that you have the following information before you proceed further:
  • A /30 subnet for the primary and secondary link. This must be a valid public IPv4 prefix.
  • A valid VLAN ID to establish this peering on. Ensure that no other peering in the circuit uses the same VLAN ID.
  • AS number for peering. You can use both 2-byte and 4-byte AS numbers.

Add-AzureRmExpressRouteCircuitPeeringConfig -Name “AzurePublicPeering” -ExpressRouteCircuit $ckt -PeeringType AzurePublicPeering -PeerASN 100 -PrimaryPeerAddressPrefix “12.0.0.0/30” -SecondaryPeerAddressPrefix “12.0.0.4/30” -VlanId 100

Set-AzureRmExpressRouteCircuit -ExpressRouteCircuit $ckt

Step8: Configure Microsoft peering for the circuit if you require a public peering refer to the explanation section.

  • Make sure that you have the following information before you proceed:
  • A /30 subnet for the primary and secondaary link. This must be a valid public IPv4 prefix owned by you and registered in an RIR / IRR.
  • A valid VLAN ID to establish this peering on. Ensure that no other peering in the circuit uses the same VLAN ID.
  • AS number for peering. You can use both 2-byte and 4-byte AS numbers.
  • Advertised prefixes: You must provide a list of all prefixes you plan to advertise over the BGP session. Only public IP address prefixes are accepted. You can send a comma separated list if you plan to send a set of prefixes. These prefixes must be registered to you in an RIR / IRR.
  • Customer ASN: If you are advertising prefixes that are not registered to the peering AS number, you can specify the AS number to which they are registered. This is optional.
  • Routing Registry Name: You can specify the RIR / IRR against which the AS number and prefixes are registered.

Add-AzureRmExpressRouteCircuitPeeringConfig -Name “MicrosoftPeering” -ExpressRouteCircuit $ckt -PeeringType MicrosoftPeering -PeerASN 100 -PrimaryPeerAddressPrefix “123.0.0.0/30” -SecondaryPeerAddressPrefix “123.0.0.4/30” -VlanId 300 -MicrosoftConfigAdvertisedPublicPrefixes “123.1.0.0/24” -MicrosoftConfigCustomerAsn 23 -MicrosoftConfigRoutingRegistryName “ARIN”

Set-AzureRmExpressRouteCircuit -ExpressRouteCircuit $ckt

To Upgrade the SKU from metered to unlimited. Implement the below command to upgrade ExpressRoute SKU

$ckt = Get-AzureRmExpressRouteCircuit -Name “ExpressRouteARMCircuit” -ResourceGroupName “ExpressRouteResourceGroup”

$ckt.Sku.Family = “UnlimitedData”

$ckt.sku.Name = “Premium_UnlimitedData”

Set-AzureRmExpressRouteCircuit -ExpressRouteCircuit $ckt

About Raihan Al-Beruni

My Name is Raihan Al-Beruni. I am working as an Infrastructure Architect in Data Center Technologies in Perth, Western Australia. I have been working on Microsoft technologies for more than 15 years. Other than Microsoft technologies I also work on Citrix validated solution and VMware data center virtualization technologies. I have a Masters degree in E-Commerce. I am certified in Microsoft, VMware, ITIL and EMC. My core focus is on cloud technologies. In my blog I share my knowledge and experience to enrich information technology community as a whole. I hope my contribution through this blog will help someone who wants more information on data center technologies.
Gallery | This entry was posted in Azure and tagged , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s