stop letting non-Azure Microsoft networks use BGP routes that Azure learns through ExpressRoute. This easily leads to asymmetric routing.
stop letting non-Azure Microsoft networks use the BGP routes that Azure learns through ExpressRoute. This leads to asymmetry in many cases.
Also, the current behavior lets bandwidth hungry Microsoft services like Windows Update consume the bandwidth and metered data of ExpressRoute.
As of today, companies using ExpressRoute need to set up their network in an unnecessary complicated way to avoid this problem.
One way to do it is to only announce a small prefix, and use that prefix for NAT'ing all the traffic destined for Azure services over ExpressRoute.
Then one has to make sure that all traffic destined for non-Azure Microsoft services is NAT'ed behind a prefix NOT announced over ExpressRoute, to achieve symmetry towards those services over the Internet.
Paresh Mundade (MSFT) commented
Thanks for the feedback!
I am trying to understand this better. Currently, customers have a choice to decide which of the ExpressRoute available services from Microsoft - to consume over ExpressRoute link. This is very easily done using "Route Filter" which you can create and attach to the ExpressRoute connection. Matter of few minutes.
Also, customers should not announce the same NAT range used to communicate over ExpressRoute, to the Internet to avoid Asymmetric routing.
We have guidance around this available online. Is there something that is missing? If you can give some more specifics, I would love to consider that for our planning around newer features for the road-map.