DE-CIX Internet Exchange Now Links New York Directly to Azure
Tightening the connection between New York’s Microsoft users and their services might not only improve their latency by an order of magnitude, but also thwart man-in-the-middle attacks.
June 15, 2021
It’s a small step with some big implications, particularly for service provider customers in New York who connect with SaaS services such as Microsoft 365: Tuesday, global powerhouse Internet exchange provider DE-CIX announced the availability of Azure Peering Services, through its interconnection platform in New York.
The move shortens the trip between data center customers and Microsoft Azure to just one hop. It’s the same hop all the time, so customers can monitor the reliability and latency of connections.
“With the Azure Peering Service,” a DE-CIX spokesperson explained, in a note to Data Center Knowledge today, “customers can design the best possible IP routing connectivity from their network (represented by an IP prefix) towards all Microsoft services, bypassing the Internet and creating a dedicated & secured routing shortcut.”
The profile for the typical customer most interested in this service, according to DE-CIX, would include enterprises with 1,000 seats or more, or with multiple branch offices of 250 seats or more. These users would be heavy consumers of Azure’s SaaS services, including Microsoft 365 (formerly known as Office 365), Dynamics 365 customer relationship management, and Power BI analytics.
Does this level of peering actually provide what DE-CIX marketing describes as “the lowest possible latency?” The spokesperson makes this case: “It is the lowest possible latency because of the shortest, most optimized path in terms of network hops towards the Microsoft network. Further it allows customers to integrate this connectivity into their network without the need to run it through some additional DDoS mitigation systems, as it is already separated from the public Internet.”
A recent measurement of an existing DE-CIX peering customer (not in New York), we’re told, reduced overall latency for Azure connections from 53 ms to 5 ms.
Hard-wiring the shortest possible route from an ISP to Azure is said to eliminate the possibility of so-called BGP prefix hacking. When it’s done intentionally, by folks who want to portray themselves as having the best intentions, it’s often called “traffic shaping.” This is where a false Border Gateway Protocol route report advertises that major Internet destinations, such as Facebook, are just over the horizon in this direction, when they’re actually a few hops further in that direction.
Hard-wiring the route with only one hop in-between, and avoiding the need for BGP protocol choices along the way, make traffic impossible to shape. Users, DE-CIX told us, “are able to form a direct BGP relationship / adjacency with Microsoft, avoiding any intermediate networks in between. Microsoft will therefore always prefer this short and optimized path in comparison to any other available Internet path, where BGP hijacking usually occurs.
“As customer IP prefix carries traffic from their IT systems or employees, who are geographically located in a specific region,” DE-CIX continued, “it is obviously important to design towards and target the geographically closest physical edge location of Microsoft, which hosts the corresponding services, in order to keep the network transmission distances as short as possible.”
Microsoft introduced Azure Peering Service to ISP customers in May 2020. As of last November, according to Microsoft, the service had accumulated some 16 Internet exchange partners worldwide, with only DE-CIX and Lumen Technologies listed as providing peering services to North America. The spokesperson told us that its links to Azure Peering have also already been operational in Madrid, Marseille, and Frankfurt. Service is forthcoming, said DE-CIX, to Dubai and Mumbai.
About the Author
You May Also Like