expressRouteCircuits
Summary
Details
Connect on-prem networks to Azure critical workloads via multiple ExpressRoutes
Impact: High Category: High Availability PG Verified: Verified
APRL GUID: 4d703025-dafc-f840-a183-5dc440456134
Description:
Connecting each ExpressRoute Gateway to a minimum of two circuits in different peering locations enhances redundancy and reliability by ensuring alternate pathways for data in case one circuit fails.
Potential Benefits:
Enhanced reliability and redundancy
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// cannot-be-validated-with-arg
Ensure ExpressRoute's physical links connect to distinct network edge devices
Impact: High Category: High Availability PG Verified: Verified
APRL GUID: 0e19cc41-8274-1342-b0db-0e4146eacef8
Description:
Microsoft or the ExpressRoute provider always ensures physical redundancy in their services. It's essential to maintain this level of physical redundancy (two devices, two links) from the ExpressRoute peering location to your network for optimal performance and reliability.
Potential Benefits:
Enhanced reliability and fault tolerance
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// cannot-be-validated-with-arg
Ensure both connections of an ExpressRoute circuit are configured in active-active mode
Impact: High Category: High Availability PG Verified: Verified
APRL GUID: f06a2bbe-5839-d447-9f39-fc3d20562d88
Description:
Operating both connections of an ExpressRoute circuit in active-active mode enhances high availability as the Microsoft network will load balance the traffic across the connections on a per-flow basis.
Potential Benefits:
Improved high availability and load balancing
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// cannot-be-validated-with-arg
Activate Bidirectional Forwarding Detection on edge devices for faster failover
Impact: High Category: High Availability PG Verified: Verified
APRL GUID: 2a5bf650-586d-db4c-a292-d922be7d3e0e
Description:
Enabling BFD over ExpressRoute speeds up link failure detection between MSEE devices and routers configured for ExpressRoute (CE/PE), applicable over both customer and Partner Edge routing devices with managed Layer 3 service.
Potential Benefits:
Faster link failure detection
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// cannot-be-validated-with-arg
Configure monitoring and alerting for ExpressRoute circuits
Impact: High Category: Monitoring and Alerting PG Verified: Verified
APRL GUID: 9771a435-d031-814e-9827-9b5fdafc0f87
Description:
Use Network Insights for monitoring ExpressRoute circuit availability, QoS, and throughput. Set alerts based on Azure Monitor Baseline Alerts for availability, QoS metrics, and throughput metrics exceeding specific thresholds.
Potential Benefits:
Enhanced network performance and health
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// under-development
Configure service health to receive ExpressRoute circuit maintenance notification
Impact: High Category: Monitoring and Alerting PG Verified: Verified
APRL GUID: 26cb547f-aabc-dc40-be02-d0a9b6b04b1a
Description:
ExpressRoute leverages service health for notifications on both planned and unplanned maintenance, ensuring users are informed about any changes to their ExpressRoute circuits.
Potential Benefits:
Stay informed on circuit updates
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// under-development
Implement rate-limiting across ExpressRoute Direct Circuits to optimize network flow
Impact: Medium Category: Scalability PG Verified: Verified
APRL GUID: d40c769d-2f08-4980-8d8f-a386946276e6
Description:
Rate limiting controls traffic volume between on-premises networks and Azure via ExpressRoute Direct, applying to private or Microsoft peering. It distributes port bandwidth, ensures stability, and prevents congestion, with steps outlined for enabling on circuits.
Potential Benefits:
Optimizes network, prevents congestion
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// This query will return all the ExpressRoute circuits (Direct Based) that have Direct Port Rate Limiting disabled
resources
| where type =~ "microsoft.network/expressroutecircuits"
| where properties.expressRoutePort != "" or isnotnull(properties.expressRoutePort)
| where properties.enableDirectPortRateLimit == false
| project recommendationId = "d40c769d-2f08-4980-8d8f-a386946276e6", name, id, tags, param1=strcat("enableDirectPortRateLimit: ",properties.enableDirectPortRateLimit)