Virtual WAN and ExpressRoute Integration

This document explains how to integrate Azure Virtual WAN with ExpressRoute for a unified and scalable network architecture.

Introduction to Virtual WAN and ExpressRoute

Azure Virtual WAN is a networking service that brings together networking, security, and routing functionalities into a single operational interface. It provides an optimized and automated branch-to-branch or branch-to-internet connectivity through Azure. ExpressRoute is a service that enables you to create private connections between Azure datacenters and your infrastructure on-premises or in a co-location environment. This private connection offers higher bandwidth, lower latency, and greater reliability than typical internet connections.

Key Benefits of Integration

Simplified Network Management: A single pane of glass for managing your global WAN.
Optimized Branch Connectivity: Efficiently connect your on-premises branches to Azure.
Enhanced Performance: Leverage the dedicated, high-bandwidth capabilities of ExpressRoute.
Global Reach: Extend your network across Azure regions with ease.
Integrated Security: Apply consistent security policies across your network.

Architectural Overview

The integration typically involves establishing an ExpressRoute circuit that connects your on-premises network to an ExpressRoute location. This circuit is then associated with an ExpressRoute gateway within your Virtual WAN hub. This allows traffic from your on-premises network to enter the Virtual WAN hub and be routed to various Azure resources or other connected branches.

Integration Steps

Provision ExpressRoute Circuit: Work with a connectivity provider to establish an ExpressRoute circuit.
Create a Virtual WAN Hub: Deploy a Virtual WAN resource and create a hub in your desired Azure region.
Deploy an ExpressRoute Gateway: Within the Virtual WAN hub, deploy an ExpressRoute gateway.
Associate Circuit with Gateway: Link your ExpressRoute circuit to the ExpressRoute gateway in the Virtual WAN hub. This typically involves peering your circuit with the Azure gateway.
Configure Routing: Use Virtual WAN's routing capabilities to define how traffic flows between your on-premises network, Azure VNet, and other branches.

Configuration Details

ExpressRoute Gateway Configuration

When creating an ExpressRoute gateway, you'll need to specify the gateway SKU, which determines its performance and capacity. For Virtual WAN integration, you'll typically choose a gateway suitable for your bandwidth requirements.

Virtual Network Linking

To allow resources in your Azure Virtual Networks (VNets) to communicate through Virtual WAN and the ExpressRoute connection, you need to link these VNets to the Virtual WAN hub. This process establishes a secure connection and enables effective routing.

Routing Considerations

Virtual WAN offers advanced routing features, including route tables and policies. You can use these to:

Propagate routes from your on-premises network to your Azure VNets.
Control traffic flow between different branches and Azure resources.
Implement security policies using Azure Firewall within your Virtual WAN hub.

Best Practices

Redundancy: Implement redundant ExpressRoute circuits and Virtual WAN hubs for high availability.
Bandwidth Planning: Accurately estimate your bandwidth needs to select the appropriate ExpressRoute and gateway SKUs.
Monitoring: Utilize Azure Monitor to track the performance and health of your Virtual WAN and ExpressRoute connections.
Security: Integrate Azure Firewall for centralized security policy enforcement.

Learn More

For detailed configuration steps and advanced scenarios, please refer to the official Azure documentation:

Configure ExpressRoute with Virtual WAN

Azure Virtual WAN Routing