Azure Proactive Resiliency Library v2
Tools Glossary GitHub GitHub Issues Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

connections

Summary

RecommendationImpactCategoryAutomation AvailableIn Azure Advisor
For better data path performance enable FastPath on ExpressRoute ConnectionsMediumScalabilityNoNo
Configure an Azure Resource Lock on connections to prevent accidental deletionHighHigh AvailabilityNoNo

Details

For better data path performance enable FastPath on ExpressRoute Connections

Impact:  Medium Category:  Scalability

APRL GUID:  f6a14b32-a727-4ace-b5fa-7b1c6bdff402

Description:

ExpressRoute gateways facilitate network traffic and route exchanges. FastPath enhances on-premises to virtual network data path performance by directing traffic straight to virtual machines, bypassing the gateway for improved resiliency through reduced gateway utilization.

Potential Benefits:

Enhances speed and resiliency
Learn More:
About ExpressRoute FastPath

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Find all ExpressRoute Connections that are connected to ErGw3AZ or UltraPerformance gateway sku that don't have
// FastPath enabled for both the Gateway Bypass or Private Endpoint/Link service.
resources
| where type == "microsoft.network/connections"
| where properties.connectionType =~ 'expressroute'
| extend gatewayId = tostring(properties.virtualNetworkGateway1.id)
| join kind=inner (
    resources
    | where type =~ "Microsoft.Network/virtualNetworkGateways"
    | where properties.sku.name in~ ("ErGw3AZ", "UltraPerformance")
    | extend gatewayId = tostring(id)
) on gatewayId
| extend erGatewayBypass = tobool(properties.expressRouteGatewayBypass)
| extend privateLinkFastPath = tobool(properties.enablePrivateLinkFastPath)
| where not(erGatewayBypass) or not(privateLinkFastPath)
| project recommendationId = "f6a14b32-a727-4ace-b5fa-7b1c6bdff402", id, name, tags,
    param1 = iff(erGatewayBypass, "Enabled: Gateway Bypass", "Disabled: Gateway Bypass"),
    param2 = iff(privateLinkFastPath, "Enabled: PE FastPath", "Disabled: PE FastPath")

Configure an Azure Resource Lock on connections to prevent accidental deletion

Impact:  High Category:  High Availability

APRL GUID:  a5f3a4bd-4cf1-4196-a3cb-f5a0876198b2

Description:

Configure an Azure Resource lock for Gateway Connection resources to prevent accidental deletion and maintain connectivity between on-premises networks and Azure workloads.

Potential Benefits:

Prevents accidental deletion of connections
Learn More:
Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn

ARG Query:

Click the Azure Resource Graph tab to view the query

// under-development