SALES: 1-800-867-1380

Configure an ExpressRoute Connection through an Exchange Provider

Updated: August 12, 2014

To configure your ExpressRoute connection through an exchange provider, you’ll need to complete multiple steps in the proper order.
These instructions will help you do the following:

  • Create and Manage ExpressRoute circuits

  • Configure routes for ExpressRoute circuits

  • Link a Virtual Network to the ExpressRoute circuit

Before you begin configuration, verify that you have met the following prerequisites:

  • Subscription in Microsoft Azure

  • Latest version of Azure PowerShell

  • The following Virtual Network requirements:

    • A set of IP address prefixes to be used in virtual networks in Azure (only IP addresses in RFC1918 will be supported)

    • A set of IP prefixes on-premises (can contain public IP addresses)

    • The Virtual Network Gateway must be created with a /28 subnet.

    • Additional set of IP prefixes (/28) that is outside of the virtual network. This will be used for configuring routes.

    • AS number for your network. For more information about AS numbers, see Autonomous System (AS) Numbers.

    • MD5 hash if you need an authenticated BGP session

    • VLAN IDs on which traffic will be sent. You will need 2 VLAN IDs for each circuit: one for virtual networks and the other for services hosted on public IP addresses.

  • From the exchange provider:

    • Two 1 Gbps / 10 Gbps cross-connects to the Exchange provider’s Ethernet Exchange.

    • A pair of routers capable of supporting BGP for routing

Windows PowerShell is a powerful scripting environment that you can use to control and automate the deployment and management of your workloads in Azure. For more information please refer to the PowerShell documentation in MSDN.

  1. Import the PowerShell module for ExpressRoute.

    Import-Module 'C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ServiceManagement\Azure\Azure.psd1'
    Import-Module 'C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ServiceManagement\Azure\ExpressRoute\ExpressRoute.psd1' 
    
    

    The package contains the following cmdlets:

    • Get-AzureDedicatedCircuitServiceProvider – lists all connectivity services providers, their locations and supported bandwidth

    • Get-AzureDedicatedCircuit – lists all circuits created in this subscription and their properties

    • Get-AzureDedicatedCircuitLink – lists all circuit links for a particular circuit

    • New-AzureDedicatedCircuit – to create a new dedicated circuit

    • New-AzureDedicatedCircuitLink – to link a circuit to a vnet

    • Remove-AzureDedicatedCircuit – to delete a circuit

    • Remove-AzureDedicatedCircuitLink – to unlink a vnet from a circuit

    • Get-AzureBGPPeering – to list details of the bgp session (Only for ExpressRoute-Direct circuits)

    • New-AzureBGPPeering – to create a new bgp session for a circuit (Only for ExpressRoute-Direct circuits)

    • Remove-AzureBGPPeering – to delete a bgp session for a circuit (Only for ExpressRoute-Direct circuits)

    • Set-AzureBGPPeering – to update bgp parameters for a circuit (Only for ExpressRoute-Direct circuits)

  2. Get the list of providers, locations, and bandwidths supported.

    Before creating a circuit you will need a list of service providers, supported locations, and bandwidth options for each location. The following PowerShell cmdlet returns this information which you’ll use in later steps.

    PS C:\> Get-AzureDedicatedCircuitServiceProvider
    

    The information returned will look similar to the example below:

    PS C:\> Get-AzureDedicatedCircuitServiceProvider
    
    Name                                                                Type DedicatedCircuitLocations                                       DedicatedCircuitBandwidths                                     
    ----                                                                ---- -------------------------                                       --------------------------                                     
    at&t                                                                Telco {Silicon Valley, Washington DC}                               {10, 50, 100, 500, 1024}                                          
    equinix                                                             IXP {Silicon Valley, Washington DC}                                 {100, 500, 1024}                                               
    
    
  3. Make a request for a service key and pass it to your exchange provider. You will use a PowerShell cmdlet to make this request. For this example we’ll use Equinix as the exchange service provider and will specify a 1Gbps (1024Mbps) ExpressRoute circuit in Silicon Valley. If you are using a different provider and different settings, substitute that information when making your request.

    Below is an example request for a new service key:

    #Creating a new circuit
    $Bandwidth = 1024
    $CircuitName = "EquinixSVTest"
    $ServiceProvider = "Equinix"
    $Location = "Silicon Valley"
    
    New-AzureDedicatedCircuit -CircuitName $CircuitName -ServiceProviderName $ServiceProvider -Bandwidth $Bandwidth -Location $Location
    
    #Getting service key
    Get-AzureDedicatedCircuit
    
    

    The response will be something similar to the example below:

    Bandwidth                        : 1024
    CircuitName                      : EquinixSV
    Location                         : Silicon Valley
    ServiceKey                       : *********************************
    ServiceProviderName              : equinix
    ServiceProviderProvisioningState : NotProvisioned
    Status                           : Enabled
    
    

    You can retrieve this information at any time using the Get-AzureCircuit cmdlet. Making the call without any parameters will list all circuits. Your Service Key will be listed in the ServiceKey field.

    PS C:\> Get-AzureDedicatedCircuit
    
    
    Bandwidth                        : 500
    CircuitName                      : EquinixSV
    Location                         : Silicon Valley
    ServiceKey                       : 00-0000-0000-0000-0000000000
    ServiceProviderName              : equinix
    ServiceProviderProvisioningState : NotProvisioned
    Status                           : Enabled
    
    
  4. Send the Service Key to your exchange provider. Your service provider will use the Service Key to enable their end of the connection.

  5. Periodically check the status and the state of the circuit key. This will allow you to know when your provider has enabled your circuit. Once the circuit has been enabled, the ServiceProviderProvisioningState will display as Provisioned as shown in the example below.

    PS C:\> Get-AzureDedicatedCircuit
    
    
    Bandwidth                        : 500
    CircuitName                      : EquinixSV
    Location                         : Silicon Valley
    ServiceKey                       : 00-0000-0000-0000-0000000000
    ServiceProviderName              : equinix
    ServiceProviderProvisioningState : Provisioned
    Status                           : Enabled
    
    
  6. Configure routing for virtual network. We use BGP sessions to exchange routes and also make sure that we have high availability. Use the example below to create a BGP session for your circuit. Substitute your own values when creating your session.

    #Setting up a bgp session
    $ServiceKey = "<your key>"
    
    $PriSN = "<subnet/30 you use IP #1 and Azure uses IP #2>"
    $SecSN = "<subnet/30 use IP #1 and Azure uses IP #2>"
    $ASN = <your ASN>
    $VLAN = <your vlan ID>
    
    #Create a new bgp peering session
    New-AzureBGPPeering -ServiceKey $ServiceKey -PrimaryPeerSubnet $PriSN -SecondaryPeerSubnet $SecSN -PeerAsn $ASN VlanId $VLAN –AccessType Private
    #Get BGP parameters and Azure ASN
    Get-AzureBGPPeering -ServiceKey $ServiceKey –AccessType Private
    #Update BGP peering config
    Set-AzureBGPPeering  -ServiceKey $ServiceKey -PrimaryPeerSubnet $PriSN -SecondaryPeerSubnet $SecSN -PeerAsn $ASN -VlanId $VLAN –AccessType Private
    #Removing BGP peering config
    Remove-AzureBGPPeering -ServiceKey $ServiceKey –AccessType Private
    
    

    You can get routing information for a circuit using Get-AzureBGPPeering by providing the service key. You can also update the BGP settings using Set-AzureBGPPeering. The BGP session will not come up when this command is run. The circuit must be linked with at least one VNet to get the BGP session up.

    The response below will provide you with the information that you will need for the next steps. Use the peer ASN to configure BGP on your router’s VRFs.

    PS D:\Azure\Tools\RDFEClient> New-AzureBGPPeering -ServiceKey $ServiceKey -PrimaryPeerSubnet $PriSN -SecondaryPeerSubnet $SecSN -PeerAsn $ASN -VlanId $VLAN –AccessType Private
    
    
    AzureAsn            : 12076
    PeerAsn             : 65001
    PrimaryAzurePort    : EQIX-SJC-06GMR-CIS-1-PRI-A
    PrimaryPeerSubnet   : 10.0.1.0/30
    SecondaryAzurePort  : EQIX-SJC-06GMR-CIS-2-SEC-A
    SecondaryPeerSubnet : 10.0.2.0/30
    State               : Enabled
    VlanId              : 100
    
    
  7. Configure routing for services hosted on public IP addresses. We use BGP sessions to exchange routes and also make sure that we have high availability. Use the example below to create a BGP session for your circuit. Substitute your own values when creating your session.

    #Setting up a bgp session
    $ServiceKey = "<your key>"
    
    $PriSN = "<subnet/30 subnet you use IP #1 and Azure uses IP #2>"
    $SecSN = "< subnet/30 subnet you use IP #1 and Azure uses IP #2>"
    $ASN = <your ASN> 
    $VLAN = <your vlan ID>
    
    #Create a new bgp peering session
    New-AzureBGPPeering -ServiceKey $ServiceKey -PrimaryPeerSubnet $PriSN -SecondaryPeerSubnet $SecSN -PeerAsn $ASN -VlanId $VLAN –AccessType Public
    #Get BGP parameters and Azure ASN
    Get-AzureBGPPeering -ServiceKey $ServiceKey –AccessType Public
    #Update BGP peering config
    Set-AzureBGPPeering  -ServiceKey $ServiceKey -PrimaryPeerSubnet $PriSN -SecondaryPeerSubnet $SecSN -PeerAsn $ASN -VlanId $VLAN –AccessType Public
    #Removing BGP peering config
    Remove-AzureBGPPeering -ServiceKey $ServiceKey –AccessType Public
    
    

    You can get routing information for a circuit using Get-AzureBGPPeering by providing the service key. You can also update the BGP settings using Set-AzureBGPPeering. The BGP session will not come up when this command is run. The circuit must be linked with at least one VNet to get the BGP session up.

    The response below will provide you with the information that you will need for the next steps. Use the peer ASN to configure BGP on your router’s VRFs.

    PS D:\Azure\Tools\RDFEClient> New-AzureBGPPeering -ServiceKey $ServiceKey -PrimaryPeerSubnet $PriSN -SecondaryPeerSubnet $SecSN -PeerAsn $ASN -VlanId $VLAN –AccessType Private
    
    
    AzureAsn            : 12076
    PeerAsn             : 65001
    PrimaryAzurePort    : EQIX-SJC-06GMR-CIS-1-PRI-A
    PrimaryPeerSubnet   : 10.0.1.8/30
    SecondaryAzurePort  : EQIX-SJC-06GMR-CIS-2-SEC-A
    SecondaryPeerSubnet : 10.0.2.8/30
    State               : Enabled
    VlanId              : 101
    
    
  8. Configure your Virtual Network and Gateway. See Configure a Virtual Network and Gateway for ExpressRoute. Note that the gateway subnet must be /28 in order to work with an ExpressRoute connection.

  9. Link your network to a circuit. Proceed with the following instructions only after you have confirmed that your circuit has moved to the following state and status:

    • ServiceProviderState: Provisioned

    • Status: Enabled

    Verify that you have at least one Azure Virtual Network with a gateway created. The gateway subnet must be /28 in order to work with an ExpressRoute connection and must be up and running.

    PS C:\> $Vnet = "MyTestVNet"
    New-AzureDedicatedCircuitLink -ServiceKey $ServiceKey -VNetName $Vnet
    
    Provisioned
    
    

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft