S2S VPN not propagating route to spoke and hub vnet

Question

I have a hub and spoke topology and one of my spoke hosts a VPN Gateway that has a S2S VPN with another VNET (in another tenant).

The IP Range of the remote network (10.10.6.0/24) (connected with S2S VPN) is not added in my route table (and therefore in the BGP table).

What am I missing here? What configuration do I have to do to have this IP range propagated in my route table and BGP table?

Answer 1

I tried to reproduce the same in my environment and got results like below:

To achieve your scenario, you can make use of cross tenant vnet peering like below:

Go to azure active directory -> users -> create users for both tenants also.

In your tenant -> subscriptions -> access control (IAM) -> Add Network contributor role for user and guest user and same for another tenant with local user and guest user like below:

Now open guest user, try to send invitation to the user like below:

Use the invitation URL and try to login Incognito tab accept the permission and do same in another tenant with guest user login and accept permission as same and close it.

Now, try to login with local primary user for both tenant like below:

Go to your vnet -> Add peering under setting try to select below option.

Resource id should be your vnet of another tenant which we are trying to peer. In that tenant -> vnet -> properties under setting you can find resource id

Then you can see two directories once the invitation accepted you will be able to see two directories. choose another tenant of default directory click on authenticate and add your virtual peering successfully.

Then go to another tenant do the same process select vnet add peering -> select virtual network gateway or route server and select resource id in that another tenant properties and authenticated as same like above:

This way you can easily connect your vnet from another tenant. When I tested with my vpn it got connected successfully like below: