Save to My DOJO
As you no doubt already know, Microsoft is one of the largest network service providers on the globe, with around 3500 partners. Since recently, Microsoft also allows customers to use them as a global transit provider to other networks or partners using Azure virtual WAN, Azure Peering Services or ExpressRoute.
During my daily business, I often discuss use cases and solutions on how to use that opportunity to simplify connectivity between multi-cloud environments.
In this blog post, I want to present you with some of the solutions I figured out and work with. Therefore I picked the three largest cloud providers Oracle, AWS and Google, but the concept can be expanded to Alibaba and others.
To get it better explained, I will split up the blog into different parts:
What Option do I have to connect to the Microsoft Edge Network for that use case?
To connect to the Microsoft Global Network in that use case, you have basically two options.
- Using Microsoft Azure ExpressRoute
- Using VPN over the Internet
With ExpressRoute, most of the times you can easily work with interconnecting between the Cloud Provider using ExpressRoute Global Reach. For VPN you need to be aligned with the Global Transit Architecture and use Azure virtual WAN. Either way, in my scenario, I will always use virtual WAN in combination with ExpressRoute to achieve the maximum of flexibility.
So let’s show a picture of how that can look like for connecting to Azure virtual WAN.
Let me show you an example for using vWAN for VPN.
You can also integrate ExpressRoute in Azure virtual WAN.
You can find the different setup guides following the links below.
- Tutorial: Create a Site-to-Site connection using Azure Virtual WAN
- Tutorial: Create a User VPN connection using Azure Virtual WAN
- Tutorial: Create an ExpressRoute association using Azure Virtual WAN
How to interconnect to Oracle?
Now the second question. How can I connect to Oracle? Here you also have two ways.
- Using VPN
- Using ExpressRoute and Oracle FastConnect
To be honest, here I prefer using ExpressRoute and FastConnect because of the Partnership between Oracle and Microsoft, I can easily connect both Clouds without additional efforts.
To set that up on Azure Site, you only need to create an ExpressRoute Circuit and select Oracle as your provider.
Afterwards, you can connect the Oracle ExpressRoute Circuit directly with the ExpressRoute Gateway of your virtual network in Azure. That would enable your application to connect directly to the Oracle Cloud.
To be honest, in theory you can also use ExpressRoute Global Reach to connect a regular ExpressRoute Circuit from on premises to connect to the Oracle ExpressRoute circuit. That would allow the transit from on prem directly to Oracle Cloud without using a 3rd Party interconnect provider like Megaport.
An architecture for such a scenario in combination with virtual WAN could look like the following:
To be honest, there are some pretty nice and naughty scenarios one can think of, using that combination. The solution is not one hundred percent supported by Microsoft but in any case, you can use the same solution for Oracle as we use with AWS and Google within the next part.
How to interconnect to AWS, Google and the rest?
When trying to route between two cloud providers, you mostly need one thing. You will need a BGP enable routing device in between.
To implement such a routing device you basically have two options:
- You use a Datacenter Colocation or Branch Office to host some hardware and interconnect through that hardware
- You deploy a cloud router with an Exchange or Network Provider who offers such a service e.g. Megaport or Equinix
The picture below shows the two options.
When you only want to connect cloud providers or want to reduce complexity and costs, having a Colocation with lots of Hardware in, makes no sense. So that is the reason why you should be on the lookout for those cloud exchanges.
Within my example, I use Megaport Cloud Router. The schema below shows you how an architecture with Megaport Cloud Router could look like.
I cannot make a full deployment within this blog post because of a lag of AWS and Google Subscriptions, but let me share at least a screenshot of the options.
When starting with Megaport you have two options.
- The Megaport Port – needed for physical connection and crossconnect within a Datacenter
- The Megaport Cloud Router – the virtual router we will use for the interconnect between the clouds
For our scenario, we deploy a Megaport Cloud Router (MCR).
First, you deploy a Cloud Router within the Datacenter, which is nearest to your AWS, Google, IBM etc. locations.
On the Cloud Router, you can now add the cloud connects you like or even Internet Peering at Internet Exchanges.
With the Private VXC Option, you can also add interconnects between Megaport Cloud Routers themselves. Normally I do not use this option because of my preference for ExpressRoute Global Reach, but you use that in regions where Global Reach is not available e.g. Brazil, South Africa or India.
More information on how to implement an infrastructure with Megaport can be found in the Megaport documentation.
How do I interconnect the Clouds and use Azure as Backbone?
Now let’s put that inside a bigger picture. What would happen if you had the option to use any last-mile media like MPLS, standard Internet Connections or LTE/5G to connect to the Microsoft Global Network and transit into that cloud? The solution is already possible by using Microsoft Azure virtual WAN and the global transit architecture. With newly announced Azure Edge Zones, even private Interconnect via 5G appliances and partners is possible.
A scenario I had several times in the past, is that a customer is using SDWAN over the Internet with the backend of Azure virtual WAN. Those customers now add an ExpressRoute and Megaport Cloud Router to connect to other Cloud provider. With that you have a single point of entry and management, every other connection and route comes through the Microsoft Backbone and Megaport.
Within a drawing, that could look like followed.
You can also use the backbone on a global scale by using ExpressRoute Global Reach, vWAN Hub to Hub Communication and Megaport. With that, you can build a unified, scalable and cloud-based network backbone.
When you look at the drawing, everything is scalable for example:
- if you need to scale the communication between the Clouds, you scale up the MCR in the region
- if you need to scale the IPSec entry point, you scale the vWAN Hub within that region
- If you need to scale transcontinental communication between Azure and Branches, you can scale the ExpressRoute Circuit
Everything and every part, except the last mile to the office locations, is scalable on demand. Maybe in the future, even the last mile would be scalable by using Azure Edge Zones.
If you want to PoC such an architecture, you can do it with your existing Internet Connections. All implemented components like Microsoft Azure, AWS Services, Google and Megaport are Software Defined and billed by second without long term contracts.
You can even add a central firewall and internet access using Microsoft Azure virtual WAN secured Hub. The feature is currently in preview but opens really awesome options. Added the central firewall to the architecture above, it should look like the following:
By the way, the black box is referring to a very classical episode of IT Crowd 😉
One question to all of you is, did you imagine that Microsoft could be your backbone provider and that something like that is possible? It took me a while to understand the strategy behind the Microsoft Global Network and Services like virtual WAN or Peering Services.
As always, if there is anything you wish to ask about the subject covered in this blog post, let me know in the comments below and I’ll get back to you!
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!