Megaport Cloud Router: Q-in-Q for Microsoft Azure Connectivity

Deep-diving into the technical considerations for provisioning Azure cloud-to-cloud connectivity with Megaport Cloud Router.

Enterprise cloud adoption is increasingly shifting towards a multi-cloud focus with a growing number of organisations finding the need to move business-critical applications between multiple cloud services and regions. This enables the distribution of workloads across diversified cloud infrastructure and leverages the benefits of multiple cloud providers. However, it’s increasingly becoming clear that the typical enterprise-to-cloud – or ‘hub and spoke’ – model presents challenges for establishing a multi-cloud and multi-region strategy. Application latency, in particular, becomes a problem due to the hair pinning of traffic through enterprise network infrastructure for cloud-to-cloud connectivity. Often, implementing an effective strategy is complex and requires end-to-end automation for both Layer 2 and Layer 3 to deliver a turnkey solution.

Overcoming these issues requires a solution that allows for easy, fast, and reliable connectivity between cloud environments and regions. Our most recently launched service, Megaport Cloud Router (MCR), provides you with virtual routing capabilities for dedicated Layer 3 connectivity. You can connect and move workloads between cloud providers across key global routing zones. This comes without the need to route back to legacy infrastructure and therefore, eliminates the hair-pinning of traffic. In turn, you can benefit from workload mobility and low latency direct interconnection, via an optimised data path, to achieve multi-vendor cloud network architecture.

Provisioning MCR with ExpressRoute

Provisioning cloud-to-cloud connectivity for Azure environments is as easy as spinning up an MCR for ExpressRoute which will enable dedicated access to and between environments. An ExpressRoute circuit represents a logical connection between your Azure Cloud services and your MCR provisioned on the Megaport Network. With MCR and ExpressRoute, your data takes the most direct path to its destination and you can order multiple ExpressRoute circuits. Each circuit can be in the same region or different regions and can land on one or more MCRs depending on the requirements that define your network architecture.

ExpressRoute circuits do not map to any physical entities within the Azure cloud. A circuit is uniquely identified by a standard GUID called a service key (s-key). The service key is the only piece of information exchanged between Microsoft and your network. You will use the s-key to provision the ExpressRoute circuit from your MCR via the Megaportal. The s-key is not a secret key and it is not used for security purposes. There is a 1:1 mapping between an ExpressRoute circuit and the s-key which uniquely identifies your ExpressRoute circuit within the Azure Cloud.

Azure services are categorized as Azure public and Azure private and associated independent ExpressRoute circuits as Microsoft Peering and Azure Private Peering respectively for each service category. Each category has a pair of independent BGP peering sessions to achieve redundancy and high availability. An ExpressRoute circuit may have one or both peerings enabled per ExpressRoute circuit.

Azure private includes compute services, namely virtual machines (IaaS) and cloud services (PaaS), that are deployed within a virtual network. While Azure public includes services such as O365, Dynamics 365, Azure Storage, SQL databases, and Web Sites which are accessible via the internet.

Megaport Cloud Router supports multi-cloud, multi-region enablement. Therefore, we support Q-in-Q (802.1ad) on your MCR to give you the flexibility to connect to multiple cloud destinations. Q-in-Q enables an additional layer of flexibility by giving you the ability to define your VLAN tags that fit your needs. By implementing Q-in-Q, we stack VLAN tags, specifically these VLAN tags are defined as the customer tags (C-Tags) or ‘Inner tags’ which are the VLANs you will configure to reach your Azure Cloud (i.e. Azure private and Azure public) resources. The Service Provider tags (S-TAGs) or ‘Outer tags’ belong to your A-end VLAN that is associated with your MCR and will transparently carry your C-Tags. The S-Tags are automatically configured when provisioning your private and/or public peerings in the Megaportal to Azure Cloud. Megaport’s Virtual Cross Connect (VXC) is a Layer 2 service that enables ExpressRoute while your MCR will be your Layer 3 end-point for provisioning your BGP peerings to your Azure public or Azure private environment(s).

When provisioning an ExpressRoute VXC from your MCR to an Azure private environment, two /30s (APIPA IP addresses, from 169.254.0.0/16) will be programmatically assigned to support the primary and secondary peerings. By default, VLAN 100 will be programmatically assigned as the C-Tag VLAN for private peering. For an ExpressRoute VXC to your Azure public environment, Megaport will programmatically assign two public /30s to support the primary and secondary peerings. By default, VLAN 200 will be assigned as the C-Tag VLAN. You can view these settings by clicking on the VXC under your MCR in the Megaportal. Once you’ve clicked on the VXC, these details will be presented under the ‘Customer A End’ tab.

Points to Consider when using MCR with ExpressRoute

  • ExpressRoute circuits can be provisioned in a redundant fashion. When adding the VXCs on your MCR, you’ll have the option to select the primary and secondary Azure end-points. Use the same S-Key to establish the connectivity.
  • Megaport recommends you provision two VXCs to your Azure environments. You also have the option to provision a redundant VXC to a different peering location to achieve circuit-level resilience.
  • Azure does not support Layer 2 connectivity extensions natively from an MCR, therefore BGP is required to establish the peering connections in your Azure environment.

Configuring ExpressRoute from the Megaportal is easy. You can self-provision connections via our powerful API integration with Azure. Provisioning connections takes less than a minute, however, you should ensure you have planned out your network architecture to ensure no overlapping of IP addresses, etc. You can find in-depth details in our MCR Knowledgebase article.

Provisioning Azure ExpressRoute with Megaport allows for powerful multi-region and multi-cloud strategies. For more information on dedicated connectivity to Azure Cloud, visit the webpage or fill out the form below.

References

https://www.gartner.com/newsroom/id/3666917

https://knowledgebase.megaport.com/megaport-cloud-router/mcr-er-azure/

https://www.megaport.com/blog/q-in-q-questions-answered-part-1/

https://www.megaport.com/blog/q-in-q-questions-answered-part-2/

https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction

https://docs.microsoft.com/en-us/azure/expressroute/expressroute-routing

Blake Gillman

Author: Blake Gillman

Related Posts

Provisioning Connectivity with AWS Direct Connect Gateway and Megaport AWS Direct Connect Gateway enables the connectivity of multiple Virtual Private Clouds (VPCs) across AWS Regions worldwide. AWS features and services are ever-evolving in order to keep up with next-generation technologies and solve the ongoing enter...
Megaport Cloud Router: Changing Cloud Networking as you Know it Unlocking powerful new Layer 3 connectivity options without the need for physical infrastructure. What is Megaport Cloud Router (MCR)? Compute infrastructure and software have increasingly become virtualized and have moved into the cloud, elimina...
Exploring Megaport Cloud Router: Infographic Explore how easy cloud to cloud networking can be with Megaport Cloud Router (MCR), Megaport’s new global virtual router for on-demand, private, Layer 3 connectivity. 
Tags:

©2018 Megaport. Megaport, Virtual Cross Connect, VXC and MegaIX are registered trademarks of Megaport (Services) Pty Ltd ACN 607 432 646.

Log in with your credentials

Forgot your details?

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close