Notes About Azure ExpressRoute

What Azure services can be used for private peering from the server on the on-premises side

• If ExpressRoute is configured with private peering, what Azure services can be used from the server on the on-premises side?

Azure ExpressRoute: circuits and peering

• As you can see here , any service that can be deployed to a virtual network will be available. So what services can be deployed on a virtual network?

Virtual network for Azure services

• If you use the Azure service described here, you can access via ExpressRoute set by private peering. With Azure Private Endpoint, most services can be used for private peering. This seems to be convenient because it was troublesome to use Microsoft peering because it required Global IP and NAT setting was required on the on-premise switch.

What is an Azure Private Endpoint?

How Azure services can be used for Microsoft peering from the server on the on-premises side?

• Other than the Azure services available for private peering, they are available for Microsoft peering. However, some services are not available.

FAQ - Azure ExpressRoute

Operating mode of ExpressRoute for primary and secondary connections

ExpressRoute works with Active-Active.

Azure ExpressRoute: Designing for high availability

Switching time when there is a route failure

By enabling BFD for both private peering and Microsoft peering, switching is possible in about 1 second. Since BFD is enabled by default on the Azure side, it is necessary also to enable BFD on the router on the user side.

Azure ExpressRoute: Configure BFD

Resolve the name when accessing the Azure service from the server on the on-premises side

To access services for example Azure Storage Account, Azure Database from the on-premises server, you need to access by FQDN instead of IP address. Therefore, name resolution by DNS is required.

For example we want to directly access DNS in Azure’s Virtual Network via ExpressRoute (Private Peering) instead of referencing DNS via the Internet. However, this Azure DNS cannot be accessed directly from the on-premises side. Therefore, build a DNS Forwarder in the Virtual Network with a VM or container so that this DNS Forwarder forwards DNS queries to Azure’s DNS.

Then, by setting the Private IP address of the DNS Forwarder in the DNS settings of the server on the on-premise side, name resolution can be performed via ExpressRoute.

If possible, and we can use Azure services instead of VMs and containers, but Azure DNS cannot be accessed via ExpressRoute.

Monitor the server on the on-premise side from the Azure side

With Azure Monitor, you can monitor syslog. We only need to install the agent on the server on the pre-premises side.

Collect Syslog data sources with Log Analytics agent in Azure Monitor - Azure Monitor