Azure Route Server Overview

Рет қаралды 35,026

Күн бұрын

Walkthrough of how routing works in a virtual network, what route server is and how it works with your various NVAs.
IMPORTANT NOTE. 22:50 This 0.0.0.0/0 would be the default route for everything. This would NOT impact traffic WITHIN the VNet, i.e. subnet to subnet, rather everything else not for the VNet. Even if a firewall sends more specific VNet routes to a route server, when the route server plumbs down these routes, they’ll be ignored by the SDN stack meaning VM to VM traffic within the VNet would not use this NVA as a hop. You would need to use UDR.
Whiteboard at github.com/johnthebrit/Random....
00:00 Introduction
00:50 Routing in virtual network
08:20 Enter NVAs
10:25 Azure Route Server overview
13:05 BGP peer to NVAs
20:05 ECMP
22:10 Types of NVA relationship
23:45 Branch-to-branch with ExpressRoute
27:05 Multiple Azure Route Servers
31:09 Close

Пікірлер: 51

@NTFAQGuy 3 жыл бұрын

READ the description for important note :-)

@michaeld9682 3 жыл бұрын

Great and helpful description! You are the best

@MrGuideMaster 2 жыл бұрын

Meke video to Bastion service

@tomasbohunek9698 2 жыл бұрын

Could you add "does not support Azure Firewall" in the important notes?

@virescon Жыл бұрын

It's like going from static routes to BGP! Amazing! Great video thank you

@glenlicious4602 2 жыл бұрын

Loved it John - I was struggling with route server for a while … you’ve really made it easy for us

@NTFAQGuy 2 жыл бұрын

Great

@Lykourgiw 2 жыл бұрын

The best stuff, always. Understanding is not enough to explain something. And you did explain everything within 30 minutes. Thanks.

@NTFAQGuy 2 жыл бұрын

Welcome!

@vinaymiddha4781 2 жыл бұрын

Very Well Explained John .Thanks

@juanpabloguerra9512 3 жыл бұрын

Amazing explanation and thanks for sharing the limitations at the end.

@NTFAQGuy 3 жыл бұрын

Glad it was helpful!

@ackrite8139 Жыл бұрын

Thanks John. Very helpful.

@yulaw3289 Ай бұрын

enjoying this video for today learning, thanks a lot!

@mofistagomofarde3248 Жыл бұрын

This channel is the best place to be inspired to study more and go to the gym more 🤣

@andersongrimaldi7716 2 жыл бұрын

Perfect. Thanks for the explanation

@freddyayala851 2 жыл бұрын

Amazing Job John, thank you very much!

@NTFAQGuy 2 жыл бұрын

Glad you liked it!

@nicospanatos6605 3 жыл бұрын

Great Input ! Perfectly for me, Thank You !

@NTFAQGuy 3 жыл бұрын

Great to hear!

@vivek.padale 2 жыл бұрын

Thanks for the knowledge...

@jlou65535 3 жыл бұрын

Thank you for this explanation !

@NTFAQGuy 3 жыл бұрын

You are welcome!

@Illuminaughty1942 Жыл бұрын

Great vid

@piotrstasinskij2929 2 жыл бұрын

Thanks John, good video

@NTFAQGuy 2 жыл бұрын

Very welcome

@cdm297 2 жыл бұрын

Very Well explained :-)

@NTFAQGuy 2 жыл бұрын

Thank you

@chaminda69 Жыл бұрын

Awesome

@KhawajaDaniyal 3 жыл бұрын

Love your work John! Quick Qs: - 15:30 mark - Azure uses AS 12076 for ER private and MS peering, while internally Azure uses AS 65515. How do they relate? - 21:00 mark - If ARS added support for BFD, failover time would be cut down to ms vs minutes (assuming NVA BFD support). I know ARS doesn't support BFD today, but would be an excellent future enhancement.

@NTFAQGuy 3 жыл бұрын

Regarding 12076 and 65515, no, they're not related. ER has Microsoft Peering, that's why we need to use a public ASN. Route Server doesn't have this requirement, so they picked a private ASN

@erichrockman4852 3 жыл бұрын

Love the content. Do you have any guidance on use with Azure vwan? Specifically, for hub routing tables and hub vnet connections in a hub/spoke topology with the NVAs in the transit hub. I find myself having to add routes for each peered spoke to the vwan routing tables. Thanks.

@NTFAQGuy 3 жыл бұрын

I don't have anything on that currently.

@1979benmitchell 3 жыл бұрын

Same! Would love to see some advanced VNET material.

@RAndyVee 3 жыл бұрын

A really useful and timely video for me, so big thanks John! I'm similarly keen to play with/understand Route Server in the context of VWAN too. Use case is an SD-WAN NVA in a VNet which is connected to a VWAN hub. Hope is that I can use a Route Server in the NVA VNet to receive SD-WAN routes dynamically and that those routes from the NVA VNet can then be propagated to e.g. the default route table in the VWAN hub.

@scott3107 3 жыл бұрын

Good lad! Had a question re route server and expressroute recently and great to see John is covering the topic. Taking in what you say, we use the branch to branch option if we have vnet1 > vpn gateway > hub vnet > expressroute > onprem?

@NTFAQGuy 3 жыл бұрын

Yes if you enable the branch to branch flag

@scott3107 3 жыл бұрын

@@NTFAQGuy absolute legend, thanks John. Massive inspiration

@wbplomp 3 жыл бұрын

John, great video. Thanks! One question. When you implemented Azure Router Server for branch-to-branch (transit routing) communication between Virtual Network Gateways. Does is overrule the Route Table configuration setting "Propagate gateway route" set to 'No'? In many cases we have a hub-spoke model where we use an Azure Firewall. We don't want to mess with that setup and have more specific routes to propagate.

@NTFAQGuy 3 жыл бұрын

The route server was setup to enable route propagation via nvas in the multi hub demo I drew (if I remember) :)

@NTFAQGuy 3 жыл бұрын

Or do you mean the branch to branch flag in which case normally they won’t propagate on same vnet

@wbplomp 2 жыл бұрын

@@NTFAQGuy Yes, I was assuming the BGP routes learned by Azure Route Server are also propagated to the VNet. But apparently it is not.

@tomasbohunek9698 2 жыл бұрын

Dear John, what setup is required to make Azure Firewall in the hub advertise default route pointing to it? I couldn’t find a single article about that on the internet. Many thanks!

@NTFAQGuy 2 жыл бұрын

I mentioned in the video az fw does not support bgp today

@tomasbohunek9698 2 жыл бұрын

@@NTFAQGuy nooooooo :( I skipped through the video and missed this part. Now I know to use Transcript next time. This is a setback, but so is the limit of 6000 IPs. Say I have 20 spokes, /22 each. That is 20000 IPs. What happens there? ARS just randomly chooses what works and what does not?

@corradoQC 3 жыл бұрын

When I enable Default information originate from the NVA (Fortigate) It creates a routing loop as OUSID interface of the firewall learn that the default route is available through INSID interface. Is there a way around this issue ? There's also another issue using the VNG, the VNG learns route via the peering, and I need to add a UDR for the GatewaySubnet with more specific routes for every spokes so that the VNG will route through the NVA first. If you don't do this you'll get symmetric routing has the VNG will reach the VM in spoke through the peering without passing trough the NVA first. This is really counter productive. If anyone has found a way to make it work without UDR please let me know.

@NTFAQGuy 3 жыл бұрын

you should check out the docs as there are specific scenarios called out and where you can address.

@corradoQC 3 жыл бұрын

@@NTFAQGuy I've found out the I need to use UDR on the subnet where the NVA has it's OUSID interface to overide default route learned by the route server. I guess you need more UDRs to get rid of UDRs.

@brandonp3354 3 жыл бұрын

As a South African I shudder when i hear people (mis)pronounce the extinct animal Quagga. More so than when I hear people mispronounce Ubuntu.

@NTFAQGuy 3 жыл бұрын

Huh? :-D

@scott3107 3 жыл бұрын

@@NTFAQGuy Umuntu ngumuntu ngabantu... you learn something new every day! Didn't realise Ubuntu was taken from African philosophy. At the same time, it doesn't matter the exact pronunciation is missed, the fact you understood is important 😁