Azure Express Route

2.1 What is Azure ExpressRoute

The Azure ExpressRoute service directly connects the Customer's corporate network to Microsoft's globally distributed data centers. Compared to traditional Internet connectivity, ExpressRoute provides an increased level of security and reliability with low network latency.

A single Azure ExpressRoute channel provides connectivity for up to 10 Azure virtual private networks, as well as all Azure and Office 365 public resources.

When ordering Azure ExpressRoute, one or a pair of redundant connections is provided.

Linxdatacenter Moscow Linxdatacenter Saint Petersburg
Azure Ireland 65 ms, 5 Mbit/s to 10 Gbit/s 54 ms, 5 Mbit/s to 10 Gbit/s
Azure California 192 ms, 5 Mbit/s to 10 Gbit/s 181 ms, 5 Mbit/s to 10 Gbit/s
Azure Virginia 126 ms, 5 Mbit/s to 10 Gbit/s 115 ms, 5 Mbit/s to 10 Gbit/s
Azure Hong Kong 245 ms, 5 Mbit/s to 10 Gbit/s 234 ms, 5 Mbit/s to 10 Gbit/s
Azure other locations By request By request

2.2 Features and Benefits

  • confidentiality of data transmission;
  • high speed and low network latency;
  • the possibility of multiple connections to different Azure data center locations;
  • pay-as-you-go model with daily billing;
  • main and backup connection to ensure reliable connection.

2.3. Как это работает

The connection consists of a physical network connection from the customer's office or data center to Linxdatacenter's data center locations in Moscow (14, bldg. 1, 8th March street) and St. Petersburg (20a, Repischeva street), where the Cloud Exchange direct access ports are located.

Each Azure ExpressRoute connection point has a high-speed fiber connection and API integration with Cloud Exchange, which simplifies ordering, provisioning and ongoing management.

2.4 Capacity

In the Azure Portal or PowerShell console, the Client has the ability to assign a channel rate of 50M, 100M, 200M, 500M, 1G, 2G, 5G, 10G. Azure ExpressRoute bandwidth must match and be at least as fast as the VXC connection speed.

2.5 Connection options

Connection to Microsoft services is provided over a dedicated Q-in-Q VLAN and will require a dedicated BGP session.

External VLAN tag is agreed between Customer and Linxdatacenter when ordering the service and must be unique for each port.

Internal VLAN tags are negotiated between the Client and Azure, configured using Azure Portal or the PowerShell console during connection setup.

Three routing domains through one ExpressRoute channel are supported:
— Private peer-to-peer connection. Supports up to 10 Azure virtual networks.
— Azure public peer-to-peer connectivity in the region.
— Connecting to Microsoft public services, such as Office 365 and Dynamics+.

Each connection requires a separate BGP session between the Client and Azure. Using Azure Portal or the PowerShell console, the Client needs to assign a primary and backup IP subnet including cases where only one connection is used without redundancy.

Private peer-to-peer connections use private IP addresses and a private number of the offline system.

Public peer-to-peer connections and peering with Microsoft public services require the use of public IP addresses and a public offline system number.

Clients can use source network address translation (SNAT) to meet public IP address requirements, in which case peering to Microsoft public services will also require reverse network address translation.

2.6 How to order

  • Develop a communications scheme in collaboration with Linxdatacenter network engineers.
  • Order ExpressRoute via Azure Portal or PowerShell console.
  • Notify Linxdatacenter the ExpressRoute service key for the VXC order.
  • Set up routing on the Client side of the network and start using it.

See Appendix 1.3 for links to Microsoft reference materials on connecting Azure ExpressRoute.

2.7. Тарификация

  • Azure ExpressRoute billing is tied to the Customer's Azure account.
  • The customer pays for Azure and Office 365 services themselves.
    Linxdatacenter charges for:
    - channel bandwidth - according to the resources used;
    - services to technical support - for man-hours.
How can we help you?
Request Demo Access

BEST, money transfer and payments operator

business challenge

The customer faced a technical issue with a persistent BGP session flag with Linxdatacenter hardware. We examined the problem and found out that one of customer’s hosts was under a DDoS attack.

Because of the distributed nature of the attack, traffic couldn’t be filtered effectively, and disconnecting the host from the external network wasn’t an option. The attack stopped after changes in the server configuration, but resumed the day after. A 5.5 Gbps attack overloaded the junctions with internet providers, affecting other Linx Cloud users. To mitigate the effects of the attack, we employed a dedicated DDoS protection service.


To ensure the continuous availability of resources hosted in Linx Cloud, we rerouted all the customer’s traffic through StormWall Anti-DDoS system. The attack was stopped within half an hour. To prevent future cyberattacks, we organized all connections to the customer’s resources through the StormWall network.

Thank you for your inquiry, we will get back to you shortly!