Software Engineer, Innovation Group – Cloud|Azure@YASH Technologies
In this fast pace of technology, everyone is moving towards cloud for their services. IT service providers are developing and deploying their applications and services to the cloud. Some with a legacy application are also moving their on-premise components partially or entirely to the cloud. Microsoft provides so many benefits to move on cloud with cost-effectiveness so that it’s a smarter decision to move to Azure. To build hybrid applications, cloud connectivity plays a major role in connecting with on premise datacentres to public cloud like Azure.
Let’s discuss on cloud connectivity technologies and describing different models with concentrating more on Express Route, what it is and why you might want to use it.
DIFFERENT WAYS FOR AZURE CONNECTIVITY
There are multiple ways to connect to Azure from the on-premise network. These ways are VPN Gateway and Express Route:
VPN (Virtual Private Network) Gateway
This connection can be used to send encrypted network traffic between Azure virtual network and on-premises site across a public connection. We can have either site to site or point to site connectivity configured using VPN. It is simple to configure, but it has slightly extended network latencies. So it is suitable for applications where traffic between on-premise hardware and the cloud is likely to be light.
- Simple to configure
- Uses our existing internet connection
- Lower connectivity or bandwidth costs
- Traffic routes through public internet
- Unpredictable latency as connectivity is over public internet
- Requires an on-premises VPN device for site to site VPN connection.
- Throughput connection provided is only up to 200 Mb/s per gateway.
- Only VM and PaaS resources can be added to a Virtual Network
To overcome VPN challenges, Microsoft has created Express Route. So what Express Route is? In simple term as the name suggests it is the fastest and dedicated route with fewer stoppages from our on-premise network to Azure cloud. It is a private dedicated connection from the on-premise network, set up by connectivity provider, further classified as a network service provider and an exchange provider to Azure cloud. It provides reliable and predictable performance for Enterprise level applications that are latency sensitive and provides a secure passage of data without traversing the wild world of Internet. It gives us the feeling like we have our Virtual private cloud.
The following figure is an overview diagram of Express route connectivity:
Usage / Key Areas for Express Route connectivity
- Storage/backup and recovery
- Dev/test lab
- BI/Big data
- Hybrid Applications
- Productivity Applications
- Data privacy for your traffic as it does not go over the public Internet
- Layer 3 connectivity
- Lower latency, higher bandwidth, and greater availability
- Highly secure and reliable
- Predictable performance
- Built-in redundancy in every peering location
- Global connectivity across all regions with ExpressRoute premium add-on.
- Dynamic routing over industry standard protocols (BGP).
- Connection uptime SLA
- High throughput connections with bandwidth options from 50mbps to 10gbps
- Dynamic scaling of bandwidth
- Requires on-premises router management.
- Requires a dedicated connection to a connectivity provider.
- Each VNet peer should not have an overlapping IP address space.
EXPRESSROUTE CONNECTIVITY MODELS
The connection between the on-premises network and the Microsoft cloud can be created in three ways, as depicted in below figure:
1. CloudExchange Co-location
If our datacentre is co-located in a facility with a cloud exchange, then we can have a virtual cross-connection to the Microsoft cloud through the co-location provider’s Ethernet exchange providing point to point connectivity. So what is a colocation facility? Colocation facilities work as a data center that rents equipment space and bandwidth to companies without having to create them. It is also useful for businesses that need a network service provider at a reasonable cost.
2. Point-to-point Ethernet Connection
If our company has the on-premise data center, then we can have point-to-point Ethernet link connectivity with Microsoft edge router with the help of our network provider.
3. Any-to-any (IPVPN) Connection
If we already have an IP VPN (MPLS) provider to connect the sites of our organization, the Microsoft cloud can be interconnected to our WAN through Express Route to make it look just like any other branch office.
EXPRESSROUTE CIRCUIT AND ROUTING DOMAINS
Microsoft peering path lets us connect to Microsoft cloud services through ExpressRoute circuit. Here ExpressRoute circuit is a logical connection between our on-premise network and Azure services through a connectivity provider. ExpressRoute circuits do not map to any physical entities. It is uniquely identified by a standard GUID called as a service key. This service key is the only information we exchange between Microsoft and the connectivity provider. We can also order multiple ExpressRoute circuits. Each circuit can be in the same or different regions and can be connected to our premises through different connectivity providers.
An ExpressRoute circuit can have up to three independent peerings/routing domains: Azure public, Azure private, and Microsoft. The following figure depicts different routing domains associated with Express Route circuit:
Below is the brief description of different Express Route peerings:
1. Azure Private Peering
Private peering is for extending our infrastructure (IaaS) directly into the cloud transparently. This makes Azure VMs effectively just like machines sitting in our datacentre. Private peering is considered to be a trusted extension of our core network into Microsoft Azure.
2. Azure Public Peering
Public peering provides us connection related to PaaS services such as Azure Storage, Azure SQL, and Web apps offered on public IP addresses. We can privately connect to services hosted on public IP addresses, including VIPs of our cloud services. Usually, these connections with the public peering domain are integrated with organizations’ DMZ, connecting to all Azure services on our public IP addresses from WAN without having to connect to the internet.
3. Microsoft peering
Microsoft peering provide connectivity to all other Microsoft online services (Office 365, Dynamics 365). This type of pairing is not needed usually and only should be applied in special scenarios.
ExpressRoute is a connection type that Microsoft offers in partnership with several connectivity providers to allow businesses to connect from their co-location facilities or their internal networking system privately to Azure services without traversing the public internet. All of these connections are offered redundantly ensuring the validity of the uptime of the service-level agreement (SLA) that Microsoft offers on these connections.
ExpressRoute circuits provide three independent peering’s to carry different kinds of traffic: public, private, and Microsoft. It can have any one, two, or all three peerings enabled per ExpressRoute circuit. Private peering is for connecting to Azure IaaS services that are deployed within a virtual network. Public peering can get you a private, fast connection to Azure services offered on public IPs and Microsoft peering is for connectivity to Azure SaaS offerings.
The bandwidth we can connect to this peering’s start at 50Mbps and go all the way up to 10Gbps. If we are using Azure for connecting things like off-site backup of large files, disaster recovery, large databases or business-critical applications that get a lot of traffic, and need a highly secure environment, we must consider this option.
YASH Achieves Microsoft Gold “Cloud Platform”, “Application Integration” Competency and Silver “Cloud Productivity “Competency Read Press Release
Fatema Mandleshwarwala, Software Engineer, Innovation Group – Cloud|Azure@YASH Technologies
PS: Image credits to Microsoft
Reference : docs.microsoft.com/en-us/azure/expressroute