2nd Expressroute circuit to different building?

Shane DT 60 Reputation points
2023-11-29T18:52:53.6033333+00:00

Hello Everyone,

We have ExpressRoute (ER) currently configured and working fine at building #1. The ER uses the Any-to-Any (IPVPN) method.

The ISP just provisioned the second ER (Any-to-Any IPVPN) for our building #2, On Azure; what do we need to do to configure the second ER on Azure so they (1st ER and 2nd ER circuits) can be working active/active and not create route asymmetric? And what are your recommendations regarding my case with 2 buildings?

The distance between build #1 and building #2 is approximately 1,700 miles.

Thanks.

Azure ExpressRoute
Azure ExpressRoute
An Azure service that provides private connections between Azure datacenters and infrastructure, either on premises or in a colocation environment.
340 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JimmySalian-2011 42,066 Reputation points
    2023-11-29T21:25:48.8333333+00:00

    Hi Shane,

    I will suggest you to review the design architecture over here and it should give you heads up on the setup - https://video2.skills-academy.com/en-us/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering#large-distributed-enterprise-network

    Also check the FAQs for the Multiple express route circuit setup - https://video2.skills-academy.com/en-us/azure/expressroute/expressroute-faqs

    Hope this helps.

    JS

    ==

    Please Accept the answer if the information helped you. This will help us and others in the community as well.

    0 comments
  2. ChaitanyaNaykodi-MSFT 24,231 Reputation points Microsoft Employee
    2023-11-30T02:20:31.7833333+00:00

    @Shane DT

    Thank you for reaching out.

    Based on my understanding of your question above you currently have an ExpressRoute (ER) configured and working at building #1 using the Any-to-Any (IPVPN) method. The ISP has provisioned a second ER (Any-to-Any IPVPN) for building #2 on Azure. You need to know how to configure the second ER on Azure so that both ER circuits can work active/active and not create route asymmetric.

    This article here describes the similar scenario as above and describes how to prevent suboptimal routing from customer to Microsoft and from Microsoft to customer.

    User's image

    For routing from Customer to Microsoft you can use BGP Communities. To optimize routing for both office users, you need to know which prefix is from Azure US West and which from Azure US East. We encode this information by using BGP Community values. We've assigned a unique BGP Community value to each Azure region, for example 12076:51004 for US East, 12076:51006 for US West. Now that you know which prefix is from which Azure region, you can configure which ExpressRoute circuit should be preferred.

    For routing from Customer to Microsoft you can use AS PATH prepending, as we support BGP AS Path prepending, you can configure the AS Path for your prefix to influence routing. With this design, if one ExpressRoute circuit is broken, Exchange Online can still reach you via another ExpressRoute circuit and your WAN.

    While the examples in the article are for Microsoft and Public peerings, we do support the same capabilities for the Private peering. The article shared by Jimmy above is also a great reference in this scenario.

    To prevent suboptimal routing between virtual networks you can assign higher weights to specific VNET connection and as higher weight is preferred. You know where the VNets and the circuits are, you can tell us which path each VNet should prefer.

    User's image

    Hope this helps! Please let me know if you have any additional questions. Thank you!

    ​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments