A virtual private network (VPN) gateway is popular for sending encrypted traffic between the Azure virtual network and on-premises datacenter over the public Internet. There is also another use case for these virtual network gateways, which is sending encrypted traffic between Azure virtual networks. In the previous section, you saw how you can implement virtual network peering and connect two virtual networks. Similarly, you can use virtual network gateways to connect two virtual networks for communication.
FIGURE 4.5 Modifying virtual network peering
Each virtual network can have only one VPN gateway, and you can establish multiple connections to the gateway. Each connection shares the bandwidth allocated for the VPN gateways. The number of connections and bandwidth depends on which pricing tier of VPN gateway you are using. We will cover these pricing tiers later in this chapter. In Figure 4.7, you can see how two virtual networks are connected with the help of a VPN gateway.
A VPN gateway can be used to establish three types of connectivity.
- Site-to-site (S2S): Helps in connecting on-premises datacenter to cloud
- Point-to-site (P2S): Helps in connecting individual devices to an Azure virtual network
- Virtual network-to-virtual network: Establishes a connection between Azure virtual networks
FIGURE 4.6 Deleting virtual network peering
FIGURE 4.7 Virtual network-to-virtual network VPN connection
The first two types are exclusive for on-premises connectivity, and you are interested in the last connection type as you are covering Azure-to-Azure connectivity now. Virtual network-to-virtual network and site-to-site will appear similar in terms of implementation. However, the only difference is for a site-to-site connection; one end is Azure, and the other end is the on-premises datacenter. On the other hand, for a virtual network to virtual network, both ends are in Azure itself.
You need to create virtual network gateway to establish a VPN connection, and each virtual network gateway comprises two or more VMs managed by Azure. These VMs are deployed to a dedicated subnet within your virtual network called the gateway subnet. The VMs are managed by Azure, and you don’t have the permission to customize or configure them. These VMs are responsible for maintaining the routing rules and running the gateway services. VPN gateways can also be deployed to availability zones; this can help you overcome connectivity issues when there are any zonal-level failures in an Azure region.
Before you deploy the gateway or establish a connection, it’s vital to understand some of the concepts related to gateways such as types of gateways, pricing tiers, and high availability options. These topics are not applicable only to virtual network to virtual network communications, but also applicable while you set up on-premises connectivity. Let’s start with the VPN gateway types.
Leave a Reply