
Azure Route Server is a service provided by Microsoft Azure that simplifies the process of dynamic routing for network virtual appliances (NVAs). NVAs are commonly used in virtual networks to perform tasks such as load balancing, network address translation (NAT), and virtual private network (VPN) connectivity.
In a traditional network setup, dynamic routing protocols such as Border Gateway Protocol (BGP) require manual configuration and maintenance of each individual NVA. This can become time-consuming and error-prone as the network scales. With Azure Route Server, NVAs can simply connect to the route server and exchange routing information automatically.
Azure Route Server supports both BGP and static routing protocols, allowing for flexible and scalable network configurations. In addition, it integrates with Azure Firewall and other Azure networking services to provide a complete solution for managing network traffic and security.
By using Azure Route Server, you can simplify your network infrastructure and reduce the administrative overhead of managing NVAs.
Topology

Configuration
Fortinet disponibilizes templates for the most common cases at https://github.com/fortinet/fortigate-terraform-deploy
BGP configuration:
config router bgp
set as 65500
set ebgp-multipath enable
set additional-path enable
set graceful-restart enable
config neighbor
edit "172.1.4.4"
set capability-graceful-restart enable
set ebgp-enforce-multihop enable
set interface "port3"
set remote-as 65515
set keep-alive-timer 1
set holdtime-timer 3
next
edit "172.1.4.5"
set ebgp-enforce-multihop enable
set interface "port3"
set remote-as 65515
set keep-alive-timer 1
set holdtime-timer 3
next
end
config redistribute "connected"
end
config redistribute "static"
set status enable
end
end
ARS:

ARS peers:

AVX configuration:

Disable Route Propagation
Azure Route Server will learn routes from the NVAs and propagate them to the virtual instances, which can cause loops if not properly configured. When a route loop occurs, network traffic may be sent in a continuous loop between two or more network devices, leading to degraded network performance or complete network failure.
To prevent route loops when using Azure Route Server with NVAs, it’s important to properly configure the network routing rules. One way to do this is to use an empty route table and attach it to the subnets of interest, as explained in the previous answer. This will prevent the NVAs from propagating routes to the virtual instances and causing loops.

Testing
Ping from the client VM across FortiGates and AVX fabric to VM running on the spoke vnet:




Failover
Failover happens extremely fast with only two pings lost:

Troubleshooting
Spoke VM route table:

Spoke route table:


Transit Gateway route table:

Transit Gateway eth3 route table:

FortiGate route table:

FortiGate port3 route table:

References
https://learn.microsoft.com/en-us/azure/route-server/overview