Tag: BGP

BGP Filters in Juniper

So, this topic might be a bit too short for you, and I’m sure your BGP filters in your SRX are way more advanced. But for the simpler people like me that just need to get something done; this one is for you. When I did the AnyCast DNS setup using BGP at home and […]

Read more

Look up… DNS Anycast on ADDS

When deploying Active Directory, it has been a tradition to set the DNS IP addresses on clients to match the nearest Domain Controller to the clients. This means that every DHCP scope in the organization has to have different IP addresses for the name servers and administrators have to manually ensure everything is configured correctly. […]

Read more

Azure Stack Development Kit – BGP

Now that we have our Azure Stack Development Kit in routing mode, we can also send the BGP information from within the Stack to the Juniper Firewalls (or any FW you have..). This will ensure that the new “external IP addresses” that are assigned to our workloads are accessible via our intranet route information and […]

Read more

Highly Available Azure GW’s and Juniper SRX

Pretty quietly Azure has released the option of using redundant VPN connections. In this case, the gateway in Azure actually gets 2 external IP addresses that our on-premises Firewall can connect to. In this chapter, a small update on the Juniper SRX, BGP to Azure post. So that after following this guide, you can actually […]

Read more

Redundant SRX Junos to Azure VPN with VNET Peering

Ever since playing with BGP I was looking for a way to make redundant tunnels. As the local internet provider here would only allow me a single IP address, I looked at the other side. What if we have two Azure regions that have a VPN tunnel to my SRX and between each other. Routing would be dealt with by BGP and thus, I should be able to connect to both VNET’s through each of the VPN tunnels.

Read more

Juniper SRX Junos Azure BGP VPN Tunnel

Hosting applications in Azure usually requires some form of connection to the on-premises networks. You could use Point-to-Site dialup or ExpressRoute, but Site-2-Site VPN’s seems the most use technology, and certainly is cheaper than ExpressRoute connection.

But what if you want to use multiple links for failover? What if your local firewall fails or the internet connection itself? Well, that’s why Azure supports MultiSite VPN’s. While it is capable of having two tunnels from on-premises to Azure with preferences, there is no automatic failover support. That means that if tunnel 1 goes down, tunnel 2 is NOT automatically activated. You need to disable tunnel 1 in Azure itself and only THEN tunnel 2 comes up. Which is annoying, but there is another way to fully automate this.. BGP, Border Gateway Protocol.

Read more