Overcoming Asymmetrical Routing in Azure Virtual WAN: A Collaborative Journey
In the rapidly evolving landscape of cloud networking, professionals often encounter complex challenges that demand innovative solutions. This blog post delves into a recent scenario involving Azure Virtual WAN (VWAN), where a team embarked on a collaborative journey to address asymmetrical routing issues. This case study not only highlights the technical intricacies but also underscores the importance of collaboration and knowledge sharing in the tech community.
The Challenge:
The core issue revolved around asymmetrical routing within an Azure VWAN architecture, which included two hubs located in different regions. The primary goal was to ensure seamless connectivity between a Palo Alto NGFW in one hub and Panorama in another, without disrupting the existing VPN default routes. The asymmetry in routing was particularly problematic for traffic intended to reach Panorama from the NGFW, as the return traffic defaulted through the VPN, deviating from the desired path.
- The configuration issue with the firewall is acknowledged as a known issue. The only mitigation provided is documented in Microsoft's official documentation. https://learn.microsoft.com/en-us/azure/virtual-wan/whats-new#known-issues
Possible solutions:
- Exposing the Panorama to the public IP and creating a relay subnet for routing / advertising summary route from NCUS to SCUS for NCUS subnet (10.193.0.0/16)
Microsoft
