Azure Global Transit Network Architecture with VWAN

Azure Global Transit Network Architecture with vWAN

Currently all Enterprises require connectivity between hyper-distributed applications , data , and users across cloud and On-premises. The Global transit network is based on the classic hub-and-spoke connectivity model , where ‘HUB’ enables transitive connectivity between endpoints that may be distributed across different types of ‘spokes’.

In this Architecture , below are the following types of Spokes. 

• Virtual Network (VNets)
• Physical Branch Site 
• Remote user 
• Internet

Global Transit Network with Virtual WAN 

Azure Virtual WAN is a Microsoft managed Cloud Networking Service. This Azure Virtual WAN allow a global transit network architecture by enabling any-to-any connectivity between globally distributed sets of cloud workloads in VNets, Branch Sites , SaaS, PaaS applications and users. 

In the Azure Virtual WAN architecture, virtual WAN hubs are provisioned in Azure regions, to which you can choose to connect your branches, VNets, and remote users. The physical branch sites are connected to the hub by Premium or Standard ExpressRoute or site-to site-VPNs, VNets are connected to the hub by VNet connections, and remote users can directly connect to the hub using User VPN (point-to-site VPNs). Virtual WAN also supports cross-region VNet connection where a VNet in one region can be connected to a virtual WAN hub in a different region.

You can establish a virtual WAN by creating a single virtual WAN hub in the region that has the largest number of spokes (branches, VNets, users), and then connecting the spokes that are in other regions to the hub.

 Hub-to-Hub Connectivity 

One of the key principles of global transit network architecture is to enable cross-region connectivity between all cloud and on-premises network endpoints. This means that traffic from a branch that is connected to the cloud in one region can reach another branch or a VNet in a different region using hub-to-hub connectivity enabled by Azure Global Network.

When multiple hubs are enabled in a single virtual WAN, the hubs are automatically interconnected via hub-to-hub links, thus enabling global connectivity between branches and Vnets that are distributed across multiple regions.

Any-to-Any Connectivity 

Global transit network architecture enables any-to-any connectivity via virtual WAN hubs. This architecture eliminates or reduces the need for full mesh or partial mesh connectivity between spokes that are more complex to build and maintain. 

Azure Virtual WAN supports the following global transit connectivity paths. The letters in parentheses map to Figure above.

• Branch-to-VNet (a)
• Branch-to-branch (b)
• ExpressRoute Global Reach and Virtual WAN
• Remote User-to-VNet (c)
• Remote User-to-branch (d)
• VNet-to-VNet (e)
• Branch-to-hub-hub-to-Branch (f)
• Branch-to-hub-hub-to-VNet (g)
• VNet-to-hub-hub-to-VNet (h)

Branch-to-VNet (a) and Branch-to-VNet Cross-region (g)

Branch-to-VNet is the primary path supported by Azure Virtual WAN. This path allows you to connect branches to Azure IAAS enterprise workloads that are deployed in Azure VNets. Branches can be connected to the virtual WAN via ExpressRoute or site-to-site VPN. The traffic transits to VNets that are connected to the virtual WAN hubs via VNet Connections. Explicit gateway transit isn't required for Virtual WAN because Virtual WAN automatically enables gateway transit to the branch site.