In today’s globalized world, customers have started to maintain and expand their presence in the cloud across different geographic regions. With these increased deployments across Azure regions comes the increased complexity of customers’ hybrid networks. Establishing connectivity is no longer as simple as exchanging IP addresses between one pair of Azure regions and on-premises locations. Connectivity now requires additional configuration and reconfiguration of IP prefixes and route filters over time as the number of regions and on-premises locations grows. The introduction of Border Gateway Protocol (BGP) community support for Azure ExpressRoute, now in preview, lifts this burden for customers who connect privately to Azure. The support of this feature will also help simplify and unlock new network designs.
A brief overview of ExpressRoute
ExpressRoute lets customers extend their on-premises networks into the Microsoft Cloud over a private connection. With ExpressRoute, customers can connect to services in the Microsoft Cloud, including Microsoft Azure and Microsoft 365, without going over the public internet. An ExpressRoute connection provides more reliability, lower latency, and higher security than a public internet connection.
Globalized hybrid networks with ExpressRoute
A common scenario for customers to use ExpressRoute is to access workloads deployed in their Azure virtual networks. ExpressRoute facilitates the exchange of Azure and on-premises private IP address ranges using a BGP session over a private connection, enabling a seamless extension of customers’ existing networks into the cloud.
When a customer begins using multiple ExpressRoute connections to multiple Azure regions, their traffic can take more than one path. The hybrid network architecture diagram below demonstrates the emergence of suboptimal routing when establishing a mesh network with multiple regions and ExpressRoute circuits:
To ensure that traffic to Region A takes the optimal path over ExpressRoute circuit 1, the customer could configure a route filter on-premises to ensure that Region A routes are only learned at the customer edge from ExpressRoute circuit 1, and not learned at all by ExpressRoute circuit 2. This approach makes the customer maintain a comprehensive list of IP prefixes in each region and have to regularly update this list whenever new virtual networks are added and private IP address space is expanded in the cloud. As the customer continues to grow their presence in the cloud, this burden can become excessive.
Simplifying routing with BGP communities
With the introduction of BGP community support for ExpressRoute, customers can easily grow their multiregional hybrid networks without the tedious work of maintaining IP prefix lists. A BGP community is a group of IP prefixes that share a common property called a BGP community tag or value. In Azure, customers can now:
- Set a custom BGP community value on each of their virtual networks.
- Access a predefined regional BGP community value for all their virtual networks deployed in a region.
Once these values are configured on customers’ virtual networks, ExpressRoute will preserve them on the corresponding private IP prefixes shared with customers’ on-premises. When these prefixes are learned on-premises, they are learned along with the configured BGP community values. For example, a customer can set the custom value of 12076:10000 on a virtual network in East US and then start receiving the virtual network prefixes along with the values of 12076:1000 and 12076:50004 (the regional value) on-premises. Customers can then configure their route filters based on these community values instead of by specifying IP prefixes.
With the ability to make routing decisions on-premises based on BGP communities, customers no longer need to maintain IP prefix lists or update their route filters each time they expand their address space in an existing region. Instead, they can filter based on regional BGP community values and update their configurations when deploying workloads in a new region.
Understanding complex networks
Customers may expand their Azure workloads across regions over time, as described earlier, but may also continue to build more complex networks within each region. They may progress from simpler single-virtual network deployments to pursuing hub-and-spoke or mesh topologies containing hundreds of resources. If connectivity or performance issues arise for traffic sent from these resources to on-premises, the complexity of the cloud network can make troubleshooting more difficult. With custom BGP community values configured on each virtual network within a region, a customer can quickly find the specific virtual network that traffic is originating from in Azure and narrow down their investigation accordingly.
Take advantage of custom BGP communities with your Azure workloads
With the power to simplify cross-regional hybrid network designs and speed up troubleshooting, custom BGP communities are a great way for customers to enhance current ExpressRoute setups and prepare for future growth.
Learn more about how to configure custom BGP communities for your own hybrid networks.