VWAN HUB2 does not distribute Branch routes to directly connected VNETs when Branch is connected to S2S VPN GW in VWAN HUB1

Question

Hi!
A simplified topology is below:

When all VPN links are up both HUBs and both VNETs are receiving routes from DC1 and DC2.
If I bring the HUB02--DC2 tunnel down the USEast2 VNET loses all DC1/2 routes although both HUB01 and HUB02 have DC routes in their default route table.
If I bring the HUB01--DC1 tunnel down the US Central VNET will lose DC routes.
So it seems that S2S VPN Branch routes are not propagated to VNETs connected to the remote HUB.
Is this an expected behavior or I have something misconfigured?
If this is a known limitation - would the same limitation apply to Express Route links as well?
Thank you,
Lev

Answer 1

Hi @LevS ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
From your case verbatim, we understand that you are trying to achieve Branch to Branch connectivity with Azure vWAN.

Per your architecture,

• If HUB02--DC02 connection is down, USEast2 VNet
• Should definitely have access to DC01.
• It may have connectivity to DC2. The traffic should flow via HUB02--HUB01--DC01--DC02 provided BGP routes are properly propagating.

Refer: Hub-spoke network topology with Azure Virtual WAN

Later, you informed that you are having multiple Route Tables, each associated with different VNets.
You were also able to make this work by adding the appropriate routes to the Route Tables.

I am glad the issue is resolved.
Thank you for leveraging Microsoft Q&A community

Cheers,
Kapil.

----------------------------------------------------------------------------------------------------------------

Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.