Exporting static route between virtual hubs

LAUNAY Pascal 20 Reputation points
2023-12-06T21:10:47.5166667+00:00

Hi,

We plan to deploy a network topology with three levels :

  • first (top) level with a virtual wan and 2 virtual hubs, for two main Organisation Units,
  • second level with 6 « second level » hubs, each one acting as a hub for a specific business unit, BU1 BU2 BU3 are attached to vHub1, BU4, BU5, BU6 hubs are attached to vHub2.
  • Third level with spokes, BU1 spokes connected to BU1 hub, and so on.

There’s a aZFW in each second level hub. This FW is the default gateway configured with an UDR in every spoke attached to that hub.

There’s no FW in the top level vHUBs. They only route traffic between each other (vHUB to vHUB).

Each top level vHUB learns the « vnet » routes from the second level hubs attached to them. But they can’t learn dynamically the routes to the spokes ‘hidden’ behind the second level hubs. That’s no big deal because all spokes behind a hub are part of a big CIDR prefix. So, we can configure on the top level vHUB a static route (for instance 10.1.0.0/17) toward the second level hub firewall to route traffic to the spokes under that hub, as their subnets are all part of the big CIDR prefix allocated to their « tree ».

Inside each vhub <-> hubs <-> spokes « tree » routing is fine.

But then we want vhub1 and vhub2 to advertise to each other CIDR prefixes that we configured as static routes, and we can’t find a way to make it work.

There’s 2 places in the Virtual wan configuration where static route propagation can be configured (vwan -> vnet and vHUBs -> routing table), but none of them is working.

So we haven’t found any way to exchange our static routes (aka « redistribute static ») between vHUBs in a virtual WAN. I’ve find a 2021 article talking about that, and the conclusion was that, at that time, it wasn’t possible.

https://functions.dk/azure-vwan-static-routing-and-dmz/

I hope my explanation was clear, and hopefully someone could help us with this problem.

Thanks,

Pascal

Azure Virtual WAN
Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
197 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,260 questions
Accepted answer
  1. KapilAnanth-MSFT 39,366 Reputation points Microsoft Employee
    2023-12-12T13:18:24.9133333+00:00

    @LAUNAY Pascal

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    From your verbatim,

    • I see you have enabled static routes between the Level1vHub1 and Level1vHub2 - Let me know if this is incorrect.
    • In Level2, are you using a VNET acting as Hub

    This looks exactly like the

    User's image

    In this case, we must make sure the configurations are made according to : Route traffic through an NVA in vWAN.

    You informed us you were able to configure it with propagation and association options in vHUB and in VWAN/connections .

    • When the connection learns a route from a VPN, ExpressRoute, or P2S connection) , Propagation dynamically propagate routes to a route table
      • i.e, the Connection advertises routes to the Route Table
    • When the connection is Associated to a route table, this allows the traffic to be sent to the destination indicated as routes in the route table
      • i.e, the Connection learns routes from the Route Table

    Hope that helps.

    Thanks,

    Kapil

    Please Accept an answer if correct.

    Original posters help the community find answers faster by identifying the correct answer.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest