Configure route filters for Microsoft peering using the Azure portal

Route filters are a way to consume a subset of supported services through Microsoft peering. The steps in this article help you configure and manage route filters for ExpressRoute circuits.

Connectivity to all Azure services causes a large number of prefixes gets advertised through BGP. The large number of prefixes significantly increases the size of the route tables maintained by routers within your network. If you plan to consume only a subset of services offered through Microsoft peering, you can reduce the size of your route tables in two ways. You can:

  • Filter out unwanted prefixes by applying route filters on BGP communities. Route filtering is a standard networking practice and is used commonly within many networks.

  • Define route filters and apply them to your ExpressRoute circuit. A route filter is a new resource that lets you select the list of services you plan to consume through Microsoft peering. ExpressRoute routers only send the list of prefixes that belong to the services identified in the route filter.

Diagram of a route filter applied to the ExpressRoute circuit to allow only certain prefixes to be broadcast to the on-premises network.

About route filters

When Microsoft peering gets configured on your ExpressRoute circuit, the Microsoft edge routers establish a pair of BGP sessions with your edge routers through your connectivity provider. No routes are advertised to your network. To enable route advertisements to your network, you must associate a route filter.

A route filter lets you identify services you want to consume through your ExpressRoute circuit's Microsoft peering. It's essentially an allowed list of all the BGP community values. Once a route filter resource gets defined and attached to an ExpressRoute circuit, all prefixes that map to the BGP community values gets advertised to your network.

Important

Microsoft peering of ExpressRoute circuits that were configured prior to August 1, 2017 will have all Microsoft Office service prefixes advertised through Microsoft peering, even if route filters are not defined. Microsoft peering of ExpressRoute circuits that are configured on or after August 1, 2017 will not have any prefixes advertised until a route filter is attached to the circuit.

Prerequisites

  • Review the prerequisites and workflows before you begin configuration.

  • You must have an active ExpressRoute circuit that has Microsoft peering provisioned. You can use the following instructions to accomplish these tasks:

    • Create an ExpressRoute circuit and have the circuit enabled by your connectivity provider before you continue. The ExpressRoute circuit must be in a provisioned and enabled state.
    • Create Microsoft peering if you manage the BGP session directly. Or, have your connectivity provider provision Microsoft peering for your circuit.

Get a list of prefixes and BGP community values

Get a list of BGP community values

BGP community values associated with services accessible through Microsoft peering is available in the ExpressRoute routing requirements page.

Make a list of the values that you want to use

Make a list of BGP community values you want to use in the route filter.

Create a route filter and a filter rule

A route filter can have only one rule, and the rule must be of type 'Allow'. This rule can have a list of BGP community values associated with it.

  1. Select Create a resource then search for Route filter as shown in the following image:

    Screenshot that shows the Route filter page.

  2. Place the route filter in a resource group. Ensure the location is the same as the ExpressRoute circuit. Select Review + create and then Create.

    Screenshot that shows the Create route filter page with example values entered.

Create a filter rule

  1. To add and update rules, select the manage rule tab for your route filter.

    Screenshot that shows the Overview page with the Manage rule action highlighted.

  2. Select the services you want to connect to from the drop-down list and save the rule when done.

    Screenshot that shows the Manage rule window with services selected in the Allowed service communities drop-down list.

Attach the route filter to an ExpressRoute circuit

Attach the route filter to a circuit by selecting the + Add Circuit button and selecting the ExpressRoute circuit from the drop-down list.

Screenshot that shows the Overview page with the Add circuit action selected.

If the connectivity provider configures peering for your ExpressRoute circuit, refresh the circuit from the ExpressRoute circuit page before you select the + Add Circuit button.

Screenshot that shows the Overview page with the Refresh action selected.

Common tasks

To get the properties of a route filter

You can view properties of a route filter when you open the resource in the portal.

Screenshot that shows the Overview page.

To update the properties of a route filter

  1. You can update the list of BGP community values attached to a circuit by selecting the Manage rule button.

    Screenshot that shows how to update Route filters with the Manage rule action.

  2. Select the service communities you want and then select Save.

    Screenshot that shows the Manage rule window with services selected.

To detach a route filter from an ExpressRoute circuit

To detach a circuit from the route filter, right-click on the circuit and select Dissociate.

Screenshot that shows the Overview page with the Dissociate action highlighted.

Clean up resources

You can delete a route filter by selecting the Delete button. Ensure the Route filter isn't associated to any circuit before doing so.

Screenshot that shows how to delete a route filter.

Next Steps

For information about router configuration samples, see: