expressRoutePorts

Summary

Recommendation	Impact	Category	Automation Available	In Azure Advisor
The Admin State of both Links of an ExpressRoute Direct should be in Enabled state	High	High Availability	Yes	No
Ensure you do not over-subscribe an ExpressRoute Direct	High	Scalability	Yes	No
Configure monitoring and alerting for ExpressRoute Ports	High	Monitoring and Alerting	No	No
Connect on-prem networks to Azure critical workloads via multiple ExpressRoutes peering locations	High	High Availability	No	No
Ensure ExpressRoute's physical links connect to distinct network edge devices	High	High Availability	No	No
Ensure both connections of an ExpressRoute are configured in active-active mode	High	High Availability	No	No

Details

The Admin State of both Links of an ExpressRoute Direct should be in Enabled state

Impact: High Category: High Availability

APRL GUID: 60077378-7cb1-4b35-89bb-393884d9921d

Description:

In Azure ExpressRoute Direct, the "Admin State" indicates the administrative status of layer 1 links, showing if a link is enabled or disabled, effectively turning the physical port on or off.

Potential Benefits:

Ensures optimal connectivity.

Learn More:

How to configure ExpressRoute Direct Change Admin State of links

ARG Query:

Click the Azure Resource Graph tab to view the query

Azure Resource Graph

// Azure Resource Graph Query
// Find all Express Route Directs that do not have Admin State of both Links Enabled
resources
| where type == "microsoft.network/expressrouteports"
| where properties['links'][0]['properties']['adminState'] == "Disabled" or properties['links'][1]['properties']['adminState'] == "Disabled"
| project recommendationId = "60077378-7cb1-4b35-89bb-393884d9921d", name, id, tags, param1 = strcat("Link1AdminState: ", properties['links'][0]['properties']['adminState']), param2 = strcat("Link2AdminState: ", properties['links'][1]['properties']['adminState'])

Ensure you do not over-subscribe an ExpressRoute Direct

Impact: High Category: Scalability

APRL GUID: 0bee356b-7348-4799-8cab-0c71ffe13018

Description:

Provisioning ExpressRoute circuits on a 10-Gbps or 100-Gbps ExpressRoute Direct resource up to 20-Gbps or 200-Gbps is possible but not recommended for resiliency. If an ExpressRoute Direct port fails, and circuits are using full capacity, the remaining port won't handle the extra load.

Potential Benefits:

Improves resilience during port failures

Learn More:

About ExpressRoute Direct Circuit Sizes

ARG Query:

Click the Azure Resource Graph tab to view the query

Azure Resource Graph

// Azure Resource Graph Query
// Find all Express Route Directs that are over subscribed
resources
| where type == "microsoft.network/expressrouteports"
| where toint(properties['provisionedBandwidthInGbps']) > toint(properties['bandwidthInGbps'])
| project recommendationId = "0bee356b-7348-4799-8cab-0c71ffe13018", name, id, tags, param1 = strcat("provisionedBandwidthInGbps: ", properties['provisionedBandwidthInGbps']), param2 = strcat("bandwidthInGbps: ", properties['bandwidthInGbps'])

Configure monitoring and alerting for ExpressRoute Ports

Impact: High Category: Monitoring and Alerting

APRL GUID: 55815823-d588-4cb7-a5b8-ae581837356e

Description:

Use Network Insights for monitoring ExpressRoute Port light levels, bits per second in/out, and line protocol. Set alerts based on Azure Monitor Baseline Alerts for light levels, bits per second in/out, and line protocol exceeding specific thresholds.

Potential Benefits:

Enhanced network performance and health

Learn More:

Azure Monitor Baseline Alerts - expressRoutePorts

ARG Query:

Click the Azure Resource Graph tab to view the query

Azure Resource Graph

// under-development

Connect on-prem networks to Azure critical workloads via multiple ExpressRoutes peering locations

Impact: High Category: High Availability

APRL GUID: cce3353a-f409-4559-9959-0ca0e3717114

Description:

Ensure resilient connectivity by connecting on-premises networks to Azure through multiple ExpressRoutes, each originating from distinct peering locations, to provide alternate data paths in case of a peering location failure.

Potential Benefits:

Enhanced reliability and redundancy

Learn More:

Designing for disaster recovery with ExpressRoute private peering

ARG Query:

Click the Azure Resource Graph tab to view the query

Azure Resource Graph

// cannot-be-validated-with-arg

Ensure ExpressRoute's physical links connect to distinct network edge devices

Impact: High Category: High Availability

APRL GUID: 222fbb78-be76-4855-a14f-a5e17ef1ccf5

Description:

Microsoft or the ExpressRoute provider always ensures physical redundancy in their services. It's essential to maintain this level of physical redundancy (two devices, two links) from the ExpressRoute peering location to your network for optimal performance and reliability.

Potential Benefits:

Enhanced reliability and fault tolerance

Learn More:

Designing for high availability with ExpressRoute

Azure Well-Architected Framework review - Azure ExpressRoute - Design Checklist

ARG Query:

Click the Azure Resource Graph tab to view the query

Azure Resource Graph

// cannot-be-validated-with-arg

Ensure both connections of an ExpressRoute are configured in active-active mode

Impact: High Category: High Availability

APRL GUID: 859886df-3996-4eab-8439-c1a38c416e0e

Description:

Operating both connections of an ExpressRoute circuit in active-active mode enhances high availability as the Microsoft network will load balance the traffic across the connections on a per-flow basis.

Potential Benefits:

Improved high availability and load balancing

Learn More:

Designing for high availability with ExpressRoute - Active-active connections

ARG Query:

Click the Azure Resource Graph tab to view the query

Azure Resource Graph

// cannot-be-validated-with-arg