Glad it was helpful! and thans for watching

but how do you get back ?

as far as the routing, since this is all based on BGP the return routes should be injected to your onprem environment by the BGP protocol. in Azure once the peering is created these routes are injected as well. just make sure that in your ARP table in your private peering connection you are able to see both the Microsoft side and the OnPrem routers. once you are able to see that your connection is set. i hope this helps

I have the same question. With peering, we can find resources in the prod VNET, and the express route will allow us to connect to the on-prem. By using the routing table and redirecting to the firewall, the VNET should peer. However, to enable us to use the express route, we should also have permission to use it at the subscription/VNET level. That is my only understanding here. I think if i do an express route in the hub VNET and then i peer all the spoke VNETs should be find

yes you can use an existing gateway subnet for a new circuit, or add a gateway subnet to an existing vnet