Create and modify peering for an ExpressRoute circuit

This article helps you create and manage routing configuration for an ExpressRoute circuit in the Resource Manager deployment model using the Azure portal. You can also check the status, update, or delete and deprovision peerings for an ExpressRoute circuit. If you want to use a different method to work with your circuit, select an article from the following list:

Configuration prerequisites

  • Make sure that you have reviewed the prerequisites page, the routing requirements page, and the workflows page before you begin configuration.
  • You must have an active ExpressRoute circuit. Follow the instructions to Create an ExpressRoute circuit and have the circuit enabled by your connectivity provider before you proceed. The ExpressRoute circuit must be in a provisioned and enabled state for you to be able to run the cmdlets in the next sections.
  • If you plan to use a shared key/MD5 hash, be sure to use this on both sides of the tunnel and limit the number of characters to a maximum of 25.

These instructions only apply to circuits created with service providers offering Layer 2 connectivity services. If you are using a service provider that offers managed Layer 3 services (typically an IPVPN, like MPLS), your connectivity provider configures and manages routing for you.

Important

We currently do not advertise peerings configured by service providers through the service management portal. We are working on enabling this capability soon. Check with your service provider before configuring BGP peerings.

You can configure one, two, or all three peerings (Azure private, Azure public and Microsoft) for an ExpressRoute circuit. You can configure peerings in any order you choose. However, you must make sure that you complete the configuration of each peering one at a time.

Azure private peering

This section helps you create, get, update, and delete the Azure private peering configuration for an ExpressRoute circuit.

To create Azure private peering

  1. Configure the ExpressRoute circuit. Ensure that the circuit is fully provisioned by the connectivity provider before continuing.

    list

  2. Configure Azure private peering for the circuit. Make sure that you have the following items before you proceed with the next steps:

    • A /30 subnet for the primary link. The subnet must not be part of any address space reserved for virtual networks.
    • A /30 subnet for the secondary link. The subnet must not be part of any address space reserved for virtual networks.
    • A valid VLAN ID to establish this peering on. Ensure that no other peering in the circuit uses the same VLAN ID.
    • AS number for peering. You can use both 2-byte and 4-byte AS numbers. You can use a private AS number for this peering. Ensure that you are not using 65515.
    • Optional - An MD5 hash if you choose to use one.
  3. Select the Azure Private peering row, as shown in the following example:

    private

  4. Configure private peering. The following image shows a configuration example:

    configure private peering

  5. Save the configuration once you have specified all parameters. After the configuration has been accepted successfully, you see something similar to the following example:

    save private peering

To view Azure private peering details

You can view the properties of Azure private peering by selecting the peering.

view private peering

To update Azure private peering configuration

You can select the row for peering and modify the peering properties.

update private peering

To delete Azure private peering

You can remove your peering configuration by selecting the delete icon, as shown in the following image:

delete private peering

Azure public peering

This section helps you create, get, update, and delete the Azure public peering configuration for an ExpressRoute circuit.

To create Azure public peering

  1. Configure ExpressRoute circuit. Ensure that the circuit is fully provisioned by the connectivity provider before continuing further.

    list public peering

  2. Configure Azure public peering for the circuit. Make sure that you have the following items before you proceed with the next steps:

    • A /30 subnet for the primary link. This must be a valid public IPv4 prefix.
    • A /30 subnet for the secondary link. This must be a valid public IPv4 prefix.
    • A valid VLAN ID to establish this peering on. Ensure that no other peering in the circuit uses the same VLAN ID.
    • AS number for peering. You can use both 2-byte and 4-byte AS numbers.
    • Optional - An MD5 hash if you choose to use one.
  3. Select the Azure public peering row, as shown in the following image:

    select public peering row

  4. Configure public peering. The following image shows a configuration example:

    Configure public peering

  5. Save the configuration once you have specified all parameters. After the configuration has been accepted successfully, you see something similar to the following example:

    Save public peering configuration

To view Azure public peering details

You can view the properties of Azure public peering by selecting the peering.

view public peering properties

To update Azure public peering configuration

You can select the row for peering and modify the peering properties.

select public peering row

To delete Azure public peering

You can remove your peering configuration by selecting the delete icon, as shown in the following example:

delete public peering

Microsoft peering

This section helps you create, get, update, and delete the Microsoft peering configuration for an ExpressRoute circuit.

Important

Microsoft peering of ExpressRoute circuits that were configured prior to August 1, 2017 will have all service prefixes advertised through the Microsoft peering, even if route filters are not defined. Microsoft peering of ExpressRoute circuits that are configured on or after August 1, 2017 will not have any prefixes advertised until a route filter is attached to the circuit. For more information, see Configure a route filter for Microsoft peering.

To create Microsoft peering

  1. Configure ExpressRoute circuit. Ensure that the circuit is fully provisioned by the connectivity provider before continuing further.

    list Microsoft peering

  2. Configure Microsoft peering for the circuit. Make sure that you have the following information before you proceed.

    • A /30 subnet for the primary link. This must be a valid public IPv4 prefix owned by you and registered in an RIR / IRR.
    • A /30 subnet for the secondary link. This must be a valid public IPv4 prefix owned by you and registered in an RIR / IRR.
    • A valid VLAN ID to establish this peering on. Ensure that no other peering in the circuit uses the same VLAN ID.
    • AS number for peering. You can use both 2-byte and 4-byte AS numbers.
    • Advertised prefixes: You must provide a list of all prefixes you plan to advertise over the BGP session. Only public IP address prefixes are accepted. If you plan to send a set of prefixes, you can send a comma-separated list. These prefixes must be registered to you in an RIR / IRR.
    • Optional - Customer ASN: If you are advertising prefixes that are not registered to the peering AS number, you can specify the AS number to which they are registered.
    • Routing Registry Name: You can specify the RIR / IRR against which the AS number and prefixes are registered.
    • Optional - An MD5 hash if you choose to use one.
  3. You can select the peering you wish to configure, as shown in the following example. Select the Microsoft peering row.

    select Microsoft peering row

  4. Configure Microsoft peering. The following image shows a configuration example:

    configure Microsoft peering

  5. Save the configuration once you have specified all parameters.

    If your circuit gets to a 'Validation needed' state (as shown in the image), you must open a support ticket to show proof of ownership of the prefixes to our support team.

    Save Microsoft peering configuration

    You can open a support ticket directly from the portal, as shown in the following example:

  6. After the configuration has been accepted successfully, you see something similar to the following image:

To view Microsoft peering details

You can view the properties of Azure public peering by selecting the peering.

To update Microsoft peering configuration

You can select the row for peering and modify the peering properties.

To delete Microsoft peering

You can remove your peering configuration by selecting the delete icon, as shown in the following image:

Next steps

Next step, Link a VNet to an ExpressRoute circuit