Implementing Route Summarization in Azure VMware Solution by info.odysseyx@gmail.com September 24, 2024 written by info.odysseyx@gmail.com September 24, 2024 0 comment 1 views 1 What is a route summary? Route summarization, also known as route aggregation, is a technique used in networking to combine multiple routes into a single summarized route. This can reduce the size of the routing table and simplify the routing process. Why use route summarization in Azure VMware Solution? Route summary for Azure VMware Solution (AVS) is essential in the following scenarios: Route table with 400 UDR route limit: If you need to direct AVS workload segments through a network virtual appliance (NVA), such as Azure Firewall or a third-party firewall, you must create a user-defined route (UDR) for each AVS segment individually. This can quickly become cumbersome if your AVS environment has more than 400 segments, as there is a limit of 400 UDR routes per route table. ExpressRoute Gateway is approaching the 1,000 route limit.: ExpressRoute Gateway has a limit of 1,000 routes it can learn. This includes VNet address spaces and AVS segments directly connected to the hub where the ExpressRoute Gateway is located. Route summarization becomes important as the gateway approaches this limit. Route Summary in NSX In AVS, NSX provides network virtualization to create and manage virtual networks and security. You can also set up route summarization directly within NSX. NSX consists of two gateway routers, Tier-1 and Tier-0. The Tier-0 gateway connects to external networks, summarizes routes, and then advertises the summarized routes to physical networks, which can then propagate them back to Azure and on-premises. However, because Azure VMware Solution is a managed service, customers do not have read/write NSX permissions to modify the configuration of the Tier-0 gateway. Therefore, all route summarization must be performed at the Tier-1 gateway level. If you have contiguous workload segments connected to an NSX Tier-1 gateway, summarization becomes simpler. Otherwise, ensure that all summary paths encompass the workload segments so that the segments do not lose connectivity. To enable path summarization, you must prevent AVS from advertising specific paths and only advertise summarized paths. Therefore, it is important that all summary paths encompass all workload segments so that connectivity is not lost. memo: When using a Tier-1 gateway for summarization, only Workload Segments can be summarized. AVS /22 management addresses cannot be summarized. However, using the Virtual WAN Path Map feature (still in public preview at the time of this writing), you can summarize both /22 management address blocks and Workload Segments. We will explore this topic in more detail in a future blog post once the Virtual WAN Path Map feature becomes generally available. Scenario Overview Let me walk you through the step-by-step process of deploying a summary on an NSX T1 gateway using the topology described below. In my scenario, I have deployed a Virtual WAN hub with an ExpressRoute gateway. This gateway in the hub-VNet connects to both Azure VMware Solution (AVS) and my on-premises environment. The hub also has a VNet that is peered to the Spoke VNet. There is also a Global Reach connection between AVS and on-premises, ensuring connectivity between the two environments. memo: The example I’ve presented leverages a VWAN, but the summary steps and behavior remain consistent with a traditional hub-and-spoke topology. AVS has four workload segments. Each local segment in NSX consists of a /24 subnet and is connected to the same Tier-1 gateway. Segment 1: 192.168.100.0/24Segment 2: 192.168.101.0/24Segment 3: 192.168.102.0/24Segment 4: 192.168.103.0/24 The goal is to stop advertising these four specific routes to both Azure and your on-premises network. Instead, advertise only the summary route 192.168.100.0/22, which includes all four segments. memo: Route summaries must not include networks extended using HCX. Before configuring the route summary As indicated by the blue arrows, the four routes listed below are advertised from AVS to the VWAN Hub ExpressRoute Gateway, and the current route limit is 1,000. These routes are propagated to both the VWAN Hub and the Spoke VNet. Additionally, the four routes are advertised on-premises via Global Reach. Summary Pre-VWAN Hub Valid Routes As highlighted below, I am currently learning /24 routes for VWAN valid routes in AVS. Summary Step 1. Log in to NSX and navigate to: Networking > Tier-1 Gateway. Find the Tier-1 gateway to which all the workload segments are connected. Click on the three dots (highlighted in red) and select it. Edit. 2. Scroll down to expand. Route advertising part time job. Click the icon next to it Setting up route advertising rules (marked in red). 3. Click Add a route advertising rule Create a name for your summary path. In my example, I used “Summary Path”. Add the summary route you want to advertise in Subnets. I used 192.168.100.0/22. Enter the summary route as shown in the diagram and press Enter so that it is circled in blue. Click Add, then click Save. 4. Below T1 Path Advertisement Section, Disabled All connection segments and service ports It is as shown in the figure below (marked in red). important: Make sure all connected segments are included in the summary path. Connected segments that are not included in the summary path will be disconnected. For example, a summary route of 192.168.100.0/22 would include segments 192.168.100.0/24 through 192.168.103.0/24. If an additional segment were configured, say 192.168.104.0/24, it would not be included in the 192.168.100.0/22 summary route. Since certain workload segments are suppressed and only the summary route is advertised, the 192.168.104.0/24 segment would be disconnected unless a summary route is created. 5. Click Save 6. If you are using Global Reach, ensure that you are receiving the summary route from either Azure or your on-premises environment. As shown in the diagram below, NSX T1 in AVS exclusively advertises the summary route 192.168.100.0/22. This route is propagated to both Azure and your on-premises environment via Global Reach. Valid routes after VWAN hub summary As highlighted below, I am currently learning the /22 summary route for VWAN valid routes in AVS. Source link Share 0 FacebookTwitterPinterestEmail info.odysseyx@gmail.com previous post “Exciting Social Media Intern Opportunity for Instagram Reels at Oceantide Productions LLP, Mumbai” next post How to encrypt and decrypt data in ASP.NET Core using Data Protection API. You may also like Insights from MVPs at the Power Platform Community Conference October 10, 2024 Restoring an MS SQL 2022 DB from a ANF SnapShot October 10, 2024 Your guide to Intune at Microsoft Ignite 2024 October 10, 2024 Partner Blog | Build your team’s AI expertise with upcoming Microsoft partner skilling opportunities October 10, 2024 Attend Microsoft Ignite from anywhere in the world! October 10, 2024 Get tailored support with the new Partner Center AI assistant (preview) October 10, 2024 Leave a Comment Cancel Reply Save my name, email, and website in this browser for the next time I comment.