How to enable Azure Express Route FastPath to improve data path from on-premises source to destination VM’s in Azure

As you know most of the enterprises have already deployed the ExpressRoute circuits in different regions in Azure across the Globe. But due to Covid-19 when there is a surge in WFH scenarios there are few use cases like Citrix VDI infrastructure in Azure IaaS, in this case, due to huge load users started complaining about latency issues. One of the ways to overcome that is a solution that I am going to write today is to enable the Express Route Fast Path in your environment.

What is express route FastPath?

ExpressRoute FastPath is a configuration in your ExpressRoute circuit which is designed to improve the data path performance between the on-premises network and your virtual network in Azure. When enabled, FastPath sends network traffic directly to virtual machines in the virtual network, bypassing
the gateway.

What you must need?

To configure FastPath, the virtual network gateway must be either:

Ultra Performance

ErGw3AZ

What is NOT Supported?

UDR on the gateway subnet: If you apply a UDR to the gateway subnet of your virtual network, the network traffic from your on-premises network will continue to be sent to the virtual network gateway.

VNet Peering: If you have other virtual networks peered with the one that is connected to ExpressRoute, the network traffic from your on-premises network to the other virtual networks (i.e. the so-called “Spoke” VNets) will continue to be sent to the virtual network gateway. The workaround is to connect all the virtual networks to the ExpressRoute circuit directly.

Basic Load Balancer: If you deploy a Basic internal load balancer in your virtual network or the Azure PaaS service you deploy in your virtual network uses a Basic internal load balancer, the network traffic from your on-premises network to the virtual IPs hosted on the Basic load balancer will be sent to the virtual network gateway. The solution is to upgrade the Basic load balancer to a Standard load balancer.

Private Link: If you connect to a private endpoint in your virtual network from your on-premises network, the connection will go through the virtual network gateway.

How to enable ExpressRoute First Path.

Option 1: When you want to setup a new ExpressRoute FastPath. You can run the below PowerShell Script

$circuit = Get-AzExpressRouteCircuit -Name “TestCircuit” -ResourceGroupName “WHYAZURERG”

$gw = Get-AzVirtualNetworkGateway -Name “AZREUS2Gateway” -ResourceGroupName “WHYAZURERG”

$connection = New-AzVirtualNetworkGatewayConnection -Name “TestConnection” -ResourceGroupName “WHYAZURERG” -ExpressRouteGatewayBypass -VirtualNetworkGateway1 $gw `

-PeerId $circuit.Id -ConnectionType ExpressRoute -Location “East US2”

Option 2: When you want to update an old ExpressRoute FastPath. You can run the below PowerShell Script

$connection = Get-AzVirtualNetworkGatewayConnection -Name “TestConnection” -ResourceGroupName “WHYAZURERG”

$connection.ExpressRouteGatewayBypass = $True

Set-AzVirtualNetworkGatewayConnection -VirtualNetworkGatewayConnection $connection

That’s all for today, enjoy your work from home and keep reading.