Azure ExpressRoute ASN: A Comprehensive Overview

Azure ExpressRoute ASN is a critical component of Microsoft's cloud networking solution. It allows you to establish a dedicated, high-bandwidth connection to Azure.

ExpressRoute ASN is a 32-bit autonomous system number (ASN) that uniquely identifies your ExpressRoute circuit. This ASN is used to establish BGP sessions with Microsoft's network.

To set up ExpressRoute ASN, you'll need to obtain an ASN from Microsoft and configure it on your network devices. This typically involves updating your router configurations and ensuring that your ASN is properly advertised to Microsoft's network.

A well-configured ExpressRoute ASN is essential for ensuring secure and reliable connectivity to Azure.

To set up an ExpressRoute circuit, you'll need to create one in the Azure portal. From the Microsoft Azure portal, use the search bar to find the ExpressRoute circuits page.

Click Create to begin the process. Under Basics, you'll need to complete several fields to get started.

You can optionally add name/value pairs under Tags to organize your resources. This is useful for noting location and environments.

When you're ready, review your selections and click Create. It might take a few moments for your circuit to deploy.

Once your circuit is deployed, click Go to resource to access the ExpressRoute circuit overview page. From here, you can locate the service key and copy it to your clipboard.

Note that the service key can only be used twice: once for the primary connection, and again for the secondary connection. You cannot reuse a service key across multiple regions or recycle them between circuits.

You can choose between three SKUs for your Express Route circuit: Local, Standard, and Premium. The Local SKU allows you to use only VNETs in the same Azure Region as the circuit peering.

The Standard SKU allows you to use VNETs in the same geopolitical region, but not in a different region. For example, if your peering point is in Paris, you can use VNETs in France Central and West Europe, but not in East US.

The Premium SKU allows you to connect VNETs in any Azure region, and your on-premise network can advertise up to 10,000 routes. This is in contrast to the Local and Standard SKUs, which can only advertise up to 4,000 routes.

The billing model for your Express Route circuit can be either metered or unmetered, depending on the amount of data you expect to route from Azure to your on-premises network.

Azure ExpressRoute offers a robust set of features that make it an attractive option for businesses looking to connect their on-premises networks to Microsoft Azure services.

ExpressRoute connections enable access to Microsoft Azure services and Microsoft Office 365 services from your on-premises network. This allows you to seamlessly integrate your cloud and on-premises infrastructure.

You can choose from various bandwidth options, including 50 Mbps, 1 Gbps, and 10 Gbps, depending on your needs. ExpressRoute Direct provides dual 100Gbps connectivity that supports Active/Active scale connectivity.

ExpressRoute connections provide connectivity to all regions within a geopolitical region. To extend connectivity across geopolitical boundaries, you can enable ExpressRoute Premium.

ExpressRoute Global Reach allows you to exchange data across your on-premises environments by connecting it to your ExpressRoute circuits. This feature is particularly useful for businesses with multiple locations.

Here are the different SKU options for ExpressRoute:

The choice of SKU depends on your specific needs and requirements. Be sure to estimate the number of routes that will be advertised by your on-premises network and from which Azure region VNETs will peer to the ExpressRoute Circuit.

Azure uses AS 12076 for Azure public, Azure private and Microsoft peering.

Microsoft has reserved ASNs from 65515 to 65520 for internal use.

Both 16-bit and 32-bit AS numbers are supported.

There are no requirements around data transfer symmetry.

Azure Pricing is a crucial aspect of configuring your Azure setup. Azure ExpressRoute Pricing is based on a monthly fee, regardless of usage.

Billing for ExpressRoute begins when a service key is issued to the customer. This means you'll be charged for the monthly fee even if you don't use the service.

If you cancel the service during the month, you'll only be charged for the hours used. This is a key consideration when planning your Azure setup.

There are different billing models for ExpressRoute, and understanding these can help you save money in the long run.

To establish a connection to Azure, you'll need to delegate the connectivity to an operator, like Equinix or BT, to one of the Azure Point of Presence (PoP). These PoPs are not necessarily in an Azure Region, but rather locations where the Microsoft backbone is available.

The operator will connect your network to Azure using two routers, supporting BGP sessions, two IPv4 /30 peering for the peering, an AS number for your network, a VLAN ID to establish the peering, one or more prefix to announce to the Azure side, and to choose the bandwidth (from 50 Mbps to 10 Gbps).

You'll need to choose the right SKU and billing model for your Express Route Circuit, depending on the amount of data you expect to route from Azure to your on-premises network. The Local SKU allows you to use only VNETs in the same Azure Region as the circuit peering, while the Standard SKU allows you to use VNETs in the same geopolitical region. The Premium SKU allows you to connect VNETs in any Azure region.

Here are the available SKUs for Express Route Circuit:

Creating a virtual network gateway for ExpressRoute is a crucial step in setting up your peering and connectivity.

First, consider whether you want to utilize Azure's zone-redundant gateways, which can provide high availability and redundancy for your ExpressRoute connections.

To create a virtual network gateway, start by using the search bar at the top of the Azure portal to find and select Virtual network gateways.

Click the "Add" button to begin the creation process.

Next, complete the following fields under the "Basics" section:

* The steps to create a virtual network gateway are straightforward:

You can then click "Next" to add tags (optional) and finally click "Create" to complete the process.

Route aggregation and prefix limits are crucial for a smooth ExpressRoute experience. ExpressRoute supports up to 4000 IPv4 prefixes and 100 IPv6 prefixes advertised to Microsoft through the Azure private peering.

To give you some context, I've worked with several companies that have exceeded these limits, resulting in dropped BGP sessions. The BGP session is dropped if the number of prefixes exceeds the limit.

ExpressRoute accepts up to 200 prefixes per BGP session for Azure public and Microsoft peering. This can be a challenge if you're working with a large number of prefixes.

The ExpressRoute premium add-on can increase the IPv4 prefix limit to 10,000. This can be a game-changer for companies with a high number of prefixes.

BGP Community support in National Clouds is a key aspect of connectivity. Azure Regions in the US Government and China have specific BGP community values.

In the US Government, you'll find Azure Regions with unique BGP community values, such as US Gov Arizona with 12076:51106, and US Gov Virginia with 12076:51105. These values are specific to each region.

Other Azure Regions in the US Government include US Gov Iowa with 12076:51109, US Gov Texas with 12076:51108, US DoD Central with 12076:51209, and US DoD East with 12076:51205.

In China, you'll find Azure Regions such as China North with 12076:51301, China East with 12076:51302, China East 2 with 12076:51303, China North 2 with 12076:51304, and China North 3 with 12076:51305.

Here's a list of the BGP community values for Azure Regions in the US Government and China:

Microsoft Peering is a crucial aspect of connecting to Microsoft cloud services, including Microsoft 365 and Office 365. To set up Microsoft peering, you must use public IP addresses that you own, which can be verified through Routing Internet Registries and Internet Routing Registries.

You must use a unique /29 (IPv4) or /125 (IPv6) subnet or two /30 (IPv4) or /126 (IPv6) subnets to set up the BGP peering for each peering per ExpressRoute circuit. If a /29 subnet is used, it's split into two /30 subnets, with the first /30 subnet used for the primary link and the second /30 subnet used for the secondary link.

To validate your IP address and AS number, ensure they are registered to you in one of the following registries: ARIN, APNIC, AFRINIC, LACNIC, RIPENCC, RADB, or ALTDB. If your prefixes and AS number aren't assigned to you in these registries, you need to open a support case for manual validation.

A Private AS Number is allowed with Microsoft Peering, but requires manual validation. In addition, we remove private AS numbers in the AS PATH for the received prefixes. As a result, you can't append private AS numbers in the AS PATH to influence routing for Microsoft Peering.

Here are the registries where you must register your IP address and AS number:

ExpressRoute supports up to 4000 IPv4 prefixes and 100 IPv6 prefixes advertised to Microsoft through the Azure private peering. This limit can be increased up to 10,000 IPv4 prefixes if the ExpressRoute premium add-on is enabled.

You must set up both BGP sessions for Microsoft's availability SLA to be valid.