SDWAN and Express route

%3CLINGO-SUB%20id%3D%22lingo-sub-1940003%22%20slang%3D%22en-US%22%3ESDWAN%20and%20Express%20route%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1940003%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Team%20%2C%3C%2FP%3E%3CP%3E%26nbsp%3BWe%20have%20a%20global%20MPLS%20Network%20for%20a%20Service%20Provider%20X%20.%20Now%20we%20want%20to%20estalish%20Express%20route%20for%20our%20Hub%20vnets%20in%20Azure%20cloud%20.%26nbsp%3B%20this%20looks%20fine%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%20we%20also%20have%20an%20SDWAN%20project%20running%20%3Bthere%20is%20a%20Juniper%20Device%20on%20prem%20.%20which%20split%20the%20traffic%20between%20MPLS%20and%20VPN%26nbsp%3B%20.%26nbsp%3B%20when%20traffic%20switch%20to%20MPLS%20%2C%20juniper%20will%20do%20encryption%20.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20do%20express%20route%20support%20encryption%20%3F%20will%20there%20be%20any%20benefit%20%3F%20how%20do%20we%20use%20pure%20MPLS%20express%20route%20and%20SDWAN%20together%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1940003%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20ExpressRoute%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EVirtual%20Network%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EVirtual%20WAN%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1983183%22%20slang%3D%22en-US%22%3ERe%3A%20SDWAN%20and%20Express%20route%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1983183%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F726217%22%20target%3D%22_blank%22%3E%40Securitylearner%3C%2FA%3EExpress%20Route%20does%20not%20provide%20any%20options%20for%20encryption%20end-to-end%2C%20if%20you%20want%20to%20do%20end-to-end%20encryption%20between%20your%20on-premises%20network%20and%20your%20Azure%20VNETs%20you%20should%20consider%20site-to-site%20VPN%2C%20as%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fexpressroute%2Fsite-to-site-vpn-over-microsoft-peering%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Edocumented%20by%20Microsoft%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hello Team ,

 We have a global MPLS Network for a Service Provider X . Now we want to estalish Express route for our Hub vnets in Azure cloud .  this looks fine 

 

Now we also have an SDWAN project running ;there is a Juniper Device on prem . which split the traffic between MPLS and VPN  .  when traffic switch to MPLS , juniper will do encryption . 

 

So do express route support encryption ? will there be any benefit ? how do we use pure MPLS express route and SDWAN together 

 

 

1 Reply

@SecuritylearnerExpress Route does not provide any options for encryption end-to-end, if you want to do end-to-end encryption between your on-premises network and your Azure VNETs you should consider site-to-site VPN, as documented by Microsoft