How to send traffic from a spoc (Hub and Spoc topology) to workload behind NVA present in 3rd party connected via Express route which only broadcast the NVA subnet range

Question

Hi,
In my scenario -

From Azure Spoc, we are trying to reach workload for example (10.129.31.35) present behind a NVA hosted in a 3rd party system which is connected to Azure Hub vnet via Express route to Azure and broad cast only NVA's subnet range 10.129.31.0/27.

The overall subnet block 3rd party system have for example 10.129.31.0/24

In this scenario I want to implement a rule i.e. if from any spoc request sent to 10.129.31.0/24 next hop address will be NVA's subnet range 10.129.31.0/27 broadcasted via express route.

Flow is like -

SPOC subnet -> Firewall -> Hub Exr gateway -> NVA (3rd party system) -> workload

What is the best possible way to achieve this? Do I need to create specific UDR?

Answer

@Mukherjee, Aniket

Thank you for reaching out.

I understand you wish to establish the connectivity in this manner.SPOC subnet -> Firewall -> Hub Exr gateway -> NVA (3rd party system) -> workload

Yes you will need to create UDR to establish this connectivity. Before I suggest the required routes in this scenario

Can you share a network diagram of your set-up? As it will help suggest if any other configuration is required apart from configuring the routes.

For a typical set-up like this the routes would be configured as described here by colleague Gita.

Thanks

Share via

How to send traffic from a spoc (Hub and Spoc topology) to workload behind NVA present in 3rd party connected via Express route which only broadcast the NVA subnet range

1 answer

Your answer