Forum Discussion

Olivier-IT's avatar
Olivier-IT
Brass Contributor
Dec 05, 2021

Azure VMware Solution - Design Networking

Hello the community I would like your opinion and your help on the network implementation of the AVS solution Design picture     I deployed a Vpn Gateway connection to interconnect the o...
azure expressroute
virtual network
vpn gateway
MSDennis's avatar
MSDennis
Icon for Microsoft rankMicrosoft
Dec 08, 2021

Olivier-IT Best is to follow Configure a site-to-site VPN in vWAN for Azure VMware Solution - Azure VMware Solution | Microsoft Docs This will guide you through the process of setting up VWAN which will get the necessary transitivity in place for you to be able to connect from on-premise across that IPSEC tunnel and ExR GW setup in the VWAN HUB into AVS.  That way you don't need that spoke, the bastion and jumphost in place at all.  As soon as the tunnel is there you will find yourself being able to connect straight to the AVS vcenter, NSX or HCX console.  Hope this helps.  Please feel free to reach out.

Olivier-IT's avatar
Olivier-IT
Brass Contributor
Dec 13, 2021

Thank you for your answer MSDennis 

I solved my design problem. The result in the following diagram.

 


Although it is possible to use vWAN, it seemed possible to use Azure Route Server, by making coexist a VPN connection and ExpressRoute connection.


:blue_book:https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager#add 

 

From Network Watcher

 

IP Flow verify

 

Work continues on NSX/HCX configuration for layer 2 extension and SRM configuration.
Thanks for your help Dennis !

  • MSDennis's avatar
    MSDennis
    Icon for Microsoft rankMicrosoft
    Dec 13, 2021

    Olivier-IT Azure Route Server is the core component also used in VWAN.  VWAN, it being managed as a service all together provides redundancy for all of the GW services it provides (except for Azure Firewall) out of the box across AZs in the region.  There is nothing you need to setup to get that redundancy therefore. 

    If you add everything up (VPN GW across AZ (specific type), Route server and High performance ExR GW) and compare that to VWAN you will find that the latter is also cheaper for the customer.

    Pricing and redundancy out of the box therefore makes VWAN the preferred way forward.  I have not even mentioned future expansion capabilities.

    Hope this is useful.

Resources