When sharing Azure ExpressRoute among different tenants, the process for routing traffic coming from on-premises is as follows

Anonymous
2024-02-08T15:27:54.9466667+00:00

I would like to know about the method of processing the routing of traffic coming from on-premises. The configuration case I am considering is as follows. ・Tenant A and Tenant B are sharing an ExpressRoute. ・The ExpressRoute circuit is located in Tenant A, and Tenant B shares the ExpressRoute using the service key issued by Tenant A. In such a case, how is the traffic coming from on-premises processed? I believe that the traffic is processed in the following manner. Please correct me if my understanding is incorrect. First, the traffic coming from on-premises passes through an edge router and is sent to the ExpressRoute circuit. After that, the traffic enters Azure via Tenant A's ExpressRoute circuit and reaches Tenant A's ExpressRoute gateway. Subsequently, I believe the traffic processed by Tenant A's ExpressRoute gateway is then sent to Tenant B's ExpressRoute gateway. " believe that traffic entering Tenant A's ExpressRoute Gateway from on-premises can be sent to Tenant B's ExpressRoute Gateway without the need for additional routing configurations. If any additional settings are required, I would appreciate it if you could inform me.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,433 questions
Azure ExpressRoute
Azure ExpressRoute
An Azure service that provides private connections between Azure datacenters and infrastructure, either on premises or in a colocation environment.
340 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Luis Arias 5,901 Reputation points
    2024-02-08T21:15:43.3733333+00:00

    Hi rufi,

    Your understanding of traffic flow is correct. The traffic from on-premises does indeed pass through an edge router and is sent to the ExpressRoute circuit. It then enters Azure via Tenant A’s ExpressRoute circuit and reaches Tenant A’s ExpressRoute gateway.

    On-Premises
    |
    | (Edge Router)
    |
ExpressRoute POP
    |         |
    |         |
Tenant A    Tenant B
(ERCircuit) (ERCircuit)
    |         |
    |         |
  Azure 	  Azure
(Tenant A)  (Tenant B)

    Therefore, the traffic coming from on-premises, passing through an edge router, and being sent to the ExpressRoute circuit in Tenant A. The traffic then enters Azure via Tenant A’s ExpressRoute circuit and reaches Tenant A’s ExpressRoute gateway. After that, the traffic is routed back to the ExpressRoute Point of Presence (POP), before returning back to Azure and reaching Tenant B.

    However, it’s important to note that traffic going between your two tenants does not go direct. It will route all the way back to your ExpressRoute Point of Presence (POP), before returning back to Azure. This might not be ideal if latency is important, depending on where your POP is located

    References:

    Let me know if this solve your doubts,

    Luis

    0 comments