expressRouteCircuits
Summary
Details
Connect on-prem networks to Azure critical workloads via multiple ExpressRoutes peering locations
Impact: High Category: High Availability
APRL GUID: 4d703025-dafc-f840-a183-5dc440456134
Description:
Connecting each ExpressRoute Gateway to a minimum of two circuits in different peering locations enhances redundancy and reliability by ensuring alternate pathways for data in case one circuit fails.
Potential Benefits:
Enhanced reliability and redundancy
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// cannot-be-validated-with-arg
Ensure ExpressRoute's physical links connect to distinct network edge devices
Impact: High Category: High Availability
APRL GUID: 0e19cc41-8274-1342-b0db-0e4146eacef8
Description:
Microsoft or the ExpressRoute provider always ensures physical redundancy in their services. It's essential to maintain this level of physical redundancy (two devices, two links) from the ExpressRoute peering location to your network for optimal performance and reliability.
Potential Benefits:
Enhanced reliability and fault tolerance
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// cannot-be-validated-with-arg
Ensure both connections of an ExpressRoute are configured in active-active mode
Impact: High Category: High Availability
APRL GUID: f06a2bbe-5839-d447-9f39-fc3d20562d88
Description:
Operating both connections of an ExpressRoute circuit in active-active mode enhances high availability as the Microsoft network will load balance the traffic across the connections on a per-flow basis.
Potential Benefits:
Improved high availability and load balancing
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// cannot-be-validated-with-arg
Activate Bidirectional Forwarding Detection on edge devices for faster failover
Impact: High Category: High Availability
APRL GUID: 2a5bf650-586d-db4c-a292-d922be7d3e0e
Description:
Enabling BFD over ExpressRoute speeds up link failure detection between MSEE devices and routers configured for ExpressRoute (CE/PE), applicable over both customer and Partner Edge routing devices with managed Layer 3 service.
Potential Benefits:
Faster link failure detection
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// cannot-be-validated-with-arg
Configure monitoring and alerting for ExpressRoute circuits
Impact: High Category: Monitoring and Alerting
APRL GUID: 9771a435-d031-814e-9827-9b5fdafc0f87
Description:
Use Network Insights for monitoring ExpressRoute circuit availability, QoS, and throughput. Set alerts based on Azure Monitor Baseline Alerts for availability, QoS metrics, and throughput metrics exceeding specific thresholds.
Potential Benefits:
Enhanced network performance and health
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// under-development
Implement rate-limiting across ExpressRoute Direct Circuits to optimize network flow
Impact: Medium Category: Scalability
APRL GUID: d40c769d-2f08-4980-8d8f-a386946276e6
Description:
Rate limiting controls traffic volume between on-premises networks and Azure via ExpressRoute Direct, applying to private or Microsoft peering. It distributes port bandwidth, ensures stability, and prevents congestion, with steps outlined for enabling on circuits.
Potential Benefits:
Optimizes network, prevents congestion
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// This query will return all the ExpressRoute circuits (Direct Based) that have Direct Port Rate Limiting disabled
resources
| where type =~ "microsoft.network/expressroutecircuits"
| where properties.expressRoutePort != "" or isnotnull(properties.expressRoutePort)
| where properties.enableDirectPortRateLimit == false
| project recommendationId = "d40c769d-2f08-4980-8d8f-a386946276e6", name, id, tags, param1=strcat("enableDirectPortRateLimit: ",properties.enableDirectPortRateLimit)