none
Connecting to Azure Storage via ExpressRoute

    Question

  • Hello, 

    We have Azure Expressroute configured with private peering and is co-located at our data center (exchange provider). BGP is established between our routers and Azure's routers. We have configured a VNET on the Azure side that is being advertised to our network. Public peering is not used in this setup. As far as I can tell, the network connection between Azure and our network is fully established. 

    We also have Azure Storage (Classic) BLOB storage accounts enabled and would like to perform the following actions:

    1. Allow public users to access Azure Storage to upload files
    2. Allow a server on our internal network to access Azure BLOB storage via the private Expressroute and download files from the storage account
    3. Allow a server on our internal network to access Azure BLOB storage via the private Expressroute and upload files to the storage account

    We are able to perform item #1 on the list; however, we are having trouble getting items #2 and #3 working. We are unsure whether we need to assign IPs to the storage accounts to be able to access it, or we need to create a VM on the Azure side to interact with the storage account. We are also unsure if we need to modify routing on the Azure side in any way so we are able to download the files from the storage system. 

    Can anyone advise on a way we can accomplish items #2 and #3 on the list? We have been researching ways to do so and have not been able to get a clear answer. Can someone please also advise on the two questions below:

    1. We have an ExpressRoute Connection. We are only using Azure Storage (Classic) BLOB storage. When we want to PUT files on Azure, can we configure that traffic to go out over our ExpressRoute? Or must it go over the Public Internet?
    2. What commands are needed, I assume Powershell, to configure Azure so that when we GET files from Azure Storage (Classic) BLOB storage, using the AZCopy tool, those files are transferred to us over our ExpressRoute?

    Any help is greatly appreciated. 

    Thanks,

    Mark

    Monday, November 23, 2015 7:27 PM

All replies

  • Hello Mark,

    We are looking into this and will revert to you at the earliest.

    Girish Prajwal

    Tuesday, November 24, 2015 11:48 AM
    Moderator
  • Thank you. Please keep me informed if you have any suggestions. 
    Wednesday, November 25, 2015 5:24 PM
  • Hello Girish, 

    Do you have any news regarding my inquiry?

    Thanks,

    Mark

    Monday, November 30, 2015 2:48 PM
  • Hello Mark,

    I have engaged our experts and waiting for reply. Will revert to you at the earliest.

    Girish Prajwal

    Tuesday, December 01, 2015 8:16 AM
    Moderator
  • Hello Girish, 

    Any word from your experts?

    -Mark

    Thursday, December 03, 2015 7:20 PM
  • Hi Mark,

    Sincere apologies for delay in responding on this.

    Connectivity to Azure Storage via ExpressRoute with the help of Public Peering. This needs to be enabled by the Your ISP.
    Here are some articles on Public Peering that would come in handy :

    https://azure.microsoft.com/en-in/documentation/articles/expressroute-introduction/
    https://azure.microsoft.com/en-in/documentation/articles/expressroute-faqs/

    Hope this helps.

    Girish Prajwal

    Friday, December 04, 2015 11:30 AM
    Moderator
  • Girish, 

    Just to clarify, for our internal server to connect to azure storage via an expressroute, we need to do so via Public Peering, not Private Peering?

    Thanks,

    Mark

    Friday, December 04, 2015 3:33 PM
  • Also, can you clarify what our ISP would need to enable? 
    Friday, December 04, 2015 3:49 PM
  • Hi Mark,

    As suggested by our experts, you may have to configure it with public peering as the connectivity has to enabled by your ISP. The expressroute connection will be dedicated to you alone and it would be secured as per the article which I have gone through in the recent past.

    You can cask for express route connection to azure on a dedicated secure line.

    Girish Prajwal


    Friday, December 04, 2015 4:10 PM
    Moderator
  • Hi Girish, 

    Let's say that we already have the Expressroute connection co-located at our exchange provider, and it has been set up with private peering initially. If we now want to switch from private to public peering, do you have any details or documentation on what we have to request from our ISP? Would we ask for a Public /30 subnet or a public ASN from them to establish the public peering? 

    Thanks again for all your help on this. 

    -Mark


    Friday, December 04, 2015 4:25 PM
  • Hi Did you get any further with this? We have express route setup and would like to use it for backing up data. We are trailing cloudberry but that connects via the external azure storage URLs. I've read about public peering but not sure what means. We've only just configured the private connection so don't really want to break it now! Thanks
    Friday, December 18, 2015 10:57 AM
  • Hi Mark,

    I am one of the Program Managers for Azure ExpressRoute. Storage (Blob) accounts are not accessible through private peering. Blob accounts are hosted only on public IP addresses. You can enable public peering through your Exchange. If you already have a VC provisioned through an Exchange, you can add a VLAN to this. You can follow instructions here to configure public peering: https://azure.microsoft.com/en-us/documentation/articles/expressroute-howto-routing-classic/#azure-public-peering

    When  you enable Azure Public Peering, you will receive several prefixes on which Azure services are hosted. Your blog will be accessible through one of the IPs.

    You can find more info on public peering at https://azure.microsoft.com/en-us/documentation/articles/expressroute-circuit-peerings/

    Thanks,

    Ganesh

    Tuesday, December 22, 2015 12:03 AM