Public and private peering with Azure ExpressRoute is a topic that has come up a lot in my recent conversations recently so I thought I would capture some thoughts here:

What is peering?

According to Wikipedia contributors, in computer networkingpeering is a voluntary interconnection of administratively separate Internet networks for the purpose of exchanging traffic between the users of each network. An agreement by two or more networks to peer is instantiated by a physical interconnection of the networks and an exchange of routing information through the Border Gateway Protocol (BGP) routing protocol.

In Azure, peering translates into a private, dedicated and high-throughput connection between Azure and an on-premises data center via ExpressRoute. Note that Azure does offer Virtual Network (point-to-site) and Virtual Network (site-to-site) connectivity options, but rather, the routing is static or dynamic VPN. In contrast, ExpressRoute is based on BGP routing. For a detailed comparison of these options with guidance to choose between them, please refer to Ganesh Srinivasan’s blog post.

Furthermore, peering can be private or public. Public peering, as the name suggests, is a peering arrangement where the interchange between the participating networks happens over a public exchange point. Likewise, a private peering is a peering arrangement where the interchange between participating networks happens over a private exchange point.

So what does private / public peering mean in terms of Azure?

Public and Private Peering with Azure

As stated earlier, ExpressRoute allows you to create a dedicated circuit between on-premises and Azure DC. As part of this dedicated circuit, you get two independent routing domains (shown in green and orange below).

The “orange” link depicts private IP-based traffic among a customer’s network and VNET and VMs running in Azure.  There is a NAT in the path. Since the exchange point is completely private, this link represents a private peering based connection.

The “green” link depicts traffic between a customer’s network with Azure-based services that have a public endpoint (such as Azure Storage). Since the exchange point in this instance is indeed public, this link represents a public peering based connection.  Now, since the traffic is originating from a private IP (on-premises) address, ExpressRoute will NAT the traffic before it delivers the packets to the public endpoint of a service such as Azure Storage (ExpressRoute will use MSFT address range for the NAT pool) This means customers don’t have to go through their internet edge (proxy, firewall, NAT) to reach public Azure services, and thus *not* taking up a chunk of their internet bandwidth to communicate with Azure.

ExpressRoute Public and Private Peering

Please note that not all Azure public services are accessible via ExpressRoute public peering. The following services are not supported over ExpressRoute public peering at the time of writing of this post.

For more information please visit:

Express Route FAQ.

Extending Your On-Premises Network into Azure Securely

Recently, I sat down with hosts Carl Franklin and Richard Campbell of .NET Rocks! To chat about the architectural patterns of cloud development. If you’re not familiar with .NET Rocks! it is a weekly online talk show for anyone interested in programming on the Microsoft .NET platform. During this discussion I talk about how the cloud influences application design, focused on more asynchronous, scalable, and flexible messaging focused architecture. While the patterns could be applied to any cloud technology, Microsoft Azure s particularly well-suited to these architectural patterns, providing services that cover each pattern approach for optimal results. Click here to listen to “Cloud Patterns with Vishwas Lele.”

In this blog post, I will discuss several highlights from Build 2014, Microsoft’s annual conference for software and web designers. As you might expect, this year was filled with new Azure announcements, many of which will influence and expand developers’ cloud computing options and help simplify and speed up delivery. Read on for more information about the new enhancements, services, and products, and to find which ones I found most exciting:

Let’s face it, keeping up with the latest on Windows Azure is hard. Whether it is a new feature announcement, a white paper, a code sample or just another attempt at “cloud washing,” it is difficult to keep up with the latest, no matter how adept you are at mining the various social media channels. This is why we built the “intelligent” twitter bot (@AzureUpdates) as a weekend project. @AzureUpdates is designed to keep you up to date with all things #WindowsAzure, or #Azure, in and around the Twitterverse. Read on to learn more about how @AzureUpdates works:

In this post, I discuss AIS’ Windows Azure Media Services Manage (WAMS Manager) which is a desktop-based application that makes it easy to upload, tag, encode, and publish your media assets. It is designed to bring the benefits of Windows Azure Media Services to end users (who are typically business users responsible for managing media files) without the need to write any code. In this post, I provide a quick overview of the background of the application, explain the reasons why such a tool is necessary and beneficial, describe the high-level architecture of the app, and provide a quick tutorial on how to get started with using the app.

This post is not intended to compare “JavaScript with HTML” and “C# with XAML” styles of building Windows Store Apps; that is a choice you must make based on your own skill set, reuse considerations, whether the functionality you are targeting for the app is already available as a web app, etc. Rather, in this blog post, I provide a description of my own reasoning behind my preference for building windows store apps using HTML.

In this post, I discuss the Media Center App, which is a SharePoint app that allows you to integrate your Windows Azure Media Services (WAMS) assets within SharePoint. This app is available for free at the Office store online In building this application, we saw an opportunity to combine the capabilities of WAMS with the new SharePoint 2013 app model. We aimed to build a SharePoint app that is available to both SharePoint Online and on-premises SharePoint customers, so we chose a SharePoint hosted app model. In this article, I discuss some of the reasons why this app is needed and the design choices we made to build it. I also go into more depth about the architecture of the app and provide descriptions and screenshots of the app functionality.


Get every new post delivered to your Inbox.

Join 27 other followers