VPN Gateway – BGP AS PATH – Steer which VPN tunnel traffic will flow form Azure to OnPrem
Can anyone confirm whether in the topology that Microsoft calls “Active-active VPN gateways” we can steer which VPN tunnel is utilized using AS PATH? Or is it by definition active/active, meaning we can’t avoid utilizing both tunnels simultaneously and probably we have to deal with asymetric routing?
MS article about different topologies:
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#activeactiveonprem
My findings:
Because the Azure gateway instances are in active-active configuration, the traffic from your Azure virtual network to your on-premises network will be routed through both tunnels simultaneously, even if your on-premises VPN device might favor one tunnel over the other.
However, according to the Microsoft FAQ about BGP:
Yes, Azure VPN gateway honors AS Path prepending to help make routing decisions when BGP is enabled. A shorter AS Path is preferred in BGP path selection.
Can anyone confirm whether in the topology that Microsoft calls “Active-active VPN gateways” we can steer which VPN tunnel is utilized using AS PATH? Or is it by definition active/active, meaning we can’t avoid utilizing both tunnels simultaneously and probably we have to deal with asymetric routing? MS article about different topologies:https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#activeactiveonprem My findings:Because the Azure gateway instances are in active-active configuration, the traffic from your Azure virtual network to your on-premises network will be routed through both tunnels simultaneously, even if your on-premises VPN device might favor one tunnel over the other. However, according to the Microsoft FAQ about BGP:Yes, Azure VPN gateway honors AS Path prepending to help make routing decisions when BGP is enabled. A shorter AS Path is preferred in BGP path selection. Read More