- Global Reach
- FastPath
- ExpressRoute Direct
2.3 Azure ExpressRoute
📘Microsoft Azure Networking Solutions (AZ-700)
1. Overview of Azure ExpressRoute
Azure ExpressRoute is a private, dedicated connection between your on-premises network and Microsoft Azure.
It does not use the public internet. Instead, it uses a private connection through a connectivity provider or via a direct connection.
In the AZ-700 exam, you must understand:
- How ExpressRoute works
- Different deployment models
- Special features:
- Global Reach
- FastPath
- ExpressRoute Direct
- When and why to use each option
- Design considerations and limitations
2. ExpressRoute Basic Architecture
Before learning advanced options, you must understand the core components.
2.1 ExpressRoute Circuit
An ExpressRoute circuit is a logical connection between:
- Your on-premises network
- Microsoft Edge routers
It includes:
- Bandwidth (50 Mbps to 100 Gbps depending on type)
- Peering configuration
- Routing using BGP
2.2 ExpressRoute Peering Types
You must know these for the exam:
1. Private Peering
- Used to connect:
- On-premises network
- Azure VNets
- Uses private IP addresses
- Most common configuration
2. Microsoft Peering
- Used to connect to:
- Microsoft 365
- Azure PaaS services (Storage, SQL, etc.)
Now let’s move to the special ExpressRoute options required for AZ-700.
3. ExpressRoute Global Reach
What is Global Reach?
Global Reach allows you to connect two or more on-premises locations using Microsoft’s global backbone network.
Instead of routing traffic through your own WAN between sites, traffic flows:
Site A → ExpressRoute → Microsoft backbone → ExpressRoute → Site B
It uses Microsoft’s private global network to connect your on-premises data centers.
Why Use Global Reach?
Used when:
- You have multiple data centers in different regions
- You want private connectivity between them
- You want lower latency and higher reliability
- You want to use Microsoft’s global network instead of your own WAN
How It Works
Requirements:
- Two ExpressRoute circuits
- Both circuits must support Global Reach
- Circuits must be connected via authorization
Routing:
- BGP advertises on-premises routes between circuits
- Traffic flows privately via Microsoft backbone
Design Considerations
For AZ-700, remember:
- Circuits can be in:
- Same country
- Different countries
- Global Reach requires:
- Standard or Premium SKU
- You must configure:
- Route filters
- Proper BGP settings
- Microsoft backbone carries the traffic (not internet)
Exam Key Points
- Used for on-premises to on-premises connectivity
- Does NOT connect VNets to VNets
- Requires separate ExpressRoute circuits
- Traffic stays on Microsoft global network
4. ExpressRoute FastPath
What is FastPath?
FastPath improves data path performance between:
- On-premises network
- Azure Virtual Machines
It bypasses the Virtual Network Gateway for data traffic.
Why FastPath Is Needed
Normally:
On-prem → ExpressRoute → Virtual Network Gateway → VM
The Virtual Network Gateway processes traffic.
With FastPath:
On-prem → ExpressRoute → VM (direct path)
The gateway is used only for:
- Control plane
- Route exchange
Not for:
- Data plane traffic
Benefits of FastPath
- Lower latency
- Higher throughput
- Reduced gateway processing
- Better performance for high-volume traffic
Requirements
For the exam, remember:
- Gateway SKU must be:
- UltraPerformance
- ErGw3AZ or higher
- Only works with:
- Private Peering
- Only available for:
- ExpressRoute circuits connected to VNets
When to Use FastPath
Use when:
- Large data transfer between on-prem and Azure
- High-performance workloads
- Large database replication
- Backup or storage-heavy applications
Important Exam Notes
- FastPath affects data plane only
- Control plane still uses gateway
- Requires specific gateway SKUs
- Does not eliminate gateway entirely
5. ExpressRoute Direct
What is ExpressRoute Direct?
ExpressRoute Direct allows customers to connect directly to Microsoft’s global network at a peering location.
Instead of using a connectivity provider, you get:
- Dedicated 10 Gbps or 100 Gbps ports
- Direct physical connection to Microsoft routers
Key Characteristics
- Layer 2 connectivity
- Dual redundant connections
- You manage the circuit
- Supports multiple ExpressRoute circuits over one physical port
Port Speeds
- 10 Gbps
- 100 Gbps
You can create multiple logical circuits over a single Direct port.
When to Use ExpressRoute Direct
Used when:
- Extremely high bandwidth is required
- You need full control over circuits
- You want predictable performance
- You operate at large scale (enterprise or service provider level)
Design Considerations
For AZ-700:
- Available only at specific peering locations
- Requires:
- Physical cross-connect
- Supports:
- Global Reach
- FastPath
- Multiple VNets
- Provides greater routing flexibility
ExpressRoute Direct vs Regular ExpressRoute
| Feature | ExpressRoute | ExpressRoute Direct |
|---|---|---|
| Provider required | Yes | No |
| Bandwidth | Up to 10 Gbps | 10 or 100 Gbps |
| Physical port control | No | Yes |
| Enterprise-level control | Limited | Full |
6. Comparing Global Reach, FastPath, and ExpressRoute Direct
| Feature | Purpose | Improves | Used For |
|---|---|---|---|
| Global Reach | Connect on-prem sites | Global private connectivity | Multi-data center design |
| FastPath | Bypass gateway for data | Performance | High-throughput workloads |
| ExpressRoute Direct | Dedicated physical port | Scalability & control | Large enterprise |
7. Design Decision Guide (Very Important for Exam)
If Question Says:
Connect two data centers privately using Microsoft network
→ Global Reach
If Question Says:
Reduce latency between on-prem and Azure VMs
→ FastPath
If Question Says:
Need 100 Gbps direct physical connection
→ ExpressRoute Direct
If Question Says:
Bypass virtual network gateway for data traffic
→ FastPath
If Question Says:
Want full control of physical ports
→ ExpressRoute Direct
8. Common Exam Traps
Be careful:
- Global Reach is NOT for VNet-to-VNet
- FastPath does NOT remove gateway entirely
- ExpressRoute Direct still requires ExpressRoute circuits
- Premium SKU is required for cross-region/global connectivity
- Microsoft peering is separate from private peering
9. Security and Routing Concepts
For AZ-700 you must understand:
- BGP routing over ExpressRoute
- Route filtering
- Private IP addressing
- ASN configuration
- Redundancy (active-active design)
- Zone-redundant gateways
10. Final Summary
ExpressRoute Global Reach
- Connects on-premises sites
- Uses Microsoft backbone
- Requires two circuits
ExpressRoute FastPath
- Bypasses gateway for data
- Improves performance
- Requires specific gateway SKU
ExpressRoute Direct
- Dedicated 10G/100G port
- No provider required
- Enterprise-level scalability
What You Must Remember for AZ-700
- Know when to choose each option
- Understand routing behavior
- Know gateway SKU requirements
- Understand bandwidth options
- Understand redundancy design
- Know differences between control plane and data plane
