Azure Route Server

Azure Route Server simplifies network virtual appliance (NVA) deployment and management within Azure. It enables seamless peering between your Azure virtual networks and your on-premises network via Azure ExpressRoute or VPN, without requiring complex routing configurations.

This documentation provides comprehensive guidance on understanding, deploying, configuring, and managing Azure Route Server for your networking needs.

Overview

Azure Route Server is a fully managed service that automates the exchange of routes between Azure VPN Gateway, Azure ExpressRoute, and network virtual appliances (NVAs) deployed in your virtual network. It uses the Border Gateway Protocol (BGP) to advertise routes and learn routes from connected networks.

By leveraging Route Server, you can:

  • Reduce the complexity of network routing.
  • Enable dynamic route propagation.
  • Support high availability for NVAs.
  • Integrate NVAs into your Azure networking fabric.

Key Benefits

  • Simplified NVA Integration: Easily connect your NVAs (like firewalls, WAN optimizers) to Azure.
  • Automated Route Exchange: Dynamically exchanges routes between ExpressRoute, VPN Gateway, and NVAs using BGP.
  • Reduced Operational Overhead: Eliminates the need for manual route configuration and management on NVAs.
  • Scalability and High Availability: Built on Azure's resilient infrastructure, offering scalability and fault tolerance.
  • Centralized Routing Control: Provides a single point of control for routing between different network segments.

Core Features

  • BGP peering with NVAs, ExpressRoute, and VPN Gateway.
  • Support for IPv4 and IPv6 routes.
  • Automatic route advertisement and learning.
  • Integration with Azure Virtual WAN for hub-and-spoke architectures.
  • Redundant and highly available architecture.

Common Use Cases

  • Centralized Firewalling: Deploy a third-party firewall NVA to inspect all traffic between VNets and on-premises networks.
  • Branch Connectivity: Connect multiple branch offices via ExpressRoute or VPN to your Azure environment, with Route Server managing routing.
  • Hybrid Cloud Networking: Seamlessly extend your on-premises network into Azure, facilitating hybrid cloud deployments.
  • Network Segmentation: Implement granular network segmentation policies by routing traffic through specific NVAs.

Architecture Overview

Azure Route Server operates within a virtual network. It establishes BGP peerings with the network interfaces of your NVAs, as well as with Azure's ExpressRoute and VPN Gateway services. When an NVA is connected to Route Server, it receives routes from Azure and advertises its own routes to Azure, and vice-versa.

Azure Route Server Architecture Diagram

Diagram illustrating Route Server connection between NVAs, ExpressRoute, and VPN Gateway.

Deployment Steps

Deploying Azure Route Server involves the following high-level steps:

  1. Create a Virtual Network: Ensure you have an Azure virtual network.
  2. Deploy Network Virtual Appliances (NVAs): Deploy your chosen NVAs (e.g., firewalls) in a dedicated subnet within the virtual network.
  3. Configure NVA BGP: Configure your NVAs to establish BGP peering with Route Server.
  4. Create Route Server: Deploy Azure Route Server in its own dedicated subnet within the same virtual network.
  5. Configure Peers: Associate your NVAs, ExpressRoute circuits, and VPN Gateways with the Route Server.

For detailed instructions, please refer to the official Azure documentation on deploying Route Server.

Configuration Best Practices

Key configuration aspects include:

  • ASN Allocation: Use unique Autonomous System Numbers (ASNs) for Route Server and your NVAs.
  • IP Address Allocation: Ensure sufficient IP address space for Route Server and its subnets.
  • BGP Route Advertisement: Configure which routes are advertised from your NVA and from Azure to your NVA.
  • ExpressRoute and VPN Gateway Integration: Link your existing ExpressRoute circuits and VPN Gateways to the Route Server.

Example BGP Configuration Snippet (Conceptual)


# On NVA (e.g., firewall)
router bgp 65001
 neighbor 10.0.0.5 remote-as 8075  # Route Server IP and ASN
 address-family ipv4 unicast
  network 192.168.1.0/24           # Advertise your network
 exit-address-family
!

# On Azure Route Server (conceptual representation of what it peers with)
# Azure manages this internally, but shows the peering establishment.
# Peer IP: 10.0.0.4 (NVA Interface)
# Remote ASN: 65001 (NVA ASN)
# Local ASN: 8075 (Route Server ASN)

Monitoring and Diagnostics

Monitor the health and performance of your Azure Route Server using Azure Monitor. Key metrics include:

  • BGP neighbor status.
  • Route counts.
  • Network traffic statistics.

Utilize Azure Network Watcher for advanced diagnostics and traffic analysis.

Troubleshooting Common Issues

Note: Ensure that BGP peering is successfully established between Route Server and your NVAs. Check firewall rules to ensure UDP port 179 is open for BGP communication.

If routes are not propagating as expected:

  • Verify BGP configurations on both Route Server and NVAs.
  • Check route tables in both Azure and your on-premises network.
  • Ensure that the correct ASNs are configured.
  • Confirm that NVAs are in the correct subnet and have BGP enabled.

Pricing Information

Azure Route Server is a managed service. Pricing is typically based on the hours the service is provisioned and the amount of data processed. For the most up-to-date pricing details, please consult the Azure Route Server pricing page.