SALES: 1-800-867-1380

Configure an ExpressRoute Connection through an Exchange Provider

Updated: April 22, 2015

To configure your ExpressRoute connection through an exchange provider, you’ll need to complete multiple steps in the proper order.
These instructions will help you do the following:

  • Create and Manage ExpressRoute circuits

  • Configure routes for ExpressRoute circuits

  • Link a Virtual Network to the ExpressRoute circuit

Before you begin configuration, verify that you have met the following prerequisites:

  • Azure subscription

  • Latest version of Azure PowerShell

  • The following Virtual Network requirements:

    • A set of IP address prefixes to be used in virtual networks in Azure

    • A set of IP prefixes on-premises (can contain public IP addresses)

    • The Virtual Network Gateway must be created with a /28 subnet.

    • Additional set of IP prefixes (/28) that is outside of the virtual network. This will be used for configuring routes.

    • AS number for your network. For more information about AS numbers, see Autonomous System (AS) Numbers.

    • MD5 hash if you need an authenticated BGP session

    • VLAN IDs on which traffic will be sent. You will need 2 VLAN IDs for each circuit: one for virtual networks and the other for services hosted on public IP addresses.

  • From the exchange provider:

    • Two 1 Gbps / 10 Gbps cross-connects to the Exchange provider’s Ethernet Exchange.

    • A pair of routers capable of supporting BGP for routing

Windows PowerShell is a powerful scripting environment that you can use to control and automate the deployment and management of your workloads in Azure. For more information please refer to the PowerShell documentation in MSDN.

  1. Import the PowerShell module for ExpressRoute.

    Import-Module 'C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ServiceManagement\Azure\Azure.psd1'
    Import-Module 'C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ServiceManagement\Azure\ExpressRoute\ExpressRoute.psd1' 
    
    

    The package contains the following cmdlets:

    • Get-AzureDedicatedCircuitServiceProvider – lists all connectivity services providers, their locations and supported bandwidth

    • Get-AzureDedicatedCircuit – lists all circuits created in this subscription and their properties

    • Get-AzureDedicatedCircuitLink – lists all circuit links for a particular circuit

    • New-AzureDedicatedCircuit – to create a new dedicated circuit

    • New-AzureDedicatedCircuitLink – to link a circuit to a vnet

    • Remove-AzureDedicatedCircuit – to delete a circuit

    • Remove-AzureDedicatedCircuitLink – to unlink a vnet from a circuit

    • Get-AzureBGPPeering – to list details of the bgp session (Only for ExpressRoute-Direct circuits)

    • New-AzureBGPPeering – to create a new bgp session for a circuit (Only for ExpressRoute-Direct circuits)

    • Remove-AzureBGPPeering – to delete a bgp session for a circuit (Only for ExpressRoute-Direct circuits)

    • Set-AzureBGPPeering – to update bgp parameters for a circuit (Only for ExpressRoute-Direct circuits)

  2. Get the list of providers, locations, and bandwidths supported.

    Before creating a circuit you will need a list of service providers, supported locations, and bandwidth options for each location. The following PowerShell cmdlet returns this information which you’ll use in later steps.

    PS C:\> Get-AzureDedicatedCircuitServiceProvider
    

    The information returned will look similar to the example below:

    PS C:\> Get-AzureDedicatedCircuitServiceProvider
    
    Name                 DedicatedCircuitLocations      DedicatedCircuitBandwidths                                                                                                                                                                                   
    ----                 -------------------------      --------------------------                                                                                                                                                                                   
    AT&T                 Silicon Valley,Washington DC   10Mbps:10, 50Mbps:50, 100Mbps:100, 500Mbps:500, 1Gbps:1000                                                                                                                                                   
    British Telecom      London,Amsterdam               10Mbps:10, 50Mbps:50, 100Mbps:100, 500Mbps:500, 1Gbps:1000                                                                                                                                                   
    Equinix              Amsterdam,Atlanta,Chicago,Dall 200Mbps:200, 500Mbps:500, 1Gbps:1000, 10Gbps:10000                                                                                                                                                           
                         as,New York,Seattle,Silicon                                                                                                                                                                                                                 
                         Valley,Washington                                                                                                                                                                                                                           
                         DC,London,Hong                                                                                                                                                                                                                              
                         Kong,Singapore,Sydney,Tokyo                                                                                                                                                                                                                 
    IIJ                  Tokyo                          10Mbps:10, 50Mbps:50, 100Mbps:100, 500Mbps:500, 1Gbps:1000                                                                                                                                                   
    Level 3              London,Silicon                 200Mbps:200, 500Mbps:500, 1Gbps:1000                                                                                                                                                                         
    Communications -     Valley,Washington DC                                                                                                                                                                                                                        
    Exchange                                                                                                                                                                                                                                                         
    Level 3              London,Silicon                 10Mbps:10, 50Mbps:50, 100Mbps:100, 500Mbps:500, 1Gbps:1000                                                                                                                                                   
    Communications -     Valley,Washington DC                                                                                                                                                                                                                        
    IPVPN                                                                                                                                                                                                                                                            
    Orange               Amsterdam,London               10Mbps:10, 50Mbps:50, 100Mbps:100, 500Mbps:500, 1Gbps:1000                                                                                                                                                   
    SingTel Domestic     Singapore                      10Mbps:10, 50Mbps:50, 100Mbps:100, 500Mbps:500, 1Gbps:1000                                                                                                                                                   
    SingTel              Singapore                      10Mbps:10, 50Mbps:50, 100Mbps:100, 500Mbps:500, 1Gbps:1000                                                                                                                                                   
    International                                                                                                                                                                                                                                                    
    TeleCity Group       Amsterdam,London               200Mbps:200, 500Mbps:500, 1Gbps:1000, 10Gbps:10000                                                                                                                                                           
    Telstra Corporation  Sydney                         10Mbps:10, 50Mbps:50, 100Mbps:100, 500Mbps:500, 1Gbps:1000                                                                                                                                                   
    Verizon              Silicon Valley,Washington DC   10Mbps:10, 50Mbps:50, 100Mbps:100, 500Mbps:500, 1Gbps:1000      
    
    
  3. Make a request for a service key and pass it to your exchange provider. You will use a PowerShell cmdlet to make this request. For this example we’ll use Equinix as the exchange service provider and will specify a 1Gbps (1024Mbps) ExpressRoute circuit in Silicon Valley. If you are using a different provider and different settings, substitute that information when making your request.

    Below is an example request for a new service key:

    #Creating a new circuit
    $Bandwidth = 200
    $CircuitName = "EquinixSVTest"
    $ServiceProvider = "Equinix"
    $Location = "Silicon Valley"
    
    New-AzureDedicatedCircuit -CircuitName $CircuitName -ServiceProviderName $ServiceProvider -Bandwidth $Bandwidth -Location $Location
    
    #Getting service key
    Get-AzureDedicatedCircuit
    
    

    The response will be something similar to the example below:

    Bandwidth                        : 200
    CircuitName                      : EquinixSVTest
    Location                         : Silicon Valley
    ServiceKey                       : *********************************
    ServiceProviderName              : equinix
    ServiceProviderProvisioningState : NotProvisioned
    Status                           : Enabled
    
    

    You can retrieve this information at any time using the Get-AzureCircuit cmdlet. Making the call without any parameters will list all circuits. Your Service Key will be listed in the ServiceKey field.

    PS C:\> Get-AzureDedicatedCircuit
    
    
    Bandwidth                        : 200
    CircuitName                      : EquinixSVTest
    Location                         : Silicon Valley
    ServiceKey                       : 00-0000-0000-0000-0000000000
    ServiceProviderName              : equinix
    ServiceProviderProvisioningState : NotProvisioned
    Status                           : Enabled
    
    
  4. Send the Service Key to your exchange provider. Your service provider will use the Service Key to enable their end of the connection.

  5. Periodically check the status and the state of the circuit key. This will allow you to know when your provider has enabled your circuit. Once the circuit has been enabled, the ServiceProviderProvisioningState will display as Provisioned as shown in the example below.

    PS C:\> Get-AzureDedicatedCircuit
    
    
    Bandwidth                        : 200
    CircuitName                      : EquinixSVTest
    Location                         : Silicon Valley
    ServiceKey                       : 00-0000-0000-0000-0000000000
    ServiceProviderName              : equinix
    ServiceProviderProvisioningState : Provisioned
    Status                           : Enabled
    
    
  6. Configure routing for virtual network. We use BGP sessions to exchange routes and also make sure that we have high availability. Use the example below to create a BGP session for your circuit. Substitute your own values when creating your session.

    #Setting up a bgp session
    $ServiceKey = "<your key>"
    
    $PriSN = "<subnet/30 you use IP #1 and Azure uses IP #2>"
    $SecSN = "<subnet/30 use IP #1 and Azure uses IP #2>"
    $ASN = <your ASN>
    $VLAN = <your vlan ID>
    
    #Create a new bgp peering session
    New-AzureBGPPeering -ServiceKey $ServiceKey -PrimaryPeerSubnet $PriSN -SecondaryPeerSubnet $SecSN -PeerAsn $ASN -VlanId $VLAN –AccessType Private
    #Get BGP parameters and Azure ASN
    Get-AzureBGPPeering -ServiceKey $ServiceKey –AccessType Private
    #Update BGP peering config
    Set-AzureBGPPeering  -ServiceKey $ServiceKey -PrimaryPeerSubnet $PriSN -SecondaryPeerSubnet $SecSN -PeerAsn $ASN -VlanId $VLAN –AccessType Private
    #Removing BGP peering config
    Remove-AzureBGPPeering -ServiceKey $ServiceKey –AccessType Private
    
    

    You can get routing information for a circuit using Get-AzureBGPPeering by providing the service key. You can also update the BGP settings using Set-AzureBGPPeering. The BGP session will not come up when this command is run. The circuit must be linked with at least one VNet to get the BGP session up.

    The response below will provide you with the information that you will need for the next steps. Use the peer ASN to configure BGP on your router’s VRFs.

    PS D:\Azure\Tools\RDFEClient> New-AzureBGPPeering -ServiceKey $ServiceKey -PrimaryPeerSubnet $PriSN -SecondaryPeerSubnet $SecSN -PeerAsn $ASN -VlanId $VLAN –AccessType Private
    
    
    AzureAsn            : 12076
    PeerAsn             : 65001
    PrimaryAzurePort    : EQIX-SJC-06GMR-CIS-1-PRI-A
    PrimaryPeerSubnet   : 10.0.1.0/30
    SecondaryAzurePort  : EQIX-SJC-06GMR-CIS-2-SEC-A
    SecondaryPeerSubnet : 10.0.2.0/30
    State               : Enabled
    VlanId              : 100
    
    
  7. Configure routing for services hosted on public IP addresses. We use BGP sessions to exchange routes and also make sure that we have high availability. Use the example below to create a BGP session for your circuit. Substitute your own values when creating your session.

    #Setting up a bgp session
    $ServiceKey = "<your key>"
    
    $PriSN = "<subnet/30 subnet you use IP #1 and Azure uses IP #2>"
    $SecSN = "< subnet/30 subnet you use IP #1 and Azure uses IP #2>"
    $ASN = <your ASN> 
    $VLAN = <your vlan ID>
    
    #Create a new bgp peering session
    New-AzureBGPPeering -ServiceKey $ServiceKey -PrimaryPeerSubnet $PriSN -SecondaryPeerSubnet $SecSN -PeerAsn $ASN -VlanId $VLAN –AccessType Public
    #Get BGP parameters and Azure ASN
    Get-AzureBGPPeering -ServiceKey $ServiceKey –AccessType Public
    #Update BGP peering config
    Set-AzureBGPPeering  -ServiceKey $ServiceKey -PrimaryPeerSubnet $PriSN -SecondaryPeerSubnet $SecSN -PeerAsn $ASN -VlanId $VLAN –AccessType Public
    #Removing BGP peering config
    Remove-AzureBGPPeering -ServiceKey $ServiceKey –AccessType Public
    
    

    You can get routing information for a circuit using Get-AzureBGPPeering by providing the service key. You can also update the BGP settings using Set-AzureBGPPeering. The BGP session will not come up when this command is run. The circuit must be linked with at least one VNet to get the BGP session up.

    The response below will provide you with the information that you will need for the next steps. Use the peer ASN to configure BGP on your router’s VRFs.

    PS D:\Azure\Tools\RDFEClient> New-AzureBGPPeering -ServiceKey $ServiceKey -PrimaryPeerSubnet $PriSN -SecondaryPeerSubnet $SecSN -PeerAsn $ASN -VlanId $VLAN –AccessType Private
    
    
    AzureAsn            : 12076
    PeerAsn             : 65001
    PrimaryAzurePort    : EQIX-SJC-06GMR-CIS-1-PRI-A
    PrimaryPeerSubnet   : 10.0.1.8/30
    SecondaryAzurePort  : EQIX-SJC-06GMR-CIS-2-SEC-A
    SecondaryPeerSubnet : 10.0.2.8/30
    State               : Enabled
    VlanId              : 101
    
    
  8. Configure your Virtual Network and Gateway. See Configure a Virtual Network and Gateway for ExpressRoute. Note that the gateway subnet must be /28 in order to work with an ExpressRoute connection.

  9. Link your network to a circuit. Proceed with the following instructions only after you have confirmed that your circuit has moved to the following state and status:

    • ServiceProviderState: Provisioned

    • Status: Enabled

    Verify that you have at least one Azure Virtual Network with a gateway created. The gateway subnet must be /28 in order to work with an ExpressRoute connection and must be up and running.

    PS C:\> $Vnet = "MyTestVNet"
    New-AzureDedicatedCircuitLink -ServiceKey $ServiceKey -VNetName $Vnet
    
    Provisioned
    
    

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2015 Microsoft