{"id":886,"date":"2022-11-01T17:03:34","date_gmt":"2022-11-01T22:03:34","guid":{"rendered":"https:\/\/cloudlearning365.com\/?p=886"},"modified":"2022-11-04T16:16:58","modified_gmt":"2022-11-04T21:16:58","slug":"express-route-to-aviatrix-transit-option-1","status":"publish","type":"post","link":"https:\/\/cloudlearning365.com\/?p=886","title":{"rendered":"Express Route to Aviatrix Transit \u2013 Option 1"},"content":{"rendered":"\n<p>Today we are starting to discuss first of three options to connect on-premise to Aviatrix Transit. This architecture allows you to use existing IPSec and BGP capable networking device to connect to Aviatrix Transit. I&#8217;ve listed brief steps and <strong><span style=\"text-decoration: underline\"><mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">constrains<\/mark><\/span><\/strong> highlighted<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create ExpressRoute (ER) Circuit<\/li>\n\n\n\n<li>Configure Azure Private BGP Peering from the ER Circuit to On-Premise device<\/li>\n\n\n\n<li>Deploy Aviatrix Transit vNet and Transit Gateways<\/li>\n\n\n\n<li>Create GatewaySubnet for ExpressRoute Gateway (ERGW) in Aviatrix Transit vNet and deploy Express Route Gateway<\/li>\n\n\n\n<li>Create ER Connection between the ER circuit and ERGW<\/li>\n\n\n\n<li>Validate BGP route propagated to Aviatrix Transit Gateway eth0 subnet route table and connectivity. This connectivity will act as underlay<\/li>\n\n\n\n<li>Create BGP over IPSec tunnels from on-premise device towards Aviatrix Transit Gateways as overlay to exchange on-premise routes with cloud routes<\/li>\n\n\n\n<li><mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">Each IPSec tunnel have 1.25G throughput limit<\/mark><\/li>\n\n\n\n<li><mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">Azure only support IPSec, not GRE as tunneling protocol<\/mark><\/li>\n\n\n\n<li>Maximum number of IPv4 routes advertised from Azure private peering from the VNet address space for an ExpressRoute connection is 1000. But since we are using BGP over IPSec overlay, we can bypass this limit. <\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"816\" height=\"1024\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/ER-to-Aviatrix-Transit-Options-Option1-816x1024.png\" alt=\"\" class=\"wp-image-996\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/ER-to-Aviatrix-Transit-Options-Option1-816x1024.png 816w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/ER-to-Aviatrix-Transit-Options-Option1-239x300.png 239w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/ER-to-Aviatrix-Transit-Options-Option1-768x963.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/ER-to-Aviatrix-Transit-Options-Option1.png 1199w\" sizes=\"auto, (max-width: 816px) 100vw, 816px\" \/><\/figure>\n\n\n\n<!--more-->\n\n\n\n<h2 class=\"wp-block-heading\">Create Express Route Circuit<\/h2>\n\n\n\n<p>According to definition in <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/expressroute\/expressroute-circuit-peerings#circuits\">ExpressRoute circuits and peering<\/a><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An ExpressRoute circuit represents a logical connection between your on-premises infrastructure and Microsoft cloud services through a connectivity provider.<\/li>\n\n\n\n<li>A circuit is uniquely identified by a standard GUID called as a service key (s-key).<\/li>\n<\/ul>\n\n\n\n<p>Create a Resource Group, preferred in the same region as the Express Route Circuit.<\/p>\n\n\n\n<p>Within the Resource Group, create a new resource, search in Marketplace -&gt; ExpressRoute<\/p>\n\n\n\n<p>In my lab, I&#8217;m using ExpressRoute, not ExpressRoute Direct (Which is a direct peering with Microsoft of 10Gbps or 100Gbps)<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"880\" height=\"710\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-147.png\" alt=\"\" class=\"wp-image-890\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-147.png 880w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-147-300x242.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-147-768x620.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-147-372x300.png 372w\" sizes=\"auto, (max-width: 880px) 100vw, 880px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"484\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-149-1024x484.png\" alt=\"\" class=\"wp-image-892\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-149-1024x484.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-149-300x142.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-149-768x363.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-149-500x236.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-149.png 1366w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Select the resource group created earlier, and confirm region, and give your Express Route a Name<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"974\" height=\"719\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-175.png\" alt=\"\" class=\"wp-image-925\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-175.png 974w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-175-300x221.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-175-768x567.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-175-406x300.png 406w\" sizes=\"auto, (max-width: 974px) 100vw, 974px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Select Provider if it&#8217;s not Direct Peering with Microsoft.<\/li>\n\n\n\n<li>Select Peering location<\/li>\n\n\n\n<li>Select Bandwidth, SKU and Billing Model <\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"976\" height=\"994\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-151.png\" alt=\"\" class=\"wp-image-894\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-151.png 976w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-151-295x300.png 295w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-151-768x782.png 768w\" sizes=\"auto, (max-width: 976px) 100vw, 976px\" \/><\/figure>\n\n\n\n<p>Review and create<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"884\" height=\"1024\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-176-884x1024.png\" alt=\"\" class=\"wp-image-926\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-176-884x1024.png 884w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-176-259x300.png 259w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-176-768x890.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-176.png 939w\" sizes=\"auto, (max-width: 884px) 100vw, 884px\" \/><\/figure>\n\n\n\n<p>The circuit is created and shows as enabled. Provider status should show as Not provisioned. You need to take the Service Key and to the service provider for the circuit to be provisioned. Also note that the Azure Private isn&#8217;t been provisioned as well.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"458\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-154-1024x458.png\" alt=\"\" class=\"wp-image-898\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-154-1024x458.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-154-300x134.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-154-768x343.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-154-1536x687.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-154-2048x916.png 2048w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-154-500x224.png 500w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>After provider side completed their setup, the circuit should show as Provisioned.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"396\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-1-1024x396.png\" alt=\"\" class=\"wp-image-930\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-1-1024x396.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-1-300x116.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-1-768x297.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-1-1536x594.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-1-500x193.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-1.png 1732w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Configure Azure Private Peering<\/h2>\n\n\n\n<p>There are three type of peering possible via Express Route:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Azure Private Peering: Connectivity to Private Virtual Network, where IaaS and PaaS are deployed. This is where we will be focusing on.<\/li>\n\n\n\n<li>Microsoft Peering Connectivity to Microsoft online services (Microsoft 365 and Azure PaaS services with public IPs)   \n<ul class=\"wp-block-list\">\n<li>Azure Public Peering: <strong>(deprecated for new circuits, use Microsoft Peering instead)<\/strong><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>The newly created circuit need to establish BGP peering with your on-premise device for the private connectivity. Reference article: <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/expressroute\/expressroute-howto-routing-portal-resource-manager#private\">Azure private peering<\/a><\/p>\n\n\n\n<p>In my lab environment, the point to point connectivity has already been setup, and we don&#8217;t have secondary link, or backup circuit.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>interface GigabitEthernet0\/0\/0.803\n description to be connected to an Azure ER circuit\n encapsulation dot1Q 803\ninterface GigabitEthernet0\/0\/0.813\n description to be connected to an Azure ER backup circuit\n encapsulation dot1Q 813<\/code><\/pre>\n\n\n\n<p>Start to configure Azure private peering in Azure Portal:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"584\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-1024x584.png\" alt=\"\" class=\"wp-image-929\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-1024x584.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-300x171.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-768x438.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-500x285.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image.png 1140w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Azure Private Peering have two physical ports, each port\/link need to be assigning unique \/30 subnets. Also both ports belong to the same VLAN. To have full redundancy, you need two routers on-premise connect to both ports. In this lab, I&#8217;ve only got a single router, so only the primary subnet will be used. Credit to <a href=\"https:\/\/www.linkedin.com\/in\/jorgecortescano\/\">Jorge Cortes<\/a> for the clarification!<\/p>\n\n\n\n<p>Enter ASN from on-premise device, and setup two \/30 subnet. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"586\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-2-1024x586.png\" alt=\"\" class=\"wp-image-932\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-2-1024x586.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-2-300x172.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-2-768x440.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-2-500x286.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-2.png 1114w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><strong><strong><span style=\"text-decoration: underline\"><mark style=\"background-color:#ffe2c7\" class=\"has-inline-color\">NOTE<\/mark><\/span><\/strong><\/strong>: It appears that Equinix perform VLAN translating from Azure side two ports with the same VLAN ID, to Equinix side one port with two VLAN IDs. Following example showed a different circuit, with two ports in Azure Side with VLAN ID 55.808, but translated to Equinix side with one port with two VLAN IDs: 808 and 818. Credit to <a href=\"https:\/\/www.linkedin.com\/in\/pkbednarski\/\">Piotr Bednarski<\/a> for clarification!<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"621\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-40-1024x621.png\" alt=\"\" class=\"wp-image-992\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-40-1024x621.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-40-300x182.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-40-768x465.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-40-495x300.png 495w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-40.png 1244w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>The private peering has been provisioned<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"401\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-3-1024x401.png\" alt=\"\" class=\"wp-image-933\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-3-1024x401.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-3-300x118.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-3-768x301.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-3-1536x602.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-3-500x196.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-3.png 1727w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>For the primary subnet, 169.254.80.80\/30, first usable IP address need to be assigned to on-premise router (in this case 169.254.80.81) , as Microsoft uses the second usable IP for its router (in this case 169.254.80.82).<\/p>\n\n\n\n<p>Configure BGP on the on-premise router<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ISR-3#conf t\nEnter configuration commands, one per line.  End with CNTL\/Z.\nISR-3(config)#interface GigabitEthernet0\/0\/0.803\nISR-3(config-subif)#\nISR-3(config-subif)#ip address 169.254.80.81 255.255.255.252\nISR-3(config-subif)#end\n<\/code><\/pre>\n\n\n\n<p>Test connectivity<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ISR-3#ping 169.254.80.82 source 169.254.80.81 \nType escape sequence to abort.\nSending 5, 100-byte ICMP Echos to 169.254.80.82, timeout is 2 seconds:\nPacket sent with a source address of 169.254.80.81 \n!!!!!\nSuccess rate is 100 percent (5\/5), round-trip min\/avg\/max = 1\/1\/2 ms\n<\/code><\/pre>\n\n\n\n<p>Now configure BGP from on-premise router side, Microsoft uses AS <strong>12076 <\/strong>for Azure public, Azure private and Microsoft peering.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ISR-3#conf t\nEnter configuration commands, one per line.  End with CNTL\/Z.\nISR-3(config)#router bgp 65000         \nISR-3(config-router)#neighbor 169.254.80.82 remote-as 12076        \nISR-3(config-router)#neighbor 169.254.80.82 description Express Route\nISR-3(config-router)#address-family ipv4\nISR-3(config-router-af)#neighbor 169.254.80.82 activate\nISR-3(config-router-af)#neighbor 169.254.80.82 soft-reconfiguration inbound <\/code><\/pre>\n\n\n\n<p>Check to validate BGP session is up<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ISR-3#show ip bgp summary \nBGP router identifier 192.168.77.1, local AS number 65000\nBGP table version is 18, main routing table version 18\n5 network entries using 1240 bytes of memory\n5 path entries using 680 bytes of memory\n1\/1 BGP path\/bestpath attribute entries using 280 bytes of memory\n0 BGP route-map cache entries using 0 bytes of memory\n0 BGP filter-list cache entries using 0 bytes of memory\nBGP using 2200 total bytes of memory\nBGP activity 9\/4 prefixes, 9\/4 paths, scan interval 60 secs\n\nNeighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up\/Down  State\/PfxRcd\n<mark style=\"background-color:#e2e2e2\" class=\"has-inline-color\">169.254.80.82 <\/mark>  4        12076      11      11       18    0    0 00:05:31        0\n<\/code><\/pre>\n\n\n\n<p>Config a loopback adapter<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ISR-3#conf t\nEnter configuration commands, one per line.  End with CNTL\/Z.\nISR-3(config)#interface Loopback77\nISR-3(config-if)#ip address 192.168.77.1 255.255.255.255\nISR-3(config-if)#end<\/code><\/pre>\n\n\n\n<p>Advertise the loopback adapter<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ISR-3#conf t\nEnter configuration commands, one per line.  End with CNTL\/Z.\nISR-3(config)#router bgp 65000\nISR-3(config-router)#address-family ipv4\nISR-3(config-router-af)#network 192.168.77.1 mask 255.255.255.255\nISR-3(config-router-af)#end\n<\/code><\/pre>\n\n\n\n<p>Validation from Azure Portal<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"338\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-4-1024x338.png\" alt=\"\" class=\"wp-image-936\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-4-1024x338.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-4-300x99.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-4-768x253.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-4-1536x507.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-4-500x165.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-4.png 1746w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>View ARP records -&gt; this validates L2 connectivity<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"226\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-5-1024x226.png\" alt=\"\" class=\"wp-image-937\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-5-1024x226.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-5-300x66.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-5-768x169.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-5-1536x339.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-5-500x110.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-5.png 1623w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>View route table -&gt; Since my on-premise router already have BGP network advertisement configured, the advertised networks are listed, including the loopback address.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"270\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-6-1024x270.png\" alt=\"\" class=\"wp-image-938\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-6-1024x270.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-6-300x79.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-6-768x202.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-6-1536x404.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-6-500x132.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-6.png 1626w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>View route table summary -&gt; Show how long the BGP session is up and version it received<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"178\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-7-1024x178.png\" alt=\"\" class=\"wp-image-939\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-7-1024x178.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-7-300x52.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-7-768x134.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-7-1536x268.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-7-500x87.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-7.png 1681w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>We don&#8217;t have secondary link, so the secondary BGP status shows never.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"176\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-8-1024x176.png\" alt=\"\" class=\"wp-image-940\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-8-1024x176.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-8-300x52.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-8-768x132.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-8-1536x264.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-8-500x86.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-8.png 1694w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Create Aviatrix Transit<\/h2>\n\n\n\n<p>Create vNet for Aviatrix Transit, use Advanced function to select existing Resource Group<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"871\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-159-1024x871.png\" alt=\"\" class=\"wp-image-903\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-159-1024x871.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-159-300x255.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-159-768x654.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-159-353x300.png 353w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-159.png 1429w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>These subnets and route tables are been created<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"332\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-161-1024x332.png\" alt=\"\" class=\"wp-image-905\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-161-1024x332.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-161-300x97.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-161-768x249.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-161-1536x498.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-161-500x162.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-161.png 1740w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Create Transit Gateway and enable the features need to be enable, as otherwise the Transit Gateway need to be deleted and recreated to enable insane mode or BGP over LAN.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"968\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-165-1024x968.png\" alt=\"\" class=\"wp-image-910\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-165-1024x968.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-165-300x284.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-165-768x726.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-165-1536x1452.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-165-317x300.png 317w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-165.png 1785w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>It is recommended to deploy transit gateways into two separate Availability Zones (AZ), this example is in West US region, it doesn&#8217;t have Availability Zones. Also note since we have Insane Mode Encryption selected, it will need \/26 subnet for each transit gateway, which will support up to 50 secondary IPs for IPSec tunnels.<\/p>\n\n\n\n<p>Note: You can use PowerShell command to check AZ availability in certain region. For example, Standard_D3_V2 is available in 3 AZs in West US 2, but not available in West US.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"196\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-166-1024x196.png\" alt=\"\" class=\"wp-image-912\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-166-1024x196.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-166-300x58.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-166-768x147.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-166-1536x295.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-166-500x96.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-166.png 1721w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Aviatrix Controller manages the creation of additional subnet and route tables, note the difference:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"391\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-167-1024x391.png\" alt=\"\" class=\"wp-image-914\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-167-1024x391.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-167-300x115.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-167-768x293.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-167-1536x586.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-167-500x191.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-167.png 1836w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Enable HA Transit Gateway in a different subnet, note 10.0.17.64\/26 subnet doesn&#8217;t exist yet, Aviatrix Controller automatically allocate the next available \/26 range for HA gateway. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"500\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-168-1024x500.png\" alt=\"\" class=\"wp-image-915\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-168-1024x500.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-168-300x146.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-168-768x375.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-168-500x244.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-168.png 1051w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>After HA gateway creation completed, if you switch back to Azure, you will notice additional subnet and route tables created for HA gateway to communicate with Firewall\/BGP over LAN, and intra-gateway communications.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"477\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-169-1024x477.png\" alt=\"\" class=\"wp-image-916\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-169-1024x477.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-169-300x140.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-169-768x357.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-169-1536x715.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-169-500x233.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-169.png 1867w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Deploy ExpressRoute Gateway (ERGW)<\/h2>\n\n\n\n<p>In this blog, we are deploying ERGW in the same Aviatrix Transit vNet. ERGW require \/27 subnet called &#8220;GatewaySubnet&#8221; to be created. This blog we are using 10.0.16.0\/23 CIDR range, and we will be using the last \/27 range will be 10.0.17.224\/27<\/p>\n\n\n\n<p>Alternative design:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create a separate vNet, and create \/27 &#8220;GatewaySubnet&#8221;<strong> <\/strong>subnet<\/li>\n\n\n\n<li>Deploy ERGW in this subnet<\/li>\n\n\n\n<li>Create vNet peering from Aviatrix Transit vNet to ERGW vNet, and check &#8220;Use remote gateway&#8221;<\/li>\n\n\n\n<li>Create vNet peering from ERGW vNet to Aviatrix Transit vNet, and check &#8220;Allow gateway transit&#8221;<\/li>\n\n\n\n<li>Pro: No disturbance of Aviatrix Transit vNet<\/li>\n\n\n\n<li>Con: Additional vNet peering charge<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"704\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-170-1024x704.png\" alt=\"\" class=\"wp-image-919\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-170-1024x704.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-170-300x206.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-170-768x528.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-170-436x300.png 436w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-170.png 1456w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Create ERGW, which is one of the Virtual network gateway (the other type is VPN Gateway)<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"854\" height=\"698\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-171.png\" alt=\"\" class=\"wp-image-920\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-171.png 854w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-171-300x245.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-171-768x628.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-171-367x300.png 367w\" sizes=\"auto, (max-width: 854px) 100vw, 854px\" \/><\/figure>\n\n\n\n<p>Make sure to select region, ExpressRoute gateway type. Then select Aviatrix Transit vNet, and create new public IP:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"839\" height=\"1024\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-172-839x1024.png\" alt=\"\" class=\"wp-image-921\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-172-839x1024.png 839w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-172-246x300.png 246w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-172-768x938.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-172.png 1013w\" sizes=\"auto, (max-width: 839px) 100vw, 839px\" \/><\/figure>\n\n\n\n<p>After the ERGW is created. Create a connection towards the express route circuit<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"716\" height=\"506\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-173.png\" alt=\"\" class=\"wp-image-922\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-173.png 716w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-173-300x212.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-173-425x300.png 425w\" sizes=\"auto, (max-width: 716px) 100vw, 716px\" \/><\/figure>\n\n\n\n<p>Select ExpressRoute as Connection type, then selected the ExpressRoute Circuit<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1013\" height=\"703\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-177.png\" alt=\"\" class=\"wp-image-927\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-177.png 1013w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-177-300x208.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-177-768x533.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-177-432x300.png 432w\" sizes=\"auto, (max-width: 1013px) 100vw, 1013px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1007\" height=\"470\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-178.png\" alt=\"\" class=\"wp-image-928\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-178.png 1007w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-178-300x140.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-178-768x358.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/10\/image-178-500x233.png 500w\" sizes=\"auto, (max-width: 1007px) 100vw, 1007px\" \/><\/figure>\n\n\n\n<p>If the Azure Private Peering BGP session is up and running, the connection status should be Succeeded.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"350\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-9-1024x350.png\" alt=\"\" class=\"wp-image-943\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-9-1024x350.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-9-300x102.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-9-768x262.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-9-500x171.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-9.png 1456w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Validate and fine tune underlay connectivity<\/h2>\n\n\n\n<p>Go to the primary Aviatrix Transit Gateway deployed earlier in Azure Portal, networking -&gt; Select first NIC (eth0). Note down:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Subnet it belongs to: avx-gwhp-subnet-10-0-16-192-26 in this example (subnet name will be different if Insane mode isn&#8217;t enabled)<\/li>\n\n\n\n<li>Private IP address: 10.0.16.196 in this example<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"430\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-10-1024x430.png\" alt=\"\" class=\"wp-image-944\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-10-1024x430.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-10-300x126.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-10-768x323.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-10-1536x645.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-10-500x210.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-10.png 1893w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Also noticed Network Security Group default rule priority 65000, AllowVnetInBound, allows everything from VirtualNetwork tag to VirtualNetwork tag. According to: <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/virtual-network\/service-tags-overview\">Virtual network service tags<\/a>, VirtualNetwork definition:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"194\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-11-1024x194.png\" alt=\"\" class=\"wp-image-945\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-11-1024x194.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-11-300x57.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-11-768x145.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-11-500x95.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-11.png 1385w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>This means on-premise device should be able to reach the Aviatrix Transit Gateway (In AWS, you need to specify on-premise address range in Security Group of the incoming connection)<\/p>\n\n\n\n<p>Let&#8217;s check on the route table on the subnet, and make sure it does have propagate gateway route enabled. <\/p>\n\n\n\n<p>In the Aviatrix Transit vNet -&gt; Subnet -&gt; Search the subnet noted, and click on the Route Table it&#8217;s associated<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"295\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-12-1024x295.png\" alt=\"\" class=\"wp-image-946\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-12-1024x295.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-12-300x86.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-12-768x221.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-12-1536x442.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-12-1000x288.png 1000w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-12-500x144.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-12.png 1858w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>In the route table -&gt; configuration -&gt; Confirm Propagate gateway routes is enabled (this should be the default)<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"715\" height=\"493\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-13.png\" alt=\"\" class=\"wp-image-947\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-13.png 715w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-13-300x207.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-13-435x300.png 435w\" sizes=\"auto, (max-width: 715px) 100vw, 715px\" \/><\/figure>\n\n\n\n<p>Now goes back to the Aviatrix Transit Gateway, make sure it&#8217;s up and running, click on eth0 interface, then run effective route<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"383\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-14-1024x383.png\" alt=\"\" class=\"wp-image-948\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-14-1024x383.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-14-300x112.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-14-768x287.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-14-500x187.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-14.png 1218w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Notice the routes we have observed earlier in Express Route Circuit -&gt; Peerings -&gt; Azure private -&gt; View route table, are all listed here as Virtual network gateway type of routes, and next hop IP 10.3.129.70 is Microsoft Enterprise Edge (MSEE) Routers.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"508\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-15-1024x508.png\" alt=\"\" class=\"wp-image-949\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-15-1024x508.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-15-300x149.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-15-768x381.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-15-1536x762.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-15-500x248.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-15.png 1863w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>From on-premise confirm connectivity to the Aviatrix Transit Gateway<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ISR-3#ping 10.0.16.196 source 192.168.77.1\nType escape sequence to abort.\nSending 5, 100-byte ICMP Echos to 10.0.16.196, timeout is 2 seconds:\nPacket sent with a source address of 192.168.77.1 \n!!!!!\nSuccess rate is 100 percent (5\/5), round-trip min\/avg\/max = 2\/2\/3 ms\n<\/code><\/pre>\n\n\n\n<p>From Aviatrix Transit Gateway, confirm connectivity to on-premise<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"711\" height=\"1024\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-16-711x1024.png\" alt=\"\" class=\"wp-image-950\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-16-711x1024.png 711w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-16-208x300.png 208w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-16-768x1107.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-16-1066x1536.png 1066w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-16.png 1120w\" sizes=\"auto, (max-width: 711px) 100vw, 711px\" \/><\/figure>\n\n\n\n<p>On on-premise router, advertise only loopback via the BGP connection towards ER, as the connectivity between Loopback and Aviatrix Transit Gateways will be treated as underlay, and we will be building BGP over IPSec tunnels on top of this underlay<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ISR-3#conf t      \nEnter configuration commands, one per line.  End with CNTL\/Z.\nISR-3(config)#ip prefix-list router-to-er description Advertise Loopback only          \nISR-3(config)#ip prefix-list router-to-er seq 10 permit 192.168.77.1\/32 \nISR-3(config)#router bgp 65000\nISR-3(config-router)#address-family ipv4\nISR-3(config-router-af)#neighbor 169.254.80.82 prefix-list router-to-er out\nISR-3(config-router-af)#end\n<\/code><\/pre>\n\n\n\n<p>Check effective route on Aviatrix Transit Gateway eth0 again, we should see it can only see the loopback.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"703\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-17-1024x703.png\" alt=\"\" class=\"wp-image-952\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-17-1024x703.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-17-300x206.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-17-768x527.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-17-1536x1055.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-17-437x300.png 437w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-17.png 1638w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Create BGP over IPSec overlay.<\/h2>\n\n\n\n<p>As of now, the Aviatrix Transit Gateway subnet route table has received route from on-premise router via ERGW VNG. But the Aviatrix Transit Gateway itself hasn&#8217;t learned on-premise route yet.<\/p>\n\n\n\n<p>You can observe Aviatrix Transit Gateway Route table via Controller -&gt; Multi-Cloud Transit -&gt; List -&gt; Transit -&gt; Select Transit Gateway -&gt; Details\/Diag<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"437\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-18-1024x437.png\" alt=\"\" class=\"wp-image-954\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-18-1024x437.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-18-300x128.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-18-768x327.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-18-1536x655.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-18-500x213.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-18.png 1541w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Find the Gateway Routing Table section, then click on Refresh button:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"917\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-19-1024x917.png\" alt=\"\" class=\"wp-image-955\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-19-1024x917.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-19-300x269.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-19-768x688.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-19-335x300.png 335w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-19.png 1298w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Or goes to CoPilot -&gt; Troubleshoot -&gt; Cloud Routes -&gt; Gateway Routes, select the Transit Gateway<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"625\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-21-1024x625.png\" alt=\"\" class=\"wp-image-957\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-21-1024x625.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-21-300x183.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-21-768x469.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-21-1536x937.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-21-492x300.png 492w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-21.png 1875w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>As you may recall in the screenshot of Express Route Circuit -&gt; Peerings -&gt; Azure Private -&gt; View route table, we were receiving following CIDRs:<\/p>\n\n\n\n<p>10.1.30.10\/32<br>10.1.31.0\/24<br>10.1.32.0\/24<br>192.168.77.1<\/p>\n\n\n\n<p>They are not in the Aviatrix Transit Gateway route table. Let&#8217;s build the BGP over IPSec tunnel between the on-premise router towards Aviatrix Transit Gateways.<\/p>\n\n\n\n<p>To understand how tunnels will be build via this workflow, visit my blog: <a href=\"https:\/\/cloudlearning365.com\/?p=491\">Aviatrix Site to Cloud Connection demystified<\/a><\/p>\n\n\n\n<p>Multi-Cloud Transit -&gt; Setup -&gt; External Connection -&gt; External Devices<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Aviatrix Gateway BGP ASN : Enter ASN for Aviatrix Transit Gateway here. Or if you already set it up in Multi-Cloud Transit -&gt; Advanced Config -&gt; Local AS Number, it will be prefilled here.<\/li>\n\n\n\n<li>Enable Remote Gateway HA<\/li>\n\n\n\n<li>Over Private Network : Checked<\/li>\n\n\n\n<li>Remote BGP AS Number: 65000<\/li>\n\n\n\n<li>Remote Gateway IP: 192.168.77.1 (Loopback)<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"907\" height=\"1024\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-24-907x1024.png\" alt=\"\" class=\"wp-image-960\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-24-907x1024.png 907w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-24-266x300.png 266w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-24-768x867.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-24-1360x1536.png 1360w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-24.png 1507w\" sizes=\"auto, (max-width: 907px) 100vw, 907px\" \/><\/figure>\n\n\n\n<p>After the External connection from Transit Gateway has been created, head to Site2Cloud -&gt; Setup -&gt; Select the connection showed up here, then click on Edit button<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"664\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-25-1024x664.png\" alt=\"\" class=\"wp-image-961\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-25-1024x664.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-25-300x194.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-25-768x498.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-25-1536x995.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-25-463x300.png 463w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-25.png 1750w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Here you can generate configuration file based on target system. Since I&#8217;m using Cisco ISR, I will select corresponding Vendor, Platform, Software and click on Download Configuration <\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"510\" height=\"410\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-26.png\" alt=\"\" class=\"wp-image-962\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-26.png 510w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-26-300x241.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-26-373x300.png 373w\" sizes=\"auto, (max-width: 510px) 100vw, 510px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>Generated config file attached<\/p>\n\n\n\n<div class=\"wp-block-file\"><a id=\"wp-block-file--media-db1a3793-1651-447b-a8a0-be5353d7bc62\" href=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/transit_ER-LAB_f3dde20b-ed26-4a0c-8498-816f1ad2ffa5-ToOnPrem.txt\">transit_ER-LAB_f3dde20b-ed26-4a0c-8498-816f1ad2ffa5-ToOnPrem<\/a><a href=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/transit_ER-LAB_f3dde20b-ed26-4a0c-8498-816f1ad2ffa5-ToOnPrem.txt\" class=\"wp-block-file__button wp-element-button\" download aria-describedby=\"wp-block-file--media-db1a3793-1651-447b-a8a0-be5353d7bc62\">Download<\/a><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p>Replace &lt;crypto_policy_number&gt; with 1<br>Replace &lt;tunnel_number1&gt; with 11<br>Replace &lt;tunnel_number2&gt; with 12<br>Replace &lt;ios_wan_interface1&gt; with loopback ip: 192.168.77.1<br>Replace &lt;ios_wan_interface2&gt; with loopback ip: 192.168.77.1<\/p>\n\n\n\n<p>Paste the config into ISR conf t window<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Validate IPSec tunnel is up<\/h3>\n\n\n\n<p>Wait a few min, head back to Aviatrix Controller -&gt; Site2Cloud -&gt; Setup -&gt; Refresh. You should see the Site2Cloud connection is Up<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"206\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-27-1024x206.png\" alt=\"\" class=\"wp-image-964\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-27-1024x206.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-27-300x60.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-27-768x155.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-27-500x101.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-27.png 1226w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>If you run into issue, goes to Site2Cloud -&gt; Diagnostics to troubleshoot<\/p>\n\n\n\n<p>In a few min, CoPilot -&gt; Troubleshoot -&gt; Cloud Routes -&gt; Site 2 Cloud also should have Site2Cloud connection shows up<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"410\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-29-1024x410.png\" alt=\"\" class=\"wp-image-966\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-29-1024x410.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-29-300x120.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-29-768x307.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-29-1536x614.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-29-500x200.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-29.png 1865w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">validate BGP is up<\/h3>\n\n\n\n<p>Controller -&gt; Multi-Cloud Transit -&gt; BGP -&gt; Diagnostics -&gt; Predefined Show List -&gt; show ip bgp<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"586\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-28-1024x586.png\" alt=\"\" class=\"wp-image-965\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-28-1024x586.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-28-300x172.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-28-768x439.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-28-1536x878.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-28-500x286.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-28.png 1698w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>CoPilot -&gt; Troubleshoot -&gt; Cloud Routes -&gt; BGP Info<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"519\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-30-1024x519.png\" alt=\"\" class=\"wp-image-967\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-30-1024x519.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-30-300x152.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-30-768x389.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-30-1536x778.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-30-500x253.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-30.png 1869w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Learned CIDR from on-premise<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"510\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-31-1024x510.png\" alt=\"\" class=\"wp-image-968\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-31-1024x510.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-31-300x149.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-31-768x382.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-31-1536x764.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-31-500x249.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-31.png 1887w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Advertised CIDR should be empty right now, as there&#8217;s no spoke attached to the Aviatrix Transit<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"402\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-32-1024x402.png\" alt=\"\" class=\"wp-image-969\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-32-1024x402.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-32-300x118.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-32-768x302.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-32-1536x603.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-32-500x196.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-32.png 1871w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>To Test CIDR advertise back on-prem<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Either we can create a new spoke and attach to transit, it will be advertised to on-premise<\/li>\n\n\n\n<li>Or we can follow Multi-Cloud Transit -&gt; Advanced Config -&gt; enable Advertise Transit VPC Network CIDR(s) (This is used for situation when there are workload running within Transit VPC, normally we don&#8217;t encourage this)<br><\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"653\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-33-1024x653.png\" alt=\"\" class=\"wp-image-970\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-33-1024x653.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-33-300x191.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-33-768x490.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-33-470x300.png 470w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-33.png 1320w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>After this, if we go back to CoPilot, we can see Transit VPC CIDR get advertised.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"377\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-34-1024x377.png\" alt=\"\" class=\"wp-image-971\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-34-1024x377.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-34-300x111.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-34-768x283.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-34-1536x566.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-34-500x184.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-34.png 1873w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Check on the on-premise router side, note 10.0.16.0\/23 got received from both ERGW and Aviatrix Transit, The route received from AS 12076 has a right arrow &gt; beside it indicate it&#8217;s the best route. You may consider VRF to segment these two BGP routes, and apply filters so the route learned via underlay won&#8217;t propagated further down to on-premise.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ISR-3#show ip bgp\nBGP table version is 25, local router ID is 192.168.77.1\nStatus codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, \n              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, \n              x best-external, a additional-path, c RIB-compressed, \n              t secondary path, L long-lived-stale,\nOrigin codes: i - IGP, e - EGP, ? - incomplete\nRPKI validation codes: V valid, I invalid, N Not found\n\n     Network          Next Hop            Metric LocPrf Weight Path\n *    10.0.16.0\/23     169.254.215.58           0             0 65001 i\n *                     169.254.76.182           0             0 65001 i\n <mark style=\"background-color:#e2e2e2\" class=\"has-inline-color\">*&gt;                    169.254.80.82                          0 12076 <\/mark>i\n *&gt;   10.1.30.10\/32    0.0.0.0                  0         32768 i\n *&gt;   10.1.31.0\/24     0.0.0.0                  0         32768 i\n *&gt;   10.1.32.0\/24     0.0.0.0                  0         32768 i\n *&gt;   169.254.76.180\/30\n                      0.0.0.0                  0         32768 ?\n *&gt;   169.254.80.80\/30 0.0.0.0                  0         32768 ?\n *&gt;   169.254.96.0\/29  0.0.0.0                  0         32768 ?\n *&gt;   169.254.215.56\/30\n                      0.0.0.0                  0         32768 ?\n *&gt;   192.168.77.1\/32  0.0.0.0                  0         32768 i\n<\/code><\/pre>\n\n\n\n<p>Once this test is done. remember to disable Advertise Transit VPC Network CIDR(s)<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Or we can use Multi-Cloud Transit -&gt; Advanced Config -&gt; Gateway Manual BGP Advertised Network List. This setting changes ALL BGP advertised CIDR from Aviatrix Transit Gateway towards all connections<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"581\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-35-1024x581.png\" alt=\"\" class=\"wp-image-972\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-35-1024x581.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-35-300x170.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-35-768x436.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-35-500x284.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-35.png 1157w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"371\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-36-1024x371.png\" alt=\"\" class=\"wp-image-973\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-36-1024x371.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-36-300x109.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-36-768x278.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-36-1536x557.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-36-500x181.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-36.png 1765w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>ISR-3#show ip bgp         \nBGP table version is 27, local router ID is 192.168.77.1\nStatus codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, \n              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, \n              x best-external, a additional-path, c RIB-compressed, \n              t secondary path, L long-lived-stale,\nOrigin codes: i - IGP, e - EGP, ? - incomplete\nRPKI validation codes: V valid, I invalid, N Not found\n\n     Network          Next Hop            Metric LocPrf Weight Path\n *&gt;   10.0.16.0\/23     169.254.80.82                          0 12076 i\n *&gt;   10.1.30.10\/32    0.0.0.0                  0         32768 i\n *&gt;   10.1.31.0\/24     0.0.0.0                  0         32768 i\n *&gt;   10.1.32.0\/24     0.0.0.0                  0         32768 i\n<mark style=\"background-color:#e2e2e2\" class=\"has-inline-color\"> *m   80.80.80.80\/32   169.254.215.58           0             0 65001 i\n *&gt;                    169.254.76.182           0             0 65001 i<\/mark>\n *&gt;   169.254.76.180\/30\n                      0.0.0.0                  0         32768 ?\n *&gt;   169.254.80.80\/30 0.0.0.0                  0         32768 ?\n *&gt;   169.254.96.0\/29  0.0.0.0                  0         32768 ?\n *&gt;   169.254.215.56\/30\n                      0.0.0.0                  0         32768 ?\n *&gt;   192.168.77.1\/32  0.0.0.0                  0         32768 i\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Or we can use Multi-Cloud Transit -&gt; Advanced Config -&gt; Connection Manual BGP Advertised Network List. This setting will only affect specified Connection<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"595\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-37-1024x595.png\" alt=\"\" class=\"wp-image-974\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-37-1024x595.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-37-300x174.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-37-768x446.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-37-500x291.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-37.png 1127w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"388\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-38-1024x388.png\" alt=\"\" class=\"wp-image-975\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-38-1024x388.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-38-300x114.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-38-768x291.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-38-1536x581.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-38-500x189.png 500w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/11\/image-38.png 1744w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>ISR-3#show ip bgp\nBGP table version is 31, local router ID is 192.168.77.1\nStatus codes: s suppressed, d damped, h history, * valid, &gt; best, i - internal, \n              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, \n              x best-external, a additional-path, c RIB-compressed, \n              t secondary path, L long-lived-stale,\nOrigin codes: i - IGP, e - EGP, ? - incomplete\nRPKI validation codes: V valid, I invalid, N Not found\n\n     Network          Next Hop            Metric LocPrf Weight Path\n *&gt;   10.0.16.0\/23     169.254.80.82                          0 12076 i\n *&gt;   10.1.30.10\/32    0.0.0.0                  0         32768 i\n *&gt;   10.1.31.0\/24     0.0.0.0                  0         32768 i\n *&gt;   10.1.32.0\/24     0.0.0.0                  0         32768 i\n<mark style=\"background-color:#e2e2e2\" class=\"has-inline-color\"> *m   70.70.70.70\/32   169.254.215.58           0             0 65001 i\n *&gt;                    169.254.76.182           0             0 65001 i<\/mark>\n *&gt;   169.254.76.180\/30\n                      0.0.0.0                  0         32768 ?\n *&gt;   169.254.80.80\/30 0.0.0.0                  0         32768 ?\n *&gt;   169.254.96.0\/29  0.0.0.0                  0         32768 ?\n *&gt;   169.254.215.56\/30\n                      0.0.0.0                  0         32768 ?\n *&gt;   192.168.77.1\/32  0.0.0.0                  0         32768 i\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Today we are starting to discuss first of three options to connect on-premise to Aviatrix Transit. This architecture allows you to use existing IPSec and BGP capable networking device to connect to Aviatrix Transit. I&#8217;ve listed brief steps and constrains &hellip; <a href=\"https:\/\/cloudlearning365.com\/?p=886\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2,4],"tags":[],"class_list":["post-886","post","type-post","status-publish","format-standard","hentry","category-aviatrix","category-azure"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/886","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=886"}],"version-history":[{"count":25,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/886\/revisions"}],"predecessor-version":[{"id":997,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/886\/revisions\/997"}],"wp:attachment":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=886"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=886"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=886"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}