Share via

Lumen/CenturyLink ExpressRoute Connection Confusion

SC 0 Reputation points
2025-01-22T16:19:56.7266667+00:00

Azure Peering - 1 VLAN

Lumen 2 CE VLANs Mandated

Hello All:

I have a situation here where my service provider (Century Link/Lumen) is not providing me with any help. I am in the process of setting up Express Route Circuit with Microsoft and make it work. I have a test circuit provisioned and it is not running properly.

Microsoft Azure only allows me to configure one vlan for private peering. On the same vlan it wants me to choose 2x IP networks to form 2x BGP peerings. I chose 515 to be my vlan for these peerings.

But, Lumen portal made me configure 2 vlans - they call it CE-VLANs and they have to be unique. So, I chose 515 and 516 as my CE-VLANs.

+++++++++++

Primary Subnet:

+++++++++++

Microsoft IP: 10.101.15.2/30

My local IP: 10.101.15.1/30

+++++++++++

Secondary Subnet:

+++++++++++

Microsoft IP: 10.100.15.2/30

My local IP: 10.100.15.1/30

+++++++++++

VLAN ID on Azure

+++++++++++

515

+++++++++++

VLAN IDs on Lumen

+++++++++++

515, 516

+++++++++++

Q-in-Q on my connection

+++++++++++

I implemented push/pop q-in-q configuration on my Juniper switches to facilitate this 515, 516 setup that Lumen mandates.

set interfaces unit 515 vlan-id 515

set interfaces unit 515 vlan-id 515

set interfaces ae-FW1 unit 515 vlan-id-list 515

set interfaces ae-FW1 unit 515 input-vlan-map push

set interfaces ae-FW1 unit 515 output-vlan-map pop

set interfaces ae-FW2 unit 515 vlan-id-list 515

set interfaces ae-FW2 unit 515 input-vlan-map push

set interfaces ae-FW2 unit 515 output-vlan-map pop

set vlans lumen-515 interface xe-1/0/5.515

set vlans lumen-515 interface ae-FW1.515

set vlans lumen-515 interface ae-FW2.515

set vlans lumen-515 interface xe-0/0/5.515

set interfaces unit 516 vlan-id 516

set interfaces unit 516 vlan-id 516

set interfaces ae-FW1 unit 516 vlan-id-list 516

set interfaces ae-FW1 unit 516 input-vlan-map push

set interfaces ae-FW1 unit 516 output-vlan-map pop

set interfaces ae-FW2 unit 516 vlan-id-list 516

set interfaces ae-FW2 unit 516 input-vlan-map push

set interfaces ae-FW2 unit 516 output-vlan-map pop

set vlans lumen-516 interface xe-1/0/5.516

set vlans lumen-516 interface ae-FW1.516

set vlans lumen-516 interface ae-FW2.516

set vlans lumen-516 interface xe-0/0/5.516

###############

Scenarios

###############

I configure both primary and secondary IPs on vlan.515 interface (on my bgp hosting firewall) - only one peering comes up - primary ip bgp peering.

I configure primary IP on vlan.515 and secondary IP on vlan.516 (on my bgp hosting firewall) - only one peering comes up - primary ip bgp peering.

I change vlan from 515 to 516 on Azure - the secondary ip bgp peering comes up as primary ip peering goes down

I change vlan from 516 back to 515 on Azure - the secondary ip bgp peering goes down and the primary ip bgp peering comes back up

^^^^^^^^^^^

Issue

^^^^^^^^^^^

Azure needs both peerings to be UP for the Express Route Circuit to be considered fully functional. But, the peerings do not come up at the same time because of the 2 vlans on Lumen vs 1 vlan on Azure requirement. The only way I can make peerings work is by manually changing vlan ID on Azure portal which is a failed workaround/solution.

Could you please let me know how to make this setup work? Thank you.

Azure ExpressRoute
Azure ExpressRoute
An Azure service that provides private connections between Azure datacenters and infrastructure, either on premises or in a colocation environment.
410 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ganesh Patapati 3,530 Reputation points Microsoft Vendor
    2025-01-22T21:46:51.25+00:00

    Hi SC

    Greetings!

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    It seems you are facing challenges with the ExpressRoute setup requirements between Microsoft Azure and your service provider, Lumen (CenturyLink).

    1. Azure requires a single VLAN for both primary and secondary BGP peering, whereas Lumen necessitates two distinct VLANs (CE-VLANs) for the same purpose.
    2. This discrepancy is causing difficulties in establishing both BGP peering simultaneously.

    NOTE: When you configure both IPs on VLAN 515, only one peering comes up, which is expected since Azure is only allowing one VLAN.

    ImportantUser's image

    As Lumen is your service provider, it would be advantageous to escalate this issue with your support team. Clearly explain the situation, highlighting the necessity for both peering to be active concurrently.

    • Inquire if they can offer a solution that enables the use of a single VLAN for both peering or if they can modify their configuration to meet Azure's requirements.

    In the meantime, please review the information below as it may help you resolve your issue.

    Express Route Private peering vlan advice:

    Refer: https://learn.microsoft.com/en-us/answers/questions/1556596/expressroute-private-peering-vlan-advice

    (OR)

    As this something which is not supported. We encourage customers to create a feedback item for this request on the feedback forum

    https://feedback.azure.com/d365community

    So that the Product team can prioritize your request.

    Hope this helps!

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    Regards,

    Ganesh

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.