Azure Route Server support for ExpressRoute and Azure VPN
Azure Route Server supports not only third-party network virtual appliances (NVA) running on Azure but also integrates seamlessly with ExpressRoute and Azure VPN gateways. You don’t need to configure or manage the BGP peering between the gateway and Azure Route Server. You can enable route exchange between the gateways and Azure Route Server by enabling branch-to-branch in Azure portal. If you prefer, you can use Azure PowerShell or Azure CLI to enable the route exchange with the Route Server.
When you create or delete an Azure Route Server in a virtual network that contains a virtual network gateway (ExpressRoute or VPN), expect downtime until the operation complete.
How does it work?
When you deploy an Azure Route Server along with a virtual network gateway and an NVA in a virtual network, by default Azure Route Server doesn’t propagate the routes it receives from the NVA and virtual network gateway between each other. Once you enable branch-to-branch in Route Server, the virtual network gateway and the NVA will exchange their routes.
For example, in the following diagram:
The SDWAN appliance will receive from Azure Route Server the route from “On-premises 2”, which is connected to ExpressRoute, along with the virtual network route.
The ExpressRoute gateway will receive the route from “On-premises 1”, which is connected to the SDWAN appliance, along with the virtual network route from Azure Route Server.
You can also replace the SDWAN appliance with Azure VPN gateway. Since Azure VPN gateway and ExpressRoute are fully managed, you only need to enable the route exchange for the two on-premises networks to talk to each other.
Azure VPN gateway must be configured in active-active mode and have the ASN set to 65515.
When the same route is learned over ExpressRoute, Azure VPN or an SDWAN appliance, the ExpressRoute network will be preferred.