Azure VMware Solution: Internet Egress via On-Premises

Use Case

Azure VMware Solution allows for Internet egress though Azure or on-premises. When the desire is to have workloads within the Azure VMware Solution private cloud access the Internet via on-premises (typically to inspect outbound internet via on-premises firewall), the on-premises environment will need to advertise a default route to AVS.

General Information

  • The on-premises environment will need to advertise a default route “up” the ExpressRoute to Azure.
  • When this route is advertised it will be learned by both the Azure vNet and Azure VMware Solution, assuming there is already connectivity between AVS and on-premises.
  • IMPORTANT: The default route could potentially impact the Azure vNet Internet egress routes, so please make sure you are familiar with how to configure the virtual networks to have the desired result.

Implementation and Configuration

  1. Configure the on-premises environment to advertise a default route to Azure.

  1. At this point Azure VMware solution should see the default route coming from on-premises. 

  1. If the on-premises default route “disappears”, there are two possible outcomes.

    Outcome 1: AVS workloads have no more Internet egress path.
    Outcome 2: AVS workloads will access the Internet via Azure.

  1. If the desire is to have Outcome 1, follow this link and set the “Internet Enabled” setting to Disabled.

    If the desire is to have Outcome 2, follow this link and set the “Internet Enabled” setting to Enabled.

Add a Comment

Your email address will not be published.