Forum Discussion
MicrosoftFeedback on Office 365 IP/URL Web Services Preview
Paul,
I've written myself a PAC file generator which includes the URLs in the Allow and Optimize categories.
I have a question regarding "ExpressRoute" which my company does not use at present. The list of URLs in Allow and Optimize for non ExpressRoute is as follows:
o15.officeredir.microsoft.com
ocsredir.officeapps.live.com
officepreviewredir.microsoft.com
officeredir.microsoft.com
r.office.microsoft.com
ea-000.ocws.officeapps.live.com
eus2-000.ocws.officeapps.live.com
ncus-000.ocws.officeapps.live.com
neu-000.ocws.officeapps.live.com
ocws.officeapps.live.com
scus-000.ocws.officeapps.live.com
weu-000.ocws.officeapps.live.com
wus-000.ocws.officeapps.live.com
eus-odc.officeapps.live.com
ncus-odc.officeapps.live.com
neu-odc.officeapps.live.com
odc.officeapps.live.com
scus-odc.officeapps.live.com
sea-odc.officeapps.live.com
weu-odc.officeapps.live.com
wus-odc.officeapps.live.com
ea-roaming.officeapps.live.com
eus2-roaming.officeapps.live.com
ncus-roaming.officeapps.live.com
neu-roaming.officeapps.live.com
scus-roaming.officeapps.live.com
sea-roaming.officeapps.live.com
weu-roaming.officeapps.live.com
Only in other endpoint sets where ExpressRoute is true do you get other URLs which need to go DIRECT e.g. in endpoint set 46:
*broadcast.officeapps.live.com
*excel.officeapps.live.com
*onenote.officeapps.live.com
*powerpoint.officeapps.live.com
*view.officeapps.live.com
*visio.officeapps.live.com
*word-edit.officeapps.live.com
*word-view.officeapps.live.com
office.live.com
Are these not required to go DIRECT when not using ExpressRoute?
The URLs are listed as to go DIRECT in the PAC file described in the Managing Office 365 endpoints web page.
Also Endpoint set 11 has IP addresses and UDP ports 3478,3479,3480,3481 which need to route DIRECT but are listed as ExpressRoute.
Can you please clarify the use of ExpressRoute in the web service? Do I need to include all Allow and Optimize endpoint sets regardless of the ExpressRoute setting?
Thanks
- PaulAndrew
Hi Ian,
First, we are planning to create a supported PAC file generator that uses the web services. Probably within the next month.
Next, the ExpressRoute flag indicates that the endpoint is supported over ExpressRoute for Office 365 approved ExpressRoute customers. For Endpoint sets with IP Addresses this literally means we advertise routes to those over ExpressRoute route prefixes. For Endpoint sets with URLs it still means the URL is supported when routed over ExpressRoute. It also means that the IP Address resolved from a DNS lookup of the URL will be routed over ExpressRoute. But it does not mean that if a URL Endpoint set has ExpressRoute as false that the IP Address resolved from the DNS will not be routed over ExpressRoute.
The choice of a PAC file selecting DIRECT or a Proxy Server is complicated when you have ExpressRoute. For non-ExpressRoute you would ideally route all Optimize and Allow network traffic bypassing a proxy server and this would typically be using DIRECT, with a firewall on the perimeter that passes Optimize and Allow traffic. If you have ExpressRoute for Office 365 you would need to ensure that this traffic goes to the ExpressRoute circuit, and you'll need to restrict the PAC file to only ExpressRoute supported Optimize and Allow endpoints. We're looking at improving the alignment of Optimize and Allow with ExpressRoute.
The UDP traffic you mentioned needs to bypass proxy servers. It can be routed over ExpressRoute if you have that for Office 365 or it can be routed direct to the Internet.
You should not sent Allow network traffic to an ExpressRoute circuit where it is listed as ExpressRoute is false.
Regards,
Paul
