BGP to LAN allows an Aviatrix multi-cloud network to communicate with network virtualization appliances (NVAs) without running tunneling protocols. One case is to interoperate with third-party SD-WAN appliances.
https://community.aviatrix.com/t/h7htvvc/need-of-conventional-bgp-support-in-the-cloud
Constraints
- LAN interfaces for Aviatrix Transit Primary and third-party cloud instance must be in the different VNets
- One BGP over LAN connection per gateway is supported.
Aviatrix software version 6.8 will not require a dedicated vnet for sd-wan appliances
Configuration
Once the vnet is created, using the Native Peering, I’ll peer the new vnet with the transit vnet for control and data plane reachability:
When the peering is established we can monitor the status using the Azure Peering tab:
SD-WAN Appliance Deployment
I’m going to deploy a standalone Fortigate from Azure marketplace on the vnet dedicated to appliances:
If you deployed manually you might need to add a second interface to the VM:
Once the VM is deployed, we need to do the initial configuration. Fortigate configuration is covered on the following post:
External Connection
From the Multi-Cloud Transit folder, we select Setup and then External Connection:
- External Device
- BGP
- LAN
I’m using 65001 for Aviatrix ASN and 65002 for the FortiGate:
Once I click Connect the configuration is saved:
FortiGate BGP Configuration
We need to configure port2:
A static is required for the FortiGate to reach out to the Aviatrix transit gateway:
BGP configuration:
The final BGP config looks like:
Once the config is applied the bgp state changes to “Established”:
Checking the prefix received:
From the Controller:
BGP Diagnostics allows us to run commands predefined or custom:
References
https://docs.fortinet.com/document/fortigate/7.2.0/administration-guide/750736/bgp
