Technical Lab: Design and implement ExpressRoute options, including Global Reach, FastPath, and ExpressRoute Direct
Questionsβ
Question 1 β Multiple Choiceβ
A company has branches in SΓ£o Paulo and Tokyo, each connected to Microsoft's network through independent ExpressRoute circuits, provisioned at distinct peering locations. The network team needs to ensure that traffic between the two branches passes exclusively through Microsoft's backbone network, without transiting through the public internet.
Which ExpressRoute feature meets this requirement?
A) ExpressRoute FastPath, configured on both circuits
B) ExpressRoute Global Reach, enabled between the two circuits
C) ExpressRoute Direct, with two 100 Gbps ports allocated at each site
D) A second ExpressRoute Premium circuit created at the same peering location
Question 2 β Technical Scenarioβ
A network architect configured an ExpressRoute circuit with a virtual network gateway of type ErGw1AZ to connect an on-premises network to Azure. After load testing, it's noticed that the effective throughput between on-premises servers and VMs in the VNet is consistently below expectations, even with the circuit operating within the contracted bandwidth.
Investigation points to the gateway processing all data flows, becoming a bottleneck.
Which change resolves this issue without replacing the circuit?
A) Migrate the circuit to a peering location with lower latency
B) Enable ExpressRoute FastPath to allow data traffic to bypass the gateway
C) Enable Global Reach to redistribute flows across multiple circuits
D) Increase the circuit bandwidth to the next available tier
Question 3 β True or Falseβ
ExpressRoute Direct allows an organization to connect physically to Microsoft's global network without the intermediation of a connectivity provider, and supports the provisioning of multiple ExpressRoute circuits over the same pair of physical ports, as long as the sum of circuit bandwidths doesn't exceed the total capacity of the contracted port.
Is the statement True or False?
Question 4 β Multiple Choiceβ
When evaluating ExpressRoute Direct versus a standard ExpressRoute circuit provisioned via connectivity provider, an engineer needs to justify choosing ExpressRoute Direct for a client with strict regulatory requirements for physical isolation and need for 40 Gbps dedicated capacity.
Which characteristic of ExpressRoute Direct is the main technical differentiator in this context?
A) Support for Microsoft Peering with BGP routes of higher priority than provider-based circuits
B) Direct physical connection to Microsoft's edge routers, with dedicated 10, 40, or 100 Gbps ports
C) Elimination of the virtual network gateway requirement for data traffic in the VNet
D) Ability to extend circuit reach to other regions using Global Reach at no additional cost
Question 5 β Technical Scenarioβ
A financial organization uses two ExpressRoute circuits: one in Miami and another in Dallas, both with Global Reach enabled. The security team reports that certain sensitive workloads, hosted on-premises in Miami, should not communicate with on-premises systems in Dallas via Microsoft's backbone, but both branches need to continue accessing VNets in Azure normally.
The architect proposes disabling Global Reach. The network team questions whether there's a more granular approach.
Circuit A (Miami) <--Global Reach--> Circuit B (Dallas)
| |
VNet-1 VNet-2
Which statement correctly describes the behavior and available options?
A) Global Reach cannot be selectively disabled; the only option is to remove the feature from both circuits simultaneously
B) Global Reach can be disabled only on the source circuit, maintaining unidirectional connectivity between branches
C) Global Reach is an association between two specific circuits and can be removed between them without affecting each circuit's connectivity with Azure VNets
D) Disabling Global Reach on one of the circuits automatically interrupts that circuit's BGP peering with associated VNets
Answer Key and Explanationsβ
Answer Key β Question 1β
Answer: B
ExpressRoute Global Reach was designed exactly for this scenario: it creates a network path between two distinct ExpressRoute circuits, routing traffic entirely through Microsoft's backbone, without touching the public internet. It's the only native ExpressRoute mechanism for site-to-site connectivity via Microsoft's network when sites have their own circuits.
The main misconception represented by the distractors is confusing the purpose of each functionality: FastPath deals with the data path between on-premises and Azure VNets (not between on-premises sites); ExpressRoute Direct is a way to provision the physical circuit, not an interconnection mechanism between sites; and an additional Premium circuit at the same location doesn't create connectivity between geographically distinct branches.
Answer Key β Question 2β
Answer: B
ExpressRoute FastPath resolves exactly this bottleneck. By default, all data traffic between on-premises and VMs passes through the virtual network gateway, which operates as the data plane and can saturate in high throughput scenarios. With FastPath enabled, the data plane is redirected directly to VNet VMs, bypassing the gateway. The gateway remains active for BGP route exchange but is removed from the data path.
The distractors represent common misconceptions: changing the peering location reduces latency but doesn't deterministically increase throughput; Global Reach serves to connect on-premises sites to each other; and increasing circuit bandwidth doesn't resolve a bottleneck that's in the gateway, not in the contracted bandwidth.
Answer Key β Question 3β
Answer: True
ExpressRoute Direct provides direct physical connectivity to Microsoft's edge routers (MSEEs), eliminating dependency on intermediary connectivity providers. Over a single pair of physical ports (10, 40, or 100 Gbps), it's possible to provision multiple logical ExpressRoute circuits, each with its own bandwidth. The restriction is that the sum of allocated bandwidths cannot exceed the total port capacity.
This behavior is relevant because it allows logical segmentation by customer, environment, or regulatory requirement, while maintaining real physical isolation, which is a critical differentiator for sectors with rigorous compliance requirements.
Answer Key β Question 4β
Answer: B
The central technical differentiator of ExpressRoute Direct is the direct physical connection to Microsoft's peering facilities, with dedicated 10, 40, or 100 Gbps ports. This eliminates the connectivity provider from the physical path, meeting the physical isolation requirement demanded by regulations such as those in the financial or healthcare sectors. The 40 Gbps dedicated capacity is also only viable via ExpressRoute Direct, as provider-based circuits have lower bandwidth limits.
The distractors represent important conceptual errors: FastPath (not ExpressRoute Direct) is responsible for bypassing the gateway in the data plane; Global Reach has no relation to the physical provisioning method of the circuit; and Microsoft Peering support exists in both provider-based and Direct circuits, with no inherent BGP priority difference based on provisioning method.
Answer Key β Question 5β
Answer: C
Global Reach is implemented as a direct association between two specific ExpressRoute circuits. This association can be created or removed independently, without impacting each circuit's connectivity with Azure VNets. Disabling Global Reach between the Miami and Dallas circuits only terminates the path between the two on-premises sites; both circuits continue functioning normally to access VNet-1 and VNet-2.
The misconception represented by the other distractors is treating Global Reach as a global circuit attribute or as something coupled to BGP with VNets, when in practice it's a point-to-point and bidirectional configuration between a pair of circuits. Alternative D is particularly dangerous because it mixes the VNet BGP control plane with Global Reach functionality, which are completely independent.