Azure Route Server Overview
Vložit
- čas přidán 24. 07. 2024
- Walkthrough of how routing works in a virtual network, what route server is and how it works with your various NVAs.
IMPORTANT NOTE. 22:50 This 0.0.0.0/0 would be the default route for everything. This would NOT impact traffic WITHIN the VNet, i.e. subnet to subnet, rather everything else not for the VNet. Even if a firewall sends more specific VNet routes to a route server, when the route server plumbs down these routes, they’ll be ignored by the SDN stack meaning VM to VM traffic within the VNet would not use this NVA as a hop. You would need to use UDR.
Whiteboard at github.com/johnthebrit/Random....
00:00 Introduction
00:50 Routing in virtual network
08:20 Enter NVAs
10:25 Azure Route Server overview
13:05 BGP peer to NVAs
20:05 ECMP
22:10 Types of NVA relationship
23:45 Branch-to-branch with ExpressRoute
27:05 Multiple Azure Route Servers
31:09 Close - Věda a technologie
READ the description for important note :-)
Great and helpful description! You are the best
Meke video to Bastion service
Could you add "does not support Azure Firewall" in the important notes?
Loved it John - I was struggling with route server for a while … you’ve really made it easy for us
Great
It's like going from static routes to BGP! Amazing! Great video thank you
The best stuff, always. Understanding is not enough to explain something. And you did explain everything within 30 minutes. Thanks.
Welcome!
Amazing explanation and thanks for sharing the limitations at the end.
Glad it was helpful!
Very Well Explained John .Thanks
Thanks John. Very helpful.
enjoying this video for today learning, thanks a lot!
Amazing Job John, thank you very much!
Glad you liked it!
Great Input ! Perfectly for me, Thank You !
Great to hear!
This channel is the best place to be inspired to study more and go to the gym more 🤣
Perfect. Thanks for the explanation
Thank you for this explanation !
You are welcome!
Thanks John, good video
Very welcome
Thanks for the knowledge...
Love your work John! Quick Qs:
- 15:30 mark - Azure uses AS 12076 for ER private and MS peering, while internally Azure uses AS 65515. How do they relate?
- 21:00 mark - If ARS added support for BFD, failover time would be cut down to ms vs minutes (assuming NVA BFD support). I know ARS doesn't support BFD today, but would be an excellent future enhancement.
Regarding 12076 and 65515, no, they're not related. ER has Microsoft Peering, that's why we need to use a public ASN. Route Server doesn't have this requirement, so they picked a private ASN
Great vid
Very Well explained :-)
Thank you
Love the content. Do you have any guidance on use with Azure vwan? Specifically, for hub routing tables and hub vnet connections in a hub/spoke topology with the NVAs in the transit hub. I find myself having to add routes for each peered spoke to the vwan routing tables. Thanks.
I don't have anything on that currently.
Same! Would love to see some advanced VNET material.
A really useful and timely video for me, so big thanks John!
I'm similarly keen to play with/understand Route Server in the context of VWAN too. Use case is an SD-WAN NVA in a VNet which is connected to a VWAN hub. Hope is that I can use a Route Server in the NVA VNet to receive SD-WAN routes dynamically and that those routes from the NVA VNet can then be propagated to e.g. the default route table in the VWAN hub.
Good lad! Had a question re route server and expressroute recently and great to see John is covering the topic. Taking in what you say, we use the branch to branch option if we have vnet1 > vpn gateway > hub vnet > expressroute > onprem?
Yes if you enable the branch to branch flag
@@NTFAQGuy absolute legend, thanks John. Massive inspiration
John, great video. Thanks! One question. When you implemented Azure Router Server for branch-to-branch (transit routing) communication between Virtual Network Gateways. Does is overrule the Route Table configuration setting "Propagate gateway route" set to 'No'? In many cases we have a hub-spoke model where we use an Azure Firewall. We don't want to mess with that setup and have more specific routes to propagate.
The route server was setup to enable route propagation via nvas in the multi hub demo I drew (if I remember) :)
Or do you mean the branch to branch flag in which case normally they won’t propagate on same vnet
@@NTFAQGuy Yes, I was assuming the BGP routes learned by Azure Route Server are also propagated to the VNet. But apparently it is not.
Dear John, what setup is required to make Azure Firewall in the hub advertise default route pointing to it? I couldn’t find a single article about that on the internet. Many thanks!
I mentioned in the video az fw does not support bgp today
@@NTFAQGuy nooooooo :( I skipped through the video and missed this part. Now I know to use Transcript next time.
This is a setback, but so is the limit of 6000 IPs. Say I have 20 spokes, /22 each. That is 20000 IPs. What happens there? ARS just randomly chooses what works and what does not?
When I enable Default information originate from the NVA (Fortigate) It creates a routing loop as OUSID interface of the firewall learn that the default route is available through INSID interface. Is there a way around this issue ?
There's also another issue using the VNG, the VNG learns route via the peering, and I need to add a UDR for the GatewaySubnet with more specific routes for every spokes so that the VNG will route through the NVA first. If you don't do this you'll get symmetric routing has the VNG will reach the VM in spoke through the peering without passing trough the NVA first. This is really counter productive. If anyone has found a way to make it work without UDR please let me know.
you should check out the docs as there are specific scenarios called out and where you can address.
@@NTFAQGuy I've found out the I need to use UDR on the subnet where the NVA has it's OUSID interface to overide default route learned by the route server. I guess you need more UDRs to get rid of UDRs.
Awesome
As a South African I shudder when i hear people (mis)pronounce the extinct animal Quagga. More so than when I hear people mispronounce Ubuntu.
Huh? :-D
@@NTFAQGuy Umuntu ngumuntu ngabantu... you learn something new every day! Didn't realise Ubuntu was taken from African philosophy. At the same time, it doesn't matter the exact pronunciation is missed, the fact you understood is important 😁