Planning and Designing of a BGP network scheme
Synopsis: A template network design for BGP network at scale.
Published June 23rd, 2026
Last Modified: June 23rd, 2026
Intro: Work in progress, still figuring this out exactly, but will need to recreate for about a dozen networks.
Starting with planning for scale. I have a 20 office network to design for and the plan must accomodate 40 vpn tunnels.
This guide should accompany this guide. (Insert Hyper Link.) The other guide demonstrates an example of a functional deployment. In contrast, this guide will have more of a bigger picture.
2.) Network Planning
3.) Implementation Planning
4.) Troubleshooting
Published June 23rd, 2026
Last Modified: June 23rd, 2026
Intro: Work in progress, still figuring this out exactly, but will need to recreate for about a dozen networks.
Starting with planning for scale. I have a 20 office network to design for and the plan must accomodate 40 vpn tunnels.
This guide should accompany this guide. (Insert Hyper Link.) The other guide demonstrates an example of a functional deployment. In contrast, this guide will have more of a bigger picture.
Quick Run Down
1.) What is BGP2.) Network Planning
3.) Implementation Planning
4.) Troubleshooting
What is BGP?
-
No Idea. Stands for Border Group Protocol. Don't ask me.
Network Planning
| Site Listing | Circuit Role | Tunnel Subnet | Azure IP | SonicWall IP | Azure ASN | SW ASN |
| Office 1 - ISP | Primary | 169.254.21.0/30 | 169.254.21.1 | 169.254.21.2 | 65515 | 65010 |
| Office 1 - ISP | Secondary | 169.254.21.4/30 | 169.254.21.5 | 169.254.21.6 | 65515 | 65010 |
| Office 2 - ISP | Primary | 169.254.21.8/30 | 169.254.21.9 | 169.254.21.10 | 65515? | 65010? |
| Office 2 - ISP | Secondary | 169.254.21.12/30 | 169.254.21.13 | 169.254.21.14 | 65515? | 65010? |
Implementation Planning.
- 1.) Start a BGP design document like the table above.
- 2.) Schedule downtime for conversion. These steps are outlining the process for converting an existing S2S vpn tunnel.
- 3.) Start with 'SonicWall Setup' side. Confirm access through WAN as VPN tunnels will go down.
- a.) Continue to the VPN Policies section. Here you'll need to delete the inplace Site to Site VPN before you add the new tunnels.
- b.) Then create the Virtual Tunnel Interfaces. Use the IP values from your BGP network design table.
- c.) Finally, the custom routes. After the two routes are in place, switch back to Azure. We'll return the CLI configuration at the end.
- 4.) Now within the Azure Portal;
- a.)either configure the VPN gateway for the first time, or simply add your new BGP IP Addresses.
- b.) Then your local network gateways. You'll need to remove the prior address space and update the values like the example in the guide.
- c.) Last your connections. You'll be able to create and attach both, with BGP enabled.
- 5.)Lastly in the SonicWall CLI;
Clean up.
- 1.) Remove temp admin account if created.
- 2.) Disable SSH connection to WAN interfaces.
Troubleshooting
- PlaceHolder
- PlaceHolder
Recommended Reading
- PlaceHolder
- PlaceHolder
- PlaceHolder