Azure Virtual WAN provides a global networking solution that brings together networking, security, and routing functionalities into a single operational interface. Hub-to-Hub VPN connections are a crucial feature of Virtual WAN, enabling secure and efficient connectivity between different Virtual WAN hubs, or between Virtual WAN hubs and on-premises VPN devices.

What is Hub-to-Hub VPN?

A Hub-to-Hub VPN connection in Azure Virtual WAN allows you to securely connect multiple Virtual WAN hubs together. This is particularly useful in scenarios where you have geographically dispersed Virtual WAN deployments and need to enable transit connectivity between them. Traffic between spoke virtual networks connected to different hubs can be routed through these hub-to-hub connections.

Key Benefits

  • Transit Connectivity: Enables seamless communication between resources in different Virtual WAN hubs and their associated spoke networks.
  • Scalability: Easily scale your network by adding more hubs and connecting them without complex manual configuration.
  • Simplified Management: Centralized management of network connections through the Azure portal.
  • Security: Leverages IPsec VPN tunnels for secure data transfer.
  • Cost-Effectiveness: Optimizes network traffic flow and can reduce data egress costs.

Architecture Overview

Azure Virtual WAN Hub-to-Hub VPN Architecture

Diagram illustrating Azure Virtual WAN Hub-to-Hub VPN connectivity.

In the architecture above, each Virtual WAN hub acts as a central point of connectivity. Hub-to-Hub VPN connections are established between these hubs, allowing traffic to flow between spoke virtual networks attached to different hubs. This eliminates the need for point-to-point VPNs between spokes, simplifying the network topology.

Configuration Steps

Configuring Hub-to-Hub VPN typically involves the following steps:

  1. Ensure you have multiple Virtual WAN hubs deployed in your Azure environment.
  2. Navigate to your Virtual WAN resource in the Azure portal.
  3. Under the "Virtual network connections" or "VPN (Site-to-Site)" section, you can configure the hub-to-hub connections.
  4. For each connection, you will specify the source hub and the target hub.
  5. Azure automatically manages the underlying VPN gateway configuration and tunnel establishment.

Use Cases

  • Global Enterprise Networks: Connecting regional Virtual WAN deployments across different geographic locations.
  • Disaster Recovery: Enabling seamless failover and connectivity between geographically separate data centers or DR sites.
  • Multi-Cloud Connectivity: Integrating Azure Virtual WAN with other cloud providers or on-premises networks.

Considerations

  • Bandwidth: Ensure that the Virtual WAN VPN gateway SKUs chosen for your hubs provide sufficient bandwidth for inter-hub traffic.
  • Routing: Understand how routes are propagated between hubs and spokes. Azure Virtual WAN's routing orchestrator plays a key role.
  • IP Addressing: Plan your IP address spaces carefully to avoid overlaps between different virtual networks and hubs.

Further Reading