My direct peering is within my control, the traffic has to follow basically the same path internally to Internet and IXP. Internet path is definitely variable. IXP path is definitely fixed. It's already there, just needed to know what Microsoft provided (if anyone knew). Actually, a MS peering engineer answered the question for me privately. My marketing people aren't terribly concerned with security, that wasn't the issue. The issue was shorter path/better performance. I'm still not clear if it's public or private Azure that the customer is trying to access. On Sunday, April 3, 2016 4:04 PM, "Valdis.Kletnieks@vt.edu" <Valdis.Kletnieks@vt.edu> wrote: On Fri, 01 Apr 2016 18:02:56 -0000, Eric A Louie via NANOG said:
I suppose we have a customer who is an Azure customer that wants to know if their Azure traffic will stay in our network or still go through the Internet.
As a practical matter, if they're using the answer for a security baseline, they're doing it wrong - they should be planning that based on the assumption that their traffic *will* ride the rails of the commodity Internet (due to outages or whatever). Similarly, if they're looking at it for performance/latency, they need to fix their assumptions - your direct peering can be slow and congested, while there's actually a longer but faster path through someplace else....