Viknaraj


Thursday, 14 November 2024

BGP Capabilities and Limitations in Azure.



Border Gateway Protocol (BGP) is a widely used routing protocol on the Internet, designed for exchanging routing and reachability information between multiple networks. In the context of Azure Virtual Networks, BGP facilitates communication between Azure VPN gateways and your on-premises VPN devices, known as BGP peers or neighbours. It allows them to share "routes," enabling both gateways to understand the availability and accessibility of network prefixes through the respective gateways or routers. Additionally, BGP supports transit routing by sharing learned routes from one BGP peer with all other connected BGP peers, enabling efficient multi-network communication.

 

The BGP supports Automatic Failover VPN in Azure.

If the VPN tunnel needs an Automatic Failover VPN Connection, for example, if a customer has two internet connections over two separate links, we can create an additional connection on the Azure side using the existing virtual network gateway to have a redundant connection to customers on-premise. We can configure the BGP, which supports the Azure virtual network gateway and will route traffic through the available tunnel if one connection goes down.

 

VPN connection redundancy.

  • Using AS path prepending, you can influence routing decisions between multiple connections to your on-premises sites.
  • Azure VPN gateway will honour AS Path prepending to help make routing decisions when BGP is enabled.
  • A shorter AS Path will be preferred in BGP path selection.

For example, if there are two separate VPN connections to your on-premises router, we can enable BGP on our VPN gateway and then advertise the primary connection address prefix with a short AS path and the secondary connection address prefix with a longer AS path.

 

BGP Limitations in Azure

The Azure VPN gateway using BGP automatically advertises the following routes to your on-premises devices, and these cannot be excluded:

  • The Virtual network address prefixes.
  • Address prefixes for each Local Network Gateway connected to the Azure VPN gateway.
  • Routes learned from other BGP peering sessions connected to the Azure VPN gateway, excluding the default route and any routes that overlap with a virtual network prefix.

There is no way to restrict advertising to only one Address prefix from Azure to on-premises. Currently, there is no option to use Route filters to receive/advertise IP ranges for specific IP ranges on the Azure VPN Gateway.

 

The solution for restricting the BGP unwanted traffic.

  • The easiest way to achieve this is via on-prem routers. You will have to apply a BGP route filter to the on-prem routers.
  • Deploy the VPN directly to the spoke VNet and not choose the option to route via the remote gateway. This will only advertise the specific VNet range to the on-premises.
  • Deploy the 3rd party VPN on Azure (NetworkAppliances) that can do route filtering.

Sunday, 20 October 2024

Cloud Engineering Career

I had the amazing opportunity to deliver a session about Azure Technology at Stanford College, Nintavur, on October 20, 2024. 

We discussed Azure Infrastructure Technology, Platform Technology, and Azure Security Data technology during the session.


Thank you to Stanford College, Nintavur, for organizing the event.








Thursday, 17 October 2024

The Basic SKU Public IPs will be Retired in Azure


Microsoft has announced that the Basic SKU public IPs will be retired On September 30, 2025; if you are currently using the Basic SKU IPs in your environment, it is better to upgrade them as soon as possible. When you upgrade the VMs Public IP, the IP address will never change, so the upgrading won't affect your working environment.

This process requires a maximum of 3-5 minutes of downtime, but based on your environment, the downtime will change.

If your Basic SKU Public IP is attached to the VPN / ExpressRoute Gateway, you must recreate the Gateway at that time. The IP will change, so the remote device should change the new IP.

Sunday, 29 September 2024

Managing Amazon S3 Buckets

In our previous article, we learned how to deploy the S3 account in AWS; click here to learn about the S3 deployment. In this article, we will learn how to manage the S3 Bucket.

Deploying Elastic Compute Cloud (EC2) in AWS

The Elastic Compute Cloud (EC2) instances are virtual machines provided by Amazon Web Services (AWS).

EC2 provides a wide range of instance types, allowing users to select the size and configuration that best suits their needs.

We can launch EC2 instances on demand and scale up or down as needed to match our workload requirements.




Friday, 27 September 2024

Creating a Virtual Private Cloud (VPC) in AWS

 Virtual Private Cloud (VPC) lets you create a virtual network, select your own IP address range, create your own subnets, and configure your route tables and network gateways.

The Virtual Private Cloud (VPC) will be completely isolated from the other servers deployed in Amazon Web Services. Security groups and network access control lists will help us control the IP addresses of the virtual machines and route tables and gateways to the VPC.

 

Friday, 13 September 2024

AWS Challenge 2024



Join the Get AWS Certified: Associate Challenge before December 12, 2024, to receive your 50% discount voucher*.


Validate the skills and knowledge required for specific technical roles critical for organizations with workloads running on AWS. Associate-level AWS Certifications are a good starting point on the AWS Certification journey for IT and cloud professionals looking to build their careers as AWS Cloud professionals.
Follow this 4-step exam prep process to approach exam day with confidence:

  • Step 1: Get to know the exam and exam-style questions by reviewing the exam guide and taking the Official Practice Question Set.
  • Step 2: Refresh your AWS Knowledge and skills by reviewing resources available on AWS Skill Builder, our online learning center.
  • Step 3: Review and practice for your exam with digital training resources on AWS Skill Builder, available through this challenge.
  • Step 4: Assess your exam readiness by taking the full-length Official Practice Exam or Official Pretest.

Register Now