Configure Azure Virtual WAN Hub
This guide provides step-by-step instructions on how to configure a Virtual WAN hub in Azure. A Virtual WAN hub is a networking resource that acts as a connectivity, security, and routing centerpiece for your Virtual WAN environment.
Prerequisites
- An Azure subscription.
- An existing Virtual WAN resource. If you don't have one, create it first.
- Appropriate permissions to create and manage networking resources in your Azure subscription.
Steps to Configure a Virtual WAN Hub
Step 1: Navigate to your Virtual WAN Resource
Log in to the Azure portal. Search for "Virtual WAN" in the search bar and select your existing Virtual WAN resource.
Step 2: Create a New Hub
- 1. In the Virtual WAN overview page, under the "Hubs" section, click on + Create hub.
-
2. On the "Create hub" page, configure the following settings:
- Region: Select the Azure region where you want to deploy your hub. Choose a region that is geographically close to your connected resources for optimal performance.
- Name: Provide a unique name for your hub (e.g., `my-virtualwan-hub-eastus`).
- Hub private address space: Specify a private IP address range for the hub. This range should not overlap with any of your connected virtual networks. A /24 CIDR is recommended.
- Virtual hub capacity: Select the desired capacity for your hub. Higher capacity allows for more concurrent connections and higher throughput.
- Hub routing preference: Choose between "ExpressRoute" and "VPN" for your default routing.
- 3. Click Review + create.
- 4. After validation passes, click Create.
Step 3: Understand Hub Components
Once the hub is deployed, you'll see several components within it, including:
- Virtual Network Connections: Used to connect your virtual networks to the hub.
- Site-to-Site VPN Connections: For connecting on-premises networks via VPN.
- ExpressRoute Circuits: For connecting to your private network infrastructure.
- Azure Firewall (Optional): For centralized security and threat protection.
- Network Virtual Appliances (NVAs) (Optional): For advanced networking functions.
Step 4: Connect Virtual Networks to the Hub
To enable connectivity between your virtual networks and the hub, you need to establish Virtual Network Connections:
- Navigate back to your Virtual WAN resource.
- Under the "Hubs" section, click on your newly created hub.
- In the hub's menu, select Virtual network connections.
- Click + Add connection.
- Fill in the connection details:
- Connection name: A descriptive name for the connection.
- Virtual networks: Select the virtual network you want to connect.
- Propagate to none: Configure this based on your routing needs.
- Enable internet transit: If you want to route internet traffic through this hub.
- Click Create.
It may take a few minutes for the virtual network connection to be established and for routing to propagate.
Example Azure CLI Command
You can also deploy and configure a hub using Azure CLI:
az network vpn-gateway create --name MyVpnGateway --resource-group MyResourceGroup --location eastus --type Vpn --sku VpnGw1 --vpn-gateway-generation Generation1 --nat-rule-policy RouteBased --vwan MyVpnVnet --sku VpnGw1 --gateway-default-site MyLocalNetworkGateway --bgp-settings {} --ip-addresses 10.0.1.4 --private-ip-allocation Static
Next Steps
Ensure that your hub's address space does not overlap with any connected virtual networks or on-premises networks. Incorrect IP addressing can lead to connectivity issues.