I recently got the second express route connection up and running at work. Out of our primary data center, London,  we have a 1Gb/s connection to Azure through their London point of presence.  The second of the two links is to the Amsterdam POP and is from our Manchester data center. As per Microsoft’s documentation, a resilient path is required from a different peering location in order for their SLA’s to be valid. This must also be an active/active configuration.

I have tested failover between these two links by altering some of the prefixes we advertise and this seems to work in an expected manner. Failover (on default BGP configuration) is between 15-20 seconds from one data centre to the other. The architecture looks like this:

Azure Express Route Toplogy

The express route topology I have implemented

I’ve chosen to use AS prepend for our advertised routes (which will control inbound traffic) and weight, which is a local value to each router, for the outbound routes. This way we should have a deterministic failover – The egress and ingress paths should always be London POP1 from ‘Datacenter A’ under normal circumstances. There are of course many ways with BGP to modify the best path, in order achieve the same or different routes for specific prefixes.

Under this same topology I run iBGP between our two data centres. Through this design a route map can be used to manipulate the path to azure that each data centers have. As we have two 1GB/s links, one at each data centre, it may be desirable to route some traffic out one link and the rest out another (an example might be sending all the backup traffic our the 2nd link).

I’m impressed with how flexible Azure allows this to be.

PS: When you have provisioned your second dedicated link, be sure to connect both to your VNET!