2.3 Azure ExpressRoute
📘Microsoft Azure Networking Solutions (AZ-700)
1. What is Bidirectional Forwarding Detection (BFD)?
Bidirectional Forwarding Detection (BFD) is a network protocol that quickly detects link failures between two directly connected network devices.
In the context of Azure ExpressRoute, BFD is used between:
- Your on-premises router
- The Microsoft Enterprise Edge (MSEE) router
It works together with BGP (Border Gateway Protocol) to detect failures much faster than BGP alone.
2. Why BFD is Important in ExpressRoute
In ExpressRoute, routing between your on-premises network and Microsoft’s network uses BGP.
Normally:
- BGP detects link failures using keepalive and hold timers.
- Default BGP hold time is usually 180 seconds.
- This means failure detection can take up to 3 minutes.
For enterprise environments, 3 minutes is too slow.
For example:
- You are running mission-critical applications in Azure.
- Your on-premises users connect through ExpressRoute.
- A fiber cut happens between your router and the provider.
- Without BFD, traffic might continue to be sent to a failed path for minutes.
With BFD:
- Failure detection happens in milliseconds.
- Traffic quickly switches to the secondary ExpressRoute connection.
- Application downtime is minimized.
For the AZ-700 exam, you must understand:
- BFD improves fast failover
- BFD works with BGP
- BFD is supported on ExpressRoute peerings
3. How BFD Works (Simple Explanation)
BFD establishes a lightweight session between two routers.
Step-by-step process:
- Router A sends BFD control packets to Router B.
- Router B responds immediately.
- If Router A stops receiving responses within a defined time:
- The BFD session is declared DOWN.
- BGP session is immediately dropped.
- Routes are withdrawn.
- Traffic shifts to backup path.
Important:
BFD does not replace BGP.
It only helps BGP detect failure faster.
4. Where BFD is Used in ExpressRoute
BFD is supported on:
- Azure Private Peering
- Microsoft Peering
It is configured between:
- Customer Edge (CE) router
- Microsoft Enterprise Edge (MSEE) router
BFD is enabled at the BGP session level.
5. BFD in ExpressRoute Architecture
In ExpressRoute:
Customer Router
↓
Service Provider
↓
Microsoft Enterprise Edge (MSEE)
↓
Azure backbone
BFD operates on the BGP session between:
- Your CE router
- MSEE
It does NOT:
- Work inside Azure VNets
- Replace ExpressRoute Gateway
- Replace BGP
6. BFD Configuration in ExpressRoute
Important for AZ-700:
- BFD is enabled automatically on Microsoft routers.
- You must configure BFD on your on-premises router.
- It must be supported by your router vendor.
Common configuration parameters:
- Minimum transmit interval
- Minimum receive interval
- Detection multiplier
Example (conceptual, not vendor-specific):
router bgp 65001
neighbor 10.0.0.1 remote-as 12076
neighbor 10.0.0.1 fall-over bfd
The exact syntax depends on:
- Cisco
- Juniper
- Arista
- Other vendor
7. BFD Timers (Very Important for Exam)
BFD uses three main parameters:
1. Transmit Interval
How often BFD packets are sent.
Example:
- 300 milliseconds
2. Receive Interval
Minimum interval expected from peer.
3. Detection Multiplier
How many missed packets before declaring failure.
Example:
- Interval: 300 ms
- Multiplier: 3
- Detection time = 900 ms
So failure is detected in less than 1 second.
This is much faster than BGP hold time (180 seconds).
8. BFD and High Availability in ExpressRoute
High availability in ExpressRoute includes:
- Dual circuits (recommended)
- Dual MSEE routers
- Dual connections to ExpressRoute gateway
- Active/active routing
BFD enhances high availability by:
- Detecting link failure quickly
- Triggering immediate route withdrawal
- Allowing fast convergence
In enterprise environments such as:
- Banking systems
- ERP systems
- Hybrid cloud production environments
Fast detection prevents service interruption.
9. Exam Concepts You Must Remember
BFD Purpose
Fast failure detection for BGP sessions.
BFD Works With
BGP.
BFD Is
- Lightweight protocol
- Independent of routing protocol
- Runs in data plane
BFD Improves
- Fast convergence
- High availability
- Reduced downtime
BFD Does NOT
- Encrypt traffic
- Replace BGP
- Replace ExpressRoute Gateway
- Provide routing policies
10. BFD vs BGP Keepalive (Exam Comparison)
| Feature | BGP Keepalive | BFD |
|---|---|---|
| Failure detection | Slow (seconds to minutes) | Very fast (milliseconds) |
| Runs in | Control plane | Data plane |
| Independent | No | Yes |
| Used with ExpressRoute | Yes | Yes |
| Required | Yes | Optional but recommended |
Exam scenario tip:
If question says:
- “Minimize failover time”
- “Reduce routing convergence time”
- “Fast detection of ExpressRoute link failure”
Answer likely includes:
Enable BFD on the BGP session.
11. Design Considerations for AZ-700
You should recommend BFD when:
- Organization requires low downtime.
- ExpressRoute is primary connectivity.
- Active/active circuits are configured.
- SLA requirements are strict.
You should NOT worry about:
- Enabling BFD inside VNet.
- Configuring BFD on ExpressRoute Gateway.
- Azure Portal configuration (BFD is not configured in portal).
It is configured on the customer router side.
12. Common Exam Scenarios
Scenario 1:
A company reports that failover between ExpressRoute circuits takes 2–3 minutes.
Solution:
Enable BFD on BGP sessions.
Scenario 2:
You must ensure sub-second detection of connectivity failure between on-premises and Azure.
Solution:
Configure BFD with appropriate timers.
Scenario 3:
You are designing highly available ExpressRoute connectivity.
You should:
- Use dual circuits
- Use dual routers
- Enable BFD
13. Key Takeaways for AZ-700
✔ BFD = Fast failure detection
✔ Works with BGP
✔ Enabled between CE and MSEE
✔ Configured on customer router
✔ Improves ExpressRoute failover speed
✔ Detects failure in milliseconds
✔ Critical for high availability designs
Final Summary (Very Important for Exam)
In Azure ExpressRoute, routing is done using BGP. By default, BGP detects failures slowly. Bidirectional Forwarding Detection (BFD) improves this by detecting link failures in milliseconds.
When BFD detects a failure:
- BGP session is immediately dropped.
- Routes are withdrawn.
- Traffic switches to backup connection.
- Downtime is minimized.
For the AZ-700 exam, whenever the question talks about:
- Fast convergence
- Sub-second failover
- High availability improvement
- Faster detection of ExpressRoute failure
The correct concept is:
Implement Bidirectional Forwarding Detection (BFD).
