• Specific NSX overlay segments are unreachable from on-premises sites.
• The affected segments are present and functional within the NSX environment (East-West traffic works).
• The subnets for the affected segments are missing from the Azure ExpressRoute Metro routing table.
• Traceroute tests from virtual machines show traffic reaching an unexpected internal router (e.g., 100.72.###.###) before failing.
• Connectivity was previously functional and failed suddenly without configuration changes to the production environment.

• Azure VMware Solution (AVS)
• VMware NSX
• Azure ExpressRoute Metro

Identical network subnets are being advertised from a secondary or Disaster Recovery (DR) NSX instance. This duplicate advertisement causes the Azure routing plane to inject routes into the wrong routers or suppress the production routes in the ExpressRoute Metro table, leading to a loss of external connectivity for those specific subnets.

To restore connectivity, the duplicate advertisements from the secondary site must be disabled:

1. Identify the Duplicate Source: Review the NSX configuration in the DR or secondary AVS environment to identify segments that share the same CIDR ranges as the unreachable production subnets.
2. Verify Routing: Use the Azure Portal to inspect the ExpressRoute Metro "Route Table" and confirm if the affected subnets are being learned from the DR circuit.
3. Disable DR Segments: In the secondary/DR NSX Manager, navigate to the affected segments and disable their "Route Advertisement" or disconnect the segments from the Tier-1 gateway.
4. Validate Propagation: Monitor the production ExpressRoute Metro routing table. Once the duplicate routes are removed, the production Tier-0 gateway should successfully propagate the routes.
5. Confirm Connectivity: Perform a traceroute from an on-premises host to the production VM to ensure the path now correctly traverses the production ExpressRoute circuit.