Virtual Network Gateways

Virtual network gateways are used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet. They are also used to send encrypted traffic between Azure virtual networks.

Types of Virtual Network Gateways

Azure offers two primary types of virtual network gateways:

VPN Gateway: Used to connect virtual networks to on-premises locations. This is the most common type of gateway.
- Site-to-Site (S2S) VPN: Connects your on-premises network to an Azure virtual network.
- Point-to-Site (P2S) VPN: Connects individual client computers to an Azure virtual network.
- Network-to-Network (N2N) VPN: Connects two or more Azure virtual networks.
ExpressRoute Gateway: Used to connect your on-premises network to Azure via a private, dedicated connection. This offers higher bandwidth, lower latency, and greater reliability than S2S VPNs.

Key Concepts

Gateway Subnet

A dedicated subnet within your virtual network, named GatewaySubnet, is required for deploying a virtual network gateway. This subnet must be at least /27 in size.

                # Example of a GatewaySubnet configuration
                ResourceGroup: MyResourceGroup
                VirtualNetwork: MyVNet
                SubnetName: GatewaySubnet
                AddressPrefix: 10.1.255.0/27
            

Gateway IP Configuration

A public IP address is required for a VPN gateway to allow connections from the internet. An ExpressRoute gateway requires a private IP address.

Connections

Connections are established between the virtual network gateway and the remote network (on-premises, another VNet, or a partner site). These connections define the shared key, tunnel type, and other parameters.

Deployment Considerations

Note: Deployment of a virtual network gateway can take a significant amount of time, often 45 minutes or more. Plan accordingly for your network architecture.

High Availability

Azure Virtual Network Gateways support active-dynamic and active-active configurations for enhanced availability and redundancy.

SKUs

Different SKUs (Stock Keeping Units) are available for VPN and ExpressRoute gateways, offering varying levels of performance, throughput, and features. Choose the SKU that best matches your requirements.

Use Cases

Connecting your on-premises data center to Azure for hybrid cloud solutions.
Extending your corporate network into Azure.
Establishing secure communication channels between different Azure virtual networks.
Providing remote users with secure access to Azure resources.

Tip: For robust and high-performance connectivity, consider using ExpressRoute for dedicated private connections to Azure.

Virtual Network Gateways

Types of Virtual Network Gateways

Key Concepts

Gateway Subnet

Gateway IP Configuration

Connections

Deployment Considerations

High Availability

SKUs

Use Cases

Further Reading