Multi Cloud Site to Site VPN

Suman Bikram Singh 20 Reputation points
2024-10-07T04:22:28.4866667+00:00

While finding some VPN troubleshooting I found this discussion. I'm planing to complete a POC for multi cloud VPN tunnels between Azure, AWS and Google Cloud. VPN looks easy to configure without BGP (where APIPA are mentioned). I have a couple of questions may be this group can answer. At each cloud side they ask for ASN and BGP APIPA. How to get those values? Let's say if I'm setting up a VPN between Azure and AWS, then what would be the ASN at each side and what would be the BGP at each end? Also if I peer Azure with Google, again what would be the ASN and APIPA for Azure and Google cloud? I understand that some specific values are reserved for each environment . How to understand without copy and paste from online tutorials?

Azure Virtual WAN
Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
226 questions
Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,557 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,505 questions
0 comments No comments
{count} votes

Accepted answer
  1. KapilAnanth-MSFT 46,876 Reputation points Microsoft Employee
    2024-10-07T12:07:07.6266667+00:00

    @Suman Bikram Singh ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you would like to know about ASN and BGP.

    Note that Microsoft Q&A platform is used to discuss products and issues related to Azure. ASN and BGP are industry standards which Azure supports. I would suggest you to refer to official IANA documents and RFC for accurate and up to date information on them.

    With that said,

    ASN :

    • Autonomous System, simply put, is a large network or group of networks that has a unified routing policy.
    • Each AS is assigned an official number - which we call autonomous system number ASN
    • Every organization reserves certain ASNs for their own
      • Certain ASNs reserved by Azure are
        • Public ASNs: 8074, 8075, 12076
        • Private ASNs: 65515, 65517, 65518, 65519, 65520
    • NOTE: You can use one of the above Private ASNs in your VPN Gateway or any one from the range of ASNs defined in Section 5 of RFC (for Private use)
    • When you create a VPN Gateway, you are creating it on a VNET (a Network). And when you assign an ASN to the VPN Gateway, you are actually assigning a ASN to the Network represented by the VPN Gateway

    BGP :

    • This is a route exchange protocol. Simply put, it enables two AS to share the network address spaces for routing. (Traffic Selectors)
      • From Azure perspective, this automates the role of LNG - where you are explicitly required to share the address space of the connecting party
      • With BGP, you don't have to specify the remote address space manually and in the remote side you don't have to specify the Azure's address range manually.
    • Azure assigns a private IP address from the GatewaySubnet prefix range automatically as the Azure BGP IP address on the VPN gateway.
    • This remote side, talks to this IP Address to learn Azure's route and advertise their routes to Azure.
      • You should be able to see it from the Portal once you enable BGP
    • Similarly, you will be expected to input a IP address from Remote side, to which Azure VPN Gateway can talk to learn Remote's route and advertise Azure's routes to the remote.

    More information on ASN :

    More information on BGP :

    Kindly let us know if this helps or you need further assistance on this issue.

    Thanks,

    Kapil


    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.