You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/route-server/vmware-solution-default-route.md
+9-9Lines changed: 9 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
-
title: 'Injecting default route to Azure VMware Solution'
3
-
description: Learn about how to advertise a default route to Azure VMware Solution with Azure Route Server.
2
+
title: 'Injecting routes to Azure VMware Solution'
3
+
description: Learn about how to advertise routes to Azure VMware Solution with Azure Route Server.
4
4
services: route-server
5
5
author: halkazwini
6
6
ms.service: route-server
@@ -9,13 +9,13 @@ ms.date: 02/03/2022
9
9
ms.author: halkazwini
10
10
---
11
11
12
-
# Injecting a default route to Azure VMware Solution
12
+
# Injecting routes to Azure VMware Solution with Azure Route Server
13
13
14
-
[Azure VMware Solution](../azure-vmware/introduction.md) is an Azure service where native VMware vSphere workloads run and communicate with other Azure services. This communication happens over ExpressRoute, and Azure Route Server can be used to modify the default behavior of Azure VMware Solution networking. For example, a default route can be injected from a Network Virtual Appliance (NVA) in Azure to attract traffic from AVS and inspect it before sending it out to the public Internet, or to analyze traffic between AVS and the on-premises network.
14
+
[Azure VMware Solution](../azure-vmware/introduction.md) is an Azure service where native VMware vSphere workloads run and communicate with other Azure services. This communication happens over ExpressRoute, and Azure Route Server can be used to modify the default behavior of Azure VMware Solution networking. The most frequent patterns for injecting routing information in Azure VMware Solution are either advertising a default route to attract Internet traffic to Azure, or advertising routes to achieve communications to on-premises networks when Global Reach is not available.
15
15
16
-
Additionally, similar designs can be used to interconnect AVS and on-premises networks sending traffic through an NVA, either because traffic inspection isn't required or because ExpressRoute Global Reach isn't available in the relevant regions.
16
+
## Injecting a default route to Azure VMware Solution
17
17
18
-
## Topology
18
+
Certain deployments require to inspect all egress traffic from AVS towards Internet. While it is possible creating Network Virtual Appliances (NVAs) in AVS, some times those appliances already exist in Azure, and they can be leveraged as well to inspect Internet traffic from AVS. In this case, a default route can be injected from the NVA in Azure to attract traffic from AVS and inspect it before sending it out to the public Internet.
19
19
20
20
The following diagram describes a basic hub and spoke topology connected to an AVS cloud and to an on-premises network through ExpressRoute. The diagram shows how the default route (`0.0.0.0/0`) is originated by the NVA in Azure, and propagated by Azure Route Server to Azure VMware Solution through ExpressRoute.
21
21
@@ -26,12 +26,12 @@ The following diagram describes a basic hub and spoke topology connected to an A
26
26
27
27
Communication between Azure VMware Solution and the on-premises network will typically happen over ExpressRoute Global Reach, as described in [Peer on-premises environments to Azure VMware Solution](../azure-vmware/tutorial-expressroute-global-reach-private-cloud.md).
28
28
29
-
## Communication between Azure VMware Solution and the on-premises network via NVA
29
+
## Communication between Azure VMware Solution and the on-premises network via an NVA
30
30
31
-
There are two main scenarios for this pattern:
31
+
Similar designs can be used to interconnect AVS and on-premises networks sending traffic through an NVA in Azure. There are two main scenarios for this pattern:
32
32
33
-
- ExpressRoute Global Reach might not be available on a particular region to interconnect the ExpressRoute circuits of AVS and the on-premises network.
34
33
- Some organizations might have the requirement to send traffic between AVS and the on-premises network through an NVA (typically a firewall).
34
+
- ExpressRoute Global Reach might not be available on a particular region to interconnect the ExpressRoute circuits of AVS and the on-premises network.
35
35
36
36
> [!IMPORTANT]
37
37
> Global Reach is still the preferred option to connect AVS and on-premises environments, the patterns described in this document add a considerable complexity to the environment.
0 commit comments