Microsoft Azure ExpressRoute
Cloud connectivity guide: On Demand
Find on this page:
Azure ports
Azure dedicated ports
Back to:
Connect to the cloud
Related content:
Cloud Access On Demand
Azure Express Route
Discover more:
Get a quote
Chat to us
Arrange a demo
Microsoft Azure ExpressRoute Overview
Microsoft Azure ExpressRoute provides private and reliable network connectivity to the Azure cloud across a dedicated private connection – allowing customers to bypass the public internet.
There are two ExpressRoute offerings available via the Colt On Demand platform – hosted ports and dedicated ports (for "ExpressRoute Direct").
Hosted ports enable layer 2 connectivity to the Azure cloud across existing interconnects between the Colt and Azure networks meaning that connectivity to the Azure cloud can be established immediately. Under the hosted model, a single ExpressRoute service is supported - based on either one or two BGP (IP) peering per connection (i.e. Private and/or Microsoft peering).
Dedicated ports (for ER Direct) allow customers to establish multiple ExpressRoute services on the same physical port, which in turn allows multiple BGP peerings to be supported (2 peerings per ExpressRoute service). On Demand circuit connections can be established in near real time, but a physical cross connect is required between the ExpressRoute Direct port and the Colt network.
ExpressRoute connectivity is provided with dual resilience by default, with a primary and secondary component. Customers can choose to use both the primary and secondary components, or the primary only.
The primary and secondary components each contain two peerings (four peerings in total : 2 primary + 2 secondary) are configured via the Azure portal. The two peerings within each ER service are as follows:
- Azure Private peering for Virtual Networks (VNETs), accessed via private IPs
- Microsoft Peering for connectivity to Office 365, Dynamics 365, services access via Public IPs
Hosted ExpressRoute services
Hosted Azure ExpressRoute ports
Customers need to first request an ExpressRoute circuit via the Microsoft Azure portal, using their Azure subscription. Customers will need to select an ExpressRoute PoP (e.g. Amsterdam, London or Dublin) and a ER circuit bandwidth (50Mbps-10Gbps).
The ExpressRoute circuit bandwidth determines the maximum bandwidth of the On Demand connection – for example, a 100Mbps ER circuit supports connection speeds up to 2 x 100Mbps (100Mbps primary, 100Mbps secondary).
When the request is placed via the Azure portal, customers will receive a Service Key. Note that the Microsoft billing starts as soon as the Service Key is generated.
Microsoft ExpressRoute On Demand cloud ports are created by selecting a region, PoP location & bandwidth, entering the Service Key and allocating a port name.
Connections to Azure ExpressRoute ports
Microsoft Azure ExpressRoute is resilient by default. Customers can choose to deploy twin connections to support an active-active topology, or a single connection. Where twin circuit connections are required, customers can terminate them on a single port or two separate ports.
For additional resilience, customers can select ports at two separate locations within the same physical building or for maximum resilience two separate physical buildings in the same country (for example, two separate data centres). Please refer to the Resilience section for further details.
Multiple pairs of connections to a hosted ExpressRoute port is NOT a supported configuration – the Microsoft ExpressRoute model is based on a single ExpressRoute instance per circuit connection. Customers who require multiple connections should select the ExpressRoute Direct option.
The standard VLAN modes apply at both customer A end ports, which is summarised in the below table:
| Application | ||
|---|---|---|
| Open port | Circuit 1 / 2 occupies whole A end port | Port based handover, 2 Microsoft “inner” VLANs are passed transparently across the Colt network to the Microsoft ExpressRoute PoP. Customer is responsible for allocating inner VLANs |
| Add VLAN | Customer uses QinQ to wrap the three “inner” VLANs in a single “outer” VLAN | VLAN added on egress, towards customer (in translation mode). VLAN can be S-VLAN (88a8) or C-VLAN (8100). Standard H&S config. VLAN contains three “inner” VLANs. Customer needs to map inner VLANs to “outer” tag. Inner VLANs must use 8100 Ethertype |
ExpressRoute hosted configuration
The below diagram summarises the configuration, which is identical for both circuit connections in the 1+1 resilient pair.
Each On Demand circuit connection supports the two ExpressRoute BGP peerings (Private, Microsoft). Each peering is identified by an “inner VLAN” .
It is important to note the following:
- The VLANs assigned by Azure are the customer’s responsibility and are not assigned or modified by Colt.
- The customer must assign the same VLAN ID for both the primary and secondary peerings (for example, private peering VLAN 801 for primary & secondary., Microsoft peering 802.)
- Where the Azure circuit connections need to co-exist with other circuit connections, the customer router MUST be capable of supporting QinQ/double tagging - i.e. the ability to assign an outer VLAN tag for the handover between the customer router and On Demand port and inner VLAN tags for the respective private/Microsoft peerings encapsulated within the outer tag.
End-to-end customer journey (hosted ER port)
The customer journey to establish end to end connectivity to a Microsoft ExpressRoute is illustrated below:
Dedicated port services (via ExpressRoute Direct)
Microsoft Azure Dedicated Ports ("ExpressRoute Direct")
Customers need to first request an ExpressRoute Direct service via the Microsoft Azure portal, using their Azure subscription. Customers will need to select an ExpressRoute PoP (e.g. Amsterdam, London or Dublin) and a ER Direct bandwidth (10Gbps/100Gbps).
When the request is placed via the Azure portal, customers will receive an LOA.
Microsoft ExpressRoute On Demand cloud ports are requested in the On Demand portal by selecting a PoP location & bandwidth, uploading the ExpressRoute Direct Letter of Authorisation (LOA) and allocating a port name.
Connections to ExpressRoute Direct ports
Connections to ExpressRoute Direct dedicated ports follow the same general principles as hosted connections (please refer to the section above).
The following should be noted:
- The default scenario is for a single pair of connections (primary/secondary - each supporting two L3 peerings) in transparent mode ("open port") at the A and B ends
- Customers can request multiple On Demand connections if required. A single connection (primary) is also a supported scenario
- Customers can also request multiple ExpressRoute services on the same ExpressRoute Direct port. A single On Demand circuit connection is able to support multiple ExpressRoute services, provided customers manage the VLAN configuration on each individual peering
ExpressRoute Direct configuration
The below diagram summarises the configuration, which is identical for both circuit connections in the 1+1 resilient pair. The example below shows two ExpressRoute services on the same ER Direct port.
Each On Demand Ethernet circuit connection is capable of supporting multiple ExpressRoute services via the same ER Direct port, and each ExpressRoute service supports 2 BGP peerings (Private, Microsoft). Each peering is identified by an “inner VLAN” , as per the hosted model.
End-to-end customer journey (ER Direct port)
The customer journey to establish end to end connectivity to an ExpressRoute Direct port is illustrated below:
Want to learn more about On Demand?
A guide to On Demand
Colt On Demand supports point to point connections between data centres and enterprise offices, private connections to the public cloud and internet connectivity. Visit the On Demand solution page to discover more about On Demand and how it can help you find the right pathway for your business.
