2.1 What is Azure ExpressRoute
The Azure ExpressRoute service directly connects the Customer's corporate network to Microsoft's globally distributed data centers. Compared to traditional Internet connectivity, ExpressRoute provides an increased level of security and reliability with low network latency.
A single Azure ExpressRoute channel provides connectivity for up to 10 Azure virtual private networks, as well as all Azure and Office 365 public resources.
When ordering Azure ExpressRoute, one or a pair of redundant connections is provided.
|Linxdatacenter Moscow||Linxdatacenter Saint Petersburg|
|Azure Ireland||65 ms, 5 Mbit/s to 10 Gbit/s||54 ms, 5 Mbit/s to 10 Gbit/s|
|Azure California||192 ms, 5 Mbit/s to 10 Gbit/s||181 ms, 5 Mbit/s to 10 Gbit/s|
|Azure Virginia||126 ms, 5 Mbit/s to 10 Gbit/s||115 ms, 5 Mbit/s to 10 Gbit/s|
|Azure Hong Kong||245 ms, 5 Mbit/s to 10 Gbit/s||234 ms, 5 Mbit/s to 10 Gbit/s|
|Azure other locations||By request||By request|
2.2 Features and Benefits
2.3. Как это работает
The connection consists of a physical network connection from the customer's office or data center to Linxdatacenter's data center locations in Moscow (14, bldg. 1, 8th March street) and St. Petersburg (20a, Repischeva street), where the Cloud Exchange direct access ports are located.
Each Azure ExpressRoute connection point has a high-speed fiber connection and API integration with Cloud Exchange, which simplifies ordering, provisioning and ongoing management.
In the Azure Portal or PowerShell console, the Client has the ability to assign a channel rate of 50M, 100M, 200M, 500M, 1G, 2G, 5G, 10G. Azure ExpressRoute bandwidth must match and be at least as fast as the VXC connection speed.
2.5 Connection options
Connection to Microsoft services is provided over a dedicated Q-in-Q VLAN and will require a dedicated BGP session.
External VLAN tag is agreed between Customer and Linxdatacenter when ordering the service and must be unique for each port.
Internal VLAN tags are negotiated between the Client and Azure, configured using Azure Portal or the PowerShell console during connection setup.
Three routing domains through one ExpressRoute channel are supported:
— Private peer-to-peer connection. Supports up to 10 Azure virtual networks.
— Azure public peer-to-peer connectivity in the region.
— Connecting to Microsoft public services, such as Office 365 and Dynamics+.
Each connection requires a separate BGP session between the Client and Azure. Using Azure Portal or the PowerShell console, the Client needs to assign a primary and backup IP subnet including cases where only one connection is used without redundancy.
Private peer-to-peer connections use private IP addresses and a private number of the offline system.
Public peer-to-peer connections and peering with Microsoft public services require the use of public IP addresses and a public offline system number.
Clients can use source network address translation (SNAT) to meet public IP address requirements, in which case peering to Microsoft public services will also require reverse network address translation.
2.6 How to order
See Appendix 1.3 for links to Microsoft reference materials on connecting Azure ExpressRoute.
BEST, money transfer and payments operator
The customer faced a technical issue with a persistent BGP session flag with Linxdatacenter hardware. We examined the problem and found out that one of customer’s hosts was under a DDoS attack.
Because of the distributed nature of the attack, traffic couldn’t be filtered effectively, and disconnecting the host from the external network wasn’t an option. The attack stopped after changes in the server configuration, but resumed the day after. A 5.5 Gbps attack overloaded the junctions with internet providers, affecting other Linx Cloud users. To mitigate the effects of the attack, we employed a dedicated DDoS protection service.
To ensure the continuous availability of resources hosted in Linx Cloud, we rerouted all the customer’s traffic through StormWall Anti-DDoS system. The attack was stopped within half an hour. To prevent future cyberattacks, we organized all connections to the customer’s resources through the StormWall network.
Thank you for your inquiry, we will get back to you shortly!