Microsoft AZ-700: Connect Remote Resources by Using. Azure Virtual WANs

Reading Time: 2 minutes

Notes from MS Learn AZ-700 Module 2: Design and Implement Hybrid Networking – Unit 6: Connect Remote Resources by Using. Azure Virtual WANs

Organizations are exploring options enabling employees, partners, customers to connect to resources from anywhere. This often happens across national and regional boundaries as well as time zones. This is where Virtual WANs can help

  • What is Azure Virtual WAN
    • Networking services bringing networking, security, routing functionalities into a single interface
    • Some features
      • Branch Connectivity
        • Through connectivity automation from partner devices such as SD-WAN or VPN CPE)
      • Site-to-Site VPN Connectivity
      • Remote user VPN Connectivity (Point-to-Site)
      • Private Connectivity (ExpressRoute)
      • Intra-cloud Connectivity (transitive for VNets)
      • VPN ExpressRoute inter-connectivity
      • Routing, Azure FW, Encryption for private connectivity
    • Configuration for end-to-end virtual WAN requires
      • Virtual WAN
      • Hub
      • Hub VNet connection
      • Hub-to-Hub connection
      • Hub route table
  • Choose Virtual WAN SKU
    • virtualWAN resource is a virtual overlay of Azure network
    • Collection of many resources
    • Contains links to all virtual hubs desired within the virtual WAN
    • Isolated from each other
      • Cannot have a common hub
    • Virtual hubs in different virtual WANs don’t communicate
    • Two types: Basic and Standard (table below from MS Learn)
  • Hub Private Address Space
    • Virtual Hub is MS managed virtual network
    • Hub contains various service endpoints for connectivity
    • From on-prem (vpnsite) connect
      • To a VPN gateway inside virtual hub
      • ExpressRoute circuit to virtual hub
      • Mobile users to Point-to-Site gateway within virtual hub
    • Hub is core of network in region. Multiple hubs possible in same region
    • Min address space is /24
    • Anything /25-/32 kicks error during creation
    • No need to specify as Azure creates subnets in virtual hub for different gateways/services it needs
  • Gateway Scale
    • Hub gateway not the same as virtual network gateway used for ExpressRoute and VPN Gateway
    • Virtual WAN you don’t create Site-to-Site from on-prem direct to VNet
    • Create Site-to-Site to the hub
      • Traffic goes through hub gateway
    • In Virtual WAN VNets take advantage of easy scaling through virtual hub and virtual hub gateway
  • Connect Cross-Tenant VNets to a Virtual WAN Hub
    • Ability to use Virtual WAN to connect VNet to virtual hub in diff tenant
      • Useful if client workloads must be connected to same network but exist on diff tenants
    • Configuration but be already in place before cross-tenants VNet connectivy to Virtual WAN Hub
      • Virtual WAN and Virtual Hub in parent subscription
      • VNet in subscription of remote tenant
      • Non overlapping addr space in remote tenant and any other VNet connected to parent Virtual Hub
  • Virtual Hub Routing
    • Provided by a route managing all routing between gateways using BGP
    • Virtual Hub can contain multiple gateways
      • Site-to-Site VPN Gateway
      • ExpressRoute Gateway
      • Point-to-Site Gateway
      • Azure FW
    • Route also provides transit connecivity between VNets connected to a virtual HUB
      • Support an aggregate throughput of 50 Gbps
    • Capabilities apply to Standard Virtual WAN customers
    • MS Link to more configuration details on routing: https://learn.microsoft.com/en-us/azure/virtual-wan/how-to-virtual-hub-routing
  • Hub Route Table
    • Create a virtual Hub Route and apply to Virtual Hub Route Table
    • Can apply multiple route to table
Share this article:

Permanent link to this article: https://www.packetpilot.com/microsoft-az-700-connect-remote-resources-by-using-azure-virtual-wans/

Leave a Reply

Your email address will not be published.