2.3 Azure ExpressRoute
📘Microsoft Azure Networking Solutions (AZ-700)
When designing Azure ExpressRoute, one of the most important tasks for the AZ-700 exam is understanding route advertisement configuration.
This topic focuses on:
- How routes are advertised between on-premises networks and Azure
- How BGP works in ExpressRoute
- How to control which routes are advertised
- How to prevent routing issues
- How to design secure and optimized routing
This guide explains everything in simple and clear language so that both IT and non-IT learners can understand.
1. What is Route Advertisement in ExpressRoute?
Route advertisement means:
Informing another network which IP address ranges (prefixes) you can reach.
In Azure ExpressRoute, route advertisement happens using BGP (Border Gateway Protocol).
- Your on-premises router advertises your internal IP address ranges to Azure.
- Azure advertises Azure virtual network (VNet) address spaces to your on-premises network.
This allows both environments to communicate properly.
2. How BGP Works in ExpressRoute
ExpressRoute uses eBGP (External BGP) between:
- Your on-premises edge router
- Microsoft Enterprise edge router (MSEE)
Important concepts for the exam:
| Concept | Meaning |
|---|---|
| ASN | Autonomous System Number used in BGP |
| Prefix | IP address range (example: 10.10.0.0/16) |
| AS Path | Path that a route takes through networks |
| BGP Weight / Local Preference | Determines preferred path |
3. What Routes Are Advertised?
There are two directions:
A. Routes Advertised FROM On-Premises TO Azure
You advertise:
- Your internal network prefixes
- Data center subnets
- Branch office networks (if connected)
Azure learns these routes and sends traffic to your network correctly.
B. Routes Advertised FROM Azure TO On-Premises
Azure advertises:
- VNet address spaces
- Connected VNet prefixes (if using VNet peering)
- Azure services (if Microsoft peering is enabled)
4. Peering Type and Route Advertisement
ExpressRoute supports two main peering types:
1️⃣ Azure Private Peering
Used for:
- VNet connectivity
- Private IP communication
Routes advertised:
- VNet prefixes
- Peered VNet prefixes
2️⃣ Microsoft Peering
Used for:
- Microsoft public services
- Microsoft 365
- Azure PaaS services
Routes advertised:
- Microsoft public IP prefixes
You must configure route filters for Microsoft peering.
5. Route Advertisement Configuration Recommendations (Exam-Focused)
Now let’s focus on what the AZ-700 exam expects you to know when recommending a configuration.
✅ 1. Advertise Only Required Prefixes
Do NOT advertise unnecessary IP ranges.
Bad design:
- Advertising 0.0.0.0/0 (default route) to Azure unnecessarily
- Advertising overlapping address spaces
Good design:
- Advertise only specific on-premises subnets
Why?
- Prevents routing conflicts
- Improves performance
- Reduces security risk
✅ 2. Avoid Overlapping IP Address Spaces
Azure and on-premises networks must NOT have overlapping IP ranges.
Example problem:
- On-premises: 10.0.0.0/16
- Azure VNet: 10.0.0.0/16
This will break routing.
Always design non-overlapping IP ranges.
✅ 3. Use Route Summarization (Aggregation)
Instead of advertising many small subnets:
❌ 10.1.1.0/24
❌ 10.1.2.0/24
❌ 10.1.3.0/24
Better:
✅ 10.1.0.0/16
Benefits:
- Reduces number of BGP routes
- Improves router performance
- Simplifies management
The exam may test:
When should you use route summarization?
Answer: When reducing BGP route count and simplifying routing tables.
✅ 4. Understand Route Limits
ExpressRoute circuits have BGP route limits.
If you exceed the route limit:
- BGP session may drop
- Routes may not be accepted
Always:
- Monitor number of advertised routes
- Use summarization if needed
✅ 5. Control Routing with BGP Attributes
You can influence routing behavior using:
| Attribute | Purpose |
|---|---|
| AS Path | Determines path length |
| Local Preference | Preferred outbound path |
| MED | Suggests preferred inbound path |
Used in scenarios like:
- Active/active ExpressRoute circuits
- Disaster recovery
- Multi-region connectivity
✅ 6. Design for Redundancy
ExpressRoute provides:
- Dual BGP sessions (primary and secondary)
- Redundant Microsoft edge routers
Best practice:
- Use active/active configuration
- Ensure on-premises routers support redundancy
- Advertise routes consistently from both sides
✅ 7. Default Route Advertisement (0.0.0.0/0)
You must carefully decide whether to advertise a default route to Azure.
If you advertise 0.0.0.0/0 to Azure:
- All internet-bound Azure traffic may go to on-premises
- This creates forced tunneling
This is useful when:
- You want centralized security inspection
- All outbound traffic must pass through on-prem firewall
But it increases:
- Latency
- Bandwidth usage
The exam may ask:
When should you advertise default route?
Answer:
- When implementing forced tunneling.
✅ 8. Use Route Filters (Microsoft Peering)
For Microsoft peering:
You must:
- Create route filters
- Select Microsoft service communities
Without route filters:
- No routes are advertised
✅ 9. Understand ExpressRoute FastPath Impact
If using ExpressRoute FastPath:
- Traffic bypasses ExpressRoute gateway data plane
- Route advertisement still happens via BGP
- Improves performance
But:
- Only supported on certain gateway SKUs
✅ 10. Cross-Region Route Advertisement
If using:
- ExpressRoute Global Reach
- Multiple VNets in different regions
Ensure:
- Proper route propagation
- No asymmetric routing
- Consistent summarization
6. Common Exam Scenarios
Here are typical AZ-700 questions related to route advertisement:
Scenario 1:
Company has too many BGP routes and session drops.
Correct recommendation:
✔ Use route summarization
✔ Reduce number of prefixes
Scenario 2:
Company wants all Azure outbound traffic to pass through on-prem firewall.
Correct recommendation:
✔ Advertise 0.0.0.0/0 to Azure
✔ Implement forced tunneling
Scenario 3:
Company uses Microsoft peering but no routes appear.
Correct recommendation:
✔ Configure route filters
Scenario 4:
Two ExpressRoute circuits for redundancy.
Correct recommendation:
✔ Use BGP attributes to influence path selection
✔ Advertise consistent prefixes
7. Security Considerations
Route advertisement affects security.
Best practices:
- Advertise only required prefixes
- Avoid advertising internal management networks unnecessarily
- Monitor BGP sessions
- Use route filtering
- Avoid overlapping IP ranges
8. Monitoring and Troubleshooting
You should know:
- How to check BGP session status
- How to view effective routes in Azure
- How to verify advertised routes
- How to monitor route count
Tools:
- Azure Portal
- PowerShell
- Network Watcher
9. Key Exam Points to Remember
For AZ-700, remember:
✔ ExpressRoute uses BGP
✔ Advertise only necessary routes
✔ Avoid overlapping IP ranges
✔ Use summarization
✔ Understand route limits
✔ Know when to advertise default route
✔ Use route filters for Microsoft peering
✔ Configure redundancy properly
✔ Control routing using BGP attributes
Final Summary
Recommending a route advertisement configuration in Azure ExpressRoute means:
- Designing which prefixes are advertised
- Ensuring efficient routing
- Preventing route conflicts
- Supporting redundancy
- Maintaining security
- Controlling traffic flow
For the AZ-700 exam, you must understand:
- BGP behavior
- Prefix management
- Route filtering
- Default route advertisement
- Redundancy design
- Route summarization
- Forced tunneling
If you understand these clearly, you will confidently answer any ExpressRoute route advertisement question in the exam.
