Azure Virtual WAN

Azure Virtual WAN

Azure Virtual WAN is a networking service that combines many networking and security , routing functions together, in order to provide a single operational interface. Below are some feature that Virtual WAN provides: 

• Branch connectivity via Virtual WAN partner device ( SD-WAN or VPN CPE). 
• Site-to-Site VPN Connectivity 
• Remote User VPN Connectivity ( Point-to-Site )
• Private Connectivity ( ExpressRoute ) 
• Intra-Cloud Connectivity (transitive connectivity for Virtual network ) 
• VPN ExpressRoute Connectivity
• Routing , Azure Firewall , Encryption for private connectivity. 

The Virtual WAN architecture is based on Hub-Spoke architecture that provides high performance in connectivity for branches ( VPN/SD-WANdevices ) , users ( VPN/OpenVPN/IKEv2 Clients ) , ExpressRoute Circuits and Virtual network. With Virtual WAN , Enterprise can enable global transit network architecture , where the cloud hosted network ‘hub’ enables transitive connectivity between endpoints that may be distributed across different types of ‘spokes’. 

Azure regions serve as hubs that you can choose to connect to. All Hubs are connected in full mesh in a standard Virtual WAN making backbone for any-to-any (any spoke) connectivity.

Azure Virtual WAN Resources

In order to configure an end-to-end Virtual WAN , you need to create the following resources. 

Virtual WAN: The virtualWAN resource represents a virtual overlay of your Azure network and is a collection of multiple resources. It contains links to all your virtual hubs that you would like to have within the virtual WAN. Virtual WAN resources are isolated from each other and can't contain a common hub. Virtual hubs across Virtual WAN don't communicate with each other.

Hub: A virtual hub is a Microsoft-managed virtual network. The hub contains various service endpoints to enable connectivity. From your on-premises network (vpnsite), you can connect to a VPN gateway inside the virtual hub, connect ExpressRoute circuits to a virtual hub, or even connect mobile users to a point-to-site gateway in the virtual hub.The hub is the core of your network in a region. Multiple virtual hubs can be created in the same region.

When using Virtual WAN, you don't create a site-to-site connection from your on-premises site directly to your VNet. Instead, you create a site-to-site connection to the hub. The traffic always goes through the hub gateway. This means that your VNets don't need their own virtual network gateway.

Hub virtual network connection: The hub virtual network connection resource is used to connect the hub seamlessly to your virtual network. One virtual network can be connected to only one virtual hub.

Hub-to-Hub connection: Hubs are all connected to each other in a virtual WAN. This implies that a branch, user, or VNet connected to a local hub can communicate with another branch or VNet using the full mesh architecture of the connected hubs. You can also connect VNets within a hub transiting through the virtual hub, as well as VNets across hub, using the hub-to-hub connected framework.

Hub Route table: You can create a virtual hub route and apply the route to the virtual hub route table. You can apply multiple routes to the virtual hub route table.

Virtual WAN Types

Below are two types of Virtual WANs: Basic and Standard . below information can be used to know the available configuration for each type. 

Basic :

• Hub Type : Basic 
• Available Configuration : Site-to-Site VPN only. 

Standard :

• Hub Type: Standard 
• Available Configuration : ExpressRoute , User VPN(P2S), VPN (S2S), Inter-hub and VNet-to-VNet transitioning through the Virtual Hub , Azure Firewall , NVA in Virtual WAN.