Active-Active BOVPN with Azure Virtual WAN using BGP?
Hi All,
We are migrating a customer's BOVPN that connects with a single Azure VPN Gateway to an Azure Virtual WAN VPN Gateway with 2 instances in Active-Acitve configuration.
I created two BOVPN Virtual Interfaces in the WatchGuard using IKEv2 and BGP for both, the VPN connections are established without errors and azure shows both BGP sessions are connected (one to each Azure VPN Gateway).
The problem is that the WatcGuard is only adding the routes to one of the BOVPN Virtual Interfaces, seems like whichever connects last, the other Virtual Interface shows no routes. Communication from local networks to azure works fine but from azure to local networks is dependent on which VPN connection is used by Azure to send packets, anything sent using the BOVPN with the routes works fine, anything send on the one without does not, so the communication from azure to local is a ht and miss...
If I disable one of the Virtual Interfaces (does not matter which one, both do the same) then the other one gets the routes and as Azure stops sending packets through the one that is down then everything works fine but it defeats the purpose of having an expensive Active-Active setup in Azure if you are only using one and have to do manual failover on the WatchGuard side, plus, half the potential bandwidth...
Shouldn't the WatchGuard add the routes advertised through BGP to both Virtual Interfaces and use ECMP to balance both connections?
BGP configuration is pretty simple:
!
! The local BGP ASN is 10001
!
router bgp 10001
!
! Azure Virtual WAN VPN (Instance0)
neighbor 10.10.10.13 remote-as 65515
neighbor 10.10.10.13 activate
neighbor 10.10.10.13 ebgp-multihop
!
! Azure Virtual WAN VPN (Instance1)
neighbor 10.10.10.12 remote-as 65515
neighbor 10.10.10.12 activate
neighbor 10.10.10.12 ebgp-multihop
!
! Local networks to Advertise
network 172.20.0.0/24
Has anyone been able to get an Active-Active BOVPN with Azure working properly?