Introduction
In today’s hybrid cloud world, organizations often operate across multiple sites — from on-prem data centers to edge locations — while requiring seamless, secure, and scalable network connectivity. Azure Local SDN (formerly Azure Stack HCI SDN) enables powerful software-defined networking capabilities across these distributed environments. When operating across multiple locations, routing between sites becomes a critical challenge. This article explores how to implement multi-site routing with Azure Local SDN using BGP, Gateway Pools, and Software Load Balancing (SLB).
Azure Local Multi-Site Architecture Overview
To enable multi-site networking in Azure Local SDN, three core components work together:
- Border Gateway Protocol (BGP): Enables dynamic routing between SDN sites and external networks.
- Gateway Pools: Provide VPN and ExpressRoute connectivity for secure cross-site tunnels.
- Software Load Balancer (SLB): Ensures high availability and scalable traffic distribution between sites.
These elements can be combined to support hub-and-spoke, mesh, or hybrid network topologies across regional or edge deployments.
Role of BGP in Multi-Site SDN
BGP is a key enabler of dynamic and scalable routing between Azure Local SDN sites. It provides:
- Dynamic route exchange between SDN gateways and external routers (e.g., on-premises or third-party NVAs)
- Support for route filtering and path selection, allowing granular control over traffic flow
- High availability through multiple BGP peers across gateway nodes
Key Features:
- BGP runs on the Azure Local Gateway role
- Peers with customer edge routers or firewalls (e.g., Fortinet, Palo Alto)
- Advertises local SDN prefixes to remote sites
Gateway Pools for Site Connectivity
Gateway Pools abstract physical SDN gateway hosts into logical resource groups for connectivity services.
Types of Gateway Pools:
- VPN Gateway Pool: Supports site-to-site IPsec tunnels
- ExpressRoute Gateway Pool: Connects SDN sites to Azure or third-party providers
Deployment Highlights:
- Created via PowerShell or WAC SDN Manager
- Configurable for active/passive or active/active modes
- Supports BGP over IPsec for dynamic route learning
Example Use Case: Connect two remote edge sites via IPsec tunnels and use BGP to route internal traffic between local subnets.
Software Load Balancer Integration
Azure Local SLB extends high availability and scalability for services running across sites.
Capabilities:
- North-South Load Balancing: Distributes inbound traffic across multiple sites
- East-West Load Balancing: Balances traffic between VMs and services within and across sites
- SLB VIPs: Create stable endpoints for external/internal access
SLB also integrates with SDN gateway NAT policies and BGP to ensure traffic reaches the appropriate backend, regardless of the site.
Routing Scenarios
Azure Local SDN supports flexible routing models across multiple sites:
| Topology | Description | Routing Behavior | SLB Use |
|---|---|---|---|
| Hub-Spoke | Central hub with multiple edge spokes | BGP to hub, static or dynamic to spokes | North-South at hub |
| Full Mesh | Each site peers with every other | BGP between all sites | East-West across peers |
| Border Site | One site handles all external ingress | Static route to border, BGP to other sites | External SLB at border |
Sample Deployment Snippets
Create VPN Gateway Pool:
New-NetworkControllerGatewayPool -Name "SiteVPNPool" -Type VPN -Servers @("GW01","GW02")Configure BGP Peering:
Add-NetworkControllerBgpPeer -GatewayName "GW01" -PeerIp "10.0.0.1" -LocalASN 65001 -PeerASN 65002Deploy SLB VIP Listener:
New-NetworkControllerLoadBalancer -Name "SLBWeb" -FrontendIPConfig $frontend -BackendPool $backendPool -Protocol TCP -Port 443Interoperability and Security
Azure Local SDN can integrate with NVAs or firewall appliances:
- Supports IPsec tunnels with 3rd-party devices (Palo Alto, Cisco, etc.)
- ACLs can be applied via SDN Policy Manager
- Route filters allow traffic segmentation between tenants or sites
Performance and Scalability Considerations
- BGP Scaling: Each gateway can support multiple peers
- SLB Throughput: Scales horizontally with backend pool instances
- Monitoring: Use SDN diagnostics or Event Tracing for Windows (ETW)
Summary & Real-World Application
Whether you’re a service provider building managed hybrid sites or an enterprise extending campus networks, Azure Local SDN with BGP, Gateway Pools, and SLB offers:
- Resilient multi-site connectivity
- Dynamic routing across secure tunnels
- Load balancing for internal and external workloads
Final Thoughts
Azure Local SDN empowers organizations to build modern, connected, and secure hybrid networks. By combining BGP, Gateway Pools, and SLB, you can achieve resilient and scalable routing between on-premises and edge environments.
Disclaimer
This article is for informational purposes only. All configurations should be validated in a lab before production deployment. Microsoft technologies and capabilities may evolve; consult official documentation for the latest updates.