Equinix has Application Programming Interfaces (APIs) with Microsoft Azure ExpressRoute (Azure). Subsequently, when you create a connection to Azure on ECX Fabric, the complete process is automated until the provisioning of the connection.
To start off with, you can follow our easy video tutorial.
To create a connection to Microsoft Azure ExpressRoute, you must first obtain an account with Microsoft and create a service key for the specific location on the Microsoft Azure Portal.
Available Microsoft services
Microsoft offers these services through ECX Fabric:
- Microsoft—connect with Office 365
- Private—use for enterprise private networking
You are not required to use both services (private and Microsoft).
Three connections can be created with a single service key (each having a primary and secondary connection). However, each of the three connections must have unique ExpressRoute Peering VLAN IDs. For example, if 2000 is used as the private ExpressRoute peering VLAN ID, then the same VLAN cannot be used for private or Microsoft peering.
Note: Originally what was "Public peering" (connecting with Microsoft public offerings, e.g. Skype) is now only available through Microsoft peering with route filters you can set up.
Azure connection states
The Azure connection goes through the following different states:
- Not Provisioned—beginning the provisioning with Microsoft Azure
- Pending BGP Peering—waiting for customer to configure Microsoft peering for service name (public, private, Microsoft) on the Microsoft side
- Provisioned—provisioning completed with Microsoft Azure
When you create the service key on the Microsoft Azure Portal, the initial status of the service key is “Not Provisioned.” Once the connection is submitted to ECX Fabric™, the Azure circuit (service key) status changes to “Provisioned.” Only when the status is “Provisioned” can you configure peering on the Azure Portal. Azure requires redundancy for every connection to be submitted with a service key.
Azure create connection workflow
From the “Connect” page, select Microsoft Azure Service Profile card as the service you want. From the list of available regions, click Create a Connection to initiate the request
You receive a notification indicating charges begin once the connection request is submitted. If you want to proceed, click Continue Creating a Connection. Otherwise, click Cancel to stop the request.
Upon acceptance, the “Connect to Microsoft Azure” page provides an overview of the steps you need to perform before, during and after connection request. If you require any assistance, click Resource Center links to read the relevant article.
When you are ready, click Create a Connection to Microsoft ExpressRoute. You can track your progress throughout the connection request. There are four steps in the Azure connection request:
- Basic information—select your origin and destination ports
- Connection details—enter your connection information and destination details
- Speed—select the connection speed option
- Review—ensure the connection summary details are correct and submit your order
At first, the preview pane shows empty connection cards. The cards populate as you build your connection requests.
To begin, select the two origin port locations you want to use. The preview pane shows a primary and a secondary port location.
As a customer, you need to create an additional redundant connection in Azure. In case one connection is disrupted, then the secondary connection acts as a backup. Below the preview, the left primary origin cards show the ports you own. On the right, the destination card shows the available Azure locations—local and remote.
If Azure is locally present in the destination that you selected earlier, that location shows up by default as a local connection. If you need to connect to Azure in any other remote location, the available remote locations are listed in the destination card.
Note: Remote connections come with additional latency and charges
To show your available ports, select the region to expand, then configure your primary and secondary ports and connections. Those ports display in the preview pane. If you select the same port for your secondary as your primary, a warning displays to let you know port failure might impact your redundant connection.
Two redundancy modes are supported:
- Dual ports
- Single port
Dual (two) ports provides the benefit of having a complete redundancy for your connections. Should one port fail, whether it is due to the customer, Equinix or Microsoft, the traffic automatically moves through the secondary connection on the other device. This ensures that there is no impact to your service.
A single (one) port to Azure is also supported with ECX Fabric. Since Microsoft still requires redundancy for remote connections, redundancy to Microsoft Azure primary and secondary is provided by two VLAN remote connections on the single port connected to Equinix.
Note: While you can make connections with a single port, primary and secondary connections are configured on the same port. Any failure on this port impacts both connections.
If ports are QinQ
If you use QinQ port encapsulation, you can create only one connection per service key. To do this, you must specify only the outer VLAN tag that you configure on your router. With the single connection, you can connect to the three Microsoft services mentioned earlier. The inner tags configured on your routers are passed transparently to Azure ExpressRoute, but you must also use the same inner tags on the Microsoft side.
If ports are Dot1Q
If your port is Dot1Q, additional fields appear after the service key field, and you must select one of the following options:
- Connect to services provided by Microsoft (Microsoft, private or public)
- Provision with Equinix only at this time. Later, you configure BGP Peering on the Microsoft side
Once you have made your selections, click Next to move forward.
In the “Connection Information” section, add a name and VLAN ID for your primary and redundant connections. This VLAN ID value is used on the Microsoft side for public, private or Microsoft peering. Your VLAN ID number should be between 1 and 4094.
Note: This VLAN ID can be the same as the primary one because this is on the separate device, or it can be different. If using a single port, the Redundant VLAN ID must be different to the Primary VLAN ID because this is on the same device.
In the Microsoft Azure Order Details, enter your Azure Service Key. Microsoft validates the service key and corresponding speed as soon as you enter the information.
Note: This is the Service Key that you get from Microsoft. The Azure Service Key is 36 characters including 4 dashes in the following format: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
If applicable, enter your purchase order number or any other useful reference number.
Once the connection details are confirmed, proceed to setting the connection speed.
Your connection speed is determined by service key you previously entered. When you have selected the connection speed displayed, click Next to review the connection request details.
The Preview pane visually illustrates the complete connection request details. The Connection Summary provides the information necessary to make a connection request. Notifications about the connection are sent to the emails listed. You can add emails as required.
Click Submit Your Order to complete your connection request.
A page indicates your connection request is successful. If everything on the form is correct, you receive the success message and a summary of next possible actions.
From the success page, you can launch to one the following options:
- Check your inbox for the confirmation email. You receive a second email to let you know when the order is provisioned
- Go to your inventory page to view the connection details and status
- Finish creating your connection by configuring the peering details on the Microsoft Azure Portal. Three peering connections can be made on the Microsoft side using the same service key. These are private, public and Microsoft peering. If you have already completed this step, then you are done.
Note: After completing BGP peering on the Microsoft portal, you can monitor the virtual connection status and see when it's updated to Provisioned.
If the status still displays Pending BGP Peering, select Sync BGP Peering from the Azure console for immediate provisioning on Equinix to continue.
Pending BGP connections now also have platform sync.
Microsoft Azure ExpressRoute
Verify routes on the Microsoft Azure Portal
To verify the route to and from the customer, visit the Microsoft Azure Portal so that Microsoft can be verified for each ExpressRoute circuit.
For More information on Microsoft Azure ExpressRoute
Please check out the relevant Microsoft documentation here