ExpressRoute common customer questions answered

  • Article

 

I was asked by a higher education customer in Arizona some questions about ExpressRoute for their Azure subscriptions so I posted them here:

 

 

image

ExpressRoute circuit diagram showing Azure Public, Azure Private peering and Microsoft peering to other Microsoft cloud services like Intune, CRM Online, Office 365, etc..

 

Can you have both ASM (classic) and ARM VNets connected to a single ER circuit?

Good news here is the answer is yes provided you enable ‘AllowClassicOperations’ on the ARM ExpressRoute circuit. See the PowerShell steps here under ‘Enable for Both models’ section.

Here is a PowerShell sample to enable for both ASM and ARM VNets over an ARM ExpressRoute circuit:

 

# Get details of the ExpressRoute circuit

$ckt = Get-AzureRmExpressRouteCircuit -Name "DemoCkt" -ResourceGroupName "DemoRG"

#Set "Allow Classic Operations" to TRUE

$ckt.AllowClassicOperations = $true

# Update circuit

Set-AzureRmExpressRouteCircuit -ExpressRouteCircuit $ckt

 

Can I use a single ExpressRoute circuit with multiple subscriptions?

Yes, you can leverage a single ER circuit with as many subscriptions as VNets supported by the ER circuit. The standard ER circuit allows for a maximum of 10 VNets so if you have 1 VNet per subscription you can support 10 subscriptions.

Another example is If you have a 10Gbps ER circuit with the Premium add-on and you have 20 subscriptions with 5 VNets each this configuration can support 20 subscriptions on a single ExpressRoute circuit since the max VNets for this configuration is 100 VNets (see table below). See here and here for more information.

image

Single ExpressRoute circuit example connecting to several Azure subscriptions

 

image

Table of supported VNets Standard vs Premium add-on ExpressRoute circuit

 

 

Can I get a full 10Gbps ExpressRoute throughput support?

Yes, there is a new offering called the Ultra Performance ExpressRoute GW which allows for a full 10Gbps of throughput. See here for more details.

 

Can I use the new VNet peering with ExpressRoute?   

Yes, you can leverage the new VNet peering option with ExpressRoute. This is very useful feature since it can help to provide support for more than the default 10 VNet limit placed on the standard ExpressRoute circuit by leveraging true meshed VNets via VNet peering.

 

image

 

Can I combine S2S VPN BGP with ExpressRoute BGP routing?

You cannot currently combine S2S VPN BGP with ER BGP routing.

 

image

S2S VPN BGP example

 

image

ExpressRoute BGP example

 

Can I use QoS with ExpressRoute?

Yes, you can with specific Microsoft peering traffic over ExpressRoute. There are specific DSCP tags you can enable for things like Skype traffic, etc. See here for more details.

 

Can I encrypt all ExpressRoute traffic natively?

Currently this is not possible on an ExpressRoute circuit without an additional network VPN/encryption appliance on premises paired with a network virtual VPN/encryption appliance hosted in Azure.

Can I have both ExpressRoute ARM and S2S VPN as a failover connection?

image

The answer is yes this is possible and is a good best practice for Azure Private peering traffic. The Azure Public peering traffic can failover to a standard Internet link. See more on the configuration here.

 

Are there Egress charges for ExpressRoute?

Yes, if you use the ‘metered plan’ there is an egress cost of about 2 cents per GB. If you use the ‘unlimited plan’ there is not charge for egress. The education Internet egress waiver does not apply to ExpressRoute circuits. See here for more pricing details.

 

For more on ExpressRoute see here, a useful ER FAQ here, and detailed ER documentation see here.