BGP Routing Path

Question

BGP Routing Path

Handian Sudianto 6,541

Active active mode in the VPN Gateway set to enabled, this mean Azure will have 2 BGP Peer IP and 2 VPN Public IP.

Azure BGP Peer IP : 10.201.0.4 and 10.201.0.5

I also have 2 local connection from VGW to my onpremises using 2 different internet connection.

Onprem BGP Peer IP : 10.201.0.101 and 10.201.0.201

BGP Peer 10.201.0.101 connected to 10.201.0.4 and BGP Peer 10.201.0.201 connected to 10.201.0.5

So in this picture we can see there are another 2 BGP with status connecting. 10.201.0.101 to 10.201.0.5 and 10.201.0.201 to 10.201.0.4.

Can i know if this configuration is right for active active mode?

User's image

Ganesh Patapati 10,385 Reputation points Microsoft External Staff Moderator

2025-03-18T08:56:34.7833333+00:00

Hello Handian Sudianto

Can you please update us if the action plan provided by was helpful?

If above is unclear and/or you are unsure about something add a comment below.

Should there be any follow-up questions or concerns, please let us know and we shall try to address them.
Ganesh Patapati 10,385 Reputation points Microsoft External Staff Moderator

2025-03-18T18:02:10.8433333+00:00

Hello Handian Sudianto

Can you please update us if the action plan provided by was helpful?

If above is unclear and/or you are unsure about something add a comment below.

Should there be any follow-up questions or concerns, please let us know and we shall try to address them.
Ganesh Patapati 10,385 Reputation points Microsoft External Staff Moderator

2025-03-19T10:27:03.8633333+00:00

Hello Handian Sudianto

Can you please update us if the action plan provided by was helpful?

If above is unclear and/or you are unsure about something add a comment below.

Should there be any follow-up questions or concerns, please let us know and we shall try to address them.
Ganesh Patapati 10,385 Reputation points Microsoft External Staff Moderator

2025-04-02T13:09:30.86+00:00

Hello Handian Sudianto

Thank you for your valuable time.

please don’t forget to close the thread by clicking Accept the answer wherever the information provided helps you, as this can be beneficial to other community members.

1 answer

Your answer

Ganesh Patapati 10,385 Reputation points Microsoft External Staff Moderator

2025-03-18T08:56:34.7833333+00:00

Hello Handian Sudianto

Can you please update us if the action plan provided by was helpful?

If above is unclear and/or you are unsure about something add a comment below.

Should there be any follow-up questions or concerns, please let us know and we shall try to address them.
Ganesh Patapati 10,385 Reputation points Microsoft External Staff Moderator

2025-03-18T18:02:10.8433333+00:00

Hello Handian Sudianto

Can you please update us if the action plan provided by was helpful?

If above is unclear and/or you are unsure about something add a comment below.

Should there be any follow-up questions or concerns, please let us know and we shall try to address them.
Ganesh Patapati 10,385 Reputation points Microsoft External Staff Moderator

2025-03-19T10:27:03.8633333+00:00

Hello Handian Sudianto

Can you please update us if the action plan provided by was helpful?

If above is unclear and/or you are unsure about something add a comment below.

Should there be any follow-up questions or concerns, please let us know and we shall try to address them.
Ganesh Patapati 10,385 Reputation points Microsoft External Staff Moderator

2025-04-02T13:09:30.86+00:00

Hello Handian Sudianto

Thank you for your valuable time.

please don’t forget to close the thread by clicking Accept the answer wherever the information provided helps you, as this can be beneficial to other community members.

Answer 1

Ganesh Patapati 10,385 Microsoft External Staff Moderator

Hello Handian Sudianto

image (47) As per the above screenshot, you have created two BGP connections between Azure's two public IPs and two on-prem IPs, which are shown as connected in the green lines. However, you have not created cross-redundancy BGP sessions between Azure BGP peer (10.201.0.4) and on-prem BGP peer (10.201.0.201), and Azure BGP peer (10.201.0.5) and on-prem BGP peer (10.201.0.101), resulting in a connecting state as shown in the violet lines.

NOTE: If you want dual redundancy active-active mode, you need to setup full mesh connectivity of four IPsec tunnels between your Azure virtual network gateway and you're on-premises network.

Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/about-active-active-gateways#dual-redundancy-active-active-mode-design

In active-active mode, each Azure VPN Gateway instance has a unique public IP address and BGP peer IP. Both instances establish independent IPsec/IKE S2S VPN tunnels to your on-premises VPN devices. This ensures high availability and load balancing.

Your setup with two on-premises BGP peers (10.201.0.101 and 10.201.0.201) connecting to two Azure BGP peers (10.201.0.4 and 10.201.0.5) is correct. However, the additional "connecting" BGP sessions (10.201.0.101 to 10.201.0.5 and 10.201.0.201 to 10.201.0.4) might indicate that the on-premises devices are attempting to establish redundant connections to both Azure instances. This is expected behavior in active-active mode, as Azure supports multiple BGP sessions for redundancy.

I hope this has been helpful!

If above is unclear and/or you are unsure about something add a comment below.

please don’t forget to close the thread by clicking Accept the answer wherever the information provided helps you, as this can be beneficial to other community members. Accepted answer

Ganesh Patapati 10,385 Reputation points Microsoft External Staff Moderator

2025-03-19T19:42:12.27+00:00

Hello Handian Sudianto

I hope this has been helpful!

If above is unclear and/or you are unsure about something add a comment below.

please don’t forget to close the thread by clicking Accept the answer wherever the information provided helps you, as this can be beneficial to other community members.
Handian Sudianto 6,541 Reputation points

2025-03-20T04:06:19.6733333+00:00

hi @Ganesh Patapati

Sorry for my late respond. When I try to add additional connection to make the topology in full mesh, is needed onprem public ip must different?

Example in VPN public ip1 have 2 connections, should we use different public ip because i test create another local network gateway and associate this LNG to the VGW i got this error
Ganesh Patapati 10,385 Reputation points Microsoft External Staff Moderator

2025-03-20T13:20:29.74+00:00

Hello Handian Sudianto

In order to achieve Full mesh topology, you must have 2 different IPs at On-prem end.

In this type of configuration, you set up the Azure VPN gateway in an active-active configuration. You create two local network gateways and two connections for your two on-premises VPN devices. The result is a full mesh connectivity of 4 IPsec tunnels between your Azure virtual network and you're on-premises network.

If above is unclear and/or you are unsure about something add a comment below.

please don’t forget to close the thread by clicking Accept the answer wherever the information provided helps you, as this can be beneficial to other community members.
Ganesh Patapati 10,385 Reputation points Microsoft External Staff Moderator

2025-03-20T18:03:02.92+00:00

Hello Handian Sudianto

If above is unclear and/or you are unsure about something add a comment below.

please don’t forget to close the thread by clicking Accept the answer wherever the information provided helps you, as this can be beneficial to other community members.
Ganesh Patapati 10,385 Reputation points Microsoft External Staff Moderator

2025-03-21T08:54:45.5466667+00:00

Hello Handian Sudianto

If above is unclear and/or you are unsure about something add a comment below.

please don’t forget to close the thread by clicking Accept the answer wherever the information provided helps you, as this can be beneficial to other community members.
Ganesh Patapati 10,385 Reputation points Microsoft External Staff Moderator

2025-03-21T16:40:44.9466667+00:00

Hello Handian Sudianto

If above is unclear and/or you are unsure about something add a comment below.

please don’t forget to close the thread by clicking Accept the answer wherever the information provided helps you, as this can be beneficial to other community members.
Ganesh Patapati 10,385 Reputation points Microsoft External Staff Moderator

2025-03-24T10:17:45.2733333+00:00

Hello Handian Sudianto

Thank you for your valuable time.

In order to close your thread, I need your confirmation of acceptance.

If above is unclear and/or you are unsure about something add a comment below.

please don’t forget to close the thread by clicking Accept the answer wherever the information provided helps you, as this can be beneficial to other community members.
Ganesh Patapati 10,385 Reputation points Microsoft External Staff Moderator

2025-03-24T19:06:37.31+00:00

Hello Handian Sudianto

Thank you for your valuable time.

In order to close your thread, I need your confirmation of acceptance.

If above is unclear and/or you are unsure about something add a comment below.

please don’t forget to close the thread by clicking Accept the answer wherever the information provided helps you, as this can be beneficial to other community members.
Ganesh Patapati 10,385 Reputation points Microsoft External Staff Moderator

2025-03-31T18:57:56.1533333+00:00

Hello Handian Sudianto

Thank you for your valuable time.

In order to close your thread, I need your confirmation of acceptance.

please don’t forget to close the thread by clicking Accept the answer wherever the information provided helps you, as this can be beneficial to other community members.
Handian Sudianto 6,541 Reputation points

2025-04-02T15:28:45.2066667+00:00

hi @Ganesh Patapati

Sorry for my late respond. Below my comment

For build full mesh we need 2 connections and 2 LNGs. In below pic we can see 1st connection and 1st LNG by green line and 2nd connection and 2nd LNG by purple line.

When we create the LNG we must enter the onprem BGP peer. Example for LNG1 what should i fill in the onprem BGP peer IP addr, since this LNG should be connected to both onprem peer ip (10.201.0.101 and 10.201.0.201)
Ganesh Patapati 10,385 Reputation points Microsoft External Staff Moderator

2025-04-03T12:25:32.25+00:00
Hello Handian Sudianto

For a full mesh setup with two connections and two Local Network Gateways (LNGs), it's essential to configure the on-premises BGP peer IP correctly. When you create LNG1, you need to specify one BGP peer IP address for the on-premises side. Even though LNG1 connects to both on-premises peer IPs (10.201.0.101 and 10.201.0.201), the Azure LNG configuration requires you to define a single primary peer IP.

Here are a few points to guide you:

You can choose a single peer ip either 10.201.0.101 or 10.201.0.201 as the on-prem BGP peer IP for LNG1. Typically, this would be the IP address of the primary BGP router or the one most logically associated with LNG1.

To achieve the full mesh setup, the second LNG (LNG2) will need to be configured with the other peer IP (e.g., if LNG1 uses 10.201.0.101, LNG2 should use 10.201.0.201). This ensures redundancy and avoids conflicts.

Azure manages BGP sessions per connection. Each LNG will establish its own session with the peer IP you provide. Connections will failover as needed based on the BGP configuration.

In summary, for LNG1, choose one IP (e.g., 10.201.0.101), and use the other (10.201.0.201) for LNG2.

please don’t forget to close the thread by clicking Accept the answer wherever the information provided helps you, as this can be beneficial to other community members.
Ganesh Patapati 10,385 Reputation points Microsoft External Staff Moderator

2025-04-04T08:36:21.17+00:00

Hello Handian Sudianto

Thank you for your valuable time.

please don’t forget to close the thread by clicking Accept the answer wherever the information provided helps you, as this can be beneficial to other community members.
Ganesh Patapati 10,385 Reputation points Microsoft External Staff Moderator

2025-04-04T14:28:09.4833333+00:00

Hello Handian Sudianto

Thank you for your valuable time.

please don’t forget to close the thread by clicking Accept the answer wherever the information provided helps you, as this can be beneficial to other community members.
Ganesh Patapati 10,385 Reputation points Microsoft External Staff Moderator

2025-04-07T08:56:04.7766667+00:00

Hello Handian Sudianto

Thank you for your valuable time.

please don’t forget to close the thread by clicking Accept the answer wherever the information provided helps you, as this can be beneficial to other community members.

Share via

BGP Routing Path

1 answer

Your answer