Azure ExpressRoute
An Azure service that provides private connections between Azure datacenters and infrastructure, either on premises or in a colocation environment.
323 questions
Multiple ExpressRoutes connected through individual NVAs to other VNets
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 68%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Steiner
21
Reputation points
Hello,
Each location has it's on ExpressRoute circuit, NVA and accesses shared resources in a location. For example,
California office - 192.168.8.0/24
Hong Kong office - 192.168.70.0/24
Paris office - 192.168.55.0/24
Connected via ExpressRoute Circuit to the following Azure VNets
West US for California Office, West US has a VNet: 10.0.0.0/24; the VNet has an NVA which filters traffic and a ExpressRoute Gateway in the gateway subnet which routes on premise network traffic (192.168.8.0/24) to Azure resources through the NVA.
East Asia for Hong Kong Office, East Asia has a VNet: 10.2.0.0/24; the VNet has an NVA which filters traffic and a ExpressRoute Gateway in the gateway subnet which routes on premise network traffic (192.168.70.0/24) to Azure resources through the NVA.
West Europe has a VNet 172.20.0.0/16 which is peered with 10.0.0.0/24 and 10.2.0.0/24.
It is impossible for the Shared VNet (West Europe - 172.20.0.0/16) to have with multiple virtual network gateways (one for West US and another for East Asia), if both locations (West US and East Asia) require access to the resources in the Shared VNet, how can this be configured?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT 23,031 Reputation points Microsoft Employee2021-10-02T04:17:15.13+00:00 Hello @Steiner , Thank you for reaching out. I am not so sure if I have understood the question correctly.
A virtual network can have two virtual network gateways; one VPN gateway and one ExpressRoute gateway. For your VNets in West US (10.0.0.0/24) and East Asia (10.0.2.0/24) Can't you have a VPN gateways for these VNets and access the resources in the shared vnet via vnet peering? Please refer to this document for additional details -
Steiner 21 Reputation points
2021-10-02T08:34:33.14+00:00 Hello @ChaitanyaNaykodi-MSFT ,
The idea is to have shared resources in a single location (VNet) with different geographical locations connected via ExpressRoute circuits access these resources. From what I have read, I have not seen that this architecture is possible.
As in the diagram attached, the office locations (192.168.8.0/24 and 192.168.70.0/24) are connected via ExpressRoute circuits to unique VNets (10.0.0.0/24 and 10.2.0.0/24) and accessing resources in "Shared VNet" (172.20.0.0/16).
Using S2S VPN is not the preferred/desired primary solution, this is why ER circuits are considered.
I am assuming this is a limitation with ER circuits, if not, how can the desired architecture be achieved with ER circuits?
-
ChaitanyaNaykodi-MSFT 23,031 Reputation points Microsoft Employee
2021-10-06T18:48:58.31+00:00 Hello @Steiner , apologies for the delay here, I was discussing this issue internally with the team.
We think desired outcome is possible using Express Route circuit with a Premium addon. ExpressRoute premium add-on, you can link virtual networks outside of the geopolitical region of the ExpressRoute circuit. The premium add-on will also allow you to connect more than 10 virtual networks to your ExpressRoute circuit depending on the bandwidth chosen. You can link a VNet created in Europe West to an ExpressRoute circuit created in California and Hong Kong.
You can go through this FAQ Document for additional details on this feature and how to enable it.Hope this helps. Please let us know if you have any additional concerns or questions. Thank you!
-
Steiner 21 Reputation points
2021-10-07T06:52:53.13+00:00 Hello @ChaitanyaNaykodi-MSFT
The issue is not joining multiple VNets to ExpressRoute circuits. The idea is joining 2 ER circuits to separate VNets (A and B), VNet A and B have ER Gateways.
VNet A and B will be peered to another VNet C.
From what I can see, on the VNet C to reach resources at the office end of the ER circuit (VNet A) is only possible for one as you have to configure VNet C (route) to use VNet Gateway, but once you do that, you cannot do the same for the 2nd ER circuit (VNet B). Is there anyway around this?
-
ChaitanyaNaykodi-MSFT 23,031 Reputation points Microsoft Employee
2021-10-07T23:09:34.043+00:00 Hello @Steiner , Thank you for a quick response. To troubleshoot the issue I think we will need specialized 1:1 session, where a support engineer can have a screen share session with you. Can you please send an email to azcommunity@microsoft.com with the below details.
Subject : Attn Chaitanya
Thread URL: Link to this thread.
Subscription IDPlease let me know once you have done the same, so I can enable a one-time free support for you. Please let me know if you have any additional concerns. Thank you! Looking forward to your email!
Sign in to comment