Azure Virtual Network Gateway SKUs
Azure Virtual Network Gateways provide connectivity between Azure Virtual Networks and on-premises networks through VPN connections, or between Azure Virtual Networks. The gateway SKU you choose determines the performance, capacity, and features available for your Virtual Network Gateway.
Understanding Gateway Performance and Capacity
Each SKU offers a different level of performance, measured by:
- Maximum Tunnel Interfaces: The number of IPsec tunnels the gateway can support.
- Maximum Throughput (Aggregated): The maximum combined ingress and egress traffic the gateway can handle. This is often a critical factor for VPN connections.
- Maximum Policy-Based Tunnels: (For legacy Policy-Based VPNs) The number of tunnels supported by specific older configurations.
- Maximum Route-Based Tunnels: The number of tunnels supported for modern Route-Based VPNs.
Available Virtual Network Gateway SKUs
The following table outlines the key SKUs available for Azure Virtual Network Gateways. Note that pricing and exact specifications can vary, so always refer to the official Azure pricing page for the most up-to-date information.
| SKU Name | Max Tunnel Interfaces | Max Throughput (Aggregated) | Max Policy-Based Tunnels | Max Route-Based Tunnels | Features |
|---|---|---|---|---|---|
| Basic | 10 | 100 Mbps | 10 | - | Basic Site-to-Site VPN |
| VpnGw1 | 30 | 650 Mbps | 30 | 30 | Standard VPN, VNet-to-VNet |
| VpnGw2 | 100 | 1200 Mbps | 100 | 100 | Enhanced VPN performance |
| VpnGw3 | 200 | 2500 Mbps | 200 | 200 | High-performance VPN |
| VpnGw1AZ | 30 | 650 Mbps | 30 | 30 | Zone-redundant, High Availability |
| VpnGw2AZ | 100 | 1200 Mbps | 100 | 100 | Zone-redundant, High Availability |
| VpnGw3AZ | 200 | 2500 Mbps | 200 | 200 | Zone-redundant, High Availability |
| VpnGw4 | 500 | 5000 Mbps | 500 | 500 | Ultra Performance VPN |
| VpnGw5 | 1000 | 10000 Mbps | 1000 | 1000 | Maximum Performance VPN |
| ErGw1Mixed | 10 | 500 Mbps | - | 10 | ExpressRoute/VPN Mixed Use |
| ErGw2Mixed | 50 | 1000 Mbps | - | 50 | ExpressRoute/VPN Mixed Use |
| ErGw3Mixed | 100 | 2000 Mbps | - | 100 | ExpressRoute/VPN Mixed Use |
Choosing the Right SKU
When selecting a SKU, consider the following:
- Number of connections: How many VPN tunnels or ExpressRoute circuits do you need to connect?
- Bandwidth requirements: What is the expected traffic volume between your networks?
- High Availability: Do you require zone-redundancy for business-critical applications? Look for SKUs ending in 'AZ'.
- Dual VPN: For increased throughput and availability, consider the VpnGw SKUs.
- ExpressRoute integration: If you plan to use ExpressRoute alongside VPN, explore the 'Mixed Use' SKUs.
Key Considerations
- Performance Tiers: SKUs are often grouped into performance tiers (e.g., Basic, VpnGw1-3, VpnGw4-5). Higher tiers offer significantly more throughput and tunnel capacity.
- Zone Redundancy (AZ SKUs): For critical workloads, AZ SKUs provide resilience by distributing the gateway across multiple Availability Zones within a region.
- Cost: Higher performance and availability features come with increased costs.
- SKU Updates: Azure continuously updates its services. Always consult the official Azure VPN Gateway pricing page for the latest SKU offerings and specifications.
- Policy-Based vs. Route-Based VPNs: While Policy-Based VPNs are simpler, Route-Based VPNs are more flexible and generally recommended for new deployments.
By carefully evaluating your connectivity needs against the capabilities of each Virtual Network Gateway SKU, you can ensure optimal performance, reliability, and cost-effectiveness for your Azure hybrid cloud solution.