Azure Route Server Overview and Step-by-Step Instructions

Azure Route Server is a networking service that helps you manage your network routing in a hybrid or multi-cloud environment. It provides a secure and scalable way to connect your on-premises network to Azure virtual networks.

Route Server can be used with various Azure services, including Azure Firewall, Azure Load Balancer, and Azure Virtual Network Gateway. This allows for a more seamless and secure integration between on-premises and cloud-based resources.

To get started with Azure Route Server, you'll need to create a new Route Server instance and configure it to connect to your on-premises network. This involves setting up a VPN connection and configuring the Route Server to use a routing protocol such as BGP or OSPF.

To get started with Azure Route Server, you'll need a few things. You'll need an Azure account with an active subscription, which you can create for free.

You'll also need a route server, which is a crucial component of Azure Route Server.

You can run the Azure PowerShell cmdlets interactively in Azure Cloud Shell, or you can install Azure PowerShell locally and sign in to Azure using the Connect-AzAccount cmdlet.

If you prefer to use the Azure CLI, you can run the commands interactively in Azure Cloud Shell, or you can install Azure CLI locally and sign in to Azure using the az login command.

To create a route server, you'll need to provide the name and resource group name. Here are the parameters you'll need to specify:

To configure an Azure Route Server, you'll need to complete the peering setup on the Network Virtual Appliance (NVA). This involves configuring the NVA to establish a BGP session with the route server's peer IPs and ASN, which can be found in the Overview page.

You should peering each NVA with both route server instances to ensure high availability. Use the az network routeserver show command to get the IP and ASN of the route server.

To enable exchanging routes between your route server and the virtual network gateway (ExpressRoute or VPN), you'll need to configure the route exchange setting. This can be done by selecting Enabled for the Branch-to-branch setting in the route server's Configuration page, or by using the Update-AzRouteServer cmdlet with the -AllowBranchToBranchTraffic parameter set to 1.

The following table summarizes the parameters needed to configure route exchange:

So you've configured route exchange between your route server and virtual network gateway. Now, let's talk about the next step: configuring peering between a route server and NVA.

In this process, you'll need to have your Azure VPN gateway configured in active-active mode with the ASN set to 65515. No BGP is required on the VPN gateway for communication with the route server.

To enable or disable route exchange between the route server and virtual network gateway, use the Update-AzRouteServer cmdlet or the az network routeserver update command. The -AllowBranchToBranchTraffic parameter should be set to 1 to enable route exchange, and to 0 to disable it. The --allow-b2b-traffic parameter should be set to true to enable route exchange, and to false to disable it.

Here's a quick reference to the parameters you'll need to use:

You can also use the Get-AzRouteServer cmdlet or the az network routeserver show command to verify the configuration.

To configure route exchange between your route server and virtual network gateway, you'll need to enable the Branch-to-branch setting on the route server. This can be done by going to the route server, selecting Configuration under Settings, and toggling the Branch-to-branch setting to Enabled.

You can also use the Update-AzRouteServer cmdlet to enable or disable route exchange. The parameter -AllowBranchToBranchTraffic is used to specify whether route exchange is allowed, with values 1 and 0 indicating enable and disable respectively.

Alternatively, you can use the az network routeserver update command to enable or disable route exchange. The --allow-b2b-traffic parameter is used to specify whether route exchange is allowed, with values true and false indicating enable and disable respectively.

To verify the configuration, you can use the Get-AzRouteServer cmdlet or the az network routeserver show command.

To configure routing preference, you'll need to select the routing preference that you want. Available options are ExpressRoute (default), VPN, and ASPath. This can be done by going to the route server, selecting Configuration under Settings, and selecting the desired routing preference.

You can also use the Update-AzRouteServer cmdlet to configure the routing preference setting of your route server. The parameter -HubRoutingPreference is used to specify the routing preference, with values ExpressRoute (default), VpnGateway, and ASPath indicating the desired preference.

Alternatively, you can use the az network routeserver update command to configure the routing preference setting of your route server. The --hub-routing-preference parameter is used to specify the routing preference, with values ExpressRoute (default), VpnGateway, and ASPath indicating the desired preference.

Here is a summary of the configuration options:

To add a new peer to your Azure Route Server, you can use the Add-AzRouteServerPeer cmdlet. This cmdlet requires you to specify the peer name, ASN, IP address, resource group name, and route server name.

You can also use the az network routeserver peering create command to add a new peer. This command requires you to specify the name, peer ASN, peer IP address, resource group, and route server.

It's essential to peer each NVA instance with both instances of Route Server to ensure high availability. This means you need to configure each NVA to peer with both instances of Route Server and advertise the same routes to both instances.

Here's a summary of the required parameters for adding a new peer:

Note that you should peer each NVA with both route server instances to achieve high availability. This is because BGP peering may go down between your NVA and one of Route Server's instances during maintenance events. By peering with both instances, your connectivity will remain up and running during these events.