You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering.md
+12-12Lines changed: 12 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,15 +5,15 @@ services: expressroute
5
5
author: duongau
6
6
ms.service: azure-expressroute
7
7
ms.topic: concept-article
8
-
ms.date: 06/15/2023
8
+
ms.date: 11/18/2024
9
9
ms.author: duau
10
10
---
11
11
12
12
# Designing for disaster recovery with ExpressRoute private peering
13
13
14
14
ExpressRoute is designed for high availability to provide carrier grade private network connectivity to Microsoft resources. In other words, there's no single point of failure in the ExpressRoute path within Microsoft network. For design considerations to maximize the availability of an ExpressRoute circuit, see [Designing for high availability with ExpressRoute][HA] and [Well-Architectured Framework](/azure/architecture/framework/services/networking/expressroute/reliability)
15
15
16
-
However, taking Murphy's popular adage--*if anything can go wrong, it will*--into consideration, in this article let us focus on solutions that go beyond failures that can be addressed using a single ExpressRoute circuit. We'll look into network architecture considerations for building a robust backend network connectivity for disaster recovery using geo-redundant ExpressRoute circuits.
16
+
However, taking Murphy's popular adage--*if anything can go wrong, it will*--into consideration, in this article let us focus on solutions that go beyond failures that can be addressed using a single ExpressRoute circuit. We look into network architecture considerations for building a robust backend network connectivity for disaster recovery using geo-redundant ExpressRoute circuits.
17
17
18
18
> [!NOTE]
19
19
> The concepts described in this article equally applies when an ExpressRoute circuit is created under Virtual WAN or outside of it.
@@ -38,7 +38,7 @@ No matter what, whether you run your mission critical applications in an Azure r
38
38
If you rely on ExpressRoute connectivity between your on-premises network and Microsoft, you need to consider the following to plan for disaster recovery over ExpressRoute:
39
39
40
40
- using geo-redundant ExpressRoute circuits
41
-
- using diverse service provider network(s) for different ExpressRoute circuit
41
+
- using diverse service provider networks for different ExpressRoute circuit
42
42
- designing each of the ExpressRoute circuit for [high availability][HA]
43
43
- terminating the different ExpressRoute circuit in different location on the customer network
44
44
- using [Availability zone aware ExpressRoute Virtual Network Gateways](../vpn-gateway/about-zone-redundant-vnet-gateways.md)
@@ -51,7 +51,7 @@ However, if you load balance traffic across geo-redundant parallel paths, regard
51
51
52
52
### Redundancy with ExpressRoute circuits in same metro
53
53
54
-
[Many metros](expressroute-locations-providers.md#global-commercial-azure) have two ExpressRoute locations. An example would be *Amsterdam* and *Amsterdam2*. When designing redundancy, you could build two parallel paths to Azure with both locations in the same metro. You accomplish this task with the same provider or choose to work with a different service provider to improve resiliency. Another advantage of this design is when application failover happens, end-to-end latency between your on-premises applications and Microsoft stays approximately the same. However, if there's a natural disaster such as an earthquake, connectivity for both paths may no longer be available.
54
+
[Many metros](expressroute-locations-providers.md#global-commercial-azure) have two ExpressRoute locations. An example would be *Amsterdam* and *Amsterdam2*. When designing redundancy, you could build two parallel paths to Azure with both locations in the same metro. You accomplish this task with the same provider or choose to work with a different service provider to improve resiliency. Another advantage of this design is when application failover happens, end-to-end latency between your on-premises applications and Microsoft stays approximately the same. However, if there's a natural disaster such as an earthquake, connectivity for both paths might no longer be available.
55
55
56
56
### Redundancy with ExpressRoute circuits in different metros
57
57
@@ -64,7 +64,7 @@ In this article, let's discuss how to address challenges you may face when confi
64
64
65
65
## Small to medium on-premises network considerations
66
66
67
-
Let's consider the example network illustrated in the following diagram. In the example, geo-redundant ExpressRoute connectivity is established between a Contoso's on-premises location and Contoso's VNet in an Azure region. In the diagram, solid blue line indicates preferred path (via ExpressRoute 1) and the dotted one represents stand-by path (via ExpressRoute 2).
67
+
Let's consider the example network illustrated in the following diagram. In the example, geo-redundant ExpressRoute connectivity is established between a Contoso's on-premises location and Contoso's virtual network in an Azure region. In the diagram, solid blue line indicates preferred path (via ExpressRoute 1) and the dotted one represents stand-by path (via ExpressRoute 2).
68
68
69
69
:::image type="content" source="./media/designing-for-disaster-recovery-with-expressroute-pvt/one-region.png" alt-text="Diagram of small to medium size on-premises network considerations.":::
70
70
@@ -74,7 +74,7 @@ However, with the geo-redundant ExpressRoute circuits we need to take into consi
74
74
75
75
You can influence Azure to prefer one ExpressRoute circuit over another one using one of the following techniques (listed in the order of effectiveness):
76
76
77
-
- advertising more specific route over the preferred ExpressRoute circuit compared to other ExpressRoute circuit(s)
77
+
- advertising more specific route over the preferred ExpressRoute circuit compared to other ExpressRoute circuits
78
78
- configuring higher Connection Weight on the connection that links the virtual network to the preferred ExpressRoute circuit
79
79
- advertising the routes over less preferred ExpressRoute circuit with longer AS Path (AS Path prepend)
80
80
@@ -84,27 +84,27 @@ The following diagram illustrates influencing ExpressRoute path selection using
84
84
85
85
:::image type="content" source="./media/designing-for-disaster-recovery-with-expressroute-pvt/specific-route.png" alt-text="Diagram of influencing path selection using more specific routes.":::
86
86
87
-
Because /25 is more specific, compared to /24, Azure would send the traffic destined to 10.1.11.0/24 via ExpressRoute 1 in the normal state. If both the connections of ExpressRoute 1 go down, then the VNet would see the 10.1.11.0/24 route advertisement only via ExpressRoute 2; and therefore the standby circuit is used in this failure state.
87
+
Because /25 is more specific, compared to /24, Azure would send the traffic destined to 10.1.11.0/24 via ExpressRoute 1 in the normal state. If both the connections of ExpressRoute 1 go down, then the virtual network would see the 10.1.11.0/24 route advertisement only via ExpressRoute 2; and therefore the standby circuit is used in this failure state.
88
88
89
89
### Connection weight
90
90
91
91
The following screenshot illustrates configuring the weight of an ExpressRoute connection via Azure portal.
92
92
93
93
:::image type="content" source="./media/designing-for-disaster-recovery-with-expressroute-pvt/configure-weight.png" alt-text="Screenshot of configuring connection weight via Azure portal.":::
94
94
95
-
The following diagram illustrates influencing ExpressRoute path selection using connection weight. The default connection weight is 0. In the following example, the weight of the connection for ExpressRoute 1 is configured as 100. When a VNet receives a route prefix advertised via more than one ExpressRoute circuit, the VNet prefers the connection with the highest weight.
95
+
The following diagram illustrates influencing ExpressRoute path selection using connection weight. The default connection weight is 0. In the following example, the weight of the connection for ExpressRoute 1 is configured as 100. When a virtual network receives a route prefix advertised via more than one ExpressRoute circuit, the virtual network prefers the connection with the highest weight.
96
96
97
97
:::image type="content" source="./media/designing-for-disaster-recovery-with-expressroute-pvt/connection-weight.png" alt-text="Diagram of influencing path selection using connection weight.":::
98
98
99
-
If both the connections of ExpressRoute 1 go down, then the VNet would see the 10.1.11.0/24 route advertisement only via ExpressRoute 2; and therefore the standby circuit is used in this failure state.
99
+
If both the connections of ExpressRoute 1 go down, then the virtual network would see the 10.1.11.0/24 route advertisement only via ExpressRoute 2; and therefore the standby circuit is used in this failure state.
100
100
101
101
### AS path prepend
102
102
103
-
The following diagram illustrates influencing ExpressRoute path selection using AS path prepend. In the diagram, the route advertisement over ExpressRoute 1 indicates the default behavior of eBGP. On the route advertisement over ExpressRoute 2, the on-premises network's ASN is prepended additionally on the route's AS path. When the same route is received through multiple ExpressRoute circuits, per the eBGP route selection process, VNet would prefer the route with the shortest AS path.
103
+
The following diagram illustrates influencing ExpressRoute path selection using AS path prepend. In the diagram, the route advertisement over ExpressRoute 1 indicates the default behavior of eBGP. On the route advertisement over ExpressRoute 2, the on-premises network's ASN is prepended additionally on the route's AS path. When the same route is received through multiple ExpressRoute circuits, per the eBGP route selection process, virtual network would prefer the route with the shortest AS path.
104
104
105
105
:::image type="content" source="./media/designing-for-disaster-recovery-with-expressroute-pvt/aspath.png" alt-text="Diagram of influencing path selection using AS path prepend.":::
106
106
107
-
If both the connections of ExpressRoute 1 go down, then the VNet would see the 10.1.11.0/24 route advertisement only via ExpressRoute 2. Consequentially, the longer AS path would become irrelevant. Therefore, the standby circuit would be used in this failure state.
107
+
If both the connections of ExpressRoute 1 go down, then the virtual network would see the 10.1.11.0/24 route advertisement only via ExpressRoute 2. Consequentially, the longer AS path would become irrelevant. Therefore, the standby circuit would be used in this failure state.
108
108
109
109
Using any of the techniques, if you influence Azure to prefer one of your ExpressRoute over others, you also need to ensure the on-premises network also prefer the same ExpressRoute path for Azure bound traffic to avoid asymmetric flows. Typically, local preference value is used to influence on-premises network to prefer one ExpressRoute circuit over others. Local preference is an internal BGP (iBGP) metric. The BGP route with the highest local preference value is preferred.
110
110
@@ -140,7 +140,7 @@ The Scenario 2 is illustrated in the following diagram. In the diagram, green li
140
140
141
141
:::image type="content" source="./media/designing-for-disaster-recovery-with-expressroute-pvt/multi-region-arch2.png" alt-text="Diagram of traffic flow for second scenario.":::
142
142
143
-
The solution is illustrated in the following diagram. As illustrated, you can architect the scenario either using more specific route (Option 1) or AS-path prepend (Option 2) to influence VNet path selection. To influence on-premises network route selection for Azure bound traffic, you need configure the interconnection between the on-premises location as less preferable. How you configure the interconnection link as preferable depends on the routing protocol used within the on-premises network. You can use local preference with iBGP or metric with IGP (OSPF or IS-IS).
143
+
The solution is illustrated in the following diagram. As illustrated, you can architect the scenario either using more specific route (Option 1) or AS-path prepend (Option 2) to influence virtual network path selection. To influence on-premises network route selection for Azure bound traffic, you need configure the interconnection between the on-premises location as less preferable. How you configure the interconnection link as preferable depends on the routing protocol used within the on-premises network. You can use local preference with iBGP or metric with IGP (OSPF or IS-IS).
144
144
145
145
146
146
:::image type="content" source="./media/designing-for-disaster-recovery-with-expressroute-pvt/multi-region-sol2.png" alt-text="Diagram of active-active ExpressRoute circuits solution 2.":::
0 commit comments