Azure Virtual WAN Concepts

Azure Virtual WAN is a networking service that brings together a variety of network connectivity principles, including:

Site-to-site VPN
Branch office connectivity
ExpressRoute connectivity
Fully meshed cloud WAN
Transit center

Virtual WAN is designed to provide optimized and automated branch to cloud connectivity through a hub-and-spoke architecture. This architecture is the foundation of Virtual WAN.

Core Components

Virtual WAN Hub

A Virtual WAN hub is a Microsoft-managed resource that acts as a transit point for your branch and other virtual networks. It simplifies management, automation, and routing. Hubs are deployed in a specific Azure region.

Key features of a Virtual WAN hub include:

Connectivity: Connects to your branch offices (VPN), ExpressRoute circuits, and Azure virtual networks.
Routing: Manages routing between connected networks.
Scalability: Provides scalable bandwidth for your network traffic.
Regional Deployment: Deployed within a specific Azure region, offering high availability.

Virtual Hub Router

The Virtual Hub Router is a component within the Virtual WAN hub that handles the routing of traffic between different types of connections (e.g., VPN to VNet, ExpressRoute to VPN). It enables seamless communication across your hybrid cloud network.

Virtual Hub Connection

A Virtual Hub Connection represents the link between a resource (like a Virtual Network or a VPN Gateway) and a Virtual WAN hub. These connections define how traffic flows into and out of the hub.

VNet Connection: Connects an Azure Virtual Network (VNet) to a Virtual WAN hub.
VPN Connection: Connects an on-premises site (via VPN device) to a Virtual WAN hub.
ExpressRoute Connection: Connects an ExpressRoute circuit to a Virtual WAN hub.

Note: Virtual WAN is a managed service, meaning Microsoft handles much of the underlying infrastructure, simplifying your network management tasks.

Key Concepts Explained

Hub-and-Spoke Architecture

Virtual WAN utilizes a hub-and-spoke topology where the Virtual WAN hub serves as the central transit point. Virtual networks and on-premises sites (spokes) connect to this central hub. This model offers several advantages:

Simplified Management: Centralized control plane for network connectivity.
Scalability: Easily add new sites or VNets without complex routing configurations.
Traffic Transit: Allows spokes to communicate with each other through the hub.
Security: Centralized point for implementing network security policies.

Transit Functionality

A key benefit of Virtual WAN is its built-in transit capability. This means that traffic between different spokes (e.g., one VNet to another VNet, or an on-premises site to a VNet) can be routed through the Virtual WAN hub. This eliminates the need for complex VNet peering or complex VPN configurations for inter-network communication.

Virtual WAN Editions

Virtual WAN offers different editions to cater to various needs:

Basic: Designed for smaller deployments, offering essential site-to-site VPN connectivity.
Standard: Provides advanced features including global transit, ExpressRoute, more scalable VPN throughput, and advanced routing capabilities.

            # Example: How a Standard Virtual WAN hub enables transit
            # Traffic flow: On-prem Site A -> VPN Gateway -> Virtual WAN Hub -> VNet B
            # This is automatically handled by the Virtual WAN hub's routing engine.
            

Connectivity Options

Site-to-Site VPN: Connect your on-premises networks to Azure via VPN tunnels.
ExpressRoute: Establish private, high-bandwidth connections from your premises to Azure.
VNet Peering (with a twist): While VNets are connected to the hub, the hub itself provides the transit, reducing the need for direct VNet-to-VNet peering for inter-spoke communication.

Understanding these core components and concepts is crucial for designing and implementing an effective hybrid cloud network solution with Azure Virtual WAN.