Implementing an NVA solution for traffic inspection
The NVA solution will need to have an Azure Route Server deployed in the same Azure virtual network. This is because an NVA cannot communicate directly with the Azure ExpressRoute gateway that is also needed for this solution to work. The following is a high-level architecture of the solution that will be detailed in this section:
Figure 8.1 – Third-party NVA in the hub VNet inspecting AVS internet traffic
Figure 8. 1 shows the Route Server, the ExpressRoute gateway, and the NVA in the same virtual network. However, the NVA can be in a different virtual network if you need it to be.
We will now walk through the steps for creating and configuring an Azure Route Server and a Quagga network virtual appliance.
Prerequisites
The prerequisites are as follows:
- An Azure subscription
- Minimum contributor access in the Azure subscription
Creating a virtual network
A virtual...
