Internet2

close
Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Microsoft Azure ExpressRoute

overview

Microsoft Azure ExpressRoute

Cloud Exchange

The Cloud Exchange provides Layer 3 routed access to Microsoft via direct peering with these providers. Consider using the Cloud Exchange when accessing cloud providers if your applications don’t require your campus private network to be extended into the cloud. Additionally, if your application requires network layer encryption implemented with VPN tunneling, the Cloud Exchange can provide multiple high capacity paths for your tunnels into these cloud providers.

Cloud Connect

Using your regional's infrastructure in conjunction with the Internet2 Network, you can reach cloud resources, including Microsoft Azure ExpressRoute. The robust regional and national networks allow access to these cloud providers available in the locations on the map (please see below). Depending on your preference, you can implement either a Layer 2 or Layer 3 solution. Additionally, you will need to subscribe to the cloud provider's service. For Microsoft, please contact your representative directly.

Microsoft Azure ExpressRoute Service Locations

 

 

features

Connecting to Microsoft Azure ExpressRoute

Internet2 offers both a layer 2 and a layer 3 connectivity option.

Layer 2 Azure ExpressRoute Connection

The layer 2 option consists of layer 2 VLANs connecting the campus routers to routers inside the Microsoft Azure cloud. The campus and Microsoft exchange routes via BGP. Add some stuff about stacked tags...

Layer 3 Azure ExpressRoute Connection

With the layer 3 option, Internet2 creates an L3VPN unique for each campus. The L3VPN BGP peers with Microsoft Azure and the campus, in turn, BGP peers with the L3VPN. The regional network, if any, passes the VLANs through between the campus and Internet2. One advantage of this option will be discussed further below.

Additional Layer 3 Connectivity

Another advantage of the Layer 3 option is the possibility of connecting to other Microsoft regions and other cloud service providers. In this case, the Internet2 L3VPN peers with the additional sites/providers and the campus simply continues to peer with the L3VPN over the existing VLANs. Doing this with Layer 2 would require possibly many additional VLANs connecting the campus to provider routers.

 

fees

For service information and fees, send email to Cloudconnect_request@internet2.edu.

participate

For information about access to Azure ExpressRoute please contact Cloudconnect_request@internet2.edu for more information.

faq

Azure Express Route FAQs

What are the primary differentiators between the NET+ AWS agreement through DLT and the newly offered Cloud Connect service?

The Cloud Connect service is complimentary to the NET+ AWS Service. Cloud Connect uses your regional network’s infrastructure in conjunction with the Internet2 Network to access cloud resources such as Amazon AWS. You also need the AWS service and you may obtain that through NET+. Although Internet2 offers both Cloud Connect and NET+ AWS, Cloud Connect doesn’t require that you obtain AWS through Internet2 NET+ and it is possible to obtain NET+ AWS without using Cloud Connect.

What is the implementation process for Microsoft Azure ExpressRoute?

How do I decide between a Layer 2 and Layer 3 solution?

Layer 2 Pros:
  • Conceptually simpler/straightforward when thinking about each cloud provider. Institutions configure BGP directly with cloud providers over the VLANs and have complete control of which addresses are advertised or accepted on each peering. Addresses could even be re-used by different providers.
  • Paths of VLANs can be engineered to be completely separate physically.
Layer 2 Cons:
  • One or more VLANs per provider. Additional providers, provider locations, or services require additional VLANs. The number of VLANs can become large, with commensurate complexity, as an end-user (school) grows to multiple providers with multiple peerings.
Layer 3 Pros:
  • Multiple peerings from an institution are required only if resiliency is needed.
  • Adding cloud providers or other network-connected services (e.g., caches) that are specific to an institution leverage the existing L3VPN peering to the school and don’t require new paths to be configured to the institution.
  • Handles private addressing, and the data center extension case
  • Allows for provider-to-provider communication specific to an institution to occur over Internet2 and using private addresses, if necessary, eliminating the need to have traffic between providers hairpin through the campus.
Layer 3 Cons:
  • Control is through BGP peering with the L3VPN, which makes it harder to control precisely which addresses are advertised to or used by each cloud service

How does the data egress waiver work?

The providers have information on their websites regarding the data egress waiver for higher education institutions.
Microsoft Azure: https://azure.microsoft.com/en-us/blog/azure-egress-fee-waiver-for-the-academic-community/

How do I get started?

Contact your network connector as their network connections will be used to support Cloud Connect. Let your connector know that you are interested in Cloud Connect. Internet2 would be pleased to talk with your institution along with the network connector about using the Internet2 Network to reach Microsoft Azure ExpressRoute. Please contact Cloudconnect_request@internet2.edu.

How does one acquire the service key?

The service provider name should be Internet2 and the Peering Location would be Washington DC for the Ashburn VA location. It would look like:
-ServiceProviderName "Internet2" -PeeringLocation "Washington DC"
Included below are links to
  1. Express Route Circuit How To via the Azure Portal<\li>
  2. a video that walks through the setup
Once the Express Route circuit has been setup the Internet2 NOC will need the service key and the rate limit configured as well as two VLANS that you’ve chosen. Your regional network, if any, will pass those from your campus through your regional network to Internet2. These may be routed redundantly if possible. Once that is complete the Internet2 NOC will configure a new VRF and two BGP sessions to the two Microsoft nodes at whatever site you've chosen. The Internet2 NOC will configure and setup two BGP sessions with you on the two VLANs you selected. Internet2 will provide the IP addressing for the sessions.