CSR in Azure - Inbound traffic from Xpress-route + Encryption using GRE
I have a question on the inbound route path when deploying CSR 1000V in Azure and using UDR (user defined routes) option for the subnets to route the outbound traffic to the 1000V and make intelligent path selection (possibly with a PBR and Encrypted GRE tunnel to the on-premise router).
Azure documentation states that inbound traffic from express route is handled directly by the Azure Express Gateway bypassing the Virtual Appliance.
User defined routes are only applied to Azure VMs and cloud services. For instance, if you want to add a firewall virtual appliance between your on-premises network and Azure, you will have to create a user defined route for your Azure route tables that forward all traffic going to the on-premises address space to the virtual appliance. However, incoming traffic from the on-premises address space will flow through your VPN gateway or ExpressRoute circuit straight to the Azure environment, bypassing the virtual appliance.
this is a persistent problem with all network appliances in that you cannot control inbound traffic to a VNET as you would expect; this is complicated more if you have ExpressRoute and multiple VNETS connected to the same circuit. you will need to apply a UDR on the actual gateway - which is currently not supported but the product group have listened.
you may see this functionality at some point in Azure this year.
Original Blog published @ https://blogs.cisco.com/datacenter/spinning-up-an-nvme-over-fibre-channel-strategy
Every so often there comes a time when we witness a major shift in the networking industry that fundamentally changes the landscap...
Let me start by telling you that there is already a very nice document in the Cisco Community Forums which describes the procedure to upgrade the APIC CIMC. In case you came across this document before looking into the mentioned one, here is...