Microsoft Transit Hub Training & Certification
A "beginners" section on how one can interconnect networks in Azure which transitions into the "new way" of doing it, Virtual WANs. There is an optional second part on operational topics that MSPs (among others) might be interested in.
An Azure user has multiple vNets and they want to integrate them. What's available?
VNet to VNet
Uses a VPN Gateway object
Automatically collects and propagates all routes
Site to Site
Similar to above but routing is configured manually and can include arbitrary networks (Non-Azure)
Same region peering AND global peering options available
NSGs are used to filter traffic flow between vNets/subnets
Peered networks can still implement gateways for on-prem connections
A particular vNet can only have one gateway (local or remote) (peered networks become a single vNet)
Gateway transit enables one virtual network to utilize the VPN gateway in the peered virtual network for cross-premises or VNet-to-VNet connectivity.
In hub-and-spoke network architecture, gateway transit allows spoke virtual networks to share the VPN gateway in the hub, instead of deploying VPN gateways in every spoke virtual network. Routes to the gateway-connected virtual networks or on-premises networks will propagate to the routing tables for the peered virtual networks using gateway transit. You can disable the automatic route propagation from the VPN gateway. Create a routing table with the "Disable BGP route propagation" option, and associate the routing table to the subnets to prevent the route distribution to those subnets.
It's all about the routing
Default System Routes
Viewing the routing table
Altering the routing
<Lab> Build a hub and spoke. Add another spoke to an existing deployment. Examine the structure, management, billing and routing.
A new alternative is virtualWAN.
Azure Virtual WAN is a networking service that provides optimized and automated branch connectivity to, and through, Azure.
Automates the setup and connection of "branch" locations
Supported by 3rd parties (like PAN) for automated connection/integration
Azure virtualWAN object
Azure Hub virtual network connection
Hub Route table
(Optional) Azure Site
Optional lab to configure same network as above with this feature. Subject to cost and the provisioning delays.
Operational topics (Part II)
Integration of existing hub and spoke deployments
Provisioning new services
Scaling for multiple customer isolated networks/addressing