Question

Chris_6 on Mon, 31 Aug 2015 07:17:59


Is it possible to use Azure Networking to accomplish the below design, with the WAN being able to connect to both Azure VNets?

[ WAN ]   ===ER===  [ AZURE SYDNEY VNet ]  ----S2S VPN----  [ AZURE SINGAPORE VNet ]

If so how do we configure the ER link to include the Singapore IPs in the BGP routes?

I'm aware Express route premium will solve the problem, however we only need a low capacity link to Singapore and the premium charge seems expensive.

A VPN link directly from our WAN to Singapore is difficult because we are going cloud only and will not have a centralised location to terminate the VPN.


Sponsored



Replies

SAMIR FARHAT on Mon, 31 Aug 2015 09:03:25


Even if it's not recommended, it is possible. BGP is not yet supported with Azure VNET so you will haev top manually configure the Netcfg of your network.

https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-vpn-faq/

Can I use Azure VPN gateway to transit traffic between my on premises sites or to another virtual network?

Transit traffic via Azure VPN gateway is possible, but rely on statically defined address spaces in the netcfg configuration file. BGP is not yet supported with Azure Virtual Networks and VPN gateways. Without BGP, manually defining transit address spaces in netcfg is very error prone, and not recommended.

1- Create a VNEt to VNET between Sydney VNET and Singapore VNET

2- Create an ER circuit between your on-prem and Sydney

3- Modify the routing configuration of you gateway be manually defining routing rules



Regards, Samir Farhat || Datacenter Consultant || The way to share my knowledge with the community Visit my blog : buildwindows.wordpress.com


Chris_6 on Mon, 31 Aug 2015 23:40:31


Thanks for your feedback. Unfortunately I don't think it solves my problem. 

Your solution will get packets from Singapore delivered to our WAN via Sydney, the problem is the other direction. The VPNs don't use BGP but Expressroute does.

From what I understand there is a router on the Azure side of the Expressroute circuit. This is separate from the Expressroute gateways we deploy in our VNets. There is a Powershell command to link the ER Gateways with the ER Router/Circuit. There is no ability to define address spaces here - it appears the vnet will just advertise it's local address space to the ER Circuit. I can't see a way to have Sydney also advertise the Singapore address space to the ER Circuit. 

If I configure the WAN to ignore BGP and push Singapore traffic to the ER, I think the ER router on the Azure side will not know where to route it.

Prasandhi Kumar on Thu, 03 Sep 2015 12:25:12


Hi Chris_6,

Greetings!!

With respect to your query, As of now We do not support this scenario.

Best Regards
Prasandhi kumar