IP overlap restriction for S2S vpn - really?

hrtendrup · ‎Mar 15 2022

Hello,

I'm new to Azure, so I'm sure I'm missing the reason for this restriction, but thus far, I have not found a good description of why it exists.

I'm trying to spin up a VPN connection between my traditional/on-prem network and an Azure deployment. I've allocated a largeish range from 1918 10/8 space to break up for Azure subnets. Then, it seems perfectly reasonable to set 10.0.0.0/8 as one of the networks configured on the local network gateway. Multiple posts have indicated that this condition cannot exist, but I'm very much struggling to see why. Why shouldn't Azure perform longest match routing?

Thanks for any high-level smacks-upside-the-head to set me straight.

H

Luke Murray · ‎Mar 17 2022

You can't have overlapping IP ranges out of the box, without using a third party Network Virtual Appliances uses an Extended network using a bidirectional VXLAN tunnel, otherwise Azure doesn't know how to route the traffic.

It is recommended to have a completely different address space and re-IP workloads as appropriate.

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings
https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/azure-extended-net...
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview

Take a look at the Azure Virtual Network Capacity Planner - may be of interest as you plan: https://vnetplanner.chunliu.me

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

IP overlap restriction for S2S vpn - really?

IP overlap restriction for S2S vpn - really?

Re: IP overlap restriction for S2S vpn - really?