Share via

Virtual Network Gateway BGP

Handian Sudianto 5,776 Reputation points
2025-02-28T00:41:34.3933333+00:00

My vnet address space is 172.16.0.0/24 with below detail

User's image

Then i create Virtual Network gateway and my BGP Peer IP address 172.16.0.62.

User's image

When we creating the Local Network gateway should we assign BGP peer IP Address for my onprem devices under subnet 172.16.0.0/26? I try use 172.16.0.11

User's image

But i get below error while assigning the Local Network gateway to Virtual Network gateway

User's image

The local network gateway /subscriptions/xxxxx/resourceGroups/rg-networkservices-common/providers/Microsoft.Network/localNetworkGateways/lgw1 cannot have overlapping address space from virtual network gateway subnet /subscriptions/xxx/resourceGroups/rg-networkservices-common/providers/Microsoft.Network/virtualNetworkGateways/1. Click here for details

What BGP Peer IP Address should i use for my onprem devices?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,675 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sai Prasanna Sinde 4,260 Reputation points Microsoft External Staff
    2025-02-28T03:59:27.1733333+00:00

    Hi @Handian Sudianto

    Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

    BGP Peer IP addresses are used for establishing BGP (Border Gateway Protocol) peering between your Azure Virtual Network Gateway and your on-premises router.

    They must be unique and routable; they should not overlap with your VNet address space or the GatewaySubnet.

     Since your VNet is 172.16.0.0/24, you cannot use any IP address within that range for your on-premises BGP Peer IP. You mentioned trying 172.16.0.11, which is also within your VNet and will cause the same error. You need to select a private IP address from a different range that is routable from your on-premises network.

     On your on-premises network, create a small subnet specifically for BGP peering. for example, you could use 192.168.100.0/30. This range provides 4 IP addresses, with 2 usable for the BGP peers and assign one of these IPs to your on-premises router's BGP interface.

     In your Azure Local Network Gateway (Lgw), specify the on-premises BGP Peer IP address from the subnet you created and configure the address space of the Local Network Gateway to represent the networks you want to advertise from on-premises to Azure. This should not include the BGP peering subnet.

     Make sure the BGP Peer IP address of the Virtual Network Gateway is correctly configured (172.16.0.62 in your case) and make sure the ASNs match on both sides.

    Reference: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-bgp-overview

    I hope this has been helpful!

    Your feedback is important so please take a moment to accept answers. If you still have questions, please let us know what is needed in the comments so the question can be answered.

    Thank you for helping to improve Microsoft Q&A!

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.