Azure Virtual WAN Route Server

The Azure Virtual WAN Route Server allows you to simplify your network routing by enabling dynamic routing between your virtual networks and on-premises networks through a virtual hub. It acts as a managed BGP router within your Virtual WAN hub.

Note: Route Server is a feature of Azure Virtual WAN. It is designed to facilitate dynamic routing in complex network topologies, especially when integrating with Network Virtual Appliances (NVAs) or third-party routing solutions.

Key Features and Benefits

Dynamic Routing: Enables dynamic route exchange using BGP between connected network resources.
Simplified Connectivity: Eliminates the need to manage individual routers or complex routing configurations across your network.
Integration with NVAs: Seamlessly integrates with Network Virtual Appliances (e.g., firewalls, load balancers) deployed in your Virtual WAN hub for advanced traffic inspection and control.
Scalability: Inherits the scalability and reliability of Azure Virtual WAN.
Centralized Management: Route Server configurations are managed centrally within the Virtual WAN hub.

How Route Server Works

Route Server operates within the Virtual WAN virtual hub. When you enable Route Server, it establishes BGP peering sessions with the following:

Connected Virtual Networks: It learns routes from connected VNets and advertises them to other connected networks.
On-premises VPN/ExpressRoute connections: It exchanges routes with your on-premises environments.
Network Virtual Appliances (NVAs): If you deploy NVAs in the hub, Route Server can peer with them to exchange routes, allowing the NVAs to participate in the routing decisions.

Route Server dynamically learns routes and propagates them to the appropriate route tables within the virtual hub, ensuring optimal path selection for traffic flow.

Route Server and Route Tables

Route Server plays a crucial role in managing and distributing routes within the Virtual WAN hub. It influences the routes present in the hub's route tables:

Routes learned via BGP from connected VNets or on-premises devices are advertised to the Route Server.
The Route Server then processes these routes and, based on its routing logic and peering relationships, injects them into the relevant hub route tables.
Connections (VNet, VPN, ExpressRoute) in the hub are associated with specific route tables, determining which routes they will receive.

Enabling Route Server

You can enable Route Server when you create a Virtual WAN hub or configure it on an existing hub. The process typically involves:

Navigating to your Virtual WAN hub in the Azure portal.
Finding the "Route Server" configuration.
Enabling the feature and configuring BGP ASN (Autonomous System Number).

Once enabled, you'll need to configure peering connections (like VNet connections or VPN/ExpressRoute connections) to utilize the routes managed by the Route Server.

Example Configuration (Conceptual)

Below is a conceptual example of how Route Server might be involved in advertising routes:

Conceptual Route Advertisement


# Azure CLI Example (Conceptual)

# Assume a virtual hub named 'myVirtualHub' in resource group 'myResourceGroup'
# Assume a VNet connection named 'myVnetConnection' to a VNet with address space 10.1.0.0/16

# When Route Server is enabled, it automatically establishes BGP sessions.
# Routes from 'myVnetConnection' will be learned by Route Server.

# Route Server then advertises these learned routes to other connections
# associated with the hub's route tables.

# For instance, to a VPN connection named 'myVpnConnection'
# You would configure 'myVpnConnection' to receive routes from the hub's
# default route table or a custom route table influenced by Route Server.

# The routes advertised by Route Server will typically include:
# - Prefixes from connected VNets
# - Prefixes from on-premises networks via VPN/ExpressRoute
# - Prefixes learned from NVAs peered with Route Server

# Example of routes that might be learned by a connected device:
# {
#   "name": "RouteFromVNet",
#   "properties": {
#     "nextHopType": "VirtualAppliance", # or VnetGateway, etc.
#     "nextHopIpAddress": "10.0.0.4",  # IP of the NVA or Gateway
#     "routeTable": "Default"
#   }
# }

Considerations

Route Server requires BGP to be enabled.
Ensure your on-premises devices and NVAs are configured to support BGP peering with Route Server.
Understand how routes are propagated through route tables to ensure traffic flows as expected.

Important: Route Server is not a replacement for a full-fledged firewall NVA. It's a routing component. For network security, deploy dedicated NVAs alongside Route Server.