question

SarsALAnne-3957 avatar image
0 Votes"
SarsALAnne-3957 asked GitaraniSharmaMSFT-4262 answered

Azure VPN - 2 BGP peers in Gateway Subnet - why?

Hi all,

We have recently set up a VPN in Azure. Now we have a question about the BGP peers (under the BGP peers tab). To set up the VPN, a GatewaySubnet is required. In the BGP peers, we see 2 internal IP's that come from inside this subnet. Can anybody tell me what exactly these are used for?
There is also a BGP peer with an external IP, which I assumed is used to communicate with Azure Infrastructure. Is this the correct assumption?

Thanks in advance,
Anne

azure-vpn-gateway
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

GitaraniSharmaMSFT-4262 avatar image
0 Votes"
GitaraniSharmaMSFT-4262 answered

Hello @SarsALAnne-3957 ,

Apologies for the delay in response.

By default, VPN Gateway allocates a single IP address from the GatewaySubnet range for Active-Standby VPN gateways, or two IP addresses for Active-Active VPN gateways. These addresses are allocated automatically when you create the VPN gateway. Since you see 2 internal IP's under BGP peers in your VPN gateway, I would say it is because your VPN gateway is configured as Active-Active and those 2 internal IPs are actually the BGP peer IPs which needs to be added on your on-premise VPN for BGP connection.

If your on-premises VPN routers use APIPA IP addresses (169.254.0.1 to 169.254.255.254) as the BGP IP addresses, you must specify an additional Azure APIPA BGP IP address on your Azure VPN gateway. Azure VPN Gateway selects the APIPA address to use with the on-premises APIPA BGP peer specified in the local network gateway, or the private IP address for a non-APIPA, on-premises BGP peer.

BGP peer IP is always a private IP automatically allocated from within the Gateway Subnet (except in the APIPA case explained above). The Public IP that you are referring to should be the IP address of the VPN gateway which is visible under the "Configure BGP" option in the Configuration tab of a VPN gateway in Azure portal.

123533-vpn-bgp-peer.png

Please refer below docs for more information :
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-bgp-overview#what-address-does-vpn-gateway-use-for-bgp-peer-ip
https://docs.microsoft.com/en-us/azure/vpn-gateway/bgp-howto#2-create-the-vpn-gateway-for-testvnet1-with-bgp-parameters

Kindly let us know if the above helps or you need further assistance on this issue.


Please "Accept the answer" below if the information helped you. This will help us and others in the community as well.



vpn-bgp-peer.png (61.5 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.