Skip to main content
Versa Networks

Integrate a VOS Device with Azure Route Server

Versa-logo-release-icon.pngFor supported software information, click here.

This article describes how to integrate a Versa Operating SystemTM (VOSTM) device with Azure Route Server to allow users to deploy highly available SASE architectures within Azure. Azure Route Server is a managed service configured with high availability that allows the exchange of routing information directly through the BGP routing protocol between VOS devices and an Azure software-defined network (SDN) in the Azure Virtual Network (VNET) without the need to manually configure or maintain route tables, thus eliminating the need for user-defined routes.

With Azure Route Server, manual update of routing tables is not required when a failover occurs or when new routes are announced or withdrawn anywhere in the network. Based on BGP attributes and design, peering with Azure Route Server can be either active–active for performance or active–passive for resiliency. There are no dependencies on Azure objects such as the placement of resource groups between Azure Route Server and VOS network virtual appliances.

Before You Begin

Before you integrate a VOS device with Azure Route Server:

  • Create the required VNETs and subnets to host the VOS instances. You must name the Azure Route Server subnet to RouteServerSubnet so that it autopopulates as a candidate when you create the Azure Route Server, and you select any unused subnet CIDR in the VNET for the RouteServerSubnet. The example in this article uses the following networks and subnets.
     
    Resource Group Region VNET VNET Address Subnet Subnet Address
    RR-VERSA-RG-WUS West US RR-VERSA-VNET 10.140.0.0/16 Management 10.140.0.0/24
    RR-VERSA-RG-WUS West US RR-VERSA-VNET 10.140.0.0/16 WAN 10.140.1.0/24
    RR-VERSA-RG-WUS West US RR-VERSA-VNET 10.140.0.0/16 LAN 10.140.2.0/24
    RR-VERSA-RG-WUS West US RR-VERSA-VNET 10.140.0.0/16 RouteServerSubnet 10.140.100.0/24
  • Create two VOS instances, RR-VOS-2121-01-WUS and RR-VOS-2121-02-WUS, for redundancy.
    • Azure recommends that you place RR-VOS-2121-01-WUS in Availability-Zone-1 and RR-VOS-2121-02-WUS in Availability-Zone-2 for high availability.
    • Each VOS instance must have management, LAN, and WAN NICs.
    • Add standard firewall rules to allow communication for the WAN and management NICs:
      • For the management NIC, in the ingress direction, allow TCP ports 22 and 2022.
      • For the WAN NIC, in the ingress direction, allow TCP ports 22, 1024 through 1120, 3000 through 3033, 5201, 8443, and 9878; allow UDP ports 500, 3002, 3003, 4500, and 4790; allow ESP
    • Assign a public IP address to the WAN NIC (mandatory) and management NIC (optional). The LAN NIC can use internal private IP addresses.

      create-route-server.png

Create an Azure Route Server

The creation of the Azure Route Server takes about 20 minutes.

To create an Azure Route Server:

  1. Log in to Azure portal.
  2. Click Home > Azure Route Server > Create New Route Server.

    route-servers.png
     
  3. In the Create a Route Server page, select information for the following fields.

    create-a-route-server.png
     
    Field Description
    Subscription Pay-As-You-Go
    Resource Group RR-VERSA-RG-WUS
    Name ARS-WUS-RR-VERSA-VNET
    Region West US
    Virtual Network RR-VERSA-VNET
    Subnet RouteServerSubnet (10.140.100.0/24)
    Public IP Address ARS-WUS-RR-VERSA-VNET-PIP
  4. To establish a BGP peer session, navigate to the Azure Route Server that you created, and obtain the Azure Route Server peer IP addresses and AS number. Note that the default BGP ASN is 65515 and that the peer IP addresses for Azure Route Server instances end with x.x.x.4 and x.x.x.5.

    Picture1.png
  5. To create a BGP peer session, select Settings > Peers in the left navigation menu bar, and then click +Add.

    Picture2.png
  6. In the Add Peer popup window, enter information for the following fields.

    add-peer.png
     
    Field Description
    Name (Required) Enter a name for the BGP peer.
    ASN (Required) Enter the default BGP AS number, 65515.
    IPv4 Address (Required) Enter the IP address of the VNET the Azure Route Server communicate with to establish the peer session.

Configure VOS BGP

  1. In Director view, select the Workflows tab in the top menu bar.
  2. Select Templates > Templates in the horizontal menu bar.
  3. Click a template to Edit the template. The Edit Template popup window displays.
  4. In the Basic tab, enable the redundant pair, and enter the name of a redundant template

    bgp-config-1.png
     
  5. Select the Interfaces tab, and then select the WAN Interfaces, Redundant WAN Interfaces, and LAN Interfaces, and enter values for those interfaces.

    bgp-config-2.png

    bgp-config-3.png

    bgp-config-4.png
     
  6. Select the Routing tab, and the add a route for the Azure Route Server subnet. The example uses subnet 10.140.100.0/24 and sets the next hop as the subnet gateway (that is, the first IP prefix in the subnet).

    bgp-config-route-tab.png
  7. Select the Bind Data tab. The following bind data information displays for the RR-VOS-2121-01-WUS Azure Route Server instance. The peer IP address is 10.140.2.4/24.

    bgp-config-bind-data1.png

    The following bind data information displays for the RR-VOS-2121-02-WUS Azure Route Server instance. The peer IP address is 10.140.2.5/24.

    bgp-config-bind-data2.png

Validate BGP Configuration

To monitor the BGP services running on a VOS device:

  1. In Director view:
    1. Select the Configuration tab in the top menu bar.
    2. Select Devices > Devices in the horizontal menu bar.
    3. Select a device in the main pane. The view changes to Appliance view.
  2. Select the Monitor tab in the top menu bar.
  3. Select the provider organization in the left menu bar.
  4. Select the Services tab in the horizontal menu bar.
  5. Select the BGP and Neighbors tab to display information about the BGP neighbors.

    bgp-monitor1.png
  6. Select the Advertised Prefixes tab to display information about the advertised BGP prefixes.

    bgp-monitor2.png
  7. Select the Received Prefixes tab to display information about the received BGP prefixes.

    bgp-monitor3.png

To validate routes from the Azure UI, navigate to any spoke VNET routing table. The following screenshots show how to validate routes for a virtual machine (VM) in the PROD Spoke VNET on Azure.

azure-monitor-route1.png


azure-monitor-route2.png

azure-monitor-route3.png

Recommendations for VNET Peering with Azure Route Server

  • On the RR-VERSA-VNET instance (that is, the hub or transit VNET), ensure that you select the Use This VNET Route Server option.
  • On the spoke VNETs, such as PROD, DEV, or UAT, ensure that you select the Use Remote VNET Route Server option.

    recomen-1.png

    recomen-2.png

Supported Software Information

Releases 20.2 and later support all content described in this article.

Additional Information

Install on Azure

  • Was this article helpful?