You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/route-server/troubleshoot-route-server.md
+21-19Lines changed: 21 additions & 19 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,11 +1,13 @@
1
1
---
2
2
title: Troubleshoot Azure Route Server issues
3
-
description: Learn how to troubleshoot some of the common Azure Route Server issues.
3
+
description: Learn how to troubleshoot some of the common issues that you may have when you use Azure Route Server in your virtual network.
4
4
author: halkazwini
5
5
ms.author: halkazwini
6
6
ms.service: route-server
7
7
ms.topic: how-to
8
-
ms.date: 09/15/2023
8
+
ms.date: 12/17/2023
9
+
10
+
#CustomerIntent: As a network administrator, I want to learn how to diagnose and troubleshoot issues related to my Azure Route Server so I can resolve them.
9
11
---
10
12
11
13
# Troubleshoot Azure Route Server issues
@@ -14,15 +16,15 @@ Learn how to troubleshoot some of the common Azure Route Server issues.
14
16
15
17
## Connectivity issues
16
18
17
-
### Why does my network virtual appliance (NVA) lose internet connectivity after it advertises the default route (0.0.0.0/0) to Azure Route Server?
19
+
### Why does my network virtual appliance (NVA) lose internet connectivity after it advertises the default route (0.0.0.0/0) to the Route Server?
18
20
19
-
When your NVA advertises the default route, Azure Route Server programs it for all the virtual machines (VMs) in the virtual network including the NVA itself. This default route sets the NVA as the next hop for all internet-bound traffic. If your NVA needs internet connectivity, you need to configure a user-defined route (UDR) to override this default route from the NVA and attach the UDR to the subnet where the NVA is hosted. Otherwise, the NVA host machine keeps sending the internet-bound traffic including the one sent by the NVA back to the NVA itself. For more information, see [user-defined routes](../virtual-network/virtual-networks-udr-overview.md#user-defined).
21
+
When your NVA advertises the default route, the Route Server programs it for all the virtual machines (VMs) in the virtual network including the NVA itself. This default route sets the NVA as the next hop for all internet-bound traffic. If your NVA needs internet connectivity, you need to configure a user-defined route (UDR) to override this default route from the NVA and attach the UDR to the subnet where the NVA is hosted. Otherwise, the NVA host machine keeps sending the internet-bound traffic including the one sent by the NVA back to the NVA itself. For more information, see [user-defined routes](../virtual-network/virtual-networks-udr-overview.md#user-defined).
20
22
21
23
| Route | Next hop |
22
24
|-------|----------|
23
25
| 0.0.0.0/0 | Internet |
24
26
25
-
### Why does the NVA lose its connectivity to the Azure Route Server after forcing all traffic to a firewall using a user-defined route (UDR) on the GatewaySubnet?
27
+
### Why does the NVA lose its connectivity to the Route Server after forcing all traffic to a firewall using a user-defined route (UDR) on the GatewaySubnet?
26
28
27
29
If you want to inspect your on-premises traffic using a firewall, you can force all on-premises traffic to the firewall using a user-defined route (UDR) on the GatewaySubnet (a route table associated to the GatewaySubnet that has the UDR). However, this UDR may break the communication between the Route Server and the gateway by forcing their control plane traffic (BGP) to the firewall (this issue occurs if you're inspecting the traffic destined to the virtual network that has the Route Server). To avoid this issue, you need to add another UDR to the GatewaySubnet route table to exclude control plane traffic from being forced to the firewall (in case adding a BGP rule to the firewall is not desired/possible):
28
30
@@ -33,45 +35,45 @@ If you want to inspect your on-premises traffic using a firewall, you can force
33
35
34
36
10.0.0.0/16 is the address space of the virtual network and 10.0.1.0/27 is the address space of RouteServerSubnet. 10.0.2.1 is the IP address of the firewall.
35
37
36
-
### Why can't I TCP ping from my NVA to the BGP peer IP of the Azure Route Server after I set up the BGP peering between them?
38
+
### Why can't I TCP ping from my NVA to the BGP peer IP of the Route Server after I set up the BGP peering between them?
37
39
38
-
In some NVAs, you need to add a static route to the Azure Route Server subnet to be able to TCP ping the Route Server from the NVA and to avoid BGP peering flapping. For example, if Azure Route Server is in 10.0.255.0/27 and your NVA is in 10.0.1.0/24, you need to add the following route to the routing table in the NVA:
40
+
In some NVAs, you need to add a static route to the Route Server subnet to be able to TCP ping the Route Server from the NVA and to avoid BGP peering flapping. For example, if the Route Server is in 10.0.255.0/27 and your NVA is in 10.0.1.0/24, you need to add the following route to the routing table in the NVA:
39
41
40
42
| Route | Next hop |
41
43
|-------|----------|
42
44
| 10.0.255.0/27 | 10.0.1.1 |
43
45
44
46
10.0.1.1 is the default gateway IP in the subnet where your NVA (or more precisely, one of the NICs) is hosted.
45
47
46
-
### Why do I lose connectivity to my on-premises network over ExpressRoute and/or Azure VPN when I'm deploying Azure Route Server to a virtual network that already has ExpressRoute gateway and/or Azure VPN gateway?
48
+
### Why do I lose connectivity to my on-premises network over ExpressRoute and/or Azure VPN when I'm deploying a Route Server to a virtual network that already has ExpressRoute gateway and/or Azure VPN gateway?
47
49
48
-
When you deploy Azure Route Server to a virtual network, we need to update the control plane between the gateways and the virtual network. During this update, there's a period of time when the VMs in the virtual network lose connectivity to the on-premises network. We strongly recommend that you schedule maintenance to deploy Azure Route Server in your production environment.
50
+
When you deploy a Route Server to a virtual network, we need to update the control plane between the gateways and the virtual network. During this update, there's a period of time when the VMs in the virtual network lose connectivity to the on-premises network. We strongly recommend that you schedule maintenance to deploy a Route Server in your production environment.
49
51
50
52
## Control plane issues
51
53
52
-
### Why does my on-premises network connected to Azure VPN gateway not receive the default route advertised by Azure Route Server?
54
+
### Why does my on-premises network connected to Azure VPN gateway not receive the default route advertised by the Route Server?
53
55
54
-
Although Azure VPN gateway can receive the default route from its BGP peers including Azure Route Server, it [doesn't advertise the default route](../vpn-gateway/vpn-gateway-vpn-faq.md#what-address-prefixes-will-azure-vpn-gateways-advertise-to-me) to other peers.
56
+
Although Azure VPN gateway can receive the default route from its BGP peers including the Route Server, it [doesn't advertise the default route](../vpn-gateway/vpn-gateway-vpn-faq.md#what-address-prefixes-will-azure-vpn-gateways-advertise-to-me) to other peers.
55
57
56
-
### Why does my NVA not receive routes from Azure Route Server even though the BGP peering is up?
58
+
### Why does my NVA not receive routes from the Route Server even though the BGP peering is up?
57
59
58
-
The ASN that Azure Route Server uses is 65515. Make sure you configure a different ASN for your NVA so that an “eBGP” session can be established between your NVA and Azure Route Server so route propagation can happen automatically. Make sure you enable "multi-hop" in your BGP configuration because your NVA and Azure Route Server are in different subnets in the virtual network.
60
+
The ASN that the Route Server uses is 65515. Make sure you configure a different ASN for your NVA so that an *eBGP* session can be established between your NVA and Route Server so route propagation can happen automatically. Make sure you enable "multi-hop" in your BGP configuration because your NVA and the Route Server are in different subnets in the virtual network.
59
61
60
-
### The BGP peering between my NVA and Azure Route Server is up. I can see routes exchanged correctly between them. Why aren’t the NVA routes in the effective routing table of my VM?
62
+
### The BGP peering between my NVA and Route Server is up. I can see routes exchanged correctly between them. Why aren’t the NVA routes in the effective routing table of my VM?
61
63
62
-
* If your VM is in the same virtual network as your NVA and Azure Route Server:
64
+
* If your VM is in the same virtual network as your NVA and Route Server:
63
65
64
-
Azure Route Server exposes two BGP peer IPs, which are hosted on two VMs that share the responsibility of sending the routes to all other VMs running in your virtual network. Each NVA must set up two identical BGP sessions (for example, use the same AS number, the same AS path and advertise the same set of routes) to the two VMs so that your VMs in the virtual network can get consistent routing info from Azure Route Server.
66
+
Route Server exposes two BGP peer IPs, which are hosted on two VMs that share the responsibility of sending the routes to all other VMs running in your virtual network. Each NVA must set up two identical BGP sessions (for example, use the same AS number, the same AS path and advertise the same set of routes) to the two VMs so that your VMs in the virtual network can get consistent routing info from Azure Route Server.
65
67
66
68
:::image type="content" source="./media/troubleshoot-route-server/network-virtual-appliances.png" alt-text="Diagram showing a network virtual appliance (NVA) with Azure Route Server.":::
67
69
68
70
If you have two or more instances of the NVA, you *can* advertise different AS paths for the same route from different NVA instances if you want to designate one NVA instance as active and the other passive.
69
71
70
-
* If your VM is in a different virtual network than the one that hosts your NVA and Azure Route Server. Check if VNet Peering is enabled between the two VNets *and* if Use Remote Route Server is enabled on your VM's virtual network.
72
+
* If your VM is in a different virtual network than the one that hosts your NVA and the Route Server. Check if VNet Peering is enabled between the two VNets *and* if Use Remote Route Server is enabled on your VM's virtual network.
71
73
72
-
### Why is the Equal-Cost Multi-Path (ECMP) function of my ExpressRoute turned off after I deploy Azure Route Server to the virtual network?
74
+
### Why is the Equal-Cost Multi-Path (ECMP) function of my ExpressRoute turned off after I deploy Route Server to the virtual network?
73
75
74
-
When you advertise the same routes from your on-premises network to Azure over multiple ExpressRoute connections, normally ECMP is enabled by default for the traffic destined for these routes from Azure back to your on-premises network. However, after the route server is deployed, the multiple-path information is lost in the BGP exchange between ExpressRoute and Azure Route Server, and consequently traffic from Azure will traverse only on one of the ExpressRoute connections.
76
+
When you advertise the same routes from your on-premises network to Azure over multiple ExpressRoute connections, normally ECMP is enabled by default for the traffic destined for these routes from Azure back to your on-premises network. Currently, when you deploy the Route Server, multiple-path information is lost in the BGP exchange between ExpressRoute and the Route Server, and consequently traffic from Azure will traverse only on one of the ExpressRoute connections.
0 commit comments