Introduction to Azure Route Server

-

 


    Azure Route Server is a fully managed service that simplifies dynamic routing between your network virtual appliance (NVA) and Azure virtual network.

    Imagine which you paintings for a web retail agency that has numerous programs and databases deployed on servers each on-premises and withinside the cloud on Azure VMs. Your neighborhood on-premises community is configured with numerous subnets. It additionally has community home equipment to offer firewall and routing functionalities further to a connection to Azure. Your assets in Azure include numerous VMs deployed in a digital community. You additionally recollect deploying Azure ExpressRoute to offer a quicker connection among your neighborhood assets and Azure assets.

    In your Azure community, you've got got a Software-Defined Wide Area Network (SD-WAN) NVA that connects you on your associate agency’s community. The programs and assets deployed on-premises speak intensively with the assets deployed on Azure VMs. You’ve observed that adjustments to both the neighborhood or Azure community configuration are followed with the aid of using delays or outages in community verbal exchange. Sometimes you want to manually configure static routes to allow right verbal exchange. You want to make sure that the verbal exchange is optimized as a whole lot as feasible, and that adjustments in community configuration or community routing domestically or in Azure are propagated as rapid as feasible to all community home equipment and gateways. To deal with this requirement, you recollect deploying Azure Route Server.

    After finishing this module, you’ll realize greater approximately the Azure Route Server service, the way it works, and the way to understand eventualities wherein you have to installation and use it. You’ll additionally study the high-stage steps for its deployment and configuration.

What will we be doing?

In this module, you’ll be introduced to the Azure Route Server service. You’ll also discuss usage scenarios, learn how it works, and explore the steps you should take to deploy and configure it.

What is the main goal?

By the end of this module, you’ll be able to describe Azure Route Server, recognize scenarios where it would be of benefit, and know how to deploy it in basic scenarios.

What is Azure Route Server?

    More complex network environments that consist of on-premises and virtual networks, subnets, NVAs, and gateways often result in routing solutions that might be difficult to configure and manage. Azure Route Server can help simplify and optimize this process by learning and exchanging routes between various networks and network appliances. Before you decide if Azure Route Server is the appropriate solution for your company, you need to understand the key components and technologies that comprise an Azure Route Server solution.

    Azure Route Server is a fully managed service that runs in Azure and simplifies dynamic routing between various NVAs and your virtual or on-premises network. It allows you to exchange routing information directly through the Border Gateway Protocol (BGP) routing protocol between any NVA that supports BGP and the Azure Software Defined Network in the Azure virtual network. Azure Route Server provides this functionality without the need to manually configure or maintain route tables. It’s configured with high availability, so you don’t need to separately implement redundancy. Azure Route Server doesn’t route actual data traffic between networks; instead, the data goes directly between devices while Azure Route Server exchanges routes. By doing so, Azure Route Server helps improve the efficiency of traffic routing.

Overview of routing protocols

    Routers as network devices don’t just forward the traffic between various networks. To maximize efficiency, routers also exchange route information with other routers. For communication with other routing devices, routers use routing protocols, which are sets of rules that specify how routers communicate with each other. You can also think of routing protocols as a language that routers on the internet use to determine how they can exchange network traffic so it reaches its final destination in the most efficient way. Routing protocols include:
  • Routing Information Protocol (RIP)
  • Open shortest path first (OSPF)
  • External Gateway Protocol (EGP)
  • Border Gateway Protocol (BGP)
    BGP is the most common routing protocol on the internet. In routing protocol classification, BGP is classified as a distance path vector protocol. BGP was designed primarily to replace EGP, to provide a decentralized approach to routing. BGP uses the best path selection algorithm to select the best routes for data packet transfers. When a packet comes to the router, it uses BGP to review all the available paths along which the data could travel. It then picks the best route, which usually means that packet will be routed between several autonomous network systems. Azure Route Server uses BGP to exchange routes with other network devices, primarily network appliances.

Overview of autonomous systems

    An autonomous system (AS) is a large network or group of networks that uses a unique policy for routing. For example, an internet service provider’s network is an autonomous system. In general, every device that connects to the internet does so through the AS.

    Each AS on the internet is registered and has its own pool of IP addresses. Some university networks are also registered as autonomous systems, as are some large companies. The Azure network is also registered as an AS.

    Each AS is registered under a specific name, called the autonomous system number (ASN). Each ASN is a unique 16-bit number between 1 and 65534, or 32-bit number between 131072 and 4294967294. For example, Microsoft manages the following ASNs: AS8075, AS8068, AS8069 and AS12076. The Azure service has the AS number 65515.

    When autonomous systems communicate with each other, they use AS numbers. As each AS has its own pool of IP addresses, it uses BGP to announce these IP addresses to other autonomous systems that it connects to. This is a crucial role of an AS and BGP. BGP routers collect this information from AS organizations worldwide and put it into routing tables. BGP routers then use these routing tables to determine the fastest paths from one AS to another. When packets arrive to a router, BGP reviews a routing table to determine which AS the packet should go on to next. Azure Route Server uses ASN to identify the peers with which it exchanges routing information.

Azure virtual networks

    Most resources in Azure communicate over Azure virtual networks, which enable many types of Azure resources such as Azure VMs to communicate with each other, the internet, and on-premises networks more securely. An Azure virtual network is similar to a local network that can be found in traditional datacenters, but it brings some additional benefits of Azure's infrastructure such as scaling, availability, and isolation.

    All resources in a virtual network can communicate outbound to the internet, by default. Resources with an assigned public IP address or a public load balancer can receive inbound communications as well. Azure virtual networks can also communicate to your on-premises networks. The most common scenarios for Azure virtual network use include:
  • Communication between Azure resources and the internet.
  • Communication between Azure resources.
  • Communication with on-premises resources.
  • Filtering network traffic.
  • Routing network traffic.
  • Integration with Azure services.

NVA

    An NVA is typically a VM, running locally or in Azure, that performs one or more network functionalities, including firewall and wide area network (WAN) optimization. Azure supports a number of NVAs that you can deploy in a virtual network. You can review the available NVAs in Azure Marketplace. Azure Route Server supports communication with various NVAs for exchanging routes.

SD-WAN

    Unlike a conventional WAN, in which operators and organizations rely upon a unmarried generation infrastructure for connecting far flung locations, an SD-WAN gives a specific approach. An SD-WAN is in reality a digital layer over a WAN architecture, which permits establishments to apply any aggregate of shipping services. This consists of Multiprotocol Label Switching (MPLS), Long-Term Evolution (LTE), and different numerous broadband net services. An SD-WAN makes use of a centralized software program manipulate feature to assist securely and intelligently direct site visitors throughout the specific generation implementations of WAN.

  SD-WANs additionally offer the capacity to prioritize community site visitors over specific connections. An SD-WAN measures site visitors in actual time after which selects the first-class direction for every records packet. Azure Route Server helps connecting to SD-WAN whilst appearing direction exchange.

When should you use Azure Route Server?

    To be sure whether Azure Route Server is the correct solution for your current scenario and infrastructure, you first need to identify the issue you want to resolve in the context of your network infrastructure and routing within that infrastructure. You also need to identify the scenarios in which Azure Route Server is an appropriate solution.

Appropriate scenarios for Azure Route Server

    Azure Route Server isn’t a router service. It doesn’t route traffic or provide gateway functionalities to Azure virtual networks. However, it helps you simplify the routing in your infrastructure and make it more efficient by automatically learning about available routes and subnets from its peers, and by distributing routes between various appliances and network services. This reduces the need for manual routing updates, which can be quite complex in some scenarios. For example, if you have several subnets in your virtual networks and one or more NVAs that manage separate address spaces, you need to manually provide routes to your virtual subnet so that the resources deployed there can access resources behind NVAs.

    In another example, you might have an Azure site-to-site virtual private network (VPN) deployed for your virtual network so it can access your on-premises network resources, and Azure Express Route to enable direct and more secure connections between another local network and Azure. These two services can exchange their routes by using BGP peering with Azure Route Server. It’s similar to a scenario where you have an SD-WAN appliance that connects to another network outside the Azure environment. You can connect that appliance to Azure Route Server and provide routes to the rest of your virtual network in Azure and to other networks that are peering with Azure Route Server.

    The following diagram depicts a network infrastructure layout that’s a good example for deploying Azure Route Server:



    One more scenario when Azure Route Server usage is appropriate is when you have your NVAs and Azure Route Server in a hub and spoke topology. This means that Azure Route Server is deployed in a spoke virtual network that peers with virtual networks where NVAs are deployed as depicted in the following diagram:


    In this scenario, when virtual networks with NVAs are peering with a virtual network that has Azure Route Server deployed, you can establish BGP peering between NVAs and Azure Route Server. If the NVA and Azure Route Server are deployed in the same virtual network, they will exchange routes. The NVA will learn about spoke virtual network addresses from Azure Route Server, which will learn routes from each of the NVAs. Azure Route Server will then program all the VMs in the spoke virtual network with the routes it learned. In the data plane, VMs in the spoke virtual network will notice the security NVA or the VPN NVA in the hub as the next hop. Traffic destined for the internet-bound traffic, or the hybrid cross-premises traffic will now route through the NVAs in the hub virtual network.

Scenarios that aren’t appropriate for Azure Route Server

    In general, you wouldn’t want to use Azure Route Server in simple network environments where no NVAs, ExpressRoute gateway, or site-to-site VPN components are deployed. If you just have multiple virtual networks deployed, you can easily establish peering between these networks, and there is no need to deploy Azure Route Server.

    Also, you shouldn’t confuse Azure Route Server with a router, because it doesn’t have router functionalities. Therefore, you shouldn’t deploy Azure Route Server to route or forward data between networks. Azure Route Server never manages data traffic, it just provides route exchange.

How does Azure Route Server work?    

    As you start getting ready to deploy Azure Route Server within your organization, you need to learn more about how it works. Although Azure Route Server is a fully managed service, it’s important that you understand how it works in various scenarios. Most commonly, you would use Azure Route Server with one or more network appliances. For example, you can connect Azure Route Server with a firewall NVA and an SD-WAN appliance, as in the following diagram:


    
    This example has one virtual network with the 10.1.0.0/16 address space. Within that network, one application subnet (App subnet) hosts VMs and other resources. The same network also has an Azure Route Server subnet that manages the routing table for the 10.1.0.0/16 address space. Two virtual appliances deployed in the same network are a firewall and an SD-WAN appliance. All internet traffic is routed through the firewall appliance because it manages the default route 0.0.0.0/0. Another appliance, SD-WAN, manages the connection to the on-premises network with the 10.250.0.0/16 address space. Two appliances, SD-WAN and firewall, are configured as BGP peers for Azure Route Server. Because of that, their routing tables are propagated to Azure Route Server. Also, the routing table for the 10.1.0.0/16 network is propagated to network appliances. Because Azure Route Server is configured in the same virtual network as VMs, these routes are then automatically configured on the VMs in the virtual network.

    As a result, when a VM from the App subnet needs to communicate to a resource located in an on-premises network, it’ll know that traffic should be sent to the SD-WAN appliance. If it wants to, it’ll access the internet through the default route, managed by the firewall appliance. As the SD-WAN appliance has information about routes for the 10.1.0.0./16 address space, any resource located on-premises will be able to communicate to resources in the App subnet. Whenever a change happens to routes or address spaces in any component connected to Azure Route Server, it will be propagated to all the appliances and routing tables automatically.

    Let’s review how traffic through SD-WAN NVA is controlled when Azure Route Server is deployed. In the following scenario, Azure Route Server enables path selection, which allows you to configure your SD-WAN NVA to have a routing preference when communicating with your on-premises network. When SD-WAN NVA is used with Azure Route Server to establish a connection to an on-premises network, the path can be established in two ways, like the following diagram depicts:


    Azure routing preference enables you to choose how your traffic routes between Azure and the internet. You can choose to route traffic either through the Microsoft network backbone or the ISP network (public internet). These options are also referred to as cold potato routing and hot potato routing respectively.

    When you deploy an SD-WAN NVA in the same virtual network as the Azure Route Server, it’s configured with a Microsoft network IP address. The traffic path to your on-premises network will use the Microsoft global network and as a result exit the Microsoft network that’s closest to the destination. The routing from your on-premises network will enter the Microsoft network that’s closest to the user on the return path. This method of routing is performance-optimized and provides the best possible experience at a cost.

    As a way to optimize for cost, a second method of routing is performed by assigning your SD WAN NVA with an internet IP. When traffic is routed to your on-premises network, it will exit the Microsoft network in the same region the service is hosted. It’ll then route through the internet by using the ISP's network. The routing from on-premises will enter the Microsoft network closest to the hosted service region. This method of routing will provide the best overall price when completing a task such as transferring large amount of data.

Azure Route Server integration with ExpressRoute and Azure VPN

    In some scenarios, you would implement Azure Route Server in virtual networks with an ExpressRoute gateway or Azure VPN Gateway, as demonstrated in the following diagram:


    In this case, Azure VPN Gateway and ExpressRoute gateway are used to connect to on-premises networks. However, unlike NVA objects—which you configure as BGP peers to Azure Route Server—you don’t need to configure or manage the BGP peering between the gateway and Azure Route Server. Instead, you should enable route exchange between the gateway and Azure Route Server. To do this, you configure the following setting in the Configuration settings for Azure Route Server in the Azure portal:


    Alternatively, you can enable route exchange between Azure Route Server and the gateway (or gateways) by using the Update-AzRouteServer cmdlet with the -AllowBranchToBranchTraffic flag.

    After you do this, routing information will be exchanged between ExpressRoute gateway and Azure VPN Gateway, through Azure Route Server. This means that Azure VPN Gateway will receive routes for the On-premises 2 network, and ExpressRoute gateway will receive routes for the On-premises 1 network. However, both gateways will also receive routes for the virtual network where Azure Route Server is located.

Azure Route Server pricing

    Azure Route Server is a typical pay-per-use service. It has no upfront cost of any kind, nor does it have any termination fees. You pay for this service only while it’s active.



Komentar

Posting Komentar

Postingan populer dari blog ini

Implement CI/CD with Azure DevOps

-
Gambar
  Introduction      Imagine you are part of a team of data engineers who are collaborating on one or more notebooks within a development environment, using Azure Databricks. When you are ready to deploy your changes to production, you must coordinate with an operations team to copy the notebooks over to a production Azure Databricks workspace since company policy dictates that you and your team are not allowed to manually copy the changed files over. This process causes bottlenecks and extra work. Leadership has asked you to find an automated process that incorporates version control, automated testing capabilities, and controls for deployment approvals if needed. Automated testing and deployment is a common practice in software development. However, those same principles also apply to data engineering and data science. Data engineers and data scientists need to collaborate on parts of the system and be able to deploy to production without constantly relying on opera...
Baca selengkapnya

Introduction to ASP.NET Core SignalR

-
Gambar
  What is ASP.NET Core SignalR?      All internet-connected applications are composed of servers and clients. Clients rely on servers for data, and their primary mechanism for receiving data is through making Hypertext Transfer Protocol (HTTP) requests. Some client applications require data that changes frequently.      ASP.NET Core SignalR provides an API for creating server-to-client remote procedure calls (RPCs). RPCs invoke functions on clients from the server-side .NET Core code. There are several supported platforms, each with its own client SDK. Because of this, the programming language being invoked by RPC calls varies.      It's helpful to familiarize yourself with the common terminology that's associated with SignalR. In this unit, you'll learn what SignalR components are required in a server application versus those in client applications. Additionally, you'll gain an understanding of the various duplex communication mechanism...
Baca selengkapnya

Microsoft Security, Compliance, and Identity : Describe the concepts of security, compliance, and identity

-
Gambar
    Everybody, and each gadget, has an personality that can be utilized to get to assets. Personality is the way in which individuals and things are recognized on your corporate arrange, and within the cloud. Being certain almost who or what is getting to your organization’s data and other assets may be a essential portion of securing your environment. This zone is known as personality and get to administration, and is made up of two key steps: confirming and authorizing identities. In this module, you'll learn why identity is imperative in securing corporate resources. After completing this module, you will be able to: Describe the concept of identity as a security perimeter. Understand the difference between authentication and authorization. Describe identity-related services. Describe common identity attacks      A few of the foremost common sorts of security dangers that organizations confront nowadays are personality assaults. These assaults are outlined to...
Baca selengkapnya