Greetings.
Wrt, "can you advise if I configure my NVA's as Active-Active, how will the vhub understand that, and in case if it receives traffic from NVA-1, how to make sure the vhub will only forward the traffic to the required destination vnet and not send it back to NVA-2, which could be a routing issue."
- Azure platform doesn’t guarantee symmetry - a single flow can have inbound come on instance0 and outbound return on instance1.
- For scenarios where the two NVA instances are advertising the same route with the same priority,
- Make sure stateful inspection on the NVA or related firewalls is turned off or
- Asymmetric forwarding is turned on.
- Asymmetric forwarding is turned on.
- Make sure stateful inspection on the NVA or related firewalls is turned off or
- If stateful firewall is required consider active-passive set ups or having one nva instance advertise a route of higher priority for active-active purposes.
- i.e., you still get high availability but one NVA instance is preferred over the other unless this instance becomes unavailable.
Hope this helps.
Cheers,
Kapil
Please Accept an answer if correct.
Original posters help the community find answers faster by identifying the correct answer.