Bird
Raised Fist0
Azurecloud~5 mins

ExpressRoute for dedicated connections in Azure - Commands & Configuration

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction
Sometimes you need a private, fast, and reliable connection between your on-site network and Azure cloud. ExpressRoute creates a dedicated link that does not use the public internet, making your connection safer and more stable.
When you want to connect your company’s data center directly to Azure without using the internet.
When you need a fast and consistent network connection for critical business apps hosted in Azure.
When you want to transfer large amounts of data securely between your office and Azure.
When your internet connection is not reliable enough for your cloud workloads.
When you want to reduce network latency for applications running between your local network and Azure.
Config File - expressroute.json
expressroute.json
{
  "name": "myExpressRouteCircuit",
  "location": "eastus",
  "properties": {
    "serviceProviderProperties": {
      "serviceProviderName": "Equinix",
      "peeringLocation": "Silicon Valley",
      "bandwidthInMbps": 1000
    },
    "sku": {
      "name": "Standard_MeteredData",
      "tier": "Standard",
      "family": "MeteredData"
    },
    "allowClassicOperations": false
  }
}

This JSON defines an ExpressRoute circuit named myExpressRouteCircuit in the eastus region.

The serviceProviderProperties specify the provider Equinix, the peering location Silicon Valley, and bandwidth of 1000 Mbps.

The sku section sets the circuit type to Standard with metered data billing.

The allowClassicOperations is set to false to restrict classic deployment models.

Commands
This command creates a new ExpressRoute circuit named myExpressRouteCircuit in the eastus region with 1000 Mbps bandwidth using Equinix as the provider and Silicon Valley as the peering location.
Terminal
az network express-route create --name myExpressRouteCircuit --resource-group myResourceGroup --location eastus --bandwidth 1000 --provider Equinix --peering-location "Silicon Valley" --sku Standard_MeteredData
Expected OutputExpected
{ "authorizations": [], "circuitProvisioningState": "Succeeded", "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.Network/expressRouteCircuits/myExpressRouteCircuit", "location": "eastus", "name": "myExpressRouteCircuit", "peeringLocations": [ "Silicon Valley" ], "provisioningState": "Succeeded", "serviceProviderProperties": { "bandwidthInMbps": 1000, "peeringLocation": "Silicon Valley", "serviceProviderName": "Equinix" }, "sku": { "name": "Standard_MeteredData", "tier": "Standard", "family": "MeteredData" }, "type": "Microsoft.Network/expressRouteCircuits" }
--name - Sets the name of the ExpressRoute circuit
--bandwidth - Specifies the bandwidth in Mbps
--provider - Specifies the service provider for the circuit
This command shows the details of the ExpressRoute circuit to verify it was created correctly.
Terminal
az network express-route show --name myExpressRouteCircuit --resource-group myResourceGroup
Expected OutputExpected
{ "name": "myExpressRouteCircuit", "location": "eastus", "serviceProviderProperties": { "serviceProviderName": "Equinix", "peeringLocation": "Silicon Valley", "bandwidthInMbps": 1000 }, "sku": { "name": "Standard_MeteredData", "tier": "Standard", "family": "MeteredData" }, "provisioningState": "Succeeded" }
--name - Specifies the circuit name to show
This command creates a private peering on the ExpressRoute circuit, which is needed to connect your on-premises network privately to Azure.
Terminal
az network express-route peering create --circuit-name myExpressRouteCircuit --resource-group myResourceGroup --peering-type AzurePrivatePeering --peer-asn 65010 --vlan-id 200
Expected OutputExpected
{ "name": "AzurePrivatePeering", "peeringType": "AzurePrivatePeering", "peerASN": 65010, "vlanId": 200, "provisioningState": "Succeeded" }
--peering-type - Sets the peering type, here private peering
--peer-asn - Sets the Autonomous System Number for your network
--vlan-id - Sets the VLAN ID for the peering
This command checks the details of the private peering to confirm it is set up properly.
Terminal
az network express-route peering show --circuit-name myExpressRouteCircuit --resource-group myResourceGroup --name AzurePrivatePeering
Expected OutputExpected
{ "name": "AzurePrivatePeering", "peeringType": "AzurePrivatePeering", "peerASN": 65010, "vlanId": 200, "provisioningState": "Succeeded" }
--name - Specifies the peering name to show
Key Concept

If you remember nothing else from this pattern, remember: ExpressRoute creates a private, dedicated connection between your network and Azure for faster and safer data transfer.

Common Mistakes
Using the public internet instead of setting up ExpressRoute for private connection
This exposes data to the internet and can cause slower, less reliable connections.
Use ExpressRoute circuits to create a private, dedicated link for sensitive or critical workloads.
Not specifying the correct peering type or missing peering setup
Without proper peering, the connection between your network and Azure won't work.
Always create and verify the correct peering (like AzurePrivatePeering) after creating the circuit.
Setting bandwidth too low for your data needs
Insufficient bandwidth causes slow data transfer and poor application performance.
Choose bandwidth that matches your expected data transfer volume and application needs.
Summary
Create an ExpressRoute circuit with az network express-route create to establish a dedicated connection.
Verify the circuit details with az network express-route show to ensure it is ready.
Set up private peering with az network express-route peering create to connect your network privately.
Check peering status with az network express-route peering show to confirm the connection is active.

Practice

(1/5)
1. What is the main benefit of using Azure ExpressRoute for connecting to Azure services?
easy
A. It enables running virtual machines without any network configuration.
B. It allows free internet access from any location worldwide.
C. It provides a private, dedicated connection that is more secure and reliable than the public internet.
D. It automatically backs up all data to Azure Blob Storage.

Solution

  1. Step 1: Understand ExpressRoute purpose

    ExpressRoute creates private connections to Azure, avoiding the public internet.

  2. Step 2: Identify benefits of private connection

    Private connections improve security, speed, and reliability compared to public internet.

  3. Final Answer:

    It provides a private, dedicated connection that is more secure and reliable than the public internet. -> Option C

  4. Quick Check:

    ExpressRoute = private, secure connection [OK]
Hint: ExpressRoute means private, not public, connection [OK]
Common Mistakes:
  • Confusing ExpressRoute with VPN or public internet
  • Thinking it provides free internet access
  • Assuming it automatically backs up data
2. Which of the following is the correct step to create an ExpressRoute circuit in Azure Portal?
easy
A. Go to 'Create a resource' > Networking > ExpressRoute, then fill in provider, location, and bandwidth details.
B. Go to 'Create a resource' > Compute > Virtual Machine, then select ExpressRoute option.
C. Go to 'Create a resource' > Storage > Blob Storage, then enable ExpressRoute.
D. Go to 'Create a resource' > Database > SQL Server, then configure ExpressRoute.

Solution

  1. Step 1: Identify correct Azure Portal path

    ExpressRoute circuits are created under Networking resources.

  2. Step 2: Confirm required details

    Provider, location, and bandwidth are needed to create the circuit.

  3. Final Answer:

    Go to 'Create a resource' > Networking > ExpressRoute, then fill in provider, location, and bandwidth details. -> Option A

  4. Quick Check:

    ExpressRoute circuit creation = Networking resource [OK]
Hint: ExpressRoute circuits are under Networking, not Compute or Storage [OK]
Common Mistakes:
  • Selecting Compute or Storage instead of Networking
  • Skipping provider or bandwidth details
  • Confusing ExpressRoute with VM or database setup
3. Given this Azure CLI command snippet to create an ExpressRoute circuit: 
az network express-route create --name MyCircuit --resource-group MyGroup --location eastus --bandwidth 200 --provider "Contoso" --peering-location "Silicon Valley" --sku-tier Premium --sku-family Metered
What will be the bandwidth of the created ExpressRoute circuit?
medium
A. 200 Mbps
B. 100 Mbps
C. 500 Mbps
D. 1 Gbps

Solution

  1. Step 1: Locate bandwidth parameter in command

    The command includes '--bandwidth 200', which sets bandwidth to 200 Mbps.

  2. Step 2: Confirm bandwidth unit

    Azure ExpressRoute bandwidth is specified in Mbps, so 200 means 200 Mbps.

  3. Final Answer:

    200 Mbps -> Option A

  4. Quick Check:

    Bandwidth parameter = 200 Mbps [OK]
Hint: Look for --bandwidth value in CLI command [OK]
Common Mistakes:
  • Confusing bandwidth units (Mbps vs Gbps)
  • Ignoring the --bandwidth parameter
  • Assuming default bandwidth if not specified
4. You tried to create an ExpressRoute circuit but received an error: "Invalid peering location." What is the most likely cause?
medium
A. The resource group name contains invalid characters.
B. The bandwidth value is too high for the selected tier.
C. The Azure subscription has expired.
D. The peering location specified is not supported by the chosen provider.

Solution

  1. Step 1: Understand error message meaning

    "Invalid peering location" means the location is not valid for the provider.

  2. Step 2: Check provider and location compatibility

    Each provider supports specific peering locations; mismatch causes this error.

  3. Final Answer:

    The peering location specified is not supported by the chosen provider. -> Option D

  4. Quick Check:

    Invalid peering location = unsupported location by provider [OK]
Hint: Match peering location exactly with provider's supported list [OK]
Common Mistakes:
  • Blaming bandwidth or resource group name
  • Ignoring provider-location compatibility
  • Assuming subscription status causes this error
5. A company needs a dedicated connection to Azure with high bandwidth and global reach. They want to use ExpressRoute with premium features. Which combination of settings should they choose to meet these requirements?
hard
A. SKU tier: Standard, Bandwidth: 500 Mbps, Peering location: Global
B. SKU tier: Premium, Bandwidth: 1 Gbps, Peering location: Global
C. SKU tier: Premium, Bandwidth: 1 Gbps, Peering location: Regional
D. SKU tier: Standard, Bandwidth: 200 Mbps, Peering location: Regional

Solution

  1. Step 1: Identify premium features for global reach

    Premium SKU tier enables global connectivity beyond regional limits.

  2. Step 2: Choose high bandwidth and global peering

    1 Gbps bandwidth meets high speed; global peering location supports worldwide access.

  3. Final Answer:

    SKU tier: Premium, Bandwidth: 1 Gbps, Peering location: Global -> Option B

  4. Quick Check:

    Premium + 1 Gbps + Global = high bandwidth and global reach [OK]
Hint: Premium tier + global peering = worldwide high-speed connection [OK]
Common Mistakes:
  • Choosing Standard tier for global reach
  • Selecting regional peering for global needs
  • Underestimating required bandwidth