Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to route all Internet traffic from OnPrem to Azure NVA via ExpressRoute.
- I wouldn't recommend this as a good practice.
- Internet Routing via Azure is supported out of the box with Azure vWAN only See : How to configure Virtual WAN Hub routing intent
- With stand alone ExR Gateway - this is a complex set up and we do not have any documentations for this architecture.
With that said,
- Azure Route Server (ARS) is not optional - it is mandatory to achieve this
- With this you can achieve BGP with your NVA and ARS (not with ExR Gateway directly)
- The ARS, will further establish BGP with the ExR Gateway See : Azure Route Server support for ExpressRoute.
- Your NVA should advertise 0.0.0.0/0 (break this into two as 0.0.0.0/1 and 128.0.0.0/1) to ARS
- ARS will "Inject the routes" to Spokes and Branches.
- See : Connectivity to on-premises through virtual network gateways
I came across this blog which is your exact requirement : https://blog.cloudtrooper.net/2021/03/16/azure-as-internet-breakout-from-on-premises-with-route-server/
- I strongly advice you to do a test configuration / POC before moving to Production.
- You can use a dummyVNET with dummyVM and dummyExRGateway and connect it to the ExR Circuit
- Deploy NVA and ARS in this VNET and advertise 8.8.8.8/32 (or any Public IP) only
- Check if the traffic to 8.8.8.8/32 from OnPrem actually reaches internet via the NVA in Azure or not.
Again, consider using Virtual WAN Hub routing intent and routing policies
Hope this helps.
Cheers,
Kapil