Build ExpressRoute circuit configurations with peerings and route filters.
Last verified: May 2026
Build ExpressRoute circuit configs with peerings, route filters, and VNet gateway connections.
Required Fields
nameresourceGroupserviceProviderNamepeeringLocationbandwidthInMbpssku.tierpeeringsOutput will appear here...The builder generates ExpressRoute circuit configurations: circuit (name, service provider, peering location, bandwidth in Mbps, SKU: Local/Standard/Premium, billing model: metered or unlimited), peerings (Private Peering with VLAN ID + primary/secondary subnets + BGP ASN, Microsoft Peering with route filter), and route filters for selectively advertising routes. Output is generated as az network express-route commands and Terraform azurerm_express_route_circuit resources.
Azure ExpressRoute provides dedicated private connectivity between on-premises networks and Azure datacenters, bypassing the public internet for higher reliability, faster speeds (up to 100 Gbps), and lower latency. An ExpressRoute circuit requires selecting a connectivity provider, peering location, bandwidth tier, and SKU (Local, Standard, or Premium). You then configure peerings — Azure Private Peering for VNet access and Microsoft Peering for Microsoft 365 and Azure PaaS services. The ExpressRoute Config Builder helps you define circuit parameters, peering configurations, and route filter settings.
Your team is connecting a US datacenter to Azure for a 1 Gbps hybrid workload. The builder generates: 2 ExpressRoute circuits at 1 Gbps Standard SKU, one from Equinix Washington DC and one from Equinix Chicago (different physical locations), both terminating at the same ExpressRoute Gateway in azuregov-eastus2. Plus a VPN Gateway as backup. BGP advertises with AS-path prepending so traffic prefers Circuit 1 (Washington) and falls back to Circuit 2 (Chicago) on failure. The architecture survives single-DC outages with sub-30-second failover.
Local SKU is the cheapest if your workload is in ONE region near a peering location — it includes unlimited egress (no per-GB charges). Most teams default to Standard SKU and pay for egress they don't need. Check whether all your Azure workloads are in regions accessible from the peering location's metro before paying for Standard.
Always deploy two ExpressRoute circuits from DIFFERENT peering locations for production. The built-in primary/secondary redundancy within a single circuit only protects against equipment failure, not data center outages. Two circuits from different locations + ExpressRoute Gateway with both connections gives you DC-level redundancy.
Maintain a VPN Gateway as a backup connectivity path even with redundant ExpressRoute. ExpressRoute outages do happen (provider issues, BGP misconfiguration). VPN Gateway as a low-priority backup adds maybe $30/month and gives you a third independent path — well worth it for production hybrid connectivity.
Local SKU provides connectivity only to Azure regions at or near the peering location, offers unlimited data egress (no per-GB charges), and is the most cost-effective for workloads in a single region. Standard SKU connects to all Azure regions within the same geopolitical region (e.g., all North American regions) with metered or unlimited egress options. Premium SKU connects to all Azure regions globally, supports up to 10,000 routes on Private Peering (vs 4,000 for Standard), and up to 10 VNet connections (vs 10 for Standard, expandable with add-ons).
Each ExpressRoute circuit consists of two physical connections (primary and secondary) for built-in redundancy. If one connection fails, traffic automatically fails over to the other. For higher availability, deploy two circuits from different peering locations and configure both as connections on your ExpressRoute Gateway. Use BGP AS-path prepending or connection weight to control active-passive or active-active failover behavior. For critical workloads, also maintain a VPN Gateway as a backup path in case both ExpressRoute circuits fail.
Was this tool helpful?
Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.