Move a public peering to Microsoft peering

ExpressRoute supports using Microsoft peering with route filters for Azure PaaS services, such as Azure storage and Azure SQL Database. You now need only one routing domain to access Microsoft PaaS and SaaS services. You can use route filters to selectively advertise the PaaS service prefixes for Azure regions you want to consume.

This article helps you move a public peering configuration to Microsoft peering with no downtime. For more information about routing domains and peerings, see ExpressRoute circuits and routing domains.

Before you begin

  • To connect to Microsoft peering, you need to set up and manage NAT. Your connectivity provider may set up and manage the NAT as a managed service. If you are planning to access the Azure PaaS and Azure SaaS services on Microsoft peering, it's important to size the NAT IP pool correctly. For more information about NAT for ExpressRoute, see the NAT requirements for Microsoft peering.

  • If you are using public peering and currently have IP Network rules for public IP addresses that are used to access Azure Storage or Azure SQL Database, you need to make sure that the NAT IP pool configured with Microsoft peering is included in the list of public IP addresses for the Azure storage account or Azure SQL account.

  • In order to move to Microsoft peering with no downtime, use the steps in this article in the order that they are presented.

1. Create Microsoft peering

If Microsoft peering has not been created, use any of the following articles to create Microsoft peering. If your connectivity provider offers managed layer 3 services, you can ask the connectivity provider to enable Microsoft peering for your circuit.

2. Validate Microsoft peering is enabled

Verify that the Microsoft peering is enabled and the advertised public prefixes are in the configured state.

3. Configure and attach a route filter to the circuit

By default, new Microsoft peerings do not advertise any prefixes until a route filter is attached to the circuit. When you create a route filter rule, you can specify the list of service communities for Azure regions that you want to consume for Azure PaaS services, as shown in the following screenshot:

Merge public peering

Configure route filters using any of the following articles:

4. Delete the public peering

After verifying that the Microsoft peering is configured and the prefixes you wish to consume are correctly advertised on Microsoft peering, you can then delete the public peering. To delete the public peering, use any of the following articles:

5. View peerings

You can see a list of all ExpressRoute circuits and peerings in the Azure portal. For more information, see View Microsoft peering details.

Next steps

For more information about ExpressRoute, see the ExpressRoute FAQ.