on-premises network and the Azure service. Microsoft has ExpressRoute partners all
over the world to enable organizations throughout the globe to connect to Azure
services by using the ExpressRoute connectivity option. ExpressRoute has two flavors:
Exchange Provider and Network Service Provider.
With an exchange provider/Internet exchange point (IXP), a dedicated connection is
established, such as a dark fiber connection, between an organization’s location and
the IXP. The IXP has resilient, high-bandwidth connections to Azure, and it
establishes the direct connection from the customer to Azure. With a network service
provider (NSP), the provider connects your network using MPLS, which is especially
useful if an organization has multiple locations already connected via MPLS, in which
case the Azure connection just becomes a node on that MPLS connection. In both
cases, ExpressRoute offers numerous benefits over site-to-site VPN:
High bandwidth with offerings up to 10Gbps
Low and predictable latency—since the path is known, the latency is consistent
Redundancy in the connectivity through dual connections
An SLA
ExpressRoute is purchased for a particular speed and also as metered or unmetered.
With metered, the customer is charged for network egress (traffic leaving Azure),
whereas with unmetered, there is no egress charge but the monthly ExpressRoute
charge is higher. The ExpressRoute partners can be found at
https://azure.microsoft.com/en-us/documentation/ articles/expressroute-locations/,
which are broken down by provider and location. The pricing details can be found at
https://azure.microsoft.com/en-us/pricing/details/expressroute/. Note that when
dealing with ExpressRoute, the Microsoft price is just Microsoft’s side of the pricing to
allow the connection to Azure via the provider. There are other costs, including these:
The service provider’s costs
The cost of the gateway on the Azure virtual network (this is still required, just as
with site-to-site VPN)
Network egress if a metered plan is selected
When connecting via ExpressRoute, even though a connection may be to the local
ExpressRoute partner location, services in Azure regions throughout the geo-political
region can be accessed through that ExpressRoute connection. For example, if I
establish an ExpressRoute connection in Dallas, I can access Azure services not just in
the South Central United States but in all U.S. regions via the Microsoft Azure
backbone network. If the ExpressRoute Premium add-on is also purchased, all Azure
services throughout the globe can be accessed via the Azure backbone network
through the ExpressRoute local connection.
Another major difference between a site-to-site VPN connection and ExpressRoute is
peering. With a site-to-site VPN, private peering is used; the on-premises network is