Share via

Local Network gateway BGP

Handian Sudianto 5,776 Reputation points
2025-03-09T12:10:01.3133333+00:00

Hello,

I have topology like below where i set VGW as active active for redudancy.

With this topology should i define the LAN address 10.107.0.0/16 and 10.210.0.107 in LNG1 and 10.107.0.0/16 and 10.210.0.207 in LNG2? Or we let the address space to be blank?

Also in the on-premises firewall i advertise network 10.107.0.0/16, will prefix 10.107.0.0/16 which received by 10.201.0.4 will be advertise to 10.201.0.5 and 10.201.0.5 will advertise again to 10.210.0.207? So i will receive prefix 10.107.0.0/16 on my peer 10.210.0.27

User's image

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,678 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sai Prasanna Sinde 4,335 Reputation points Microsoft External Staff
    2025-03-12T01:12:34.48+00:00

    Hi @Anonymous   

    If BGP is correctly configured, Azure will learn the routes from your on-premises firewall via BGP. Leaving the address space blank keeps the configuration clean and avoids potential conflicts and in most BGP-based VPN setups, leaving the address space blank is the best practice.

    Please refer this document.

    If you correctly specify the on-premises networks, it won't break anything. However, it's redundant and adds unnecessary configuration but if you specify incorrect or incomplete address spaces, it could lead to confusion and troubleshooting difficulties.

    Azure might prioritize the static address spaces over the dynamically learned BGP routes in some scenarios.

    Kindly let us know if the above helps or you need further assistance on this issue.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.