Deploying Azure Virtual WAN
This guide provides step-by-step instructions for deploying Azure Virtual WAN, a networking service that brings many networking, security, and routing functionalities into a single managed interface. It simplifies the management of global networks by automating the deployment and management of virtual WAN hubs.
Prerequisites
- An Azure subscription. If you don't have one, create a free account before you begin.
- Sufficient permissions to create network resources in your subscription.
- A virtual network (VNet) that you want to connect to the Virtual WAN hub. This VNet should not have any existing VPN gateways or ExpressRoute gateways.
Steps to Deploy Virtual WAN
-
Create a Virtual WAN resource
Navigate to the Azure portal. In the search bar, type "Virtual WAN" and select it from the list of services.
Click on Create to begin the Virtual WAN creation process.
On the Basics tab:
- Select your Subscription and Resource group.
- Enter a unique Name for your Virtual WAN.
- Choose the Region for your Virtual WAN.
- Select the Virtual WAN type (e.g., Standard).
Click Review + create, then Create.
-
Create a Virtual Hub
Once the Virtual WAN resource is deployed, navigate to it.
In the Virtual WAN menu, under Connectivity, select Hubs.
Click on + Create hub.
On the Create virtual hub page:
- Select the same Region as your Virtual WAN.
- Enter a Name for your virtual hub.
- Choose a Hub private address space (e.g.,
10.0.0.0/24). This must be a unique private IP address range that doesn't overlap with your connected VNets. - Select the Virtual hub type (e.g., Standard).
- Optionally, configure Routing preferences, Security partner providers, etc.
Click Review + create, then Create.
Tip: A virtual hub is a managed resource that acts as a transit point for your Virtual WAN. It contains routing, VNet and site-to-site connectivity configurations. -
Connect your Virtual Network to the Hub
In the Virtual WAN menu, under Connectivity, select Virtual network connections.
Click on + Add connection.
On the Add connection page:
- Enter a Connection name.
- Select the Virtual Hub you created.
- Choose the Subscription and Resource group containing the VNet you want to connect.
- Select the Virtual Network from the dropdown.
- Enable Propagate to none if you don't want this VNet to be a transit VNet.
- Enable Static routing if needed and configure routes.
Click Create.
Connecting Remote Sites (VPN/ExpressRoute)
After deploying your Virtual WAN and connecting VNets, you can establish connections to your on-premises networks using Site-to-Site VPN or ExpressRoute. This typically involves configuring connection resources within your Virtual WAN hub.
For detailed instructions on configuring VPN or ExpressRoute connections, please refer to the respective documentation sections:
Example CLI Command (Azure CLI)
Here's an example of how to create a Virtual WAN resource using the Azure CLI:
az network vwan create \
--resource-group myResourceGroup \
--name myVirtualWAN \
--location "East US"
And to create a virtual hub:
az network vhub create \
--resource-group myResourceGroup \
--name myVirtualHub \
--vwan-name myVirtualWAN \
--address-prefix "10.0.0.0/24" \
--location "East US"
For more advanced configurations and options, consult the comprehensive Azure Virtual WAN documentation.