This Deep Dive focuses on explaining all the pieces of an Azure ExpressRoute connection including on prem routers, Microsoft Edge Routers and ISP connections. this is part 1 of two videos.
Hi Freddy Thanks for the video. I have two questions: 1) Why do we need the VGW in the NewNet if we create a VNET peering? Is it not enough the VGW and the Firewall in the ProdVNET? 2) Why do we need the Firewall? is the security not enough just using the VGW in the PRodVNET?
I have the same question. With peering, we can find resources in the prod VNET, and the express route will allow us to connect to the on-prem. By using the routing table and redirecting to the firewall, the VNET should peer. However, to enable us to use the express route, we should also have permission to use it at the subscription/VNET level. That is my only understanding here. I think if i do an express route in the hub VNET and then i peer all the spoke VNETs should be find
A standard supports 4 circuits. Can you explain what is a single circuit? Does this mean 4 locations can connect to the expressroute or 2 sites (each with redundant links = 4 total circuit)?
as far as the routing, since this is all based on BGP the return routes should be injected to your onprem environment by the BGP protocol. in Azure once the peering is created these routes are injected as well. just make sure that in your ARP table in your private peering connection you are able to see both the Microsoft side and the OnPrem routers. once you are able to see that your connection is set. i hope this helps
Great work
Great Explanations, up to the point. Thanks
Glad it was helpful! and thans for watching
Hi Freddy
Thanks for the video. I have two questions:
1) Why do we need the VGW in the NewNet if we create a VNET peering? Is it not enough the VGW and the Firewall in the ProdVNET?
2) Why do we need the Firewall? is the security not enough just using the VGW in the PRodVNET?
I have the same question. With peering, we can find resources in the prod VNET, and the express route will allow us to connect to the on-prem. By using the routing table and redirecting to the firewall, the VNET should peer. However, to enable us to use the express route, we should also have permission to use it at the subscription/VNET level. That is my only understanding here. I think if i do an express route in the hub VNET and then i peer all the spoke VNETs should be find
A standard supports 4 circuits. Can you explain what is a single circuit? Does this mean 4 locations can connect to the expressroute or 2 sites (each with redundant links = 4 total circuit)?
so simple, very nice video
but how do you get back ?
as far as the routing, since this is all based on BGP the return routes should be injected to your onprem environment by the BGP protocol. in Azure once the peering is created these routes are injected as well. just make sure that in your ARP table in your private peering connection you are able to see both the Microsoft side and the OnPrem routers. once you are able to see that your connection is set. i hope this helps
Sir, can I use same gateway subnet of existing vnet for my new circuit ?
yes you can use an existing gateway subnet for a new circuit, or add a gateway subnet to an existing vnet
making me more Confused ehhh