Configuring Private Peering for an ExpressRoute Circuit in Virtual WAN

ares 206 Reputation points
2024-03-07T14:45:42.0366667+00:00

In my Virtual WAN, I created an ExpressRoute circuit and enabled private peering by adding two /30 subnets to be used with one IP for the on-premises gateway and one IP for the Azure gateway. However, from the Azure side, do I only need to add the two /30 subnets? Where are the two private IPs configured? For example, for the primary link, I have:

x.x.x.x/30

First IP:

x.x.x.1/32 on the on-premises gateway

x.x.x.2/32 on the Azure gateway

But who will configure these two IPs? Should I put them on the Azure side, or do I only need to add the /30 subnets from the Azure portal?

Azure ExpressRoute
Azure ExpressRoute
An Azure service that provides private connections between Azure datacenters and infrastructure, either on premises or in a colocation environment.
340 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. ChaitanyaNaykodi-MSFT 24,231 Reputation points Microsoft Employee
    2024-03-08T05:42:27.16+00:00

    @ares

    Thank you for reaching out.

    I understand you have questions regarding private peering for Azure Express Route.

    However, from the Azure side, do I only need to add the two /30 subnets? Where are the two private IPs configured?

    Yes, you just need to add two /30 subnets. As described here One subnet is used for the primary link, while the other will be used for the secondary link. From each of these subnets, you assign the first usable IP address to your router as Microsoft uses the second usable IP for its router.

    User's image

    But who will configure these two IPs? Should I put them on the Azure side, or do I only need to add the /30 subnets from the Azure portal?

    You just need to add two /30 subnets. For each of the /30 subnets, you must use the first IP address of the /30 subnet for your router. Microsoft uses the second IP address of the /30 subnet to set up a BGP session.

    If a /29 subnet is used, it's split into two /30 subnets.

    You can go through this example here for additional details.

    For example

    • 192.168.100.128/30 is assigned to link1, with provider using 192.168.100.129 and Microsoft using 192.168.100.130.
    • 192.168.100.132/30 is assigned to link2, with provider using 192.168.100.133 and Microsoft using 192.168.100.134.

    Hope this helps. Please let me know if you have any additional questions. Thank you!

    0 comments