ExpressRoutes from more than one datacenter

Ryan Brown 21 Reputation points
2022-01-05T03:55:25.083+00:00

Hello everyone,

I'm working on a design for a hybrid cloud setup that will consist of our applications running out of two Azure regions and needing to communicate, fairly chattily back to our two datacenters. However, our one DC is really just a failover but a necessary one. My plan is to implement an ExpressRoute to our primary with VPN failover. However, I'm unsure how to figure the second DC in this picture. I'm wondering what the recommended configuration for that would look like? I presume it's one ExpressRoute and VPN to each DC but want to make sure there isn't a better way to go about it.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,436 questions
Azure ExpressRoute
Azure ExpressRoute
An Azure service that provides private connections between Azure datacenters and infrastructure, either on premises or in a colocation environment.
342 questions
0 comments
Accepted answer
  1. GitaraniSharma-MSFT 49,261 Reputation points Microsoft Employee
    2022-01-05T11:20:20.993+00:00

    Hello @Ryan Brown ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    If I understand correctly, you have 2 Azure Vnets ( in 2 different regions) and 2 on-premise data centers and would like to implement DR with 1 ExpressRoute and 1 VPN and not with 2 ExpressRoute circuits.

    If that is case, then the approach needed would be the combination of S2S VPN as a failover path for ExpressRoute + S2S VPN to connect to sites not connected through ExpressRoute as shown in the below doc:
    https://video2.skills-academy.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager#configuration-designs

    The architecture would be as below:

    DC1 Primary connections:
    On-premise DC 1 <---ExR---> Azure Region 1
    On-premise DC 1 <---ExR---> Azure Region 2
    DC1 VPN failover connections:
    On-premise DC 1 <---S2S---> Azure Region 1
    On-premise DC 1 <---S2S---> Azure Region 2

    DC2 Primary connections:
    On-premise DC 2 <---S2S---> Azure Region 1
    On-premise DC 2 <---S2S---> Azure Region 2

    For this setup, you would need 1 ExpressRoute circuit connection from DC 1 to both Azure regions and 2 VPN gateways setup in each azure region and each of them would have 2 connections to DC 1 and DC 2 respectively OR 1 VPN gateway in one Azure region with Vnet peering to the other region with the gateway transit feature enabled.

    If you do not want VPN failover for On-premise DC 1 and just would like to connect the Azure regions to your On-premise DC 2 which would be the failover in this case, then the architecture would be as below:

    DC1 connections:
    On-premise DC 1 <---ExR---> Azure Region 1
    On-premise DC 1 <---ExR---> Azure Region 2

    DC2 connections:
    On-premise DC 2 <---S2S---> Azure Region 1
    On-premise DC 2 <---S2S---> Azure Region 2

    For this setup, you would need 1 ExpressRoute circuit connection from DC 1 to both Azure regions and 2 VPN gateways setup in each azure region connecting to DC 2 OR 1 VPN gateway in one Azure region with Vnet peering to the other region with the gateway transit feature enabled connecting to DC 2.

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest