2.3 Azure ExpressRoute
📘Microsoft Azure Networking Solutions (AZ-700)
1. What Is Azure ExpressRoute?
Azure ExpressRoute is a private, dedicated connection between your on-premises network (such as a data center or corporate office) and Microsoft Azure.
Unlike a VPN that uses the public internet, ExpressRoute:
- Does NOT go over the public internet
- Provides private connectivity
- Offers higher reliability
- Provides predictable performance
- Supports higher bandwidth options
In the AZ-700 exam, you must understand:
- The available ExpressRoute connectivity models
- When to choose each model
- Technical limitations and capabilities
- Supported services and routing behavior
2. What Does “Connectivity Model” Mean?
A connectivity model defines how your organization physically connects to Microsoft’s global network.
When selecting an ExpressRoute connectivity model, you are deciding:
- Who provides the connection
- Where the connection is established
- How your network connects to Microsoft
- What type of infrastructure is used
There are four main ExpressRoute connectivity models you must know for the exam.
3. ExpressRoute Connectivity Models
1️⃣ CloudExchange Colocation (Carrier-Neutral Facility Model)
What It Is
In this model:
- Your organization has equipment in a colocation facility
- Microsoft also has equipment in that same facility
- You connect directly to Microsoft’s routers
This is sometimes referred to as connecting at a carrier-neutral exchange.
How It Works
- Your company installs routers in a colocation data center.
- Microsoft has routers in the same facility.
- You create a cross-connection between your router and Microsoft’s router.
- A private circuit is established.
Key Characteristics
- Direct Layer 2 connection
- High performance
- Low latency
- No internet involved
- Requires presence in the colocation site
When to Choose This Model
Choose this model when:
- You already have infrastructure in a major colocation data center.
- You need high bandwidth and low latency.
- You want maximum control over networking.
Exam Tips
- This model requires your own equipment in the facility.
- It is common for large enterprises.
- Provides high scalability.
- Uses BGP for routing.
2️⃣ Point-to-Point Ethernet Connection
What It Is
This model provides a dedicated private connection from your data center directly to Microsoft’s edge network.
It is usually delivered by a telecom provider.
How It Works
- A telecom provider provisions a dedicated circuit.
- The circuit connects your site directly to Microsoft.
- No shared infrastructure is used.
Key Characteristics
- Dedicated physical link
- Not shared with others
- Very secure
- Predictable bandwidth
- Requires physical connectivity
When to Choose This Model
Choose this model when:
- You require strict isolation.
- You need guaranteed bandwidth.
- Your compliance rules require private dedicated circuits.
Exam Tips
- Fully private.
- Requires coordination with a service provider.
- Typically more expensive.
- Good for financial or regulated industries.
3️⃣ Any-to-Any (IPVPN / MPLS Model)
What It Is
This model uses a service provider’s MPLS network to connect to Microsoft.
Your existing MPLS WAN can extend into Azure.
How It Works
- Your organization connects to a telecom provider’s MPLS network.
- The provider connects that MPLS network to Microsoft.
- Azure becomes another site in your WAN.
Key Characteristics
- Shared provider network
- Uses MPLS
- Flexible
- Scalable to multiple branches
When to Choose This Model
Choose this model when:
- You already use MPLS.
- You want Azure to be treated like another branch office.
- You want to extend your WAN to Azure.
Exam Tips
- Often called IPVPN model.
- Uses BGP routing.
- Simplifies hybrid networking.
- Less physical complexity for customers.
4️⃣ ExpressRoute Direct
What It Is
ExpressRoute Direct provides direct connectivity to Microsoft’s global backbone at very high speeds.
This is different from the standard ExpressRoute circuit.
How It Works
- You connect directly to Microsoft’s edge routers.
- You use dedicated 10 Gbps or 100 Gbps ports.
- You manage multiple ExpressRoute circuits over those ports.
Key Characteristics
- Dedicated ports (10 Gbps or 100 Gbps)
- Very high bandwidth
- Designed for extremely large data transfer needs
- Full control over routing
When to Choose This Model
Choose ExpressRoute Direct when:
- You need extremely high throughput.
- You transfer massive data volumes.
- You operate at hyperscale.
- You need predictable, consistent high bandwidth.
Exam Tips
- Higher capacity than standard ExpressRoute.
- You manage multiple circuits over one physical connection.
- Suitable for large enterprises and service providers.
4. How to Select the Correct Connectivity Model (Exam Focus)
In the AZ-700 exam, questions may describe:
- Existing MPLS infrastructure
- Requirement for low latency
- Need for high bandwidth
- Compliance requirements
- Budget limitations
- Presence in a colocation facility
You must match the requirement to the correct model.
Scenario-Based Selection Logic
If the organization already uses MPLS:
→ Choose Any-to-Any (IPVPN model)
If the organization has equipment in a colocation facility:
→ Choose CloudExchange colocation model
If strict isolation and a fully dedicated circuit are required:
→ Choose Point-to-Point Ethernet
If extremely high bandwidth (10–100 Gbps) is required:
→ Choose ExpressRoute Direct
5. Additional Concepts You Must Know for the Exam
1️⃣ BGP Is Required
All ExpressRoute connectivity models use:
- Border Gateway Protocol (BGP)
- For route advertisement
- For dynamic routing between on-premises and Azure
Static routing is NOT supported.
2️⃣ Private Peering
ExpressRoute primarily uses:
- Private peering for Azure virtual networks
Microsoft peering is used for Microsoft services like:
- Microsoft 365
- Azure PaaS services (depending on configuration)
3️⃣ Redundancy
ExpressRoute circuits are:
- Dual connections (primary and secondary)
- Designed for high availability
- Connected to two Microsoft edge routers
For the exam:
You should understand that ExpressRoute provides built-in redundancy.
4️⃣ Bandwidth Options
Standard ExpressRoute circuits support bandwidth from:
- 50 Mbps up to 10 Gbps
ExpressRoute Direct supports:
- 10 Gbps
- 100 Gbps
5️⃣ SLA Considerations
ExpressRoute provides:
- Higher SLA than VPN Gateway
- More reliable connectivity
- Better uptime guarantees
6. ExpressRoute vs VPN (Important for Exam)
| Feature | ExpressRoute | VPN Gateway |
|---|---|---|
| Uses Internet | No | Yes |
| Private Connection | Yes | No |
| Performance | High | Moderate |
| Latency | Low | Variable |
| SLA | Higher | Lower |
| Cost | Higher | Lower |
Exam questions may require you to choose ExpressRoute when:
- Performance is critical
- Regulatory compliance requires private connectivity
- Large-scale hybrid environments exist
7. Decision Checklist for the AZ-700 Exam
When reading a question, ask:
- Does the company already use MPLS?
- Do they have colocation presence?
- Is extremely high bandwidth required?
- Do they require strict private isolation?
- Are they connecting multiple global sites?
- Is cost mentioned as a limitation?
Match these clues carefully.
8. Summary (Exam Revision Section)
You must remember these four connectivity models:
- CloudExchange Colocation – Direct connection at a colocation facility
- Point-to-Point Ethernet – Dedicated private physical circuit
- Any-to-Any (IPVPN/MPLS) – Extends existing MPLS WAN to Azure
- ExpressRoute Direct – Dedicated 10/100 Gbps ports to Microsoft
Final Exam Strategy
For AZ-700:
- Focus on understanding infrastructure requirements.
- Pay attention to keywords like MPLS, colocation, high bandwidth, compliance.
- Know bandwidth limits.
- Know BGP is required.
- Understand redundancy.
- Understand the difference between ExpressRoute and VPN.
If you clearly understand the differences between these connectivity models, you will confidently answer ExpressRoute design questions in the exam.
