Share this post on:

Introduction

Vnet peering is a great way of connecting two separate Vnets with a low latency link over Azure’s backbone.

Setup

2 Vnets in separate region, eBGP between the sites and IPSec tunnel between on-prem and Azure Vnet in UK South.

Configure Peer Link to allow router propagation

az network vnet peering update -g MyResourceGroup -n MyVnet1ToMyVnet2 --vnet-name MyVnet1 --set allowGatewayTransit=true

Result

On-prem firewall learns all routes from VNET in UK South and UK West:

asa01-croxdengardens# sh bgp  | i 10.0.1.254
*> 10.0.0.0/16      10.0.1.254                         0  65001 i
*> 10.0.1.254/32    0.0.0.0              0         32768  ?
*> 10.3.0.0/16      10.0.1.254                         0  65001 i
*> 10.4.0.0/16      10.0.1.254                         0  65001 i
*> 172.17.0.0       10.0.1.254                         0  65001 i

Leave a Comment

Your email address will not be published. Required fields are marked *