Microsoft Azure ExpressRoute
Microsoft Azure ExpressRoute
The Cloud Exchange provides Layer 3 routed access to Microsoft via direct peering with these providers. Consider using the Cloud Exchange when accessing cloud providers if your applications don’t require your campus private network to be extended into the cloud. Additionally, if your application requires network layer encryption implemented with VPN tunneling, the Cloud Exchange can provide multiple high capacity paths for your tunnels into these cloud providers.
Using your regional's infrastructure in conjunction with the Internet2 Network, you can reach cloud resources, including Microsoft Azure ExpressRoute. The robust regional and national networks allow access to these cloud providers available in the locations on the map (please see below). Depending on your preference, you can implement either a Layer 2 or Layer 3 solution. Additionally, you will need to subscribe to the cloud provider's service. For Microsoft, please contact your representative directly.
Microsoft Azure ExpressRoute Service Locations
Connecting to Microsoft Azure ExpressRoute
Internet2 offers both a layer 2 and a layer 3 connectivity option.
Layer 2 Azure ExpressRoute Connection
The layer 2 option consists of layer 2 VLANs connecting the campus routers to routers inside the Microsoft Azure cloud. The campus and Microsoft exchange routes via BGP. Add some stuff about stacked tags...
Layer 3 Azure ExpressRoute Connection
With the layer 3 option, Internet2 creates an L3VPN unique for each campus. The L3VPN BGP peers with Microsoft Azure and the campus, in turn, BGP peers with the L3VPN. The regional network, if any, passes the VLANs through between the campus and Internet2. One advantage of this option will be discussed further below.
Additional Layer 3 Connectivity
Another advantage of the Layer 3 option is the possibility of connecting to other Microsoft regions and other cloud service providers. In this case, the Internet2 L3VPN peers with the additional sites/providers and the campus simply continues to peer with the L3VPN over the existing VLANs. Doing this with Layer 2 would require possibly many additional VLANs connecting the campus to provider routers.
For service information and fees, send email to Cloudconnect_request@internet2.edu.
For information about access to Azure ExpressRoute please contact Cloudconnect_request@internet2.edu for more information.
Azure Express Route FAQs
What are the primary differentiators between the NET+ AWS agreement through DLT and the newly offered Cloud Connect service?
What is the implementation process for Microsoft Azure ExpressRoute?
How do I decide between a Layer 2 and Layer 3 solution?
- Conceptually simpler/straightforward when thinking about each cloud provider. Institutions configure BGP directly with cloud providers over the VLANs and have complete control of which addresses are advertised or accepted on each peering. Addresses could even be re-used by different providers.
- Paths of VLANs can be engineered to be completely separate physically.
- One or more VLANs per provider. Additional providers, provider locations, or services require additional VLANs. The number of VLANs can become large, with commensurate complexity, as an end-user (school) grows to multiple providers with multiple peerings.
- Multiple peerings from an institution are required only if resiliency is needed.
- Adding cloud providers or other network-connected services (e.g., caches) that are specific to an institution leverage the existing L3VPN peering to the school and don’t require new paths to be configured to the institution.
- Handles private addressing, and the data center extension case
- Allows for provider-to-provider communication specific to an institution to occur over Internet2 and using private addresses, if necessary, eliminating the need to have traffic between providers hairpin through the campus.
- Control is through BGP peering with the L3VPN, which makes it harder to control precisely which addresses are advertised to or used by each cloud service
How does the data egress waiver work?
Microsoft Azure: https://azure.microsoft.com/en-us/blog/azure-egress-fee-waiver-for-the-academic-community/
How do I get started?
How does one acquire the service key?
-ServiceProviderName "Internet2" -PeeringLocation "Washington DC"
Included below are links to