Azure Virtual WAN
Azure Virtual WAN provides a mechanism for a managed hub-and-spoke network within Azure. It consolidates all your endpoint connection types into a single service that simplifies the management of your complex networks and enables transitive network functionality.
The following diagram shows an illustration of the various interconnections that may be employed in a typical environment:
Figure 17.34 – Azure Virtual WAN illustration
As illustrated in the preceding diagram, you could have a variety of connection types, such as ExpressRoute, S2S connections, P2S connections, and even VNet peering. All the traffic flow configurations are managed through Azure Virtual WAN, which will also configure your transitive network flows, eliminating the need for an additional Network Virtual Appliance (NVA). The deployment of Virtual WAN also allows for the deployment of a firewall in the solution, allowing you to secure traffic natively through your hub-and-spoke model.
There are two SKUs that you can purchase as part of the service:
- Basic: The following connections are supported:
- S2S VPN connections
- Branch-to-branch
- Branch-to-VNet connections and VNet-to-branch
- Standard: The following connections are supported:
- P2S connections
- S2S connections
- ExpressRoute (ExpressRoute to ExpressRoute connections are only supported through ExpressRoute Global Reach)
- VNet-to-VNet connections (including Hub Transit)
- VNet-to-Hub and Hub-to-VNet connections
- Branch-to-branch
- Branch-to-VNet connections and VNet-to-branch
- Azure Firewall
- NVA in a Virtual WAN
Effectively, the intention of Virtual WAN is to act as a head-end for your network being the primary routing service for all your interconnections required.
Top Tip
While you can upgrade from the Basic to Standard SKU, you cannot downgrade from Standard to Basic. This is important in deciding your direction for implementation and upgrading.
Now that you understand what Virtual WAN is, we will look at the deployment of the service next.
Configuring Azure Virtual WAN
In order to configure Azure Virtual WAN, you will need to perform the following steps:
- Create a new resource group named AZ104-VirtualWAN.
- Click + Create on the Overview screen for the resource group.
- Click Networking on the left menu, then selectVirtual WAN from the options on the right:
Figure 17.35 – Virtual WAN
- Enter the following and then click Review + create:
- Subscription: Select your Azure subscription.
- Resource group: AZ104- VirtualWAN.
- Resource group location: West Europe (or select what you prefer).
- Name: az104virtualwan.
- SKU: Standard.
- Click Create.
- Navigate to your Virtual WAN and click Hubs under the Connectivity context.
- Click + New Hub.
- Enter the following details and click Next : Site to site >:
- Region: West Europe (or select what you prefer)
- Name: vwanhub
- Hub private address space: 110.0.0.0/24
- Select Yes for Do you want to create a Site to site (VPN gateway)?, select 1 scale unit – 500 Mbps x 2, and set Routing preference as Microsoft network:
Figure 17.36 – Hub site
- Click Review + create, then click Create.
Now that you have a Virtual WAN deployment, you will create a VPN site next.