Configure Azure Virtual WAN Route Server

This article guides you through the steps to configure Azure Route Server within your Virtual WAN environment.

On this page

Introduction

Azure Route Server simplifies the process of routing network traffic between your Virtual WAN hub and your network appliances, such as firewalls or other network virtual appliances (NVAs). It automates the exchange of routes using Border Gateway Protocol (BGP) without requiring manual configuration of BGP sessions on the hub.

Route Server is ideal for scenarios where you need to peer with multiple network virtual appliances or want to leverage dynamic routing for complex network topologies.

Prerequisites

  • An Azure subscription.
  • An existing Azure Virtual WAN deployment.
  • A Virtual WAN hub created within your Virtual WAN.
  • Network virtual appliances (NVAs) that support BGP peering. These NVAs should be deployed in your Virtual WAN hub or in a connected network.
  • Basic understanding of BGP concepts and networking.

Configuration Steps

Follow these steps to configure Azure Route Server for your Virtual WAN hub.

Step 1: Create a Route Server

You can create a Route Server through the Azure portal, Azure CLI, or Azure PowerShell.

Using Azure Portal:

  1. Navigate to your Virtual WAN resource in the Azure portal.
  2. Under the Hubs section, select your target hub.
  3. In the hub's menu, select Route Server.
  4. Click on + Create Route Server.
  5. Provide the required information:
    • Route server name: A unique name for your Route Server.
    • Public IP address: A public IP address for the Route Server. You can use an existing one or create a new one.
    • ASN: The Autonomous System Number (ASN) for the Route Server. Azure typically uses 65515, but you can choose a private ASN.
    • Virtual hub IP address: A private IP address for the Route Server within the hub's address space.
  6. Click Review + create, then Create.

Using Azure CLI:

az network virtual-hub route-server create \
    --name MyRouteServer \
    --hub-name MyHub \
    --resource-group MyResourceGroup \
    --public-ip-address MyPublicIp \
    --asn 65515 \
    --virtual-hub-ip "10.0.0.5/24" \
    --location westus2 \
    --sku Standard

Note: Replace placeholders like MyRouteServer, MyHub, MyResourceGroup, MyPublicIp, and IP addresses with your actual values.

Step 2: Configure BGP Peering with NVAs

Once the Route Server is deployed, you need to establish BGP peering with your network virtual appliances.

Azure Portal:

  1. Navigate to the Route Server resource you just created.
  2. Under Settings, select Peerings.
  3. Click on + Add peer.
  4. Configure the peer details:
    • Name: Name of the BGP peer (e.g., your firewall name).
    • BGP peering IP address: The IP address of your NVA's BGP interface.
    • Peer ASN: The ASN of your NVA.
    • Connection type: Select the type of connection (e.g., VPN, ExpressRoute, or NVA). For NVAs directly connected, select NVA.
  5. Click Add.

Repeat this process for each NVA you want to peer with.

Azure CLI:

az network virtual-hub route-server peer create \
    --name MyNvaPeer \
    --route-server-name MyRouteServer \
    --hub-name MyHub \
    --resource-group MyResourceGroup \
    --peer-ip 10.0.0.6 \
    --peer-asn 65501 \
    --connection-type NVA

Note: Ensure the NVA is configured to advertise routes and establish BGP sessions with the Route Server's IP and ASN.

Verification

After configuring the Route Server and its peers, verify that BGP sessions are established and routes are being exchanged correctly.

Using Azure Portal:

  1. Navigate to your Route Server resource.
  2. Under Settings, select Peerings. You should see the status of your BGP peers.
  3. Navigate to your Virtual WAN hub.
  4. Under Connected devices, you should see your NVAs listed.
  5. Check the routes advertised to and received from your NVAs.

Using Azure CLI:

az network virtual-hub route-server peer list \
    --route-server-name MyRouteServer \
    --hub-name MyHub \
    --resource-group MyResourceGroup \
    --output table

You can also check routes within the hub's routing tables, accessible via the hub's properties or by using more advanced CLI commands.

Key Considerations

  • NVA Deployment: NVAs must be deployed in the same hub or a connected network that can reach the hub.
  • ASN Uniqueness: Ensure the ASNs used for your NVAs are unique and do not conflict with Azure's internal ASNs.
  • IP Addressing: The Route Server uses private IP addresses within the hub's address space. Ensure there are no IP conflicts.
  • Route Propagation: Configure route propagation settings on your Virtual WAN hub to ensure routes learned by the Route Server are advertised to other connections (e.g., VPN sites, ExpressRoute circuits).
  • SKU: Azure Route Server comes in different SKUs (e.g., Standard). Ensure you select the appropriate SKU for your performance needs.
  • Firewall Rules: Ensure any network security groups or firewalls between your NVAs and the Route Server allow BGP traffic (TCP port 179).