Merge pull request #294781 from vac0224/vc-express-route-2025-02-28

Create integrate-express-route.md

Author: v-dirichards

articles/communication-services/concepts/voice-video-calling/network-requirements.md

@@ -19,9 +19,9 @@ This article summarizes how the network environment affects voice and video call
 
 ## Network quality
 
-The quality of real-time media over IP is significantly affected by the quality of the underlying network connectivity, but especially by the amount of:
+The quality of the underlying network connectivity can adversely affect real-time media over IP. The most important contributing factors include:
 
-* **Latency**. The time it takes to get an IP packet from point A to point B on the network. This network propagation delay is determined by the physical distance between the two points and any other overhead incurred by the devices that your traffic flows through. Latency is measured as one-way or round-trip time (RTT).
+* **Latency**. The time it takes to get an IP packet from point A to point B on the network. Network propagation delay is a factor of the physical distance between the two points and any other overhead incurred by the devices that your traffic flows through. Latency is measured as one-way or round-trip time (RTT).
 * **Packet loss**. A percentage of packets that are lost in a specific window of time. Packet loss directly affects audio quality—from small, individual lost packets having almost no impact to back-to-back burst losses that cause complete audio cut-out.
 * **Inter-packet arrival jitter, also known as jitter**. The average change in delay between successive packets. Communication Services can adapt to some levels of jitter through buffering. It's only when the jitter exceeds the buffering that a participant notices its effects.
 
@@ -55,17 +55,17 @@ The following bandwidth requirements are for the native Windows, Android, and iO
 
 ## Firewall configuration
 
-Communication Services connections require internet connectivity to specific ports and IP addresses to deliver high-quality multimedia experiences. Without access to these ports and IP addresses, Communication Services won't work properly. The list of IP ranges and allow listed domains that need to be enabled are:
+Communication Services connections require internet connectivity to specific ports and IP addresses to deliver high-quality multimedia experiences. Without access to these ports and IP addresses, Communication Services don't work properly. The list of IP ranges and allow listed domains that need to be enabled are:
 
 | Category | IP ranges or FQDN | Ports | 
 | :-- | :-- | :-- |
-| Media traffic | Range of Azure public cloud IP addresses 20.202.0.0/16 The range provided above is the range of IP addresses on either Media processor or Azure Communication Services TURN service. | UDP 3478 through 3481, TCP ports 443 |
+| Media traffic | Range of Azure public cloud IP addresses 20.202.0.0/16. The range provided here are the range of IP addresses on either Media processor or Azure Communication Services TURN service. | UDP 3478 through 3481, TCP ports 443 |
 | Signaling, telemetry, registration| *.skype.com, *.microsoft.com, *.azure.net, *.azure.com, *.office.com| TCP 443, 80 |
 | Call Automation Media | 52.112.0.0/14, 52.122.0.0/15, 2603:1063::/38|	UDP: 3478, 3479, 3480, 3481|
 | Call Automation callback URLs | *.lync.com, *.teams.cloud.microsoft, *.teams.microsoft.com, teams.cloud.microsoft, teams.microsoft.com, 52.112.0.0/14, 52.122.0.0/15, 2603:1027::/48, 2603:1037::/48, 2603:1047::/48, 2603:1057::/48, 2603:1063::/38, 2620:1ec:6::/48, 2620:1ec:40::/42 | TCP: 443, 80 UDP: 443 |
 
 
-The endpoints below should be reachable for U.S. Government GCC High customers only.
+Only U.S. Government GCC High customers can reach the following endpoints.
 
 | Category | IP ranges or FQDN | Ports | 
 | :-- | :-- | :-- |
@@ -76,11 +76,12 @@ The endpoints below should be reachable for U.S. Government GCC High customers o
 ## Network optimization
 
 The following tasks are optional and aren't required for rolling out Communication Services. Use this guidance to optimize your network and Communication Services performance or if you know you have some network limitations.
+
 You might want to optimize further if:
 
 * Communication Services runs slowly. Maybe you have insufficient bandwidth.
-* Calls keep dropping. Drops might be caused by firewall or proxy blockers.
-* Calls have static and cut out, or voices sound like robots. These issues might be caused by jitter or packet loss.
+* Calls keep dropping. Firewalls and proxy blockers can cause call drops.
+* Calls have static and cut out, or voices sound like robots. Jitter or packet loss can cause these problems.
 
 | Network optimization task | Details |
 | :-- | :-- |
@@ -91,7 +92,7 @@ Validate NAT pool size | Validate the NAT pool size required for user connectivi
 | Intrusion detection and prevention guidance | If your environment has an [intrusion detection system](../../../network-watcher/network-watcher-intrusion-detection-open-source-tools.md) or intrusion prevention system deployed for an extra layer of security for outbound connections, allow all Communication Services URLs. |
 | Configure split-tunnel VPN | Provide an alternate path for Teams traffic that bypasses the virtual private network (VPN), commonly known as [split-tunnel VPN](/windows/security/identity-protection/vpn/vpn-routing). Split tunneling means that traffic for Communication Services doesn't go through the VPN but instead goes directly to Azure. Bypassing your VPN has a positive impact on media quality, and it reduces load from the VPN devices and the organization's network. To implement a split-tunnel VPN, work with your VPN vendor. Other reasons why we recommend bypassing the VPN: <ul><li> VPNs are typically not designed or configured to support real-time media.</li><li> VPNs might also not support UDP, which is required for Communication Services.</li><li>VPNs also introduce an extra layer of encryption on top of media traffic that's already encrypted.</li><li>Connectivity to Communication Services might not be efficient because of hair-pinning traffic through a VPN device.</li></ul>|
 | Implement QoS | [Use Quality of Service (QoS)](/microsoftteams/qos-in-teams) to configure packet prioritization. QoS improves call quality and helps you monitor and troubleshoot call quality. QoS should be implemented on all segments of a managed network. Even when a network is adequately provisioned for bandwidth, QoS provides risk mitigation if unanticipated network events occur. With QoS, voice traffic is prioritized so that these unanticipated events don't negatively affect quality. | 
-| Optimize Wi-Fi | Similar to VPN, Wi-Fi networks aren't necessarily designed or configured to support real-time media. Planning for, or optimizing, a Wi-Fi network to support Communication Services is an important consideration for a high-quality deployment. Consider these factors: <ul><li>Implement QoS or Wi-Fi Multimedia to ensure that media traffic is getting prioritized appropriately over your Wi-Fi networks.</li><li>Plan and optimize the Wi-Fi bands and access point placement. The 2.4-GHz range might provide an adequate experience depending on access point placement, but access points are often affected by other consumer devices that operate in that range. The 5-GHz range is better suited to real-time media because of its dense range, but it requires more access points to get sufficient coverage. Endpoints also need to support that range and be configured to use those bands accordingly.</li><li>If you're using dual-band Wi-Fi networks, consider implementing band steering. Band steering is a technique implemented by Wi-Fi vendors to influence dual-band clients to use the 5-GHz range.</li><li>When access points of the same channel are too close together, they can cause signal overlap and unintentionally compete, which results in a degraded user experience. Ensure that access points next to each other are on channels that don't overlap.</li></ul> Each wireless vendor has its own recommendations for deploying its wireless solution. Consult your Wi-Fi vendor for specific guidance.|
+| Optimize Wi-Fi | Similar to VPN, Wi-Fi networks aren't necessarily designed or configured to support real-time media. Planning for, or optimizing, a Wi-Fi network to support Communication Services is an important consideration for a high-quality deployment. Consider these factors: <ul><li>Implement QoS or Wi-Fi Multimedia to ensure that media traffic is getting prioritized appropriately over your Wi-Fi networks.</li><li>Plan and optimize the Wi-Fi bands and access point placement. The 2.4-GHz range might provide an adequate experience depending on access point placement. Other consumer devices that operate in that range can also negatively affect access points. The 5-GHz range is better suited to real-time media because of its dense range, but it requires more access points to get sufficient coverage. Endpoints also need to support that range and configured to use those bands accordingly.</li><li>If you're using dual-band Wi-Fi networks, consider implementing band steering. Band steering is a technique implemented by Wi-Fi vendors to influence dual-band clients to use the 5-GHz range.</li><li>When access points of the same channel are too close together, they can cause signal overlap and unintentionally compete, which results in a degraded user experience. Ensure that access points next to each other are on channels that don't overlap.</li></ul> Each wireless vendor has its own recommendations for deploying its wireless solution. Consult your Wi-Fi vendor for specific guidance.|
 
 ## Operating systems and browsers (for JavaScript SDKs)
 
@@ -100,8 +101,7 @@ Learn about the operating systems and browsers that the calling SDKs support in
 
 ## Next steps
 
-The following articles might be of interest to you:
-
 - Learn more about [calling libraries](./calling-sdk-features.md).
 - Learn about [client-server architecture](../client-and-server-architecture.md).
 - Learn about [call flow topologies](../call-flows.md).
+- Learn about [integrating Azure Communication Services with Azure ExpressRoute](../../tutorials/integrate-express-route.md).

articles/communication-services/toc.yml

@@ -501,6 +501,8 @@ items:
         href: concepts/call-flows.md
       - name: Call flow topologies
         href: concepts/detailed-call-flows.md
+      - name: Integrate with Azure ExpressRoute
+        href: tutorials/integrate-express-route.md
   - name: Advanced audio and video features
     items:
     - name: Music mode

articles/communication-services/tutorials/integrate-express-route.md

@@ -0,0 +1,135 @@
+---
+title: Integrate Azure Communication Services with ExpressRoute
+titleSuffix: An Azure Communication Services article
+description: Integrate Azure Communication Services with ExpressRoute to extend your local networks into the Microsoft cloud over a private connection.
+author: hrazi
+manager: mharbut
+services: azure-communication-services
+
+ms.date: 02/01/2025
+ms.author: harazi
+ms.topic: conceptual 
+ms.service: azure-communication-services
+---
+
+# Integrate Azure Communication Services with ExpressRoute
+
+Azure Communication Services enables developers to integrate voice, video, chat, and SMS capabilities into their applications using cloud-based services. Organizations can use Azure ExpressRoute to establish private, dedicated network connections between their on-premises environments and Azure. This approach enhances the performance, reliability, and security of communication services. 
+
+This article describes how to integrate Azure Communication Services with ExpressRoute to extend your local networks into the Microsoft cloud over a private connection.
+
+## Prerequisites 
+
+- Azure Subscription: An active Azure account. If you don't have one, [create a free account](https://azure.microsoft.com/free/). 
+
+- ExpressRoute Circuit: A configured and operational ExpressRoute circuit. For setup instructions, see [Create and modify an ExpressRoute circuit](/azure/expressroute/expressroute-howto-circuit-portal-resource-manager). 
+
+- Azure Communication Services Resource: An instance of Azure Communication Services deployed in your Azure subscription. 
+
+- Network Connectivity: Proper network configurations to connect your on-premises environment to Azure via ExpressRoute.
+
+## Benefits of Using ExpressRoute with Azure Communication Services 
+
+- **Enhanced Security**: Bypass the public internet to reduce exposure to potential threats. 
+
+- **Improved Performance**: Experience lower latency and higher reliability for real-time communication. 
+
+- **Consistent Network Throughput**: Benefit from predictable network performance for mission-critical applications.
+
+## Configure ExpressRoute 
+
+### 1. Configure ExpressRoute for Microsoft Peering 
+
+To enable connectivity to Azure Communication Services, set up Microsoft Peering on your ExpressRoute circuit. 
+
+1. Access the Azure portal and navigate to your ExpressRoute circuit. 
+
+2. Enable Microsoft Peering: 
+
+   2.2. Under the Peerings section, select **+ Add**. 
+
+   2.2. Choose **Microsoft Peering** and provide the required information, including your Primary and Secondary Subnets, VLAN ID, and ASNs.
+
+3. Advertise Routes: Make sure that your on-premises network advertises the correct routes to Azure services.
+
+For detailed instructions, see [Configure ExpressRoute Microsoft Peering](/azure/expressroute/how-to-routefilter-portal). 
+
+ ### 2. Apply route filters for Azure Communication Services 
+
+Route filters enable you to selectively consume services over ExpressRoute. 
+
+1. Create a route filter: 
+
+   1.1 In the Azure portal, search for route filters and select **+ Create**. 
+
+   1.2. Provide a name, select your subscription and resource group. 
+
+2. Add Azure Communication Services to the route filter:
+
+   2.1. After creating the route filter, select **Rules** and click **+ Add**. 
+
+   2.2. Choose Azure Communication Services from the list of services.
+
+   2.3. If you use Microsoft PSTN, choose Azure SIP Trunking from the list of services.
+
+3. Associate route filter with ExpressRoute Circuit: 
+
+   3.1. Navigate back to your ExpressRoute circuit. 
+
+   3.2. Under Peerings, select your Microsoft Peering. 
+
+   3.3. Associate the route filter you created. 
+
+For more information, see [Configure route filters for Microsoft Peering using Azure portal](/azure/expressroute/how-to-routefilter-portal). 
+
+### 3. Configure Network Security 
+
+Make sure that your network security policies allow traffic to and from Azure Communication Services. 
+
+   - Firewall rules: Update on-premises firewall settings to allow Azure Communication Services traffic. 
+
+   - Network Security Groups (NSGs): Configure NSGs in Azure to permit inbound and outbound communication with your on-premises network. 
+
+### 4. Verify Connectivity 
+
+- Ping test: From your on-premises environment, perform a ping test to the Azure Communication Services endpoints to verify connectivity. 
+
+- Trace route: Use `traceroute` tools to make sure traffic is routing through ExpressRoute. 
+
+### 5. Update Application Settings 
+
+- Endpoint configuration: Change your application's configuration to point to the Azure Communication Services endpoints accessible via ExpressRoute. 
+
+- SDK settings: If using Azure Communication Services SDKs, ensure they're configured to use the private endpoints. 
+
+### Considerations 
+
+- Supported regions: Verify that Azure Communication Services is available in your desired region and supports ExpressRoute connectivity. 
+
+- Bandwidth requirements: Assess your bandwidth needs to ensure your ExpressRoute circuit can support the communication load. 
+
+## Troubleshooting 
+
+- Connectivity Issues: If you can't connect to Azure Communication Services over ExpressRoute, verify your route filters and peering configurations. 
+
+- Authentication Failures: Ensure that your authentication tokens and keys for Azure Communication Services are correctly configured and not expired. 
+
+## Frequently Asked Questions 
+
+### Can I use ExpressRoute with Azure Communication Services for all communication modes? 
+
+No, ExpressRoute currently supports only voice mode by [Direct Routing](../concepts/telephony/direct-routing-provisioning.md) and [video communication](../concepts/voice-video-calling/calling-sdk-features.md) mode. 
+
+### Is there an added cost for using ExpressRoute with Azure Communication Services? 
+
+Not directly. While there's no added cost from Azure Communication Services for using ExpressRoute, there are costs associated with provisioning and using an ExpressRoute circuit. For more information, see [ExpressRoute pricing](https://azure.microsoft.com/pricing/details/expressroute/).
+
+### How does ExpressRoute affect the latency of communication services? 
+
+ExpressRoute provides [lower and more consistent latency compared to typical internet connections](/azure/expressroute/expressroute-faqs#what-are-the-benefits-of-using-expressroute-and-private-network-connections), which can enhance the performance of real-time communication applications.
+
+## Related articles
+
+- [Azure Communication Services Overview](../overview.md) 
+- [What is Azure ExpressRoute](/azure/expressroute/expressroute-introduction)
+- [Azure Communication Services Network recommendations](../concepts/voice-video-calling/network-requirements.md)