Manage Azure Virtual WAN
This section provides guidance on managing your Azure Virtual WAN deployment, including common tasks, best practices, and troubleshooting steps.
Key Management Areas
Monitoring and Diagnostics
Effective monitoring is crucial for understanding the health and performance of your Virtual WAN resources. Azure Monitor provides comprehensive tools for this purpose.
- Metrics: Track key performance indicators such as data ingress/egress, latency, and connection status.
- Logs: Collect diagnostic logs for Virtual WAN hubs, VPN gateways, and ExpressRoute gateways to aid in troubleshooting.
- Alerts: Configure alerts based on metrics or log events to proactively notify you of potential issues.
Refer to the Azure Monitor documentation for detailed information.
Updating and Scaling
As your network requirements evolve, you may need to update or scale your Virtual WAN resources. This can include resizing VPN gateways or adding new connections.
- Scale up/down VPN Gateways: Adjust the SKU of your VPN gateways to accommodate changes in bandwidth or tunnel requirements.
- Add/Remove Hubs: Deploy additional Virtual WAN hubs in different regions to extend your network reach.
- Update Connection Configurations: Modify settings for site-to-site VPNs or ExpressRoute connections.
Security Management
Maintaining a secure network is paramount. Virtual WAN offers several features to enhance security.
- Network Security Groups (NSGs): Apply NSGs to subnets within your hub VNet to filter traffic.
- Azure Firewall: Deploy Azure Firewall in your hub for centralized network security policy enforcement.
- Intrusion Detection/Prevention: Integrate third-party Network Virtual Appliances (NVAs) for advanced threat protection.
For more details on securing your network, see Azure Security best practices.
Cost Management
Understanding and optimizing the costs associated with your Virtual WAN deployment is essential. Key cost drivers include data transfer, gateway instances, and VPN connections.
- Analyze usage: Use Azure Cost Management and Billing to track spending.
- Right-size resources: Ensure gateways and other resources are appropriately sized for your needs.
- Review data transfer costs: Monitor egress traffic, especially from regions.
Common Management Tasks
Creating and Configuring a Virtual Hub
The Virtual Hub is the core component of Virtual WAN. You can create and configure hubs through the Azure portal, Azure CLI, or PowerShell.
# Example using Azure CLI az network vwan hub create \ --resource-group "myResourceGroup" \ --name "myVirtualHub" \ --location "eastus" \ --vwan-name "myVirtualWAN" \ --address-prefix "10.0.0.0/23"
Connecting Sites to the Hub
You can connect your on-premises sites or other Azure VNet connections to the Virtual Hub using VPN or ExpressRoute.
Note: Ensure your on-premises VPN devices are compatible with Azure VPN Gateway.
Configuring Routing
Virtual WAN simplifies routing within your Azure network and between your on-premises environments. You can configure static routes, dynamic routing (BGP), and route propagation.
- Route Tables: Understand and manage route tables associated with your hub.
- BGP Peering: Configure BGP sessions for dynamic route exchange with on-premises devices and other Azure VNet connections.
Troubleshooting
When issues arise, start by checking the health status of your Virtual WAN components in the Azure portal. Utilize diagnostic tools and logs for deeper analysis.
Warning: Incorrect routing configurations can lead to connectivity loss. Always test changes in a non-production environment first.
- Connectivity issues: Verify tunnel status, IPsec configurations, and routing tables.
- Performance problems: Check gateway SKUs, bandwidth utilization, and latency metrics.
- Firewall/NSG blocking: Ensure required ports and protocols are allowed.
For common issues, consult the Virtual WAN Troubleshooting Guide.