Routing Basics | Azure Virtual WAN

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

transit routing use cases this is where we will take a detailed look at all the scenarios so first let's understand the concepts when you have s2s sites or point-to-site users or express routes you basically connect them with a connection resource and they are all connection resources that are connecting those endpoints to some gateway inside the virtual van hub similarly for vnets you have the virtual network connections now these connections they have to get to each other or somewhere through some routes and in order for them to get to some destination or to be able to access destination they need to be associated to a route table once they associate to a route table they learn the routes from those route tables similarly let's say all the v-nets and all these branches they're associated to a default route table and once they're associated to a default route table they need to be able to get or be able to access something this is where these connections they propagate routes to a route table so let's say vnet1 is propagating its route to the default route table this is how the default route table gets there out or learns about the routes dynamically so here i have propagated the routes from all my branches which is the 192 address prefixes and all my venus which is the 10 address prefixes and because all these routes they all show up in the default route table and if all these venus and branches associate their connections to this route table this is how they get the any to any connectivity so moving on there is a new concept of custom route tables v-nets can associate to custom route tables uh branches cannot associate to custom route tables and when i say branches it means side to side point to side and express rug so let's say we have a custom route table called rtv net we net one is associated to it and it also propagates its route to it so the route gets into the rough table dynamically and let's just say that we know two also propagates to it now what this means is these both these v-nets have propagated the routes into this route table and for uh for this example let's assume that the venus in order to get to these branches they need to be able to get through a virtual appliance which is sitting in a third leg it's sitting inside this v net three so in order to do that you would actually go ahead and add a static route for this branch prefixes so you can aggregate them so i have aggregated it here and the next top is this v net three connection but then in order for the traffic to go from v nets to these branches via this pink dot which is a virtual appliance there needs to be somewhere we need to enter this ip this is where you are actually going to add a next hop ip in that connection resource so with a very simple way you basically done this now let's look at it how you isolate venus so in this use case you basically have two units some branches and you want the branches to be able to connect to each other the branches to be able to reach v-nets but the v-nets need to be isolated so let's start with the default table the branches associate to the default table and because we want to isolate venus we want to customize how the traffic flows so we will create a custom route table in this case we have created rtv net the venus are associated to it because the branches need to be able to get to each other and they associate to the default route table they'll propagate which are these yellow lines to the default route table the branches they need to be also able to get to venus which means the venus they need to be able to propagate their routes into these route table also the branches are required to be propagating to the custom route table because the venus are associated to the custom route table and if they see the routes of the branches that's how they know how to get to the branches now with a very simple way of association and propagation you have simply isolated the venus and still kept the flows between venus and branches the next use case is how to route to a shared services meter so let's say we take the same setup we have a shared services we need and we have an entire network behind it and it's like a one-way street so let's say vnet1 wants to get to another network behind this v-net and it has a shared services vm and that's why i'm calling this a shared services v-net branches they need to be able to get to each other branches need to be able to get two v-nets um although we need one two and threes but we need one and two they need to be able to get to this network so how do we do that so branches they associate to the default route table they will propagate to the default route table because they need to be able to get to v net 3 we need 1 and 2. so all of these units will propagate to this route table as well the v-nets mean it's one and two they associate to the rtv net which is the custom route table because they have to get to the branches so the branches they propagate to the customer route table and because these units need to get to me net three so veena 3 also propagates to this custom route table with this very simple association propagation we've essentially now steered traffic in a different way to a shared services we need the next use case is the custom isolation we need here i have a set up where i have a blue v-net and a pink minute and basically the concept is that i want the blue venus to be able to get to each other the pinks to be able to get to each other and the v-nets they should all be reachable from all the branches now in order to do that we would have a default route table and all of the branches they would propagate to it because the branches need to be able to get to each other so they need to see the routes then for the custom route tables because we want to isolate the pink and the blue units we would have custom route tables the blue v-net and there is a custom route table for the pink wiener and this is where i want to introduce the concept of labels labels are logical grouping of route tables so if you wanted to send traffic to multiple route tables i mean you wanted to have routes for multiple route tables then you would propagate to a label and this would just propagate to all the route tables with those labels so in this case all of the blue v-nets are associated to the blue custom row table and the pink unit is associated to the pink rough table and the branches they need to be able to get to the blues and the pink queen as they need to be able to get to the branches so obviously the branches have to propagate to the blue and the pink route table similarly because the blues have to get to each other so all of the blues they are going to be propagating to the custom row table blue and the pinks are going to be all propagating to the custom route table pink with this the last step would be to make sure that the branches are able to get to these blue and pinks so that's why all of this blue and pink venus they should be propagating to the default table because that's what the branches are associated to the next use case is where we take a closer look at the routing configuration so with any to any the default route table gets all the routes of all these connections the v-net connections the branch connections and this is what gives you any to any but actually what's happening is the routing configuration of this v-net and the branch connections they are getting the association and the propagation set to the right route tables due to which they are able to support these flows the next one we mix it up a bit basically we take the previous use case where we have a default any to any but we have a firewall in the mix if you use a firewall manager ui the routing is taken care of it is abstracted for you the user goes and picks an option to secure internet traffic which is where azure becomes the internet edge so you can do v-net to internet via the azure firewall branch to internet by the azure firewall and for the private traffic let's say you decide to go direct all you have to do is in the azure firewall manager ui secure internet traffic and the routing kicks in which basically is a static route of zero zero with next hub as your firewall in the default route table very simple the next use case is one of the most prominent use cases where customers want to be able to route traffic through virtual appliances so here i have a pink dot in both these v-nets i mean a two and v-net four and this is an nba or network virtual appliance let's say they have an entire network behind it and they want to be able to do v-net to v-net so in order to do v-net to v-net this is the topology that is supported in virtual van currently we do not support the ability for going from v-net to v-net through another virtual appliance which is sitting in the third unit but that's in our road map so let's say you have this network and you have a default route table set up with all the branches and the v-net spokes propagating to it so in here the steps are you would first define the udr's or the routes from this indirect units to the nvme net the second step would be to ensure that there is a static route to get to the nba connections and those you would add to the default route table and then the third step would be to make sure that you specify the nba ip in that v-net connection so this is how you get routing through the nvs and you can basically mix and match it up with the other use cases to give you all the flows and in this case you get the v2v flows you can get across hubs within the hub you can get branch to wean it across up within the hub and you can also get the internet cut out flows in here let's take a closer look at the portal in the portal every hub has a routing section and inside the routing section you can basically create a route table you can set up the static routes in the basic tab you can set up labels you can associate the connection so when you pick connections here all you're doing is you're associating those connections to this route table uh you can propagate the routes from connection so when you're selecting let's say your vnet connection in this drop-down what you're saying is propagate browse from that v-net connection to this route table also you can look at the effective routes of a route table and here as you can see you can see the next hub you can see origin from where this route was learned and you have a lot of information through which you can do some troubleshooting to summarize branches are all collectively terms for side to side point to size and express art connection they associate to default route table and they propagate to the same set of route tables so let's say branch a propagates to route table a and branch b also will propagate to the route table a similarly for custom route tables you have certain abilities custom route tables they apply to v-nets you can set up static routes you can view effective routes and the last concept here is if you did not want to propagate routes you can propagate to something called a non-route table which basically is saying that the connection does not want to propagate the route to any route

Info

Channel: Azure Virtual WAN (vWAN)

Views: 53

Rating: undefined out of 5

Keywords: Microsoft, Azure, vwan, virtualWAN, VirtualWAN

Id: NwpauLcyAYI

Channel Id: undefined

Length: 10min 0sec (600 seconds)

Published: Thu Dec 09 2021