While setting up VPN tunnels, we need resilience and high availability of the solution if the VPN tunnel fails. The way we achieve high availability is using redundant tunnels.
Most of the networks today follow Hub and Spoke model which means a network is most likely consists of multiple Azure VNets peered together. The network address space is propagated when VNets are peered. For Onprem network to discover Azure network space across all peered VNets and to automatically failover to redundant VPN tunnel, BGP protocol is used
Following is the microsoft document that explains different strategies for highly available VPN Gateways.
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
From the document above I am going to cover redundant tunnels using BGP explained in the section "Multiple on-premises VPN devices"
To establish highly available redundant tunnels, Azure VPN Gateway automatically comes with Active and Standby mode, which means we don't need 2 gateway endpoints on Azure side. If the active tunnel fails, it would automatically failover to same public ip and BGP ip for Standby.
This however means, we need to have 2 VPN connections on Onprem side with unique Public IPs.
I will give you an example here to show how to set this up.
Virtual Network Gateway
When creating new virtual network gateway, I have highlighted the red boxes that needs to be set apart from other network related selection you would do.
When the resource is deployed, this sets up Azure side of gateway and assign a public IP for the Azure gateway and a private BGP IP. You cannot change these values. ASN can be changed if desired.
If your connection is established properly, you can go to BGP Peers under monitoring of the virtual network gateway to see if your gateway is properly leaning and advertising the BGP routes.