I recently setup Express Route to Azure ARM using Megaport and wanted to give a brief overview of the process as well as highlighting a few things to be aware of during the setup.
Before setting this up I was given a brief run through of the Express Route setup for the Classic Portal, which we won’t get into here, but be aware that this is a little trickier and that you will need to do the majority of this setup using Azure PowerShell. But if you have done this the config is the same however it can now be all done through the GUI.
Initial Setup of ARM
From the Azure ARM homepage, click on More Services and search for ExpressRoute. You will notice I have ExpressRoute in my side menu, this can be done by clicking the star to favourite the service.
Once you click ExpressRoute circuits you will be presented with the below screen. From here you want to select Add.
You will then be presented with the below screen. A few things to note here. Make sure the correct Provider is selected otherwise this will not work. SKU has two options standard and premium, for a complete breakdown of the differences refer to the following: Azure Network Limits. Billing model is unlimited and metered, all incoming traffic is free however outgoing will be billed. Refer to the following to determine which is going to be the best billing model for you: Azure Billing Model. Once completed hit the Create button and your ExpressRoute Circuit will be created.
Once created navigate to ExpressRoute circuits and select your newly created circuit, in this case mine is named Test.
You will be automatically taken to the Overview page. Here you will see you ExpressRoute Circuit details, find the Service Key and copy it, you will need this for the Megaport Circuit creation.
Connecting Megaport to ARM
From the Megaport homepage after logging in, click + Connection.
A side menu will open up, from here select Connect To Cloud.
You will be presented with some services you can connect to, in this case we want to select Microsoft Azure. The Megaport Interface was recently updated and originally I was not presented with these options, so if you are having issues contact Megaport support through the chat function in the top right of the webpage, they will have you up and running in no time.
You will then need to enter in your Service Key that was copied from the Azure Portal. Name, Rate Limit and A End Vlan will also need to be populated. Note the A End Vlan is the layer 2 Vlan that is used between Azure and your internal network. Click Add to Cart once completed.
Finally click checkout.
You will then see that your new Circuit has been created, it will not immediately show up as green, this generally takes a few minutes before it is complete.
Setting Up Public and Private Networks ARM
Once your Megaport connection has been done go back to Azure Portal and navigate to your ExpressRoute Circuit. You will now see that under Provisioner Status it will now read Provisioned.
Now we want to create our Azure Public and Azure Private connections. I am going to walk through creating the Azure Private network, just repeat the steps to setup Azure Private.
Select Azure Private from the ExpressRoute Circuit Overview screen. Populate the ASN, Primary Subnet, Secondary Subnet and Vlan ID fields. Note that Azure requires a Secondary Subnet regardless of whether you have a Secondary connection or not. If you do not, just put an unused dummy range in here.
The Vlan ID, will be encapsulated in the A End Vlan we setup during the Megaport connection, this is referred to as Q-in-Q. On the receiving router we will strip off the A End Vlan and use the Vlan ID set in Azure, in this case 906.
Sample Cisco Router Configuration
Below is a sample Cisco Router configuration for express route. You will notice on the G0/1.1 interface we have the A End Vlan and the second-dot1q Vlan. When the router recieves the trafic from Azure it will strip the A End Vlan and use the second-dot1q Vlan.
Also note that Azures ASN is 12076.
description — Express Route —
no ip address
description — Express Route Private —
encapsulation dot1Q 907 second-dot1q 906
ip address 10.1.1.1 255.255.255.252
router bgp 1000
neighbor 10.1.1.2 remote-as 12076
Once you have entered in this configuration you can check to see if you BGP connection has been established with the “show ip bgp summary” command. Initially I had trouble with this and even though in Azure it said the ExpressRoute was provisioned and on Megaports side it said it was connected I could not establish a BGP connection. I left this overnight and in the morning it started working without any configuration change on Azure, Megaport or Router, so I suggest setting up the ExpressRoute connection the day before it is required if possible.