Azure Networking Fridays - Microsoft · PDF fileAzure Networking Fridays ... Megaport [email protected] ExpressRoute Connectivity Partner ... 12076:5020 (SharePoint)

Azure Networking Fridayswith the C+E Global Black Belts

Olivier Martin (@omartin) – Networking TSP GBB

Kevin Lopez (@kevlopez) – ER Partner Sales Executive GBB

Jaime Schmidtke (@jaimesc) – ER Partner Sales Executive GBB

Eddie Villalba (@edvilla) – Networking and Open Source TSP GBB

Bryan Woodworth (@brwoodwo) – Networking TSP GBB

Before we get started

• Welcome customers and partners!!!

• Material is public information No NDA info here.

• Use the IM window for questions.

• Sessions are recorded and posted here :

https://aka.ms/microsoftnetworkingacademy

https://aka.ms/mna

https://aka.ms/microsoftnetworkingacademy

https://aka.ms/mna

•New show name!

Agenda for February 17th, 2017

Microsoft Networking Academywith the C+E Global Black Belts

Olivier Martin (@omartin) – Networking TSP GBB

Kevin Lopez (@kevlopez) – ER Partner Sales Executive GBB

Jaime Schmidtke (@jaimesc) – ER Partner Sales Executive GBB

Eddie Villalba (@edvilla) – Networking and Open Source TSP GBB

Bryan Woodworth (@brwoodwo) – Networking TSP GBB

• Still every 2 weeks… but !

• Introductory Sessions (200 level)• Azure Networking Fundamentals (10 minutes)

• Microsoft Guest of the week (15-20 minutes)

• Partner Spotlight of the week (15-20 minutes)

• Q&A (10 minutes)

• Deep Dive Sessions (300-400 level)• Short introduction (5 minutes)

• Deeper dive topic of the week (35-45 minutes)

• Q&A (10 minutes)

• Email [email protected] to receive detailed schedules for the upcoming sessions!

• Available on Channel 9!

Microsoft Networking Academy

mailto:[email protected]

•New show name!

•Deep dive on Azure ExpressRoute peerings with Eddie Villalba

•Open Q&A

Agenda for February 17th, 2017

Atlanta

Chicago

Los Angeles

Seattle

Silicon Valley Washington DC

AmsterdamDublin

London

Sao Paulo

Chennai

Hong Kong

Mumbai

Melbourne

Osaka

Singapore

Sydney

TokyoLas Vegas

TorontoMontreal

Quebec City

New York City

Dallas

Newport, WalesParis Beijing

Shanghai

Berlin

Frankfurt

Dallas

Washington DC

New York

Chicago

US Government

Germany

China

ExpressRoute and Virtual Appliance Partner ContactsEquinix Professional Services [email protected] ExpressRoute SI Partner

Perficient [email protected] ExpressRoute SI Partner

Project Leadership [email protected] ExpressRoute SI Partner

Aryaka [email protected] ExpressRoute Connectivity Partner

AT&T AT&T Information Request Form ExpressRoute Connectivity Partner

Cologix [email protected] ExpressRoute Connectivity Partner

Comcast http://business.comcast.com/landingpage/microsoft-azure ExpressRoute Connectivity Partner

CoreSite [email protected] ExpressRoute Connectivity Partner

Equinix [email protected] ExpressRoute Connectivity Partner

Level 3 http://Level3.com/Azure ExpressRoute Connectivity Partner

Megaport [email protected] ExpressRoute Connectivity Partner

Orange [email protected] ExpressRoute Connectivity Partner

Tata Communication [email protected] ExpressRoute Connectivity Partner

Verizon [email protected] ExpressRoute Connectivity Partner

Zayo [email protected] ExpressRoute Connectivity Partner

Barracuda [email protected] Network Virtual Appliance Partner

Check Point http://www.checkpoint.com/vsec Network Virtual Appliance Partner

F5 [email protected] Network Virtual Appliance Partner

Riverbed [email protected] Network Virtual Appliance Partner

Azure Private Peering

ExpressRoute Customer’s network

DMZ

Azure Virtual Network

(VNET1)

DMZ


(VNET2)

BGP (0.0.0.0/0)

Azure Private Peering

ExpressRoute Customer’s network

DMZ


(VNET1)

DMZ


(VNET2)

BGP (0.0.0.0/0)

Azure Public Peering

Customer’s network

ExpressRoute

Azure Public Services

NAT

Microsoft Peering

Voice

Video & Interactive

Best effort

Customer’s network

Public Internet

DNS CDN

Required

Bidirectional connections

NAT

The Travels of a packet in a Hybrid Microsoft Cloud

Customer’s premises

Ed

ge R

ou

ter

BGP: 0.0.0.0/0 Packet

NAT

NAT

Packet

NAT

Internet

ExpressRoute Circuit

Packet

Packet

Packet

PacketPacket

DNS, CDN, +

PacketPacketPacket

xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

ER Forced TunnelingWith forced tunneling, all internet bound traffic is forced to on-premises due to the 0/0 prefix being advertised in BGP by the on-premise network

What if BGP fails? How can we stop VMs in Azure from talking out to the internet?

Layered NSG routes!!

With Forced Tunneling enabled, 0/0 is considered part of the VirtualNetwork tag as long as BGP is broadcasting it to the ExpressRoute or VPN gateway

All Internet addresses are in the Internet tag

Customer Network

Internet

Multipath Network & Asymmetric Routing

BGP

ExpressRoute

BGP

Microsoft

Packet

Packet

X

SNAT

IRD

ERD

Multi-path ExpressRoute

• Connect the Gateway to at least two ExpressRoute circuits

• All on-premises routes are broadcast to Azure from each ExpressRoute locations

• AS Path Prepend to help with path preference

• ExpressRoute gateway will send traffic to the route with shortest AS Path

Office in Los Angeles

10.1.0.0/16

AS 64496

Office in New York

10.2.0.0/16

AS 64496

Network carrier s IP VPN or

Customers backbone network

Virtual Network

Virtual Network

Exp

ress

Ro

ute

Exp

ress

Ro

ute

ExpressRouteLos Angeles

ExpressRouteNew York

West US10.100.0.0/24

East US10.200.0.0/24

Microsoft s

backbone network

Gateway Gateway

Range AS Path

10.1.0.0/16 64496

10.2.0.0/16 64496 64496

Range AS Path

10.1.0.0/16 64496 64496

10.2.0.0/16 64496

Range AS Path From

10.1.0.0/16 64496 LA

10.1.0.0/16 64496 64496 NY

10.2.0.0/16 64496 NY

10.2.0.0/16 64496 64496 LA

West

Sent to Azure from LA Sent to Azure from NY

Ethernet backbone network

Customer Network

Internet

BGP Communities

BGP

ExpressRoute

BGP

show ip bgp 168.62.225.23

Community: 12076:51004

R1

Customer Network

Internet

BGP Communities

BGP

ExpressRoute

BGP

R1

12076:5010 (Exchange)12076:5020 (SharePoint)

Prefix Advertisement to Customer

Customer’s premisesExpressRoute Circuit

500+ Routes

2000+ Routes2

50

0+

Ro

ute

s3

00

Ro

ute

s

Multi-path ExpressRoute

In this example; West Gateway would send 10.1.1.1 down the Los Angeles ExpressRoute circuit

If LA ER fails, BGP will drop the routes from LA

The NY path would be used to get to the LA office

To influence traffic flow, use AS Path or Local Preference attributes

Office in Los Angeles

10.1.0.0/16

AS 64496

Office in New York

10.2.0.0/16

AS 64496

Network carrier s IP VPN or

Customers backbone network

Virtual Network

Virtual Network

Exp

ress

Ro

ute

Exp

ress

Ro

ute

ExpressRouteLos Angeles

ExpressRouteNew York

West US10.100.0.0/24

East US10.200.0.0/24

Microsoft s

backbone network

Gateway Gateway

Range AS Path

10.1.0.0/16 64496

10.2.0.0/16 64496 64496

Range AS Path

10.1.0.0/16 64496 64496

10.2.0.0/16 64496

Range AS Path From

10.1.0.0/16 64496 LA

10.1.0.0/16 64496 64496 NY

10.2.0.0/16 64496 NY

10.2.0.0/16 64496 64496 LA

West

Sent to Azure from LA Sent to Azure from NY

Ethernet backbone network

Open Q&A

Thank you!Session recording will be posted shortly herehttp://aka.ms/MNA

http://aka.ms/MNA

Documents

Azure Networking Fridays - Microsoft · PDF fileAzure Networking Fridays ... Megaport [email protected] ExpressRoute Connectivity Partner ... 12076:5020 (SharePoint)