Support for Azure Route Server with the Branch-to-Branch feature enabled

[jmstrupp-psjh]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

a HashiCorp Terraform resource that can create an Azure Route Server with the Branch-to-Branch feature enabled.

New or Affected Resource(s)

• azurerm_virtual_hub

Potential Terraform Configuration

I do not see a native module for the Azure Route Server itself and see the virtual hub resource is close but I don't see an option to enable the Branch-to-Branch functionality in the virtual hub resource. I was previously using Terraform to just push an ARM Template but seem to run into issues with destroying it later. I thought it would be best to try and use a native Terraform resource instead.

My current solution is to use the virtual hub resource then follow up with pushing an Azure CLI command like so:

resource "null_resource" "branch_to_branch" {
provisioner "local-exec" {
command = "az network routeserver update --name ${var.base_rs_name} --resource-group ${azurerm_resource_group.rg.name} --allow-b2b-traffic true"
}
}

That also seems a bit less than elegant and want to see if there is a better approach.

References

Here is a link to the Microsoft virtualHub template documentation ([https://docs.microsoft.com/en-us/azure/templates/microsoft.network/virtualhubs?tabs=json]) .

Here is a link to the Azure CLI documentation ([https://docs.microsoft.com/en-us/cli/azure/network/routeserver?view=azure-cli-latest#az-network-routeserver-update]) for the Microsoft Route Server showing the “allow-b2b-traffic {false, true}” setting I am talking about. Caution: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you suspect this email is phishing, use the Report Phishing button on your toolbar to report it.

[opslivia]

This is the same as #15709.

[heoelri]

I stumbled accross the same limitation this week and seems like not much has changed this since was raised in March.

But, with the availability of the new azapi resource provider there's now a viable intermediate solution w/o using the null_resource provider.

# deploy azure route server via azapi (due to a lack of functionality in azurerm)
resource "azapi_resource" "hubsite_routeserver" {
  type      = "Microsoft.Network/virtualHubs@2020-11-01"
  name      = "${azurerm_resource_group.hubsite.name}-routeserver"
  parent_id = azurerm_resource_group.hubsite.id
  location  = azurerm_resource_group.hubsite.location

  body = jsonencode({
    properties = {
      sku                        = "Standard"
      allowBranchToBranchTraffic = true,
      virtualRouterAsn           = "${var.asn_routeserver}"
    }
  })

  response_export_values = [
    "properties.virtualRouterIps"
  ]
}

This allows me to deploy a route server with "Branch-to-branch" enabled.

It also allows me to retrieve some properties that are not available in azurerm today.

Its still not perfect (the route server is always using ASN 65515) and I really hope that these capabilities will find their way into the go-sdk and later into the azurerm provider, but its at least unblocking my current use case.