Forum Discussion
LMR
Microsoft
MicrosoftBGP Routing from and to VPN Gateway
Hello All,
I am setting up a lab concerning vWAN connection to onprem via SDWAN and I have some issues getting the routing to work properly.
I have a hub which symbolizes the on-premises ...
Take this:
- Verify BGP Configuration:
- Ensure that BGP is correctly configured on all VPN gateways. Check the BGP peerings and ensure that the AS numbers and IP addresses are correctly set up.
- Check Route Propagation:
- Verify that the routes are being propagated correctly between the vWAN hubs and the on-premises VPN gateways. You can use the Get-AzVirtualNetworkGatewayLearnedRoute and Get-AzVirtualNetworkGatewayAdvertisedRoute cmdlets to check the learned and advertised routes.
- Update UDRs (User-Defined Routes):
- Ensure that the UDRs are correctly pointing to the next hop. For example, the UDRs on the vWAN hub should point to the SDWAN gateways, and the UDRs on the SDWAN gateways should point to the on-premises VPN gateway.
- Enable Route Propagation:
- Make sure that route propagation is enabled on the subnets where the VMs are deployed. This allows the routes learned via BGP to be propagated to the VMs.
- Check Network Security Groups (NSGs):
- Verify that the NSGs are not blocking the traffic. Ensure that the necessary inbound and outbound rules are in place to allow the traffic to flow between the vWAN hubs, SDWAN gateways, and on-premises VMs.
- Use Azure Network Watcher:
- Utilize Azure Network Watcher to diagnose and troubleshoot the network issues. You can use tools like IP flow verify, next hop, and connection troubleshoot to identify where the traffic is being dropped.
- Review Routing Policies:
- Ensure that the routing policies in the vWAN hubs are correctly configured. You can set up routing intent and routing policies to control the traffic flow.
