Understanding the core concept and routing of vWAN with Example.

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

What is virtual WAN?

Azure Virtual WAN is a NAAS (networking as a service) to enable simplified global transit networking architecture that brings many networking, security, and routing functionalities together to provide a single operational interface.

virual WAN overall architecture:

Virual WAN component:

Vitrual WAN hub:

A virtual hub is a Microsoft-managed virtual network that contains various service endpoints to enable connectivity.
The virtual hub is the core of your network in a region.
Multiple virtual hubs can be created in the same region.
A virtual hub can contain gateways for site-to-site VPN, ExpressRoute, or point-to-site User VPN. For example, when using Virtual WAN, you don't create a site-to-site connection from your on-premises site directly to your VNet. Instead, you create a site-to-site connection to the virtual hub.
The traffic always goes through the virtual hub gateway. This means that your VNets don't need their own virtual network gateway.
Virtual WAN lets your VNets take advantage of scaling easily through the virtual hub and the virtual hub gateway.

Hub Virtual Network Connection:

which represents the connection between spoke virtual networks and the Virtual WAN Hubs. These connection types can be site-to-site VPN, point-to-site VPN and Express Route.

Hub-to-Hub Connectivity:

All the virtual HUB with in the virtual WAN gets connected with mesh topology no addition configuration is require.

Hub Route Tables:

serve as the regional routing construct and can be populated manually or dynamically using BGP.

Route Tables:

Collection of routes in each Hub.
Each Hub may contain multiple Route Tables.
Each Hub always contains Default and None Route Table.
Route Tables across Hubs can be grouped under Labels.

Benefits of virtual wan?

It provides a centralized manage service to mange your network, routing, security under single operational interface.

Why to chose virtual WAN?

Azure Virtual WAN helps simplify the overall architecture by replacing the transit vNet with the new Virtual WAN Hub construct, which offers increased scale for site-to-site VPN tunnels, a doubling of the overall aggregate VPN throughput and a mechanism to simplify the overall design and routing architecture. Furthermore, Virtual WAN Hubs are zone redundant by default, eliminating the need to select appropriate zone redundant SKUs for the VPN and ER Network Gateways.

All routing is performed within the Virtual WAN Hub, any vNet that is peered to the Virtual WAN Hub will automatically trigger an update to the global routing table, eliminating the need to configure routing within the spoke vNet itself and/or establishing peering relationships between spoke vNets that need to communicate with each other.

Propagation and Association:

Propagation

VNET’s/Branch should always propagate/advertise their route to Route Table so peers can discover them in the network.
Propagation inserts route information from Connections in Route Table.
Connections can propagate to multiple Route Tables (RT).
Connections must Propagate to RT’s in all Hubs (or use Labels) for inter-hub connectivity.

Association

VNET’s/Branch should always associate with RouteTable to reach their peers in the network. With association, when a packet from the Connection comes into the hub, this is the route table that the hub uses to make a forwarding decision to respective destination spoke.
Association programs route information from Route Table into Connections so that a Connection can lean for learning the destination route.
Each Connection will always associate with one Route Table.
Controls flow of traffic

Routing Scenario:

Single Vhub Any-to-Any: