Forum Discussion
VPN Gateway - BGP AS PATH - Steer which VPN tunnel traffic will flow form Azure to OnPrem
Can anyone confirm whether in the topology that Microsoft calls "Active-active VPN gateways" we can steer which VPN tunnel is utilized using AS PATH? Or is it by definition active/active, meaning we can't avoid utilizing both tunnels simultaneously and probably we have to deal with asymetric routing?
MS article about different topologies:
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#activeactiveonprem
My findings:
Because the Azure gateway instances are in active-active configuration, the traffic from your Azure virtual network to your on-premises network will be routed through both tunnels simultaneously, even if your on-premises VPN device might favor one tunnel over the other.
However, according to the Microsoft FAQ about BGP:
Yes, Azure VPN gateway honors AS Path prepending to help make routing decisions when BGP is enabled. A shorter AS Path is preferred in BGP path selection.
Your findings are correct. Configuring AS-path on the on-premise will give priority to one tunnel over the other (I.e primary, secondary). And if maintenance is done on the Azure gateway and the primary tunnel is done then traffic will be routed to the secondary tunnel.
