Enable Transit Routing Using Azure Route Server

Overview

2020 Christmas Day in North Carolina

Configuration

  • Create virtual network
  • Create ExpressRoute virtual network gateway, and connect to ExpressRoute circuit
  • Create pip for Azure route server, create Azure route server in the same vnet, dedicated subnet “RouteServerSubnet” (Virtual Router ASN is 65515)
  • Create pips, create VPN virtual network gateway, use same dedicated subnet “gatewaysubnet” (Azure VPN gateway must be configured in active-active mode and have the ASN set to 65515.)
Note: when create VPN gateway first, then create Azure route server, failed with internal server error. It’s not clear what’s the root cause, when when create route server first, then add VPN gateway, it succeeded.
"resources": [
{
"type": "Microsoft.Network/virtualHubs",
"apiVersion": "2020-11-01",
"name": "[parameters('virtualHubs_testrouteserver_name')]",
"location": "eastus2",
"properties": {
"virtualHubRouteTableV2s": [],
"virtualRouterAsn": 65515,
"routeTable": {
"routes": []
},
"sku": "Standard",
"allowBranchToBranchTraffic": false
}
},
{
"type": "Microsoft.Network/virtualHubs/ipConfigurations",
"apiVersion": "2020-11-01",
"name": "[concat(parameters('virtualHubs_testrouteserver_name'), '/', parameters('virtualHubs_testrouteserver_name'))]",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualHubs', parameters('virtualHubs_testrouteserver_name'))]"
],
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"location": "[parameters('ipConfigurations_testrouteserver_location')]"
},
"subnet": {
"name": "[parameters('ipConfigurations_testrouteserver_name')]"
}
}
}
]
"resources": [
{
"type": "Microsoft.Network/virtualNetworkGateways",
"apiVersion": "2020-11-01",
"name": "[parameters('virtualNetworkGateways_vpntest_name')]",
"location": "eastus2",
"properties": {
"enablePrivateIpAddress": false,
"ipConfigurations": [
{
"name": "default",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[parameters('publicIPAddresses_1_externalid')]"
},
"subnet": {
"id": "[concat(parameters('virtualNetworks'), '/subnets/gatewaysubnet')]"
}
}
},
{
"name": "activeActive",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[parameters('publicIPAddresses_2_externalid')]"
},
"subnet": {
"id": "[concat(parameters('virtualNetworks'), '/subnets/gatewaysubnet')]"
}
}
}
],
"sku": {
"name": "VpnGw1",
"tier": "VpnGw1"
},
"gatewayType": "Vpn",
"vpnType": "RouteBased",
"enableBgp": true,
"activeActive": true,
"bgpSettings": {
"asn": 65515,
"bgpPeeringAddresses": [
{
"ipconfigurationId": "[concat(resourceId('Microsoft.Network/virtualNetworkGateways', parameters('name')), '/ipConfigurations/default')]",
"customBgpIpAddresses": []
},
{
"ipconfigurationId": "[concat(resourceId('Microsoft.Network/virtualNetworkGateways', parameters('name')), '/ipConfigurations/activeActive')]",
"customBgpIpAddresses": []
}
]
},
"vpnGatewayGeneration": "Generation1"
}
}
]

Enable Transit Routing

Route Server Peer Address 1 <-> VPN BGP Peer Local Address 1
Route Server Peer Address 2 <-> VPN BGP Peer Local Address 1
VPN BGP Peer Local Address 2 <-> VPN BGP Peer Local Address 1
Route Server Peer Address 1 <-> VPN BGP Peer Local Address 2
Route Server Peer Address 2 <-> VPN BGP Peer Local Address 2
VPN BGP Peer Local Address 1<-> VPN BGP Peer Local Address 2
az network routeserver update \
--name myRouteServer \
--resource-group myRouteServerRG \
--allow-b2b-traffic true

References

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cloud Journey

Cloud Journey

All blogs are strictly personal and do not reflect the views of my employer, focus on cloud networking, cloud security and API security.