expressRouteCircuits

Summary

Recommendation	Impact	Category	Automation Available	In Azure Advisor
Connect on-prem networks to Azure critical workloads via multiple ExpressRoutes	High	High Availability	No	No
Ensure ExpressRoute's physical links connect to distinct network edge devices	High	High Availability	No	No
Ensure both connections of an ExpressRoute circuit are configured in active-active mode	High	High Availability	No	No
Activate Bidirectional Forwarding Detection on edge devices for faster failover	High	High Availability	No	No
Configure monitoring and alerting for ExpressRoute circuits	High	Monitoring and Alerting	No	No
Configure service health to receive ExpressRoute circuit maintenance notification	High	Monitoring and Alerting	No	No
Implement rate-limiting across ExpressRoute Direct Circuits to optimize network flow	Medium	Scalability	Yes	No

Details

Connect on-prem networks to Azure critical workloads via multiple ExpressRoutes

Impact: High Category: High Availability

APRL GUID: 4d703025-dafc-f840-a183-5dc440456134

Description:

Connecting each ExpressRoute Gateway to a minimum of two circuits in different peering locations enhances redundancy and reliability by ensuring alternate pathways for data in case one circuit fails.

Potential Benefits:

Enhanced reliability and redundancy

Learn More:

Designing for disaster recovery with ExpressRoute private peering

ARG Query:

Click the Azure Resource Graph tab to view the query

Azure Resource Graph

// cannot-be-validated-with-arg

Ensure ExpressRoute's physical links connect to distinct network edge devices

Impact: High Category: High Availability

APRL GUID: 0e19cc41-8274-1342-b0db-0e4146eacef8

Description:

Microsoft or the ExpressRoute provider always ensures physical redundancy in their services. It's essential to maintain this level of physical redundancy (two devices, two links) from the ExpressRoute peering location to your network for optimal performance and reliability.

Potential Benefits:

Enhanced reliability and fault tolerance

Learn More:

Designing for high availability with ExpressRoute

Azure Well-Architected Framework review - Azure ExpressRoute - Design Checklist

ARG Query:

Click the Azure Resource Graph tab to view the query

Azure Resource Graph

// cannot-be-validated-with-arg

Ensure both connections of an ExpressRoute circuit are configured in active-active mode

Impact: High Category: High Availability

APRL GUID: f06a2bbe-5839-d447-9f39-fc3d20562d88

Description:

Operating both connections of an ExpressRoute circuit in active-active mode enhances high availability as the Microsoft network will load balance the traffic across the connections on a per-flow basis.

Potential Benefits:

Improved high availability and load balancing

Learn More:

Designing for high availability with ExpressRoute - Active-active connections

ARG Query:

Click the Azure Resource Graph tab to view the query

Azure Resource Graph

// cannot-be-validated-with-arg

Activate Bidirectional Forwarding Detection on edge devices for faster failover

Impact: High Category: High Availability

APRL GUID: 2a5bf650-586d-db4c-a292-d922be7d3e0e

Description:

Enabling BFD over ExpressRoute speeds up link failure detection between MSEE devices and routers configured for ExpressRoute (CE/PE), applicable over both customer and Partner Edge routing devices with managed Layer 3 service.

Potential Benefits:

Faster link failure detection

Learn More:

Configure BFD over ExpressRoute

ARG Query:

Click the Azure Resource Graph tab to view the query

Azure Resource Graph

// cannot-be-validated-with-arg

Configure monitoring and alerting for ExpressRoute circuits

Impact: High Category: Monitoring and Alerting

APRL GUID: 9771a435-d031-814e-9827-9b5fdafc0f87

Description:

Use Network Insights for monitoring ExpressRoute circuit availability, QoS, and throughput. Set alerts based on Azure Monitor Baseline Alerts for availability, QoS metrics, and throughput metrics exceeding specific thresholds.

Potential Benefits:

Enhanced network performance and health

Learn More:

Azure Monitor Baseline Alerts - expressRouteCircuits

ARG Query:

Click the Azure Resource Graph tab to view the query

Azure Resource Graph

// under-development

Configure service health to receive ExpressRoute circuit maintenance notification

Impact: High Category: Monitoring and Alerting

APRL GUID: 26cb547f-aabc-dc40-be02-d0a9b6b04b1a

Description:

ExpressRoute leverages service health for notifications on both planned and unplanned maintenance, ensuring users are informed about any changes to their ExpressRoute circuits.

Potential Benefits:

Stay informed on circuit updates

Learn More:

How to view and configure alerts for Azure ExpressRoute circuit maintenance

ARG Query:

Click the Azure Resource Graph tab to view the query

Azure Resource Graph

// under-development

Implement rate-limiting across ExpressRoute Direct Circuits to optimize network flow

Impact: Medium Category: Scalability

APRL GUID: d40c769d-2f08-4980-8d8f-a386946276e6

Description:

Rate limiting controls traffic volume between on-premises networks and Azure via ExpressRoute Direct, applying to private or Microsoft peering. It distributes port bandwidth, ensures stability, and prevents congestion, with steps outlined for enabling on circuits.

Potential Benefits:

Optimizes network, prevents congestion

Learn More:

Rate limiting for ExpressRoute Direct circuits (Preview)

ARG Query:

Click the Azure Resource Graph tab to view the query

Azure Resource Graph

// Azure Resource Graph Query
// This query will return all the ExpressRoute circuits (Direct Based) that have Direct Port Rate Limiting disabled
resources
| where type =~ "microsoft.network/expressroutecircuits"
| where properties.expressRoutePort != "" or isnotnull(properties.expressRoutePort)
| where properties.enableDirectPortRateLimit == false
| project recommendationId = "d40c769d-2f08-4980-8d8f-a386946276e6", name, id, tags, param1=strcat("enableDirectPortRateLimit: ",properties.enableDirectPortRateLimit)