Configure ExpressRoute Global Reach using the Azure portal
This article helps you configure ExpressRoute Global Reach using the Azure portal. For more information, see ExpressRouteRoute Global Reach.
Before you begin
Before you start configuration, confirm the following criteria:
- You understand ExpressRoute circuit provisioning workflows.
- Your ExpressRoute circuits are in a provisioned state.
- Azure private peering is configured on your ExpressRoute circuits.
- If you want to run PowerShell locally, verify that the latest version of Azure PowerShell is installed on your computer.
Identify circuits
From a browser, navigate to the Azure portal and sign in with your Azure account.
Identify the ExpressRoute circuits that you want use. You can enable ExpressRoute Global Reach between the private peering of any two ExpressRoute circuits, as long as they're located in the supported countries/regions. The circuits are required to be created at different peering locations.
- If your subscription owns both circuits, you can choose either circuit to run the configuration in the following sections.
- If the two circuits are in different Azure subscriptions, you need authorization from one Azure subscription. Then you pass in the authorization key when you run the configuration command in the other Azure subscription.
Note
ExpressRoute Global Reach configurations can only be seen from the configured circuit.
Enable connectivity
Enable connectivity between your on-premises networks. There are separate sets of instructions for circuits that are in the same Azure subscription, and circuits that are different subscriptions.
ExpressRoute circuits in the same Azure subscription
Select the Overview tab of your ExpressRoute circuit and then select Add Global Reach to open the Add Global Reach configuration page.
On the Add Global Reach configuration page, give a name to this configuration. Select the ExpressRoute circuit you want to connect this circuit to and enter in a /29 IPv4 for the Global Reach IPv4 subnet. We use IP addresses in this subnet to establish connectivity between the two ExpressRoute circuits. Don’t use the addresses in this subnet in your Azure virtual networks, private peering subnet, or on-premises network. Select Add to add the circuit to the private peering configuration.
Note
If you wish to enable IPv6 support for ExpressRoute Global Reach, select "Both" for the Subnets field and include a /125 IPv6 subnet for the Global Reach IPv6 subnet.
Select Save to complete the Global Reach configuration. When the operation completes, you have connectivity between your two on-premises networks through both ExpressRoute circuits.
Note
The Global Reach configuration is bidirectional. Once you create the connection from one circuit the other circuit will also have the configuration.
ExpressRoute circuits in different Azure subscriptions
If the two circuits aren't in the same Azure subscription, you need authorization. In the following configuration, authorization is generated from circuit 2's subscription. The authorization key is then passed to circuit 1.
Generate an authorization key.
Make a note of the circuit resource ID of circuit 2 and the authorization key.
Select the Overview tab of ExpressRoute circuit
Select Add Global Reach to open the Add Global Reach configuration page.
On the Add Global Reach configuration page, give a name to this configuration. Check the Redeem authorization box. Enter the Authorization Key and the ExpressRoute circuit ID generated and obtained in Step 1. Then provide a /29 IPv4 for the Global Reach IPv4 subnet. We use IP addresses in this subnet to establish connectivity between the two ExpressRoute circuits. Don’t use the addresses in this subnet in your Azure virtual networks, or in your on-premises network. Select Add to add the circuit to the private peering configuration.
Note
If you wish to enable IPv6 support for ExpressRoute Global Reach, select "Both" for the Subnets field and include a /125 IPv6 subnet for the Global Reach IPv6 subnet.
Select Save to complete the Global Reach configuration. When the operation completes, you have connectivity between your two on-premises networks through both ExpressRoute circuits.
Verify the configuration
Verify the Global Reach configuration by reviewing the list of Global Reach connections in the Overview tab of your ExpressRoute circuit. When configured correctly your configuration should look as follows:
Disable connectivity
To disable connectivity between an individual circuit, select the delete button to the right of the Global Reach connection to remove connectivity between them. Then select Save to complete the operation.
After the operation is complete, you no longer have connectivity between your on-premises network through your ExpressRoute circuits.
Update configuration
To update the configuration for a Global Reach connection, select the connection name.
Update the configuration on the Edit Global Reach* page and the select Save.
Select Save on the main overview page to apply the configuration to the circuit.