通过适用于 Office 365 的 ExpressRoute 进行路由Routing with ExpressRoute for Office 365

此文章适用于 Microsoft 365 企业版和 Office 365 企业版。 This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.

若要正确了解使用 Azure ExpressRoute 将流量路由到 Office 365,你需要掌握核心 ExpressRoute 路由要求以及 ExpressRoute 电路和路由域To properly understand routing traffic to Office 365 using Azure ExpressRoute, you'll need a firm grasp of the core ExpressRoute routing requirements and the ExpressRoute circuits and routing domains. 其中规定了使用 Office 365 客户将依赖的 ExpressRoute 的基本信息。These lay out the fundamentals for using ExpressRoute that Office 365 customers will rely on.

您需要了解的上述文章中的一些关键项包括:Some of the key items in the above articles that you'll need to understand include:

  • ExpressRoute 电路不会映射到特定的物理基础结构,而是 Microsoft 和对等提供商代表你在单个对等位置建立的逻辑连接。ExpressRoute circuits aren't mapped to specific physical infrastructure, but are a logical connection made at a single peering location by Microsoft and a peering provider on your behalf.

  • ExpressRoute 电路和客户密钥之间的映射为 1:1。There's a 1:1 mapping between an ExpressRoute circuit and a customer s-key.

  • 每个电路可以支持两个独立的对等 (Azure 专用对等和 Microsoft 对等) ;Office 365 需要 Microsoft 对等。Each circuit can support two independent peering relationships (Azure Private peering, and Microsoft peering); Office 365 requires Microsoft peering.

  • 每个电路都有一个在所有对等关系中共享的固定带宽。Each circuit has a fixed bandwidth that is shared across all peering relationships.

  • 任何公共 IPv4 地址和用于 ExpressRoute 电路的公共 AS 号码都必须被验证为归你所有,或由地址范围的所有者专门分配给你。Any public IPv4 addresses and public AS numbers that will be used for the ExpressRoute circuit must be validated as being owned by you, or assigned exclusively to you by the owner of the address range.

  • 虚拟 ExpressRoute 电路是全局冗余的,将遵循标准 BGP 路由做法。The virtual ExpressRoute circuits are redundant globally and will follow standard BGP routing practices. 这就是在主动/主动配置中建议每个提供商的两个物理电路的原因。This is why we recommend two physical circuits per egress to your provider in an active/active configuration.

有关受支持的 服务 、成本和配置详细信息的详细信息,请参阅常见问题页面。See the FAQ page for more information on services supported, costs, and configuration details. 有关提供 Microsoft 对等支持的连接提供程序列表的信息,请参阅 ExpressRoute 位置文章。See the ExpressRoute locations article for information on the list of connectivity providers offering Microsoft peering support. 我们还在 Channel 9 上记录了一个 10 部分 Azure ExpressRoute for Office 365 培训 系列,以帮助更详尽地解释概念。We've also recorded a 10-part Azure ExpressRoute for Office 365 Training series on Channel 9 to help explain the concepts more thoroughly.

确保路由对称Ensuring route symmetry

Office 365 前端服务器可通过 Internet 和 ExpressRoute 访问。The Office 365 front-end servers are accessible on both the Internet and ExpressRoute. 当两者同时可用时,这些服务器将倾向于通过 ExpressRoute 电路路由回本地。These servers will prefer to route back to on-premises over ExpressRoute circuits when both are available. 因此,如果来自网络的流量倾向于通过 Internet 线路进行路由,则可能会进行路线不对称。Because of this, there is a possibility of route asymmetry if traffic from your network prefers to route over your Internet circuits. 非对称路由是一个问题,因为执行有状态数据包检查的设备可能会阻止遵循与所关注出站数据包不同的路径的返回流量。Asymmetrical routes are a problem because devices that perform stateful packet inspection can block return traffic that follows a different path than the outbound packets followed.

无论通过 Internet 还是 ExpressRoute 启动与 Office 365 的连接,源都必须是可公开路由的地址。Regardless of whether you initiate a connection to Office 365 over the Internet or ExpressRoute, the source must be a publicly routable address. 由于许多客户直接与 Microsoft 对等,因此在客户之间可能重复的情况下使用专用地址不可行。With many customers peering directly with Microsoft, having private addresses where duplication is possible between customers isn't feasible.

以下方案将启动从 Office 365 到本地网络的通信。The following are scenarios where communications from Office 365 to your on-premises network will be initiated. 为了简化网络设计,我们建议通过 Internet 路径路由它们。To simplify your network design, we recommend routing these over the Internet path.

对于这些双向流量,Microsoft 要路由回网络,到本地设备的 BGP 路由必须与 Microsoft 共享。For Microsoft to route back to your network for these bi-directional traffic flows, the BGP routes to your on-premises devices must be shared with Microsoft. 通过 ExpressRoute 向 Microsoft 播发路由前缀时,应遵循以下最佳做法:When you advertise route prefixes to Microsoft over ExpressRoute, you should follow these best practices:

  1. 不要向公共 Internet 和 ExpressRoute 公布相同的公共 IP 地址路由前缀。Do not advertise the same public IP Address route prefix to the public Internet and over ExpressRoute. 建议通过 ExpressRoute 向 Microsoft 发送的 IP BGP 路由前缀广告来自一个完全未向 Internet 播发的范围。It is recommended that the IP BGP Route Prefix advertisements to Microsoft over ExpressRoute are from a range that is not advertised to the internet at all. 如果由于可用的 IP 地址空间无法实现此目的,则必须确保通过 ExpressRoute 播发比任何 Internet 线路更具体的范围。If this is not possible to achieve due to the available IP Address space, then it is essential to ensure you advertise a more specific range over ExpressRoute than any internet circuits.

  2. 每个 ExpressRoute 电路使用单独的 NAT IP 池,并独立于 Internet 线路。Use separate NAT IP pools per ExpressRoute circuit and separate to that of your internet circuits.

  3. 请注意,向 Microsoft 播发的任何路由都将吸引来自 Microsoft 网络中任何服务器的网络流量,而不仅是通过 ExpressRoute 向网络播发路由的网络流量。Be aware that any route advertised to Microsoft will attract network traffic from any server in Microsoft's network, not only those for which routes are advertised to your network over ExpressRoute. 仅向团队定义并理解路由方案的服务器播发路由。Only advertise routes to servers where routing scenarios are defined and well understood by your team. 在网络的每个 ExpressRoute 电路上播发单独的 IP 地址路由前缀。Advertise separate IP Address route prefixes at each of multiple ExpressRoute circuits from your network.

确定通过 ExpressRoute 路由的应用程序和功能Deciding which applications and features route over ExpressRoute

当你使用 Microsoft 对等路由域配置对等关系并经过批准进行适当访问时,你将能够看到通过 ExpressRoute 提供的所有 PaaS 和 SaaS 服务。When you configure a peering relationship using the Microsoft peering routing domain and are approved for the appropriate access, you'll be able to see all PaaS and SaaS services available over ExpressRoute. 专为 ExpressRoute 设计的 Office 365 服务可以使用 BGP 社区或路由 筛选器进行管理The Office 365 services designed for ExpressRoute can be managed with BGP communities or route filters.

其他应用程序(如 Office 365 视频)是 Office 365 应用程序;但是,Office 365 视频由三个不同的组件组成:门户、流式传输服务和内容交付网络。Other applications such as Office 365 Video, is an Office 365 application; however, Office 365 Video is comprised of three different components, the portal, the streaming service, and the content delivery network. 门户位于 SharePoint Online 中,流式服务位于 Azure Media Services 中,内容交付网络位于 Azure CDN 内。The portal lives within SharePoint Online, the streaming service lives within Azure Media Services, and the content delivery network lives within the Azure CDN. 下表概述了这些组件。The following table outlines these components.

组件Component 基础应用程序Underlying application 包含在 SharePoint Online BGP 社区中?Included in SharePoint Online BGP Community? 使用Use
Office 365 视频门户Office 365 Video portal
SharePoint OnlineSharePoint Online
Yes
配置、上载Configuration, upload
Office 365 视频流服务Office 365 Video streaming service
Azure 媒体服务Azure Media Services
No
流式处理服务,在视频无法从 CDN 访问时使用Streaming service, used in the event the video is unavailable from the CDN
Office 365 视频内容交付网络Office 365 Video content delivery network
Azure CDNAzure CDN
No
视频下载/流式传输的主要来源。Primary source of video download/streaming. 详细了解 Office 365 视频网络Learn more about Office 365 video networking.

Office 365 终结点文章中按应用程序类型和 FQDN 列出了使用 Microsoft 对等的每个 Office 365 功能。Each of the Office 365 features that are available using Microsoft peering are listed in the Office 365 endpoints article by application type and FQDN. 使用表中 FQDN 的原因是允许客户使用 PAC 文件或其他代理配置管理流量,请参阅管理 Office 365 终结点(例如 PAC 文件)的指南。The reason for using the FQDN in the tables is to allow customers to manage traffic using PAC files or other proxy configurations, see our guide to managing Office 365 endpoints for example PAC files.

在某些情况下,我们使用了通配符域,其中一个或多个子 FQDN 的播发方式与更高级别的通配符域不同。In some situations we've used a wildcard domain where one or more sub-FQDNs are advertised differently than the higher-level wildcard domain. 当通配符表示所有播发到 ExpressRoute 和 Internet 的服务器长列表,而仅向 Internet 播发一小部分目标或反向播发目标时,通常会发生这种情况。This usually happens when the wildcard represents a long list of servers that are all advertised to ExpressRoute and the Internet, while a small subset of destinations is only advertised to the Internet, or the reverse. 请参阅下面的表以了解区别。Refer to the tables below to understand where the differences are.

此表显示向 Internet 和 Azure ExpressRoute 播发的通配符 FQDN 以及仅向 Internet 播发的子 FQDN。This table displays the wildcard FQDNs that are advertised to both the internet and Azure ExpressRoute alongside the sub-FQDNs that are advertised only to the internet.

向 ExpressRoute 和 Internet 线路播发的通配符域Wildcard domain advertised to ExpressRoute and Internet circuits 仅向 Internet 线路播发的子 FQDNSub-FQDN advertised to Internet circuits only
*.microsoftonline.com*.microsoftonline.com
click.email.microsoftonline.comclick.email.microsoftonline.com
portal.microsoftonline.comportal.microsoftonline.com
provisioningapi.microsoftonline.comprovisioningapi.microsoftonline.com
adminwebservice.microsoftonline.comadminwebservice.microsoftonline.com
*.officeapps.live.com*.officeapps.live.com
nexusRules.officeapps.live.comnexusRules.officeapps.live.com
nexus.officeapps.live.comnexus.officeapps.live.com
odc.officeapps.live.comodc.officeapps.live.com
odc.officeapps.live.comodc.officeapps.live.com
cdn.odc.officeapps.live.comcdn.odc.officeapps.live.com
ols.officeapps.live.comols.officeapps.live.com
ocsredir.officeapps.live.comocsredir.officeapps.live.com
ocws.officeapps.live.comocws.officeapps.live.com
ocsa.officeapps.live.comocsa.officeapps.live.com

通常,PAC 文件旨在将网络请求直接发送到 ExpressRoute 播发的终结点,并将所有其他网络请求发送到代理。Usually PAC files are intended to send network requests to ExpressRoute advertised endpoints directly to the circuit and all other network requests to your proxy. 如果你要配置类似这样的 PAC 文件,请按以下顺序撰写 PAC 文件:If you're configuring a PAC file like this, compose your PAC file in the following order:

  1. 在 PAC 文件顶部包含上表中第二列的子 FQN,向代理发送流量。Include the sub-FQDNs from column two in the above table at the top of your PAC file, sending the traffic towards your proxy. 我们已生成示例 PAC 文件,供你在管理 Office 365终结点一文使用。We've built a sample PAC file for you to use in our article on managing Office 365 endpoints.

  2. 包括本文第一节下方标记为 ExpressRoute 的所有FQDN,将流量直接发送到 ExpressRoute 电路。Include all FQDNs marked advertised to ExpressRoute in this article below the first section, sending the traffic directly to your ExpressRoute circuit.

  3. 包括这两个条目下方的任何其他网络终结点或规则,向代理发送流量。Include any other network endpoints or rules below these two entries, sending the traffic towards your proxy.

此表只显示在向 Azure ExpressRoute 和 Internet 线路播发的子 FQN 旁边公布到 Internet 线路的通配符域。This table displays the wildcard domains that are advertised to Internet circuits only alongside the sub-FQDNs that are advertised to Azure ExpressRoute and Internet circuits. 对于上面的 PAC 文件,下表第 2 列的 FQDN 将在引用的链接中列为向 ExpressRoute 播发,这意味着它们将包含在文件的第二组条目中。For your PAC file above, the FQDNs in column 2 in the below table are listed as being advertised to ExpressRoute in the link referenced, which means they would be included in the second group of entries in the file.

仅向 Internet 线路播发的通配符域Wildcard domain advertised to Internet circuits only 向 ExpressRoute 和 Internet 线路播发的子 FQDNSub-FQDN advertised to ExpressRoute and Internet circuits
*.office.com*.office.com
*.outlook.office.com*.outlook.office.com
home.office.comhome.office.com
outlook.office.comoutlook.office.com
portal.office.comportal.office.com
www.office.comwww.office.com

*.office.net*.office.net
agent.office.netagent.office.net
*.office365.com*.office365.com
outlook.office365.comoutlook.office365.com
smtp.office365.comsmtp.office365.com
*.outlook.com*.outlook.com
*.protection.outlook.com*.protection.outlook.com
*.mail.protection.outlook.com*.mail.protection.outlook.com
autodiscover- <tenant> .outlook.comautodiscover-<tenant>.outlook.com
*.windows.net*.windows.net
login.windows.netlogin.windows.net

通过 Internet 和 ExpressRoute 路由 Office 365 流量Routing Office 365 traffic over the Internet and ExpressRoute

若要路由到你选择的 Office 365 应用程序,你需要确定许多关键因素。To route to the Office 365 application of your choosing, you'll need to determine a number of key factors.

  1. 应用程序将需要多少带宽。How much bandwidth the application will require. 对现有使用情况采样是确定组织中这一点的唯一可靠方法。Sampling existing usage is the only reliable method for determining this in your organization.

  2. 您希望网络流量 () 的出口位置。What egress location(s) you want the network traffic to leave your network from. 应计划最大程度地降低与 Office 365 的连接的网络延迟,因为这样做会影响性能。You should plan to minimize the network latency for connectivity to Office 365 as this will impact performance. 由于 Skype for Business 使用实时语音和视频,因此它特别容易受到较差的网络延迟的影响。Because Skype for Business uses real-time voice and video, it is particularly susceptible to poor network latency.

  3. 如果你希望所有或部分网络位置使用 ExpressRoute。If you want all or a subset of your network locations to use ExpressRoute.

  4. 所选网络提供商从什么位置提供 ExpressRoute。What locations your chosen network provider offers ExpressRoute from.

确定这些问题的解答后,可以设置满足带宽和位置需求的 ExpressRoute 电路。Once you determine the answers to these questions, you can provision an ExpressRoute circuit that meets the bandwidth and location needs. 有关更多网络规划协助,请参阅 Office 365 网络调整指南和 Microsoft 如何处理网络性能 规划的案例研究For more network planning assistance, refer to the Office 365 network tuning guide and the case study on how Microsoft handles network performance planning.

示例 1:单个地理位置Example 1: Single geographic location

此示例是名为 Trey Research 的虚构公司的方案,该公司具有一个地理位置。This example is a scenario for a fictitious company called Trey Research who has a single geographic location.

Trey Research 的员工只能连接到安全部门明确允许的 Internet 上的服务和网站,这些代理对位于企业网络与 ISP 之间的出站代理对上。Employees at Trey Research are only allowed to connect to the services and websites on the internet that the security department explicitly allows on the pair of outbound proxies that sit between the corporate network and their ISP.

Trey Research 计划将 Azure ExpressRoute 用于 Office 365,并意识到某些流量(如发往内容交付网络的流量)将无法通过 ExpressRoute for Office 365 连接进行路由。Trey Research plans to use Azure ExpressRoute for Office 365 and recognizes that some traffic such as traffic destined for content delivery networks won't be able to route over the ExpressRoute for Office 365 connection. 由于默认情况下,所有流量已路由到代理设备,因此这些请求将继续像以前一样工作。Since all traffic already routes to the proxy devices by default, these requests will continue to work as before. Trey Research 确定他们可以满足 Azure ExpressRoute 路由要求后,他们继续创建电路、配置路由以及将新的 ExpressRoute 电路链接到虚拟网络。After Trey Research determines they can meet the Azure ExpressRoute routing requirements, they proceed to create a circuit, configure routing, and linking the new ExpressRoute circuit to a virtual network. 基本 Azure ExpressRoute 配置就位后,Trey Research 将使用我们发布的 #2 PAC 文件,通过直接 ExpressRoute for Office 365 连接路由包含客户特定数据的流量。Once the fundamental Azure ExpressRoute configuration is in place, Trey Research uses the #2 PAC file we publish to route traffic with customer-specific data over the direct ExpressRoute for Office 365 connections.

如下图所示,Trey Research 能够满足通过 Internet 路由 Office 365 流量和通过 ExpressRoute 的流量子集(结合使用路由和出站代理配置更改)的要求。As shown in the following diagram, Trey Research is able to satisfy the requirement to route Office 365 traffic over the internet and a subset of traffic over ExpressRoute using a combination of routing and outbound proxy configuration changes.

  1. 使用#2 PAC 文件,通过适用于 Office 365 的 Azure ExpressRoute 的单独 Internet 出口点路由流量。Using the #2 PAC file we publish to route traffic through a separate internet egress point for Azure ExpressRoute for Office 365.

  2. 客户端配置了针对 Trey Research 代理的默认路由。Clients are configured with a default route towards Trey Research's proxies.

在此示例方案中,Trey Research 使用出站代理设备。In this example scenario, Trey Research is using an outbound proxy device. 同样,不使用适用于 Office 365 的 Azure ExpressRoute 的客户可能希望使用此技术根据检查发往已知高批量终结点的流量的成本来路由流量。Similarly, customers who aren't using Azure ExpressRoute for Office 365 may want to use this technique to route traffic based on the cost of inspecting traffic destined for well-known high volume endpoints.

Exchange Online、SharePoint Online 和 Skype for Business Online 的 FQDN 最大数量如下:The highest volume FQDNs for Exchange Online, SharePoint Online, and Skype for Business Online are the following:

ExpressRoute 客户边缘网络

  • outlook.office365.com、outlook.office.comoutlook.office365.com, outlook.office.com

  • <tenant-name><tenant-name>.sharepoint.com、-my.sharepoint.com、.sharepoint.com <tenant-name> - <app><tenant-name>.sharepoint.com, <tenant-name>-my.sharepoint.com, <tenant-name>-<app>.sharepoint.com

  • *.Lync.com TCP 流量的 IP 范围*.Lync.com along with the IP ranges for non-TCP traffic

  • ** * * * broadcast.officeapps.live.com、excel.officeapps.live.com、onenote.officeapps.live.com、powerpoint.officeapps.live.com、view.officeapps.live.com、visio.officeapps.live.com、word-edit.officeapps.live.com、word-view.officeapps.live.com、office.live.com * * **broadcast.officeapps.live.com, *excel.officeapps.live.com, *onenote.officeapps.live.com, *powerpoint.officeapps.live.com, *view.officeapps.live.com, *visio.officeapps.live.com, *word-edit.officeapps.live.com, *word-view.officeapps.live.com, office.live.com

了解有关在 Windows 8 中部署和管理代理设置以及 确保 Office 365 不会受代理限制的更多信息Learn more about deploying and managing proxy settings in Windows 8 and ensuring Office 365 isn't throttled by your proxy.

对于单个 ExpressRoute 电路,Trey Research 没有高可用性。With a single ExpressRoute circuit, there is no high availability for Trey Research. 如果为 ExpressRoute 连接提供服务的边缘设备的 Trey 的冗余对出现故障,则没有要故障转移到的其他 ExpressRoute 电路。In the event Trey's redundant pair of edge devices that are servicing the ExpressRoute connectivity fail, there is not an additional ExpressRoute circuit to failover to. 这使得 Trey Research 在预先开发中无法通过 Internet 进行重新配置,在某些情况下需要新的 IP 地址。This leaves Trey Research in a predicament as failing over to the internet will require manual reconfiguration and in some cases new IP addresses. 如果 Trey 要添加高可用性,最简单的解决方案是为每个位置添加额外的 ExpressRoute 电路,并主动/主动地配置这些电路。If Trey wants to add high availability, the simplest solution is to add additional ExpressRoute circuits for each location and configure the circuits in an active/active manner.

通过多个位置路由适用于 Office 365 的 ExpressRouteRouting ExpressRoute for Office 365 with multiple locations

最后一个方案是,通过 ExpressRoute 路由 Office 365 流量是更复杂的路由体系结构的基础。The last scenario, routing Office 365 traffic over ExpressRoute is the foundation for even more complex routing architecture. 无论位置数量、存在这些位置的洲数、ExpressRoute 电路数等,都需要能够将一些流量路由到 Internet,而需要通过 ExpressRoute 路由一些流量。Regardless of the number of locations, number of continents where those locations exist, number of ExpressRoute circuits, and so on, being able to route some traffic to the Internet and some traffic over ExpressRoute will be required.

对于位于多个地理位置的客户,必须回答的其他问题包括:The additional questions that must be answered for customers with multiple locations in multiple geographies include:

  1. 是否需要每个位置的 ExpressRoute 电路?Do you require an ExpressRoute circuit in every location? 如果你使用的是 Skype for Business Online 或关注 SharePoint Online 或 Exchange Online 的延迟敏感度,建议在每个位置使用主动/主动 ExpressRoute 电路的冗余对。If you're using Skype for Business Online or are concerned with latency sensitivity for SharePoint Online or Exchange Online, a redundant pair of active/active ExpressRoute circuits is recommended in each location. 有关详细信息,请参阅 Skype for Business 媒体质量和网络连接指南。See the Skype for Business media quality and network connectivity guide for more details.

  2. 如果 ExpressRoute 电路不可用于特定区域,那么如何路由发往 Office 365 的流量?If an ExpressRoute circuit isn't available in a particular region, how should Office 365 destined traffic be routed?

  3. 在具有很多较小位置的网络的情况下,合并流量的首选方法是什么?What is the preferred method for consolidating traffic in the case of networks with many small locations?

每一项都提出了一个独特挑战,要求你评估自己的网络和 Microsoft 提供的选项。Each of these presents a unique challenge that requires you to evaluate your own network and the options available from Microsoft.

注意事项Consideration 要评估的网络组件Network components to evaluate
位于多个位置的电路Circuits in more than one location
建议至少以主动/主动方式配置两条电路。We recommend a minimum of two circuits configured in an active/active manner.
必须比较成本、延迟和带宽需求。Cost, latency, and bandwidth needs must be compared.
使用 BGP 路由开销、PAC 文件和 NAT 管理具有多个电路的路由。Use BGP route cost, PAC files, and NAT to manage routing with multiple circuits.
从没有 ExpressRoute 电路的位置路由Routing from locations without an ExpressRoute circuit
我们建议出口和 DNS 解析与发起 Office 365 请求的人接近。We recommend egress and DNS resolution as close to the person initiating the request for Office 365.
DNS 转发可用于允许远程办公室发现相应的终结点。DNS forwarding can be used to allow remote offices to discover the appropriate endpoint.
远程办公室中的客户端必须具有提供对 ExpressRoute 电路的访问的路由。Clients in the remote office must have a route available that provides access to the ExpressRoute circuit.
小型办公室合并Small office consolidation
应仔细比较可用带宽和数据使用情况。Available bandwidth and data usage should be carefully compared.

备注

如果无论物理位置如何,路由都可用,Microsoft 将首选 ExpressRoute over the Internet。Microsoft will prefer ExpressRoute over the internet if the route is available regardless of physical location.

每个唯一网络必须考虑上述每个注意事项。Each of these considerations must be taken into account for each unique network. 下面是一个示例。Below is an example.

示例 2:多地理位置Example 2: Multi-geographic locations

此示例是一个虚构公司 Humongous Insurance 的方案,该公司具有多个地理位置。This example is a scenario for a fictitious company called Humongous Insurance who has multiple geographic locations.

Humongous Insurance 地理位置分散,办事处分布于全球。Humongous Insurance is geographically dispersed with offices all over the world. 他们希望实现适用于 Office 365 的 Azure ExpressRoute,以在直接网络连接上保留大部分 Office 365 流量。They want to implement Azure ExpressRoute for Office 365 to keep most their Office 365 traffic on direct network connections. Humongous Insurance 还在另外两个洲设有办事处。Humongous Insurance also has offices on two additional continents. 远程办公室(其中 ExpressRoute 不可行)的员工将需要路由回一个或两个主要设施,以使用 ExpressRoute 连接。The employees in the remote office where ExpressRoute is not feasible will need to route back to one or both of the primary facilities to use an ExpressRoute connection.

指导原则是尽快将 Office 365 发往 Microsoft 数据中心的流量。The guiding principle is to get Office 365 destined traffic to a Microsoft datacenter as quickly as possible. 在此例中,Humongous Insurance 必须决定其远程办公室是应尽快通过 Internet 路由到 Microsoft 数据中心,还是其远程办公室应尽快通过内部网络路由,以通过 ExpressRoute 连接到达 Microsoft 数据中心。In this example, Humongous Insurance must decide if their remote offices should route over the Internet to get to a Microsoft datacenter over any connection as quickly as possible or if their remote offices should route over an internal network to get to a Microsoft datacenter over an ExpressRoute connection as quickly as possible.

Microsoft 的数据中心、网络和应用程序体系结构旨在采用全球不同的通信,并尽可能以最有效的方式提供服务。Microsoft's datacenters, networks, and application architecture are designed to take globally disparate communications and service them in the most efficient way possible. 这是世界上最大的网络之一。This is one of the largest networks in the world. 发往 Office 365 的请求在客户网络上保留的时间超过所需时间将无法利用此体系结构。Requests destined for Office 365 that remain on customer networks longer than necessary won't be able to take advantage of this architecture.

在 Humongous Insurance 的情况中,他们应按照打算通过 ExpressRoute 使用的应用程序继续操作。In Humongous Insurance's situation, they should proceed depending on the applications they intend to use over ExpressRoute. 例如,如果他们是 Skype for Business Online 客户,或者计划在连接到外部 Skype for Business Online 会议时使用 ExpressRoute 连接,Skype for Business Online 媒体质量和网络连接指南中推荐的设计就是为第三个位置设置额外的 ExpressRoute 电路。For example, if they're a Skype for Business Online customer, or plan to use ExpressRoute connectivity when connecting to external Skype for Business Online meetings, the design recommended in the Skype for Business Online media quality and network connectivity guide is to provision an additional ExpressRoute circuit for the third location. 从网络的角度来看,这可能更昂贵;但是,在传送至 Microsoft 数据中心之前,将请求从一个洲路由到另一个洲可能会导致 Skype for Business Online 会议和通信期间体验不佳或不可用。This may be more expensive from a networking perspective; however, routing requests from one continent to another before delivering to a Microsoft datacenter may cause a poor or unusable experience during Skype for Business Online meetings and communications.

如果 Humongous Insurance 未使用或计划以任何方式使用 Skype for Business Online,将发往 Office 365 的网络流量路由回使用 ExpressRoute 连接的洲可能可行,但可能会导致不必要的延迟或 TCP 拥塞。If Humongous Insurance isn't using or doesn't plan to use Skype for Business Online in any way, routing Office 365 destined network traffic back to a continent with an ExpressRoute connection may be feasible though may cause unnecessary latency or TCP congestion. 在这两种情况下,建议将 Internet 目标流量路由到本地站点的 Internet,以利用 Office 365 所依赖的内容交付网络。In both cases, routing Internet destined traffic to the Internet at the local site is recommended to take advantage of the content delivery networks that Office 365 relies on.

ExpressRoute 多地理位置

当 Humongous Insurance 规划其多地理位置策略时,需要考虑大量有关电路大小、电路数量、故障转移等内容。When Humongous Insurance is planning their multi-geography strategy, there are a number of things to consider around size of circuit, number of circuits, failover, and so on.

由于 ExpressRoute 位于一个位置,且多个区域试图使用该电路,Humongous Insurance 希望确保从远程办公室连接到 Office 365 时发送到最近的总部的 Office 365 数据中心,并且由总部位置接收。With ExpressRoute in a single location with multiple regions attempting to use the circuit, Humongous Insurance wants to ensure that connections to Office 365 from the remote office are sent to the Office 365 datacenter nearest headquarters and received by the headquarters location. 为此,Humongous Insurance 实施了 DNS 转发,以减少与最接近总部 Internet 出口点的 Office 365 环境建立适当连接所需的往返次数和 DNS 查找次数。To do this, Humongous Insurance implements DNS forwarding to reduce the number of round trips and DNS lookups required to establish the appropriate connection with the Office 365 environment closest to the headquarters internet egress point. 这可以防止客户端解析本地前端服务器,并确保Front-End连接到的 Front-End 服务器靠近 Humongous Insurance 与 Microsoft 对等的总部。This prevents the client from resolving a local front-end server and ensures the Front-End server the person connects to be near the headquarters where Humongous Insurance is peering with Microsoft. 还可以了解如何为 域名分配条件转发器You can also learn to Assign a Conditional Forwarder for a Domain Name.

在此方案中,来自远程办公室的流量将解析北美的 Office 365 前端基础结构,并使用 Office 365 根据 Office 365 应用程序的体系结构连接到后端服务器。In this scenario, traffic from the remote office would resolve the Office 365 front-end infrastructure in North America and use Office 365 to connect to the backend servers according to the architecture of the Office 365 application. 例如,Exchange Online 将终止北美的连接,并且这些前端服务器将连接到租户驻留的后端邮箱服务器。For example, Exchange Online would terminate the connection in North America and those front-end servers would connect to the backend mailbox server wherever the tenant resided. 所有服务都有广泛分布的由单播和单播目标组成的前端服务。All services have a widely distributed front door service comprised of unicast and anycast destinations.

如果 Humongous 在多个洲有主要办事处,建议每个区域至少存在两个活动/活动电路,以减少敏感应用程序(如 Skype for Business Online)的延迟。If Humongous has major offices in multiple continents, a minimum of two active/active circuits per region are recommended in order to reduce latency for sensitive applications such as Skype for Business Online. 如果所有办事处都位于单个洲,或者没有使用实时协作,则具有合并或分布式出口点是客户特定的决定。If all offices are in a single continent, or is not using real-time collaboration, having a consolidated or distributed egress point is a customer-specific decision. 当多个电路可用时,BGP 路由将确保在任何单个电路不可用时进行故障转移。When multiple circuits are available, BGP routing will ensure failover should any single circuit become unavailable.

详细了解示例 路由配置和 https://azure.microsoft.com/documentation/articles/expressroute-config-samples-nat/Learn more about sample routing configurations and https://azure.microsoft.com/documentation/articles/expressroute-config-samples-nat/.

使用 ExpressRoute 选择性路由Selective routing with ExpressRoute

出于各种原因(如测试,向部分用户推出 ExpressRoute)可能需要使用 ExpressRoute 进行选择性路由。Selective routing with ExpressRoute may be needed for a variety of reasons, such as testing, rolling out ExpressRoute to a subset of users. 客户可以使用多种工具通过 ExpressRoute 选择性地路由 Office 365 网络流量:There are various tools customers can use to selectively route Office 365 network traffic over ExpressRoute:

  1. 路由筛选/分离 - 允许 BGP 路由到 Office 365,通过 ExpressRoute 路由到子网或路由器的子集。Route filtering/segregation - allowing the BGP routes to Office 365 over ExpressRoute to a subset of your subnets or routers. 这将按客户网络段或物理办公地点选择性地路由。This selectively routes by customer network segment or physical office location. 这通常用于错开适用于 Office 365 的 ExpressRoute,并配置在 BGP 设备上。This is common for staggering rollout of ExpressRoute for Office 365 and is configured on your BGP devices.

  2. PAC 文件/URL - 将发往 Office 365 的网络流量指示给特定 FQN 以路由到特定路径。PAC files/URLs - directing Office 365 destined network traffic for specific FQDNs to route on a specific path. 这会选择性地按客户端计算机进行路由,由 PAC文件部署 标识。This selectively routes by client computer as identified by PAC file deployment.

  3. 路由筛选 - 路由筛选器是一种通过 Microsoft 对等使用受支持服务的子集的方法。Route filtering - Route filters are a way to consume a subset of supported services through Microsoft peering.

  4. BGP 社区 - 基于 BGP 社区标记的筛选允许客户确定哪些 Office 365 应用程序将遍历 ExpressRoute,哪些应用程序将遍历 Internet。BGP communities - filtering based on BGP community tags allows a customer to determine which Office 365 applications will traverse ExpressRoute and which will traverse the internet.

以下是可以用于返回的简短链接:https://aka.ms/eroroutingHere's a short link you can use to come back: https://aka.ms/erorouting

评估 Office 365 网络连接Assessing Office 365 network connectivity

适用于 Office 365 的 Azure ExpressRouteAzure ExpressRoute for Office 365

管理 ExpressRoute for Office 365 连接Managing ExpressRoute for Office 365 connectivity

ExpressRoute for Office 365 网络计划Network planning with ExpressRoute for Office 365

实现 ExpressRoute for Office 365Implementing ExpressRoute for Office 365

Skype for Business Online 中的媒体质量和网络连接性能Media Quality and Network Connectivity Performance in Skype for Business Online

优化 Skype for Business Online 网络Optimizing your network for Skype for Business Online

Skype for Business Online 中的 ExpressRoute 和 QoSExpressRoute and QoS in Skype for Business Online

使用 ExpressRoute 的呼叫流Call flow using ExpressRoute

在 ExpressRoute for Office 365 方案中使用 BGP 社区Using BGP communities in ExpressRoute for Office 365 scenarios

使用基线和性能历史记录优化 Office 365 性能Office 365 performance tuning using baselines and performance history

Office 365 性能疑难解答计划Performance troubleshooting plan for Office 365

Office 365 URL 和 IP 地址范围Office 365 URLs and IP address ranges

Office 365 网络和性能优化Office 365 network and performance tuning