Author: cfields475

articles/virtual-wan/How to configure Route-maps to drop inbound routes from Branch sites.md

@@ -0,0 +1,84 @@
+---
+title: 'How to configure Route-maps to drop inbound routes from branch sites'
+titleSuffix: Azure Virtual WAN
+description: Learn how to configure Route-maps to drop inbound routes from branch sites.
+author: cfields475
+ms.service: azure-virtual-wan
+ms.topic: how-to
+ms.date: 03/04/2025
+ms.author: cfields
+ms.custom: references_region
+
+---
+# How to configure Route-maps to drop routes from branch sites
+
+This article helps you use the Route-maps feature to drop routes from branch sites using the Azure portal. For more information about Virtual WAN Route-maps, see [About Route-maps](route-maps-about.md).
+
+## Prerequisites
+
+Verify that you've met the following criteria before beginning your configuration:
+
+* You have virtual WAN (VWAN) with a connection (S2S, P2S, or ExpressRoute) already configured.
+
+  * For steps to create a VWAN with a S2S connection, see [Tutorial - Create a S2S connection with Virtual WAN](virtual-wan-site-to-site-portal.md).
+  * For steps to create a virtual WAN with a P2S User VPN connection, see [Tutorial - Create a User VPN P2S connection with Virtual WAN](virtual-wan-point-to-site-portal.md).
+* Be sure to view [About Route-maps](route-maps-about.md#considerations-and-limitations) for considerations and limitations before proceeding with configuration steps.
+
+## Design
+
+In this situation we have two hubs. Hub 1 has 2 VNets and a VPN branch office. One of the VNets has an NVA peered with the hub.  Hub 2 also has 2 VNets and a VPN branch office. 
+
+ :::image type="content" source="./media/route-maps-how-to-summarize/Environment.png" alt-text="Screenshot shows how to the Enviroment." lightbox="./media/route-maps-how-to-summarize/Environment.png":::
+
+Here is the addressing for this environment:  
+
+| Resource |Address Space |
+| --- |---| 
+|Hub 1 |192.168.1.0/24 | 
+|Hub 2 |192.168.2.0/24  |
+|VNet 1 |10.1.0.0/24  |
+|VNet 2 |10.2.0.0/24 |
+|VNet 3 |10.3.0.0/24  |
+|VNet 4 |10.4.0.0/24  |
+|VPN Branch 1 |10.122.1.0/24, 10.122.2.0/24, 10.122.3.0/24, 10.100.0.0/16|
+|VPN Branch 2 |10.200.0.0/16 |
+|NVA 1 | 10.150.1.0/24, 10.150.2.0/24 , 10.150.3.0/24 , 10.150.4.0/24 |  
+
+## Scenario : Drop inbound routes from Branch sites
+
+In this scenario, the goal is to drop routes being advertised from VPN branch site 1.  In this example we will be taking the routes 10.122.1.0/24,10.122.2.0/24, 10.122.3.0/24 and dropping them.   
+
+ :::image type="content" source="./media/route-maps-how-to-Drop/drop.png" alt-text="Screenshot that shows the Scenario." lightbox="./media/route-maps-how-to-Drop/drop.png":::
+
+## Workflow
+
+1.  Use the Route-Map dashboard in hub 1 to verify what routes are being advertised from the VPN branch. 
+
+   :::image type="content" source="./media/route-maps-how-to-Drop/DB_Before.png" alt-text="Screenshot that shows routes before." lightbox="./media/route-maps-how-to-Drop/DB_Before.png":::  
+   
+   Verify the routes are showing up in the effective route table for hub 1.
+
+   :::image type="content" source="./media/route-maps-how-to-Drop/ER_Before.png" alt-text="Screenshot that shows routes before." lightbox="./media/route-maps-how-to-Drop/ER_Before.png":::   
+
+2. Create a Route-Map to drop the routes. If this is your frist time creating a Route-Map, see [How to configure Route-maps](route-maps-how-to.md) for more information. 
+
+   The Route-Map will have a match rule for route 10.122.2.0/16. The action **Drop** will be selected. 
+
+   :::image type="content" source="./media/route-maps-how-to-Drop/RM.png" alt-text="Screenshot that shows the Route-map." lightbox="./media/route-maps-how-to-Drop/RM.png":::
+
+3. Apply the Route-Map on the VPN branch 1 site connection. The Route-Map will be applied in the inbound direction. 
+
+   :::image type="content" source="./media/route-maps-how-to-Drop/Apply.png" alt-text="Screenshot that shows applying the Route-Map." lightbox="./media/route-maps-how-to-Drop/Apply.png":::
+
+4. Using the Route-Map dashboard in Hub 1, Verify that routes 10.122.1.0/24,10.122.2.0/24, 10.122.3.0/24 are being dropped.   
+
+   :::image type="content" source="./media/route-maps-how-to-Drop/DB_After.png" alt-text="Screenshot that shows routes after applying Route-Map." lightbox="./media/route-maps-how-to-Drop/DB_After.png":::
+
+   Verify the routes are no longer in the effective route table.
+
+   :::image type="content" source="./media/route-maps-how-to-Drop/ER_After.png" alt-text="Screenshot that shows routes after applying Route-Map." lightbox="./media/route-maps-how-to-Drop/ER_After.png":::
+
+## Next steps
+
+* Use the [Route-maps dashboard](route-maps-dashboard.md) to monitor routes, AS Path, and BGP communities.
+* To learn more about Route-maps, see [About Route-maps](route-maps-about.md).

articles/virtual-wan/How to configure Route-maps to prepend routes.md

@@ -0,0 +1,85 @@
+---
+title: 'How to configure Route-maps to prepend routes'
+titleSuffix: Azure Virtual WAN
+description: Learn how to configure Route-maps to prepend routes.
+author: cfields475
+ms.service: azure-virtual-wan
+ms.topic: how-to
+ms.date: 03/04/2025
+ms.author: cfields
+ms.custom: references_region
+
+---
+# How to configure Route-maps to prepend routes
+
+This article helps you use the Route-maps feature to prepend routes using the Azure portal. For more information about Virtual WAN Route-maps, see [About Route-maps](route-maps-about.md).
+
+## Prerequisites
+
+Verify that you've met the following criteria before beginning your configuration:
+
+* You have virtual WAN (VWAN) with a connection (S2S, P2S, or ExpressRoute) already configured.
+
+  * For steps to create a VWAN with a S2S connection, see [Tutorial - Create a S2S connection with Virtual WAN](virtual-wan-site-to-site-portal.md).
+  * For steps to create a virtual WAN with a P2S User VPN connection, see [Tutorial - Create a User VPN P2S connection with Virtual WAN](virtual-wan-point-to-site-portal.md).
+* Be sure to view [About Route-maps](route-maps-about.md#considerations-and-limitations) for considerations and limitations before proceeding with configuration steps.
+
+## Design
+In this situation we have two hubs. Hub 1 has 2 VNets and a VPN branch office. One of the VNets has an NVA peered with the hub.  Hub 2 also has 2 VNets and a VPN branch office. 
+
+   :::image type="content" source="./media/route-maps-how-to-summarize/Environment.png" alt-text="Screenshot shows how to the Enviroment." lightbox="./media/route-maps-how-to-summarize/Environment.png":::
+
+Here is the addressing for this environment:  
+
+| Resource |Address Space |
+| --- |---| 
+|Hub 1 |192.168.1.0/24 | 
+|Hub 2 |192.168.2.0/24  |
+|VNet 1 |10.1.0.0/24  |
+|VNet 2 |10.2.0.0/24 |
+|VNet 3 |10.3.0.0/24  |
+|VNet 4 |10.4.0.0/24  |
+|VPN Branch 1 |10.122.1.0/24, 10.122.2.0/24, 10.122.3.0/24, 10.100.0.0/16|
+|VPN Branch 2 |10.200.0.0/16 |
+|NVA 1 | 10.150.1.0/24, 10.150.2.0/24 , 10.150.3.0/24 , 10.150.4.0/24 |  
+
+## Scenario : Using ASNs to prepend routes 
+
+In this scenario, the goal is to prepend route 10.5.0.192/26 from VNet 3 on Hub 2 with ASN 65533.  
+> [!Important]
+> [!INCLUDE [Preview text](../../includes/virtual-wan-route-maps-ASN.md)]
+
+   :::image type="content" source="./media/route-maps-how-to-prepend/Prepend.png" alt-text="Screenshot that shows the Scenario." lightbox="./media/route-maps-how-to-prepend/Prepend.png":::
+
+## Workflow
+
+1.  Use the Route-Map dashboard in hub 2 to verify the ASNs on routes are being advertised from the VNet connection. 
+
+   :::image type="content" source="./media/route-maps-how-to-prepend/DB_Before_1.png" alt-text="Screenshot that shows the routes before Route-Map." lightbox="./media/route-maps-how-to-prepend/DB_Before_1.png":::
+
+   look at the Route-Map dashboard for the VPN brach 2 to verify the ASNs for route 10.5.0.192/26 that are being sent to the branch office. 
+
+   :::image type="content" source="./media/route-maps-how-to-prepend/DB_Before_2.png" alt-text="Screenshot that shows the routes before Route-Map." lightbox="./media/route-maps-how-to-prepend/DB_Before_2.png"::: 
+
+2. Create a Route-Map to tag the route. If this is your frist time creating a Route-Map, see [How to configure Route-maps](route-maps-how-to.md) for more information. 
+
+   The Route-Map will have a match rule for route 10.5.0.192/26. The action **modify** will be selected. Route Modification will have an **Prepend** for **AS Path** 65533.  
+
+   :::image type="content" source="./media/route-maps-how-to-prepend/RM.png" alt-text="Screenshot that shows the Route-Map." lightbox="./media/route-maps-how-to-prepend/RM.png":::
+
+3. Apply the Route-Map on the VNet 3 connection. The Route-Map will be applied in the inbound direction. 
+
+   :::image type="content" source="./media/route-maps-how-to-prepend/Apply.png" alt-text="Screenshot the Route-map being applied." lightbox="./media/route-maps-how-to-prepend/Apply.png":::
+
+4. Using the Route-Map dashboard in Hub 2, Verify that route 10.5.0.192/26 has an ASN of 65533 added.    
+
+   :::image type="content" source="./media/route-maps-how-to-prepend/DB_After_1.png" alt-text="Screenshot of routes after Route-map being applied." lightbox="./media/route-maps-how-to-prepend/DB_After_1.png":::
+
+   look at the Route-Map dashboard for VPN branch 2 connection to verify route 10.5.0.192/26 has the ASNs 65533 advertised to VPN branch 2.
+
+   :::image type="content" source="./media/route-maps-how-to-prepend/DB_After_2.png" alt-text="Screenshot of routes after Route-map being applied." lightbox="./media/route-maps-how-to-prepend/DB_After_2.png":::
+
+## Next steps
+
+* Use the [Route-maps dashboard](route-maps-dashboard.md) to monitor routes, AS Path, and BGP communities.
+* To learn more about Route-maps, see [About Route-maps](route-maps-about.md).

articles/virtual-wan/How to configure Route-maps to summarize routes from an NVA in a spoke VNet .md

@@ -0,0 +1,81 @@
+---
+title: 'How to configure Route-maps summarize routes from an NVA in a spoke VNet'
+titleSuffix: Azure Virtual WAN
+description: Learn how to configure Route-maps to summarize routes from an NVA
+author: cfields475
+ms.service: azure-virtual-wan
+ms.topic: how-to
+ms.date: 03/04/2025
+ms.author: cfields
+ms.custom: references_region
+
+---
+# How to configure Route-maps to summarize routes from an NVA in a spoke VNet 
+
+This article helps you use the Route-maps feature to summarize routes from an NVA in a spoke VNet  using the Azure portal. For more information about Virtual WAN Route-maps, see [About Route-maps](route-maps-about.md).
+
+## Prerequisites
+
+Verify that you've met the following criteria before beginning your configuration:
+
+* You have virtual WAN (VWAN) with a connection (S2S, P2S, or ExpressRoute) already configured.
+
+  * For steps to create a VWAN with a S2S connection, see [Tutorial - Create a S2S connection with Virtual WAN](virtual-wan-site-to-site-portal.md).
+  * For steps to create a virtual WAN with a P2S User VPN connection, see [Tutorial - Create a User VPN P2S connection with Virtual WAN](virtual-wan-point-to-site-portal.md).
+* Be sure to view [About Route-maps](route-maps-about.md#considerations-and-limitations) for considerations and limitations before proceeding with configuration steps.
+
+## Design
+In this situation we have two hubs. Hub 1 has 2 VNets and a VPN branch office. One of the VNets has an NVA peered with the hub.  Hub 2 also has 2 VNets and a VPN branch office. 
+
+   :::image type="content" source="./media/route-maps-how-to-summarize/Environment.png" alt-text="Screenshot shows how to the Enviroment." lightbox="./media/route-maps-how-to-summarize/Environment.png":::
+
+Here is the addressing for this environment:  
+
+| Resource |Address Space |
+| --- |---| 
+|Hub 1 |192.168.1.0/24 | 
+|Hub 2 |192.168.2.0/24  |
+|VNet 1 |10.1.0.0/24  |
+|VNet 2 |10.2.0.0/24 |
+|VNet 3 |10.3.0.0/24  |
+|VNet 4 |10.4.0.0/24  |
+|VPN Branch 1 |10.122.1.0/24, 10.122.2.0/24, 10.122.3.0/24, 10.100.0.0/16|
+|VPN Branch 2 |10.200.0.0/16 |
+|NVA 1 | 10.150.1.0/24, 10.150.2.0/24 , 10.150.3.0/24 , 10.150.4.0/24 |  
+
+## Scenario : Summarize routes from an NVA in a spoke VNet  
+
+In this scenario, the goal is to summarize some routes being advertised to the hub from the NVA in VNet 1. In this example we will be taking the routes 10.150.1.0/24, 10.150.2.0/24, 10.150.3.0/24, 10.150.4.0/24, and summarizing them to 10.150.0.0/16   
+
+   :::image type="content" source="./media/route-maps-how-to-NVA/NVA.png" alt-text="Screenshot that shows the Scenario." lightbox="route-maps-how-to-NVA/NVA.png":::
+
+## Workflow
+
+1.  Use the Route-Map dashboard in hub 1 to verify the correct routes are currently being advertised from VNet 1 to the hub.
+
+   :::image type="content" source="./media/route-maps-how-to-NVA/DB_Before_1.png" alt-text="Screenshot that shows the routes before Route-maps." lightbox="route-maps-how-to-NVA/DB_Before_1.png":::
+
+   use the Route-Map dashboard to verify the routes being sent to VPN branch 1.  
+   :::image type="content" source="./media/route-maps-how-to-NVA/DB_Before_2.png" alt-text="Screenshot that shows the routes before Route-maps." lightbox="route-maps-how-to-NVA/DB_Before_2.png":::  
+
+2. Create a Route-Map to tag the route. If this is your frist time creating a Route-Map, see [How to configure Route-maps](route-maps-how-to.md) for more information. 
+
+   The Route-Map will have a match rule for route 10.150.0.0/16. The action **modify** will be selected. Route Modification will have an **Replace** for **RoutePrefix** 10.150.0.0/16.  
+   :::image type="content" source="./media/route-maps-how-to-NVA/RM.png" alt-text="Screenshot that shows the Route-map." lightbox="route-maps-how-to-NVA/RM.png":::
+
+3. Apply the Route-Map on the VNet 1 connection. The Route-Map will be applied in the inbound direction. 
+
+   :::image type="content" source="./media/route-maps-how-to-NVA/Apply.png" alt-text="Screenshot that shows the Route-map being applied." lightbox="route-maps-how-to-NVA/Apply.png":::
+
+4. Using the Route-Map dashboard in Hub 1, Verify that route 10.150.0.0/16 is being summarized.    
+
+   :::image type="content" source="./media/route-maps-how-to-NVA/DB_After_1.png" alt-text="Screenshot that shows the Route-map being applied." lightbox="route-maps-how-to-NVA/DB_After_1.png":::
+
+   Using the Route-Map dashboard verify route 10.150.0.0/16 has been advertised to VPN branch 1
+
+   :::image type="content" source="./media/route-maps-how-to-NVA/DB_After_2.png" alt-text="Screenshot that shows the Route-map being applied." lightbox="route-maps-how-to-NVA/DB_After_2.png":::
+
+## Next steps
+
+* Use the [Route-maps dashboard](route-maps-dashboard.md) to monitor routes, AS Path, and BGP communities.
+* To learn more about Route-maps, see [About Route-maps](route-maps-about.md).

articles/virtual-wan/How to configure Route-maps to tag routes.md

@@ -0,0 +1,82 @@
+---
+title: 'How to configure Route-maps to tag routes'
+titleSuffix: Azure Virtual WAN
+description: Learn how to configure Route-maps to tag routes.
+author: cfields475
+ms.service: azure-virtual-wan
+ms.topic: how-to
+ms.date: 03/04/2025
+ms.author: cfields
+ms.custom: references_region
+
+---
+# How to configure Route-maps to tag routes
+
+This article helps you use the Route-maps feature to tag routes using the Azure portal. For more information about Virtual WAN Route-maps, see [About Route-maps](route-maps-about.md).
+
+## Prerequisites
+
+Verify that you've met the following criteria before beginning your configuration:
+
+* You have virtual WAN (VWAN) with a connection (S2S, P2S, or ExpressRoute) already configured.
+
+  * For steps to create a VWAN with a S2S connection, see [Tutorial - Create a S2S connection with Virtual WAN](virtual-wan-site-to-site-portal.md).
+  * For steps to create a virtual WAN with a P2S User VPN connection, see [Tutorial - Create a User VPN P2S connection with Virtual WAN](virtual-wan-point-to-site-portal.md).
+* Be sure to view [About Route-maps](route-maps-about.md#considerations-and-limitations) for considerations and limitations before proceeding with configuration steps.
+
+## Design
+In this situation we have two hubs. Hub 1 has 2 VNets and a VPN branch office. One of the VNets has an NVA peered with the hub.  Hub 2 also has 2 VNets and a VPN branch office. 
+
+   :::image type="content" source="./media/route-maps-how-to-summarize/Environment.png" alt-text="Screenshot shows how to the Enviroment." lightbox="./media/route-maps-how-to-summarize/Environment.png":::
+
+Here is the addressing for this environment:  
+
+| Resource |Address Space |
+| --- |---| 
+|Hub 1 |192.168.1.0/24 | 
+|Hub 2 |192.168.2.0/24  |
+|VNet 1 |10.1.0.0/24  |
+|VNet 2 |10.2.0.0/24 |
+|VNet 3 |10.3.0.0/24  |
+|VNet 4 |10.4.0.0/24  |
+|VPN Branch 1 |10.122.1.0/24, 10.122.2.0/24, 10.122.3.0/24, 10.100.0.0/16|
+|VPN Branch 2 |10.200.0.0/16 |
+|NVA 1 | 10.150.1.0/24, 10.150.2.0/24 , 10.150.3.0/24 , 10.150.4.0/24 |  
+
+## Scenario : Using BGP communities to Tag routes
+
+In this scenario, the goal is to tag route 10.5.0.192/26 form VNet 3 on Hub 2 with BGP community 3356:70   
+
+   :::image type="content" source="./media/route-maps-how-to-Tag/tag.png" alt-text="Screenshot that shows the Scenario." lightbox="./media/route-maps-how-to-Tag/tag.png":::
+
+## Workflow
+
+1. Use the Route-Map dashboard in hub 2 to verify the BGP community on the route 10.5.0.192/26 being advertised from the VNet connection.
+
+   :::image type="content" source="./media/route-maps-how-to-Tag/DB_Before.png" alt-text="Screenshot that shows routes before Route-map." lightbox="./media/route-maps-how-to-Tag/DB_Before.png"::: 
+
+   look at the Route-Map dashboard for the VPN Brach to verify the BGP community on the route for 10.5.0.192/26. The goal is to very what routes are being sent on prem.
+   :::image type="content" source="./media/route-maps-how-to-Tag/DB_Before_2.png" alt-text="Screenshot that shows routes before Route-map." lightbox="./media/route-maps-how-to-Tag/DB_Before_2.png":::   
+
+2. Create a Route-Map to tag the route. If this is your frist time creating a Route-Map, see [How to configure Route-maps](route-maps-how-to.md) for more information. 
+
+   The Route-Map will have a match rule for route 10.5.0.192/26. The action **modify** will be selected. Route Modification will have an **add** for **community** 3356:70.  
+
+   :::image type="content" source="./media/route-maps-how-to-Tag/RM.png" alt-text="Screenshot that shows the Route-map." lightbox="./media/route-maps-how-to-Tag/RM.png":::
+
+3. Apply the Route-Map on the VNet 3 connection. The Route-Map will be applied in the inbound direction. 
+
+   :::image type="content" source="./media/route-maps-how-to-Tag/RM.png" alt-text="Screenshot that shows the Route-map being applied." lightbox="./media/route-maps-how-to-Tag/Apply.png":::
+
+4. Using the Route-Map dashboard in Hub 2, Verify that route 10.5.0.192/26 has the BGP community of 3356:70 added on the VNet 3 connection.    
+
+   :::image type="content" source="./media/route-maps-how-to-Tag/DB_After.png" alt-text="Screenshot that shows routes after Route-map being applied." lightbox="./media/route-maps-how-to-Tag/DB_After.png":::
+
+   look at the Route-Map dashboard for the VPN branch connection to verify route 10.5.0.192/26 has the BGP community 3356:70 being advertised to the VPN branch office 2.  
+
+   :::image type="content" source="./media/route-maps-how-to-Tag/RM_After_2.png" alt-text="Screenshot that shows routes after Route-map being applied." lightbox="./media/route-maps-how-to-Tag/RM_After_2.png":::
+
+## Next steps
+
+* Use the [Route-maps dashboard](route-maps-dashboard.md) to monitor routes, AS Path, and BGP communities.
+* To learn more about Route-maps, see [About Route-maps](route-maps-about.md).