Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Gongya_Yu
Collaborator

really like to know what the next-hop IP points to in Azure express route table for ASN 65515

Working on Cloudguard with Azure express route

ER-Nexthop-1.PNG

What do the IPs in red point to ? 

Know it is Azure related ? But no one in Azure answers.  Here there are lots of experts. 

thanks !!

0 Kudos
14 Replies
Alex-
Leader Leader
Leader

Seems to be the BGP Peering Addresses of the Azure peer, like a Router or VPN Gateway.

On Check Point, this would be the router-id.

the_rock
Legend
Legend

@Alex- is 100% right. If you look at 3rd column, shows 65535, which in your case would be AS number.

Andy

0 Kudos
Gongya_Yu
Collaborator

Here is the link related to this question ?
ER-Nexthop-2.PNG
ER-Nexthop-3.PNG
I do not know what peers these IPs in red point to ?

These IPs should be within GatewaySubnet,  65515 is MS  reserved internal ASN.

Are they virtual network gateway IPs ? If yes, we have 3 IPs in our environment. why ?
When a virtual network gateway is deployed, MS deploys two by default, right ?

thanks a lot !!

0 Kudos
the_rock
Legend
Legend

What is BGP peer |P?

Andy

0 Kudos
Gongya_Yu
Collaborator

That is my question.  This is more Azure related question. I posed this in Azure community and no one answer. I am trying some luck here as more helpers are here.

We are deploying cloudguard in Azure. I am digging some details in order to understand the cloud environment.

I searched the internet for 2 days without any luck. The link above is the only thing I found which displays the  routing table. 

In our express routing table, the next-hop even has 3 IPs. I do not know where they point .
ER-Nexthop.PNG

Hopefully, Gustavo Coronel  and shay Levin can shed some light here. 🙂  I watched their many nice videos.
thanks !!

0 Kudos
the_rock
Legend
Legend

K, I see what you are saying now. Not sure what sort of support leven you have for Azure, but it might be worth opening case with their support to confirm.

Just a thought...

Andy

I will keep checking myself as well to see if I can find anything for you.

0 Kudos
Gongya_Yu
Collaborator

thanks so much !!!

0 Kudos
the_rock
Legend
Legend

K, just had more careful look at this. I mean, could it be as simple as below?

Andy

 

Screenshot_1.png

0 Kudos
Gongya_Yu
Collaborator

I guess those next-hop IPs are network virtual gateway. Like to get confirmation from some experts. Also how do we have three ?

Some MS docs mention:
"The Azure gateway subnet is needed by Azure to host the two virtual machines of your Azure gateway"

"A virtual network gateway is composed of two or more Azure-managed VMs that are automatically configured and deployed to a specific subnet that you create called the gateway subnet. The gateway VMs contain routing tables and run specific gateway services."




0 Kudos
the_rock
Legend
Legend

https://learn.microsoft.com/bs-latn-ba/azure/network-watcher/next-hop-overview

https://learn.microsoft.com/en-us/azure/network-watcher/next-hop-overview

https://www.tufin.com/blog/demystifying-azure-route-table

.12 hops all seem to have * beside them, whatever that means, most likely its DIRECTLY CONNECTED, as per below in the lab

 

[Expert@CP-STANDALONE:0]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.16.10.1 0.0.0.0 UG 0 0 0 eth0
172.16.10.0 * 255.255.255.0 U 0 0 0 eth0
192.168.10.0 * 255.255.255.0 U 0 0 0 eth1
\[Expert@CP-STANDALONE:0]# clish
CLINFR0771 Config lock is owned by admin. Use the command 'lock database override' to acquire the lock.
CP-STANDALONE> show route
Codes: C - Connected, S - Static, R - RIP, B - BGP (D - Default),
O - OSPF IntraArea (IA - InterArea, E - External, N - NSSA),
IS - IS-IS (L1 - Level 1, L2 - Level 2, IA - InterArea, E - External),
A - Aggregate, K - Kernel Remnant, H - Hidden, P - Suppressed,
NP - NAT Pool, U - Unreachable, i - Inactive

S 0.0.0.0/0 via 172.16.10.1, eth0, cost 0, age 92910
C 127.0.0.0/8 is directly connected, lo
C 172.16.10.0/24 is directly connected, eth0
external
C 192.168.10.0/24 is directly connected, eth1
internal

 

0 Kudos
Gongya_Yu
Collaborator

thanks a lot !!

the_rock
Legend
Legend

No worries mate. Does that sort of makes sense?

Andy

0 Kudos
Gongya_Yu
Collaborator

I am reading them now.
I just sent a message to my previous co-worker. He is an Azure expert working for MS.

thanks so much !! 

the_rock
Legend
Legend

Sounds good!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.