Azure to use iBGP connection for Express Routes

Kamalasen Reddy 0 Reputation points
2024-01-24T08:21:41.6433333+00:00

Good Day, I would like your expertise advise on the Express Route Gateway configuration. Currenlty there is On-Prem firewall that has an EBGP connection/establishment to the Azure Express route gatewy. Since Azure has two VR we woull like to creat a second EBGP connectivity for redunacy.The issue we have is is that the firewall can not use the same AS Number to establish the EBGP , as eBGP does not allow routes with its own AS number in the AS Path. Hence the question to be posed if iBGP can be used instead. Regards Kamlin

Azure ExpressRoute
Azure ExpressRoute
An Azure service that provides private connections between Azure datacenters and infrastructure, either on premises or in a colocation environment.
340 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 49,006 Reputation points Microsoft Employee
    2024-01-25T12:43:02.71+00:00

    Hello @Kamalasen Reddy ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you would like to setup a secondary private peering link between Azure and your on-premises using the existing ExpressRoute setup, but your on-premises Firewall cannot use the same AS Number to establish the EBGP. So, you would like to know if iBGP can be used instead.

    No, iBGP (internal Border Gateway Protocol) is typically used within an autonomous system (AS) to exchange routing information between routers within the same network. iBGP is not used for establishing peering connections between different autonomous systems, and it is not suitable for configuring private peering connections to on-premises from Azure ExpressRoute.

    For Azure ExpressRoute, Microsoft recommends using External BGP (eBGP) for establishing peering connections between on-premises networks and the Azure network. eBGP is designed for routing information exchange between different autonomous systems, making it a more suitable choice for connecting your on-premises network to Azure.

    Direct EBGP peerings are established between Customer Equipment (CE/Routers) and MSEE (Microsoft Enterprise Edge Routers). ExpressRoute does not support router redundancy protocols such as hot standby routing protocol (HSRP) and virtual router redundancy protocol (VRRP) to implement high availability.

    Instead, it uses a redundant pair of BGP sessions per peering. To facilitate highly-available connections to your network, Azure provisions you with two redundant ports on two routers (part of the Microsoft edge) in an active-active configuration.

    • If you're using a layer 2 connection, deploy redundant routers in your on-premises network in an active-active configuration. Connect the primary circuit to one router, and the secondary circuit to the other. This will give you a highly available connection at both ends of the connection.
    • If you're using a layer 3 connection, verify that it provides redundant BGP sessions that handle availability for you.

    User's image

    Refer: https://video2.skills-academy.com/en-us/azure/expressroute/expressroute-config-samples-routing#set-up-ebgp-sessions

    https://video2.skills-academy.com/en-us/azure/expressroute/expressroute-troubleshooting-expressroute-overview#validate-peering-configuration

    https://video2.skills-academy.com/en-us/azure/architecture/reference-architectures/hybrid-networking/expressroute#availability

    https://video2.skills-academy.com/en-us/azure/expressroute/expressroute-routing

    https://video2.skills-academy.com/en-us/azure/expressroute/designing-for-high-availability-with-expressroute

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please don’t forget to "Accept the answer" wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.