Hub Upgrade Instructions for VMware SD-WAN Edge Deployed as Azure vWAN NVA

This document is intended for customers who use VMware SD-WAN Edges in Azure and deploy them as Network Virtual Appliances (NVAs) in the Azure Virtual WAN (vWAN) Hub.

For more information, see https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-faq#why-am-i-seeing-a-message-and-button-called-update-router-to-latest-software-version-in-portal.

Upgrade Instructions

Azure is deprecating its Cloud Services-based infrastructure, so the Virtual WAN team is upgrading their virtual routers from their current Cloud Services infrastructure to Virtual Machine Scale Sets based deployments. If you navigate to your Virtual WAN hub resource and see a message to upgrade your router to the latest version as shown in the following screenshot, click " Update router to latest software version" button to initiate router upgrade.

Note: All newly created Virtual Hubs will be automatically deployed on the latest Virtual Machine Scale Sets-based infrastructure and do not require this upgrade.

After clicking " Upgrade Router to the latest software version", a message will indicate that this operation must be performed during a maintenance window.

The Hub Status would display " Updating" and the Routing State as " Provisioning". This process will take approximately 30 to 60 minutes to complete.

After successful completion of the router update, the Hub Status should display " Succeeded" and the Routing State should display " Provisioned" as shown in the following screenshot.

IP addresses are represented in the Virtual Hub's resource JSON as the virtualRouterIps field. Alternatively, you can find it in the Virtual Hub > BGP Peers menu.

Copy the IP Addresses. For example, in this case the IP addresses are 172.16.32.8 and 172.16.32.9. These are the IP addresses on the Virtual Hub that the BGP Peers (VMware SD-WAN NVA) will need to be configured.

On the Orchestrator, the Virtual Edge BGP connections to the Virtual Hub will be displayed as Down, either in Connect or Active state. To configure BGP neighbors for Virtual Edges, see BGP Neighbor Configuration.

Before configuring BGP neighbors on the Virtual Edge, static routes must be configured to allow the Virtual Edges to connect to the Azure Virtual WAN Hub. See Static Routes Configuration.

Static Routes Configuration

To configure static routes, add sufficient /32 static routes to ensure that there is a unique route pointing to the respective GE2 interface on each Virtual Edge. To add a static route, the Orchestrator requires a next-hop IP address. The next hop IP address can be obtained by running the Remote Diagnostic “Interface Status” test in the Remote Diagnostics UI page of the Orchestrator. Select the first IP address of the subnet assigned to GE2 and configure it as the next hop.

The following image shows an IP address assigned to GE2 as 172.16.112.5/25, with the first IP address of this subnet being 172.16.112.1. This IP address is used to configure the static route on the Orchestrator.

The following is the output from Test & Troubleshoot > Remote Diagnostics > Interface Status diagnostic test.

Two static routes are configured on the Edge to reach BGP neighbors, as illustrated in the following screenshot.

BGP Neighbor Configuration

Configure BGP neighbors for each Virtual Edge as shown in the following screenshot. Use the BGP neighbor IPs and the ASN number as displayed in the virtual Hub BGP Peers output. Also, make sure to configure the BGP Max-Hop to 2.

Once static routes and BGP neighbors have been configured, the Virtual Edges should begin learning routes from the Azure Virtual WAN Hub. You can verify the status of the BGP neighbors under Monitor > Network Services.