Connecting to Microsoft Azure ExpressRoute
Megaport makes it easy to provision fast, secure, and private connections between your data center and Microsoft Azure and provides dedicated access to Azure private and Microsoft public resources from hundreds of locations worldwide.
Megaport offers two types of connection to ExpressRoute: you can order virtual cross-connections to the Microsoft Cloud through Megaport or you can connect directly to the Microsoft Cloud through point-to-point Ethernet links (ExpressRoute Direct).
This topic describes connecting to Azure through a VXC. For details about a direct connection, see Configuring a Microsoft Azure ExpressRoute Direct Connection.
To get started, watch these overview videos:
Watch a 13-minute overview video and learn about Megaport with Azure, steps for Port creation, Azure resource manager and ExpressRoute configuration, and VXC creation.
Watch a 15-minute video that discusses meeting SLAs, configuring redundant connections, and configuring ExpressRoute for end-to-end connectivity.
When connecting to the Microsoft Cloud (Azure) through an ExpressRoute with Megaport, the VXC forms the Layer 2 component of the connection and Layer 3 BGP connectivity is established directly between the customer and Azure.
Megaport also supports ExpressRoute Direct connections. For details, see Configuring a Microsoft Azure ExpressRoute Direct Connection.
There are two elements involved with an ExpressRoute connection. The first is your ExpressRoute plan and is billed directly from Microsoft. (Make sure to select the correct region and currency for accurate pricing). The second is the VXC with Megaport to connect to your ExpressRoute location.
When provisioning an ExpressRoute circuit, you can connect multiple VNETs to a single circuit (by default 10, but more are possible depending on your plan). However, each ExpressRoute subscription includes two Virtual Ports on the Microsoft Cloud side. Microsoft offers an SLA on its ExpressRoute connectivity, but to comply you must deploy two ExpressRoute VXCs for redundancy.
Megaport supports ExpressRoute access to both peering interfaces: Azure Private and Microsoft (Public) peering. Azure Private does not require approval and is available instantly, but Microsoft (Public) peering requires manual validation of public IP space by Microsoft, and some public endpoints (such as Office 365) require additional validation. Both of these peering interfaces are delivered through a single VXC using 802.1ad configuration.
The following figure shows a typical ExpressRoute deployment.
The VXC connecting to Microsoft contains two “inner” VLANs. These are referred to as the C-Tagged VLANs and are configured in the Azure console. The “outer” VLAN tag is called the S-Tag and is the VLAN assigned to the VXC in the Megaport Portal.
To deploy an ExpressRoute connection, you need to choose your ExpressRoute plan and deploy the ExpressRoute circuit in the Azure console. When deployed, you get a service key. Copy the service key and log in to the Megaport Portal.
To create a connection to ExpressRoute
- In the Megaport Portal,
go to the
Services page and select the Port you want to use.
If you haven’t already created a Port, see Creating a Port.
Add an VXC connection for the Port.
If this is the first connection for the Port, click the Microsoft Azure tile. The tile is a shortcut to the configuration page. Alternatively, click +Connection, click Cloud, and click Azure ExpressRoute.
Add the ExpressRoute service key into the field in the right hand panel.
The Portal verifies the key and then displays the available port locations based on the ExpressRoute region. For example, if your ExpressRoute service is deployed in the Australia East region in Sydney, you can only select the Sydney targets.
Select the connection point for your first connection.
To deploy a second connection (and this is recommended), you can create a second VXC - enter the same service key and select the other connection target.
Some helpful links appear on the configuration screen to resources including the Azure Resource Manager console and some tutorial videos.
Specify these connection details:
Name your connection – The name of your VXC to be shown in the Megaport Portal.
Invoice Reference – This is an optional field. It can be any text, such as a PO number or billing reference number.
Rate Limit – This is the speed of your connection in Mbps. It is autopopulated from the configuration in the Azure console.
Preferred A-End VLAN – Optionally, specify an unused VLAN ID for this connection (for ExpressRoute this is the S-Tag). This must be a unique VLAN ID on this Port and can range from 2 to 4093. If you specify a VLAN ID that is already in use, the system displays the next available VLAN number. The VLAN ID must be unique to proceed with the order. If you don’t specify a value, Megaport will assign one.
Alternatively, you can click Untag to remove the VLAN tagging for this connection. The untagged option limits you to only one VXC deployed on this Port.
One important note about untagging for an ExpressRoute circuit: Q-in-Q is a technology that not all organizations use. If you do not have equipment that can support this, you can remove this requirement by un-tagging the outer VLAN. This removes the S-Tag and delivers the three inner C-tags natively as 802.1Q VLANs. This still means you can only deploy a single VXC on this Port, so it does not scale well and is typically a temporary measure, but can be a useful temporary solution.
A summary page appears that includes the monthly cost. Click Back to make changes or click Add VXC to move this configuration to your cart. Once you have finished this configuration, you can configure additional VXCs or proceed through the checkout process.
- Q-in-Q Router Config Samples
- Express Route Overview
- Azure Resource Manager Console