Azure ExpressRoute demystified | whiteboarding session

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

here we are at Marcus off the North Ryde and we deal with stiff I'm Buddhist advantages yourself hi I'm Stephan bitter marks MVP as your Solutions Architect director and vigilant eye team excellence and so I've got Stefan here to talk about Express route and Marcus of Peru will get dry box mugs awesome in other parts of coffee as well fantastic if the morrow superior it's what's the date today it's recorded second of August 2018 so first available what happened Microsoft took public peering off the off the availability does that can set up public viewing anymore so that confused a lot of people because public peering was the nanny was different to Microsoft peering now that Marcus appearing is on the price list and you can deploy Marcus appearing for Azure public in office reaches five public prefixes then then adding somewhat different yeah and it's confusing a lot of people so this is what I got Stefan budeau VNL here today to talk about basically make sense of all this absolutely are you happy to draw this up on the one yeah absolutely they stepped back there first and for the people are data very quickly don't know what express rack ease to connect right basically your private on bond you can hide a copepod VPN or which is the traditional BPM authority or use Express rail which is kind of comparable to a MPLS product network you know in the other world out there so you effectively create in private connection from your Dulles and to have using a third-party provider so you need that the provider to be there you data center you may get bored Telstra very formal eccentric cetera to establish that connection that private connection that's express rallies gives you better latency guaranteed bandwidth etc compared to Vivian quit doesn't because it was a frosting - yeah so in the express world's there is three type of connections there was three type of connection is the prophets connection which is called product hearing is the public connection which is called public theory it was and there is the mass appeal so the difference between the three product bearing is you have yonder's and we own self private oculus into ten 172 or ninety two percent range RFC 1918 respects date oh wow very impressive not having not loaded so you can you you product your dresses your your province peanuts and some dates within Asia you only getting the two like you would with the VPN you create a private people yeah so it's it's got nothing to do at that point public appearance it's all products yep and it's all private connection like an MPLS and it goes to a v-net in Azure which is completely private and rinsed off and it doesn't have to have any access to the outside world that's exactly right so that's the product field yep right now well the other two were and I said were because now public period calamity and some people have got public period period still yes because if it was established it will stay established but you can't create a new public building anymore since the first event so public viewing one what's that it's basically saying well you've got a little bunch of public accessible services we need add storage sequel databases six different public website as your files a portal everything else is accessible through the public Internet's of public IP addresses what public viewing does it's allowing you to use your express web service which can be very large and determined for example and to actually access those public IP addresses so instead of from your own premises or your data center instead of going out on the internet in accessing those services through the internet you go out through the express route so this is purely done by rent so that's public rallies being was part of this as well where because it's public you gotta be care they're advertising certain ranges because then if you advertise the same range us Republic period versus your internet peering then you have asymmetric rattling things like that yes and we'll come back today in a minute so theories they've gone so you can't do body feeling yes you have bubbling theory has been merged in our say inside of mocks appeal now what marks of fearing was before this merge was the same as public gaming except to access of history 65 services so you're you're active mailboxes you share point except lecture that was your marks of healing now they merge the two which is a great thing why because there's no need to a public hearing to the to hazard services and at the same time a box appearing to go to obviously spot just so it makes it so it's a part of this as well now that they've merged it the other part of the the netting requirement having the nap on the customer site that part hasn't changed has it but the is the only reason why the only reason why it's sort of come up now is because of this whole murder the answer availability has a public design remark that hearing people are needing to move to it now clan they're all of a sudden function is usually where they have to manage their own app device just take a step back in very quickly drop Express track looks like yeah in a private and binding and public in the month period okay cool so you have your doubts in them you provider and your job / Microsoft so your DC giver Alta let's not get security involved into this discussion let's just purely look at routing although of course once you go to the public network including interests or your clock starts to public theory of course you need firewalls and security around there but just for the sake of not complicated in the discussion we just don't leave that out okay so you're a router and behind out you say you have your 10.1.1.1 whole network very simple you have your workstation here and you're working away and right now a girl needs met through something else it doesn't matter you were gonna dis to your Asha v-net which is private as well so you go to a provider near pork tails for fun the list is long and you say to him look at 1x pressure on circuit so what it'll do in some of your data center where next to the routes bill drop in literally a physical cable fiber optic cable that will allow you to the physical connection to a providers network right so that providers network is again like a backbone from Telstra make a politics attractive that physical catechol so with that physical parameter you then connected you establish an Express route circuit now that's two parts of that the first one is to create within your provider your expressive art circuit and that will include violence at the customer edge and other pramanas age all right so that's what we taught you in queueing to qinq technology whereby if you an agency tonight correct that's right we're buying your your veal and when it leaves your router will be tagged the view idea but when he gets to the actual age of the provider will be reached at not retail it would be included inside of another tag so the next tag the next that service service key and the s.tiger correct so you end up effectively with with a VLAN tag in southern VLAN it's got a few Inc gamma Y so that in here when the when the packet traverses the providers network it doesn't matter what VLAN use here you can use an evil and that you want because it's gonna get tagged so they can control what goes across there with the VLAN IDs once it gets out of this and connect the back to Asia that tag will be removed from the plot and then you'll end up with the same VLAN you decide ok so once you've got that selections are so it clear till you've got traffic comes into here see tag it's overlaid with a niche tag on top of that correct and then this place removes trend out the same see tag that goes over this is basically correct yeah that's right now once you've got this set up the next thing is to set up your page of express routes inside a version ok so once you set up your it's your Express rail tour in the portal or PowerShell whatever you prefer to do you're gonna get a service key so this key is a unique identifier for your express transit we do know you've been playing that service period in your provider they you know probably along Tripoli with the provider and at that point your circuit is then established established from one router to the other alle to the other edge ok now that's your physical circuit is now established well a logical circuit on top of a physical circuit ok now once you have that it's not the end of the story comes into play a little B's that we like to call BGP now if you're not familiar with bgb DC's not intend here to explain BGP it's effectively a routing protocol right so whereby you can dynamically get routes or send routes out from - a route okay so now I've got an IP address range here I've got say 10 12.0 / 20 form this side it's like an address space of the intraspace your subnet go we can establish bgp peering between our routes are here and the edge router in area how do we do that well when you configure you express route your private peering in Express wrap you have to define three things number one is what is my BGP ASN you know I'll refer you to the line videos and everything else to explain what the nice and easy happy to be exactly so for private clearing if I can understand correctly you can't use the public ASN for private PR you can as long as you own it right if you don't own it then don't use it there are profits in the same ways that private IP address today are private a sends out they which is 64 don't quote me on this and it's on video but I think it's 63 tails and something something and above all the way to 65 mm Wow I don't think so something like that don't worry your research don't use this okay so you create your beauty for us and say I'm gonna pick 65,000 you define what your IP addresses your range of IP address that will be assigned to you interface here and you interface in Azure traveler peace doesn't have to be public can be bubbly if you want to do that why use our public IP addresses so for example I'm going to say let's go [Music] 192.168.1 the 0 / 3rd why turkey because well I need two IP addresses yeah you can assign such 29:24 if you wanted doesn't matter but only two IP addresses will be used how is it going to use it it's going to the first IP address which is your router or number on the customer side yeah not one so the way I can remember this is Microsoft that's even because we don't change number for the customer first IP customer because the customer system and second IP for Microsoft - don't - that's - that's it okay so once you've done this I said there's a third thing that is necessary and this is we're not going to go too much in detail but you also need to provide a range of up uterus for your secondary circuit now beware with Microsoft and Express route for the express route to the second reason polio or so you need a secondary connection second taking all these stumps - so just so we're clear so circuit is logical but then you've got two physical connections underneath that all right yes so ideally what you do you go to provide a number one you go to private number two you get a second circuit which land on the second type of second seven routers which land on the second serve you can get weather Express gateways that's your mechanics there's no portal when people are setting this up you've got like it asks for a primary and secondary that primary is a first physical one and then the secondary is the second fizz's second physicals are here you've just got the primary for this if you have a second like a second physical connection now nothing prevents you to create a secondary on the area but what's the point secondaries there in case something fells so the recommendation is to have everything know and even make the landing as in a complete different regional from here for example this is a provider to us three NFSA the edge it's all redundant anyway yeah yeah because I've seen some customers sometimes do one connection from here and just to the provider because it's yeah or somebody will do - yeah but then if somebody gets on the table today that's gone anyhow it's not good to deep into this so let's come back to this you've got dot one dot two so now you have a set of IP this once that is establishing you've clicked okay little things churn it says here that's appear from here from this round you can paint one ninety once except that one doctor because the circuit is established are there are three and IP addresses these are a BGP comes into play you've defined your ASM you're going to define a need to be clear from these flowers to Darrell and say my peer is built to you oh it's established at that point automatically you are set of IP addresses here will start to get advertised through here to this rally here and whatever you want to advertise back out from your private as in this case picked up one you can advertise back here so we you know set up your basement so for us were so that's exactly well so yeah how's your range of networks marks off twiddle automatically as long as your v-neck tees associated with your Express valve connection and the ties the the range of profit that you are using and everybody knows everyone in the canal the BGP BGP is fantastic C can be complex that's fantastic ok that's product period product now okay now the complicated Beast let's assume for just a second and and all the security people out there I didn't you know turn around in a grinding your cause what are you doing security is not in play here so please do not do this life let's assume here you have a internet connection I love that router now principle of nothing what is next network address translation the expecting the days into when I was just born IP addresses that we use on premises were public IP versus right so everyone every device out there that want to connect into another device through the internet was just using a public IP address and ever he's happy now we've ran out of ipv4 so people in big company larger company millions of devices start thinking hang on a minute we can't use a public computers per device is just gonna kill us so how about we create a technology whereby we can have millions of private IP addresses in the background that we can reuse on either side but then sits behind the devise that will translate that IP address when it comes in and request to go to the Internet to one public IP address' well that technically is Pat not that but it's not going to details you get research done on the Internet oh sure so say for example I'm sitting here with wonder 1.25 and that's my workstation I want to access wwwp rest like you know that says that with this or need a public IP address so comes into play at device which is router which is follow whatever you decide to be that will translate that IP address and create academic net connection to a public computers 52 dot X the length of X that's gonna be used to go out to the website the websites gonna reply that this device land on here this IP address this device know that this IP address goes to this product give this box you're on call return be on that stance yep beautiful how does that I had a big wonder we care about Express transfer dis well you got why do we care about Express run once we when we talk about private viewing we don't care once we talk about public appearing now simply care about nothing why because all the devices are sitting inside of your network and wants to access the public facing services veteran needs to be knotted somehow and that is the same thing for Express route so how it used to be say your internet connection here you want to access the public facing now services of area you will go out to the internet go out how do you go out through here until the 1st of April you will have established read a public viewing how's that work exactly the same principle right you go out you get used to your circuit etc but now energy when you create your public clearing you have to give the public the public peering configuration a publication system and you get a publication in Australia to the APNIC organization you register your company you get a private number so it's a unique number to your company along with a set of public IP addresses are reserved for you and you only so there's no conflict ugly so same principle you until you you're up your normal sn95 five five apologies twenty-one a day for use their innocent it doesn't matter and you get a set of public IP address one with three or two $50 14.0 / 24 boom that's allocated to your company with this a so you define that inertia you say this is my lesson this is my range of public appeal but you don't need all that same disperse do you did for them for that you can get a subset of those IP addresses / 30 14.0 / 30 used adult one this side used a lot on that side and box just a chemical customer comes first now exactly now once that is established so this - is not on your private gateway that you've done for private this lands in the public realm aversion right will monitor Microsoft indeed on the pilots on the on the mark soft as a public network inside of the edge bulb okay how does it all work after that well it's the same principle as what we did with private it's all through BGP and advertisements okay so as a public peering on by default and advertise the subnet values from appearing advertised Adel what does not such as you know replied to me with is all the public IP addresses that are in if I do my express routes as a standards non-premium in my region so in the Sydney and Melbourne all the public IP addresses used for those services in Sydney and Melbourne will be advertised back tomorrow so just so we're clear this subject that you use for appearing with with Microsoft can you use that same exact subnet for advertising public yet show you just advertise it you don't here's why and just the way to treat be to come soon to play here remember nothing we spoke about naughty yeah now all the public computers for the public services are now on this round how do i with my computer get to those services well I need to nuts that right so what I've been doing and from the older customers that there is use this IP address here is reappearing that is on that interface right here that goes to public uses the one and use that as your net and so for any communication book I'm sitting the Honda and I got the public everybody's happy he's the treat so well mock receptors down good or bad I'm gonna count is you're not really using this IP address to access the public facing services why because once the the once the packet it's the net d.edge network of Microsoft there is an additional nuts that is that he's been done so I go from doc 25 10.1 to 1 to 25 I get method to 103 250 14.1 I hit this device and these devices they're gonna do another nuts with a Microsoft IP address so this is public peering correct Microsoft which I can't get any more correct that some people do have it some people do have it which means that this is why when they first establish the public hearing and at things like sequel databases that they want to access they couldn't access them anymore why because now we've gotten dish like alligators that we need to add to the phones on the sequel service mm-hmm okay so if you look at what hits the actual service a sequel service and if you research into a you know Whois database you'll see that the IP address to be on some democracies hmm okay right so privates Nats double Nats services public bad why use double netting who knows but there's no need because I'm using a public IP address here I've bested this using private IP addresses and it works which prove that they are nothing don't try this at home don't try this at home because you know they kind of cuts off anyway move it on so public theory is no longer they right but if you have a public feeling circuit established today you can keep it for long enough mmm so we have public peering as I said if you have public being implies is still be the word we eat on establishing you develop public viewing circuit good because we don't does the moments come into play Microsoft see how I am using public you read bad what's appearing real good ok the difference here is marks appearing used to be used just be it su office 365 now it's used to do both as a services public peering and office 365 and we're going to use what we call wrap filters on top of that to the filter what is that the Thomas to us as opposed to what we advertise fountain ok one of the big difference between marks of peering and public peering that is now gone there's no more mats ok so amongst us no longer nuts your public IP address between one of their public IP addresses the main difference here is is that aside from that you normally have to define a subnet that you're going to use to peer as in the IP address assigned to your router and the marks of trail but you also need to advertise a set of a set of IP address yeah okay so this is like a sent to me they're like a step two which overlays the peer correct here is setup the handshakes done everything's happy then you got to do you have any further thoughts something to rock stuff through bgp yep and you'll see when you configure mocks appearing in a portal for example compared public peering there is a third step which is what are the ranges of public computers you'd like to either pass out right okay gotcha hotcha these are IP addresses that you know advertised guess what they gotta be used for Nats on your site why did wider what are you still need nothing because you're still using a private IP addresses and go convert that to a public key to access the services but this time you cannot use the actual public IP addresses that was assigned to your interface for your peering you need to use another set of public IP addresses so in our case here instead of 1 over 3 250 14.0 slash 30 let's say we do it to 50 / 29 for example bit larger why so you can do multiple nothing if you want but you could use a 30 there too and only have two IP addresses if you want right or / go wrong right ok so actually if it's a slash 29 thank you okay so we got advertised this and I'm nothing is gonna be part of this round so for example dot 9 it's gonna be our first that so when I'm here I come here I get know that - I know now any services that is now being accessed is gonna be accessed with from these computers so I guess the the advantage here for the phone is if you're a massive enterprise company and you've got BGP to set up for your internet connection then here's the problem you've got already public IP addresses advertised to Microsoft just for the internet you want to advertise those through Microsoft peering as well because otherwise you're going to get potentially asymmetric grabbing at and this is we're coming back to you what you mentioned and the very start you probably peering in estimate a symmetrical routing yeah because there wasn't a thing of mark soft and now here so it doesn't do not really use private idea this is anyway he's heading back to a single IP exactly rights now with this yes absolutely whatever you advertise here to mark sell public don't get me wrong did not going throughout the times that further so they're not a transitional network so those addresses us will stay within the confront of the Microsoft Network but if you ever tossing them out to you internet and you've now trying to access things to the marks of network in the marks of network knows to routes to combine its my bro now you start to look at symmetrical any problems problems problems instead probably okay okay so just just a recap this this subnet here used fourth hearing and and this one used for advertising I need to by the way I forgot to say because you need primary and secondary connection yes of course saying the same as the prior video terms of private across the two physical connections so this business so I've been here you can use that for advertising as well because as you said before you can do in public in public yeah yeah public you but you can't do it anymore because you can't set it up right what about Syria what Philly you can't you can't use them they're right you can't do so marks a food here gotcha if you advertise the range that you use for your peering you're gonna have problems okay okay so this is that it's Beth I don't know who told don't use that that's a slightly thing okay so that's another idiosyncrasy of markers or theorem keep that peering subnet separate to what you are going to advertising right it's fine now I'm sure that if you do advertise that in my work it might not work okay you don't don't use it so they'll let you twist it like that now once we've got just to finish the story once we go public peirong done we still we can advertise our range we're still not gonna get anything back for Microsoft until we create we go around filter which is basically on the poor designer on the old correct so on the poll we're gonna go and say I would like the routes from Sydney and Melbourne place right now some people may ask oh great so now can you office 365 theory no you can't because even if you go and select and deep the box to say I'd like SharePoint at like onedrive etc etc the red filter when you employ the RAF filter to be actually Express track it does very far what kind of access you means / can have as an example if you have standards Express route which does not allow you to go in the International zone so you stuck with in Sydney Melbourne in Canberra actually tell there's a different matter you get only select Sydney ml if you say it any other any other zone any other region is just gonna bomb you outs because you don't have a premium Express route you only spend of interest gotcha okay and the other thing we'll just add to this as well office 365 prefixes previously when it was Microsoft peering was just office 365 you couldn't get Microsoft peering unless you got approval from the modern workplace team is now you can get Microsoft peering pudding however you can't tick or get card into boxes for office research panel is you get the approval right right but it's a lot easier because it's just literally a couple of tick boxes we dig deep well you're gonna get your ex one last thing so how does that all sits in terms of subscriptions and who can access what we do now when we talk about private peering your peering will be private to within your subscription or whatever connection you establish one vina to another with v-net connections okay when we never talk about public it's not assigned to a subscription okay so if I say I don't have any product I just do a monk's of peering I'm gonna get one subscription Peggy and say well I'm going to do an express routes with most appearing with masterful a pay for that through my subscriptions oh good yeah but at that point every single service that is used from public can be used for the Express track no matter what subscription is hitting because it's pure routing okay so on your side you get all the rounds from public as a services even if you now want to access a sequel database that sits in a complete different tenants or a complete difference that will work it's just gonna route through it makes sense yeah because it's not related to your subscription only building half basically yep okay yeah I think that's about it cool all righty I'm so stiff thank you for that Alan and so you want to just do for people like an idea of like if they wanna get hold of you if they want to ask further questions yeah so from a Twitter Stefan spelled ste pH a and E to French white Stefan Biddle and Stefan better or I know this is video at vigilant IT so and you're available as well to help people absolutely sir so we we add our experts a manager and a piece of course we are and your pts pay as well and I meet BCS excuse me for the ladies real a few times I am pretty much proud of the fit the feel that you you that's right that's why I even I myself cop anyway all right Thank You Stefan for your time thanks bye see you later girls

Info

Channel: Marc Kean

Views: 18,563

Rating: 4.8317757 out of 5

Keywords: Azure, ExpressRoute, BGP

Id: RkuZD8y2JnM

Channel Id: undefined

Length: 31min 9sec (1869 seconds)

Published: Fri Aug 03 2018