Save to My DOJO
In this blog post, you’ll discover everything you need to know about Microsoft Azure Peering Services, a networking service introduced during Ignite 2019.
Microsoft explains the service within their documentation as follows:
Azure Peering Service is a networking service that enhances customer connectivity to Microsoft cloud services such as Office 365, Dynamics 365, software as a service (SaaS) services, Azure, or any Microsoft services accessible via the public internet. Microsoft has partnered with internet service providers (ISPs), internet exchange partners (IXPs), and software-defined cloud interconnect (SDCI) providers worldwide to provide reliable and high-performing public connectivity with optimal routing from the customer to the Microsoft network.
To be honest, Microsoft explained the service well, but what’s behind the explanation is much more complex. To understand Azure Peering Services and its benefits, you need to understand how peering, routing, and connectivity for internet providers work.
What Are Peering And Transit?
In the internet and network provider world, peering is an interconnection of separated and independent internet networks to exchange traffic between users within their respective networks. Peering or partnering is a free agreement between two providers. Normally both providers only pay their cross-connect in the datacenter and their colocation space. Traffic is not paid by any party. Instead, there are special agreements, e.g. from smaller to larger providers.
Normally you have the following agreements:
- between equal providers or peering partners – traffic upload and download between these two networks is free for both parties
- a larger provider and a smaller provider – the smaller provider needs to pay a fee for the transit traffic to the larger network provider
- providers who transit another network to reach a 3rd party network (upstream service) – the provider using the upstream needs to pay a fee for the transit traffic to the upstream provider
An agreement by two or more networks to peer is instantiated by a physical interconnection of the networks, an exchange of routing information through the Border Gateway Protocol (BGP) routing protocol and, in some special cases, a formalized contractual document. These documents are called peering policies and Letter of Authorization or LOA.
Fun Fact – As a peering partner for Microsoft, you can easily configure the peering through the Azure Portal as a free service.
As you can see in the screenshot, Microsoft is very restrictive with their routing and peering policies. That prevents unwanted traffic and protects Microsoft customers when Peering for Azure ExpressRoute (AS12076).
Now let’s talk a bit about the different types of peering.
Public Peering
Public peering is configured over the shared platform of Internet Exchange Point. Internet Exchanges charge a port and/or member fee for using their platform for interconnect.
If you are a small cloud or network provider with less infrastructure, the peering via an Internet Exchange is a good place to start. As a big player on the market, it is a good choice because you are also reaching smaller networks on a short path. The picture below shows an example of those prices. I took my example from the Berlin Commercial Internet Exchange Pricing Page.
Hurricane Electric offers a tool that can give you a peering map and more information about how a provider is publicly peered with other providers, but you will not get a map from the private peering there. The picture below shows you some examples for Microsoft AS 8075.
Private Peering
Private peering is a direct physical link between two networks. Commonly the peering is done by one or more 10GBE or 100GBE links. The connection is made from only one network to another, for which any site pays a set fee to the owner of the infrastructure or colocation that is used. Those costs are usually crossconnect within the datacenter. That makes private peering a good choice when you need to send large volumes of traffic to one specific network. That’s a much cheaper option when looking on the pricing per transferred gigabyte between both networks than with public peering. When peering private with providers you may need to follow some peering policies though.
A good provider also has a looking glass where you can get more insights into peerings, but we will look at this later on.
Transit and Upstream
When someone is using Transit, the provider itself has no access to the destination network. Therefore he needs to leverage other networks or network providers to reach the destination network and destination service. Those providers who give the transit are known as transit providers, with larger networks being considered as Tier 1 networks. As a network provider for cloud customers like Microsoft, you don’t want any transit routing. In the first place, you normally have high costs for transitive routing through other networks, and what is worse, you add additional latency and uncontrollable space between your customers and the cloud services. So, the first thing when handling cloud customers, avoid transit routing and peer yourself with cloud providers either through private or public network interconnect at interconnect locations.
That is one reason why Microsoft is working with Internet Exchanges and Network and Internet Providers to enable Services like Microsoft Azure Peering. It should give customers more control over how they reach Microsoft Services incl. Azure, Microsoft 365, xBox etc. To understand the impact, you also need to know about Service Provider Routing. That’s how we will follow up in the next part of the post.
How Internet Service Providers Route your Traffic?
When you look at routing, there are mostly only two options within a carrier network. The first one is cold potato or centralized routing. With cold potato routing, a provider keeps the traffic as long as possible within his network before he sends it to another 3rd party. The other option is hot potato routing or decentralized routing. Here the provider sends the traffic as fast as possible to the 3rd party, mostly in the same metro.
The picture below illustrates the difference between hot and cold potato routing.
As you can see in the drawing, the cold potato routing takes a longer distance through the provider network and with that to your target, e.g. Microsoft.
Those routing configurations have a large impact on your cloud performance because every kilometer distance adds latency. The actual number is 1ms in latency added per every 200 kilometers of distance. As a result, you will see an impact on the likes of voice quality during Teams Meetings or synchronization issues for Backups to Azure.
Microsoft has a big agenda to address that issue for their customers and the rest of the globe. You can read more about the plans in articles from Yousef Khalidi, Cop. Vice President Microsoft Networking.
- Azure founders reflect on Microsoft’s first decade as a public cloud vendor
- Detangling the Many Ways of Plugging into Azure
- Cisco Goes SONiC on New Networking Platforms
Now let’s start with Peering Services and how it can change the game.
What is Azure Peering Services and How it Solves the Issue?
When you look at how the service is designed, you can see that it leverages all of Microsoft Provider Peering with AS 8075. Together with the Microsoft Azure Peering Services Partners, Microsoft can change the default routing and transit behavior to their services when using a partner provider.
Following the picture below, you can setup a routing so that traffic from your network to Azure (or other networks) now uses the Microsoft Global Backbone instead of a transit provider without any SLA.
With that service enabled, the performance to Microsoft Services will increase and the latency will be reduced depending on the provider. As you can expect, services like Office 365 or Azure AD will profit from that Azure Service but there is more. When you for example build your backbone on the Microsoft Global Transit Architecture with Azure Virtual WAN and leverage Internet Connections of these certain Providers and Internet Exchange Partners, you will directly boost your network performance and you will have a pseudo-private network. The reason for that is because you now leverage private or public peering with route restrictions. Your backbone traffic will now bypass the regular Internet and flow through the Microsoft Global Backbone from A to B.
Let me try to explain it with a drawing.
in addition to better performance, you will also get an additional layer of monitoring. While the regular internet is a black box regarding dataflow, performance, etc. with Microsoft Azure Peering Services you get fully operational monitoring of your wide area network through the Microsoft Backbone.
You can find this information in the Azure Peering Services Telemetry Data.
The screenshot below shows the launch partner of Azure Peering Services.
When choosing a network provider for your access to Microsoft, you should follow this guideline:
- Choose a provider well peered with Microsoft
- Choose a provider with hot potato routing to Microsoft
- Don`t let the price decide the provider, a good network has costs
- Choose Dedicated Internet Access before regular Internet Connection any time possible
- If possible use locale providers instead of global ones
- A good provider always has a looking glass or can provide you with default routes between a city location and other peering partners. If not, it is not a good provider to choose
So, let’s learn about the setup of the service.
How to configure Azure Peering Services?
First, you need to understand that like with Azure ExpressRoute, there are two sites to contact and configure.
You need to follow the steps below to establish a Peering Services connection.
Step 1: Customer provision the connectivity from a connectivity partner (no interaction with Microsoft). With that, you get an Internet provider who is well connected to Microsoft and meets the technical requirements for performant and reliable connectivity to Microsoft. Again you should check the Partnerlist.
Step 2: Customer registers locations into the Azure portal. A location is defined by: ISP/IXP Name, Physical location of the customer site (state level), IP Prefix given to the location by the Service Provider or the enterprise. As a service from Microsoft, you now get Telemetry data like Internet Routes monitoring and traffic prioritization from Microsoft to the user’s closest edge location.
The registration of the locations happens within the Azure Portal.
Currently, you need to register for the public beta first. That happens with some simple PowerShell commands.
Using Azure PowerShell
Register-AzProviderFeature -FeatureName AllowPeeringService -ProviderNamespace Microsoft.Peering Register-AzResourceProvider -ProviderNamespace Microsoft.Peering
Using Azure CLI
az feature register --namespace Microsoft.Peering--name AllowPeeringService
Afterward, you can configure the service using the Azure Portal, Azure PowerShell, or Azure CLI.
You can find the responsive guide here.
- Register Peering Service Preview by using the Azure portal
- Register a Peering Service Preview connection by using the Azure PowerShell
- Register a Peering Service Preview connection by using the Azure CLI
After the Service went General Available (GA), customers also received SLAs on the Peering and Telemetry Service. Currently, there is no SLA and no support if you use the services in production.
Closing Thoughts
From reading this article you now have a better understanding of Microsoft Azure Peering Services and its use, peering between providers, and the routing and traffic behavior within the internet. When digging deeper into Microsoft Peering Services, you now should be able to develop some architectures and ideas on how to use that service.
If you have any providers which are not aware about that Service or direct Peering with Microsoft AS 8075, point them to http://peering.azurewebsites.net/ or let them drop an email to [email protected]
When using the BGP Tools from Hurricane Electric, you should get info about some providers, peering with Microsoft. One thing you need to know, most of the 3500 Network Partners of Microsoft are peering private with Microsoft. The Hurricane tools and only observe the public peering partners.
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!
8 thoughts on "Microsoft Azure Peering Services Explained"
Hi Florian
Thanks for this nice overview.
I made an Azure Account which is at the moment a free trial subscription.
I added some public peerings with microsoft, which are already established.
Now it shows that my subscription will end in 15 days. What does this mean? Do I have to upgrade the subscription? I was thinking public peering with MS is for free. I do not use any other Azure services.
Would be nice if you could clarify this.
Regards, Steve
As long as the services are free, you can keep it but you cannot use paid services.
What is the diference between Microsoft Azure peering service and Microsoft Azure express route? Why would someone choose Microsoft Azure Peering Service over Microsoft express route?
Microsoft Azure ExpressRoute is a private connection to the Microsoft Enterprise Edges for ExpressRoute (AS 12076). Microsoft than peers within the Microsoft global network with the Microsoft Services. so the way is dedicated connection for expressroute from provider -> expressroute edge -> azure service
Microsoft Azure Peering Service is purely using the Internet connections. A provider can directly route traffic to the microsoft global network on the shortest path without using expressroute. That allows cheap and very performant interconnection to microsoft services and to other providers. No dedicated connection is needed and can be done via any internet media incl. Mobil, DSL, FTTH etc.
If the provider leverages a private network interconnect with Microsoft Internet Peering AS8075 it is like using an ExpressRoute Microsoft Peering but much much cheaper, nearly some performance and you get end to end telemetry data. Think of it like premium internet which is no longer a black box for you.
Cheers,
Flo