Azure VMware Solution: Connect AVS and Site-to-Site VPN On-Premises Location
Use Case
There are two general scenarios which connect on-premises to Azure, ExpressRoute or Site-to-Site VPN. If site-to-site VPN is setup from on-premises to facilitate communication between the AVS private cloud and the on-premises environment(s) Azure Route Server will need to be setup in the same Virtual Network where the AVS private cloud connects, and the Site-to-Site VPN connects. Once Route Server is setup and configured both the on-premises sites and AVS will be able to communicate with each other.
General Information
- The assumption here is that AVS is connected to the same virtual network where the site-to-site VPN connects.
- Azure Route Server will facilitate communication by sharing via BGP w/ the VPN Gateway and the ExpressRoute Gateway.
- IMPORTANT: Azure VPN gateway must be configured in active-active mode and have the ASN set to 65515.
Implementation and Configuration
- In the Virtual network where the AVS ExpressRoute and Site-to-Site VPN are connected create a subnet called RouteServerSubnet. The subnet must be /27 or larger.
For instructions on how to create a subnet see this link; https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-subnet#add-a-subnet
- Log into the Azure portal and search for Route Server, choose Create.
- Input the configuration parameters, the critical item is the Virtual Network, make sure to choose the virtual network where the RouteServerSubnet was created. Then choose RouteServerSubnet for the Subnet configuration.
Move to the next screen, configure any Tags, then deploy.
Deployment may take 15-20 minutes.
- In the configuration screen change Branch-to-branch to Enabled, then press Save.