Azure express route and forced tunneling

%3CLINGO-SUB%20id%3D%22lingo-sub-75749%22%20slang%3D%22en-US%22%3EAzure%20express%20route%20and%20forced%20tunneling%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-75749%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20would%20like%20to%20advertise%20default%20routes%20to%20enable%20force%20tunneling%20on%20our%20express%20route%20circuit.%20Are%20there%20any%20potentila%20issues%20I%20need%20to%20look%20out%20for%3F%20Specifically%20to%20do%20with%20microsoft%20services%20such%20as%20Vm%20access%20to%20storage%20accounts%20etc.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-75749%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-76943%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20express%20route%20and%20forced%20tunneling%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-76943%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Paul!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20I%20understood%20right%2C%20you%20intend%20to%20force%20all%20traffic%20from%20the%20VNET%20to%20ExpressRoute%2C%20right%3F%20If%20yes%2C%20the%20only%20issue%20is%20about%20the%20Azure%20PaaS%20routing.%20Because%20they%20have%20a%20public%20IP%2C%20the%20traffic%20will%20be%20routed%20using%20your%20on-prem%20infrastructure%20and%20then%2C%20back%20to%20cloud%20by%20internet.%20Also%2C%20you%20will%20be%20charged%20for%20this%20egress%20traffic.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-538369%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20express%20route%20and%20forced%20tunneling%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-538369%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F40614%22%20target%3D%22_blank%22%3E%40Rafael%20Canto%3C%2FA%3E%26nbsp%3BIs%20there%20any%20way%20to%20exclude%20MS%20services%20from%20the%20forced%20tunnel%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Hi,

 

I would like to advertise default routes to enable force tunneling on our express route circuit. Are there any potentila issues I need to look out for? Specifically to do with microsoft services such as Vm access to storage accounts etc.

 

Thanks

2 Replies
Highlighted

Hi Paul!

 

If I understood right, you intend to force all traffic from the VNET to ExpressRoute, right? If yes, the only issue is about the Azure PaaS routing. Because they have a public IP, the traffic will be routed using your on-prem infrastructure and then, back to cloud by internet. Also, you will be charged for this egress traffic.

 

Highlighted

@Rafael Canto Is there any way to exclude MS services from the forced tunnel?