Part 1 – Azure BGP Network Triangulation

In this post we’ll setup the Azure configuration in Region 1 (West Europe)
You will need to create in advance, two VNets (vnspoke1 and vnhub0).
The VNet vnspoke1 uses address space Create a subnet within this VNet and place a VM within that we will use for our ping tests. Your setup should resemble to following:
As VNet peering is a relatively new capability within Azure, for clarity are the network peering setting from the portal for vnspoke1:
and vnhub0:
The VNet vnhub0 uses address space within this create  a default gateway subnet that will hold our Virtual Network Gateway “gwwebgp”. This PowerShell sets up this gateway
# set some variables for Resource Group, VNet Name, Location, Name Azure
# Gateway, Name of our local home network definition, The private ASN number to use
# for the Azure West Europe network,  The private ASN number to use for our Home
# network, The BGP address used at home, the subnet range for BGP 
# Private ASN for home network
# these BGP addresses come from part 3
# assumes VNet vnhub0 & gateway subnet already created
$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $rg -Name $vn
$gwpip= New-AzureRmPublicIpAddress -Name gwpip -ResourceGroupName $rg -Location $loc -AllocationMethod Dynamic
$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name ‘GatewaySubnet’ -VirtualNetwork $vnet
# get a public ip for the gateway
$gwipconfig = New-AzureRmVirtualNetworkGatewayIpConfig -Name gwipconfig1 -SubnetId $subnet.Id -PublicIpAddressId $gwpip.Id
# make the gateway – will take a while – typically about 30 minutes
New-AzureRmVirtualNetworkGateway -Name $vngwname -ResourceGroupName $rg -Location $loc -IpConfigurations $gwipconfig -GatewayType Vpn -VpnType RouteBased -GatewaySku Standard -Asn $VNet1ASN -EnableBgp $true
#New-AzureRmVirtualNetworkGateway -Name $vngwname -ResourceGroupName $rg -Location $loc -IpConfigurations $gwipconfig -GatewayType Vpn -VpnType RouteBased -GatewaySku HighPerformance -Asn $VNet1ASN -EnableBgp $true
# get the public ip for local gw we’ll need to make a note of this for part 3
Get-AzureRmPublicIpAddress -Name gwpip -ResourceGroupName $rg
$gateway1 = Get-AzureRmVirtualNetworkGateway -Name $vngwname -ResourceGroupName $rg
# get the BGP ip for local gw – we’ll need to make a note of this for part 3
# In the following replace a.b.c.d in the following with your home public IP address
New-AzureRmLocalNetworkGateway -Name $gwlocal -ResourceGroupName $rg
-Location $loc -GatewayIpAddress ‘a.b.c.d’ -AddressPrefix $locprefix -Asn $LNGASN -BgpPeeringAddress $BGPPeerIP5
# get local network gateway
$local = Get-AzureRmLocalNetworkGateway -Name $gwlocal -ResourceGroupName $rg
# connect the two
New-AzureRmVirtualNetworkGatewayConnection -Name westeurtohome -ResourceGroupName $rg -Location $loc -VirtualNetworkGateway1 $gateway1 -LocalNetworkGateway2 $local -ConnectionType IPsec -RoutingWeight 10 -SharedKey ‘abc1234’-enablebgp $true
This should leave you with a Standard BGP enabled gateway in VNet vnhub0:

3 thoughts on “Part 1 – Azure BGP Network Triangulation”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s