Azure : What the BGP is going on there?

Introduction

Something I had on my to-do for a while now was to post a proof-of-concept to you guys/gals about what BGP on Azure can entail… Now some of you might go; “BGP? What the hell is that?!?”. Check out the following “CBT Micro Nugget” as it is a nice high level description of what BGP is.

 

So why should you care? BGP can offer you a way to deal with advanced routing paths. This in turn can deliver resiliency to your business.

 

Proof-of-Concept Design

For today, we’ll be building the following setup ; kvaes-azure-networking-bgp-resiliency

This will consist of the following components ;

  • Four virtual networks ; VNET001, VNET002, VNET003 & VNET004
  • Each VNET will have its own VPN Gateway. We’ll enable BGP on the VPN Gateway and give it its own (unique for, and private to, our deployment) ASN & peering address. The VPN Gateway will be set to “RouteBased”-routing and we’ll use a “Standard” SKU.
  • Each VPN Gateway will have two connections towards the “previous” and “next” gateway. The keys per connection pair will be set to the same key and we’ll also enable BGP on the connection.
  • We’ll deploy two systems into this PoC setup
    • System001 will reside in VNET001
    • System004 will reside in VNET004

 

To test our setup, we’ll execute the following scenario ;

  • Connect from system001 to system004 whilst our ring is complete =>the green path will be followed
  • Connect from system001 to system004 whilst having deleted the connections between VPNGW001 & VPNGW004 => the yellow path will be followed

Continue reading “Azure : What the BGP is going on there?”