Azure Route Server is a service provided by Microsoft Azure that simplifies the process of dynamic routing for network virtual appliances (NVAs). NVAs are commonly used in virtual networks to perform tasks such as load balancing, network address translation (NAT), and virtual private network (VPN) connectivity.
In a traditional network setup, dynamic routing protocols such as Border Gateway Protocol (BGP) require manual configuration and maintenance of each individual NVA. This can become time-consuming and error-prone as the network scales. With Azure Route Server, NVAs can simply connect to the route server and exchange routing information automatically.
Azure Route Server supports both BGP and static routing protocols, allowing for flexible and scalable network configurations. In addition, it integrates with Azure Firewall and other Azure networking services to provide a complete solution for managing network traffic and security.
By using Azure Route Server, you can simplify your network infrastructure and reduce the administrative overhead of managing NVAs.
Fortinet disponibilizes templates for the most common cases at https://github.com/fortinet/fortigate-terraform-deploy
config router bgp set as 65500 set ebgp-multipath enable set additional-path enable set graceful-restart enable config neighbor edit "22.214.171.124" set capability-graceful-restart enable set ebgp-enforce-multihop enable set interface "port3" set remote-as 65515 set keep-alive-timer 1 set holdtime-timer 3 next edit "126.96.36.199" set ebgp-enforce-multihop enable set interface "port3" set remote-as 65515 set keep-alive-timer 1 set holdtime-timer 3 next end config redistribute "connected" end config redistribute "static" set status enable end end
Disable Route Propagation
Azure Route Server will learn routes from the NVAs and propagate them to the virtual instances, which can cause loops if not properly configured. When a route loop occurs, network traffic may be sent in a continuous loop between two or more network devices, leading to degraded network performance or complete network failure.
To prevent route loops when using Azure Route Server with NVAs, it’s important to properly configure the network routing rules. One way to do this is to use an empty route table and attach it to the subnets of interest, as explained in the previous answer. This will prevent the NVAs from propagating routes to the virtual instances and causing loops.
Ping from the client VM across FortiGates and AVX fabric to VM running on the spoke vnet:
Failover happens extremely fast with only two pings lost:
Spoke VM route table:
Spoke route table:
Transit Gateway route table:
Transit Gateway eth3 route table:
FortiGate route table:
FortiGate port3 route table: