Scribd
Upload
596 views31 pages

AZ-104T00A Intersite Connectivity

This module discusses intersite connectivity options in Azure including VNet peering, VPN gateways, and ExpressRoute. It covers how to configure VNet peering between Azure VNets, set up site-to-site VPN connections to on-premises networks using VPN gateways, and use ExpressRoute for private connections to Microsoft datacenters. The module also introduces virtual WANs which integrate different connectivity types and provides a lab scenario to implement intersite connectivity between offices.

Uploaded by

Prakash Ray
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
596 views31 pages

AZ-104T00A Intersite Connectivity

This module discusses intersite connectivity options in Azure including VNet peering, VPN gateways, and ExpressRoute. It covers how to configure VNet peering between Azure VNets, set up site-to-site VPN connections to on-premises networks using VPN gateways, and use ExpressRoute for private connections to Microsoft datacenters. The module also introduces virtual WANs which integrate different connectivity types and provides a lab scenario to implement intersite connectivity between offices.

Uploaded by

Prakash Ray
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 31

AZ-104T00A

Module 05:
Intersite Connectivity
Module Overview
 Lesson 01: VNet Peering
 Lesson 02: VPN Gateway Connections
 Lesson 03: ExpressRoute and Virtual WAN
 Lesson 04: Module 05 Lab and Review
Lesson 01: VNet Peering
VNet Peering Overview
 VNet Peering
 Gateway Transit and Connectivity
 Configure VNet Peering
 Service Chaining
 Demonstration – VNet Peering
VNet Peering

 VNet peering connects two Azure virtual networks


 Two types of peering: Regional and Global
 Peered networks use the Azure backbone for privacy and isolation
 You can peer across subscriptions
 Easy to setup, seamless data transfer, and great performance
Gateway Transit and Connectivity
 Gateway transit allows peered
virtual networks to share the
gateway and get access to
resources
 No VPN gateway is required in
the peered virtual network
 Default VNet peering provides
full connectivity

✔️IP address spaces of connected networks can't overlap


Configure VNet Peering
 Allow forwarded traffic - from within
the peer virtual network into your virtual
network
 Allow gateway transit - Allows the peer
virtual network to use your virtual
network gateway
 Use remote gateways -only one virtual
network can have this enabled

✔️Ifyou select ‘Allow gateway transit’ on one virtual network; then you should
select ‘Use remote gateways’ on the other virtual network.
Service Chaining
 Leverage user-defined routes and service
chaining to implement custom routing
 Implement a VNet hub with a network
virtual appliance or a VPN gateway
 Service chaining enables you to direct
traffic from one virtual network to a
virtual appliance, or virtual network
gateway, in a peered virtual network,
through user-defined routes
Demonstration – VNet Peering
 Configure VNet peering on the first virtual network
 Configure a VPN gateway
 Allow gateway transit
 Confirm VNet peering on the second virtual network
Lesson 02: VPN Gateway Connections
VPN Gateway Connections Overview
 VPN Gateways
 Implement Site-to-Site VPN Connections
 Create the Gateway Subnet
 VPN Gateway Configuratio
 VPN Gateway SKU and Generation
 Create the Local Network Gateway
 Create the VPN Connection
 High Availability Scenarios
 Demonstration – VPN Gateway
VPN Gateways

 Site-to-site connections connect on-premises datacenters to Azure virtual networks


 Network-to-network connections connect Azure virtual networks (custom)
 Point-to-site (User VPN) connections connect individual devices to Azure virtual
networks
Implement Site-to-Site VPN Connections

 Take time to carefully plan your network configuration


 The on-premises part is necessary only if you are configuring Site-
to-Site
 Always verify and test your connections
Create the Gateway Subnet

 The gateway subnet contains the IP addresses; if


possible, use a CIDR block of /28 or /27.
 When you create your gateway subnet, gateway
VMs are deployed to the gateway subnet and
configured with the required VPN gateway
settings.
 Never deploy other resources (for example,
additional VMs) to the gateway subnet.
 Avoid associating a NSG with the gateway subnet.
VPN Gateway Configuration

 Most VPN types are Route-based


 Your choice of gateway SKU affects the
number of connections you can have and the
aggregate throughput benchmark
 Associate a virtual network that includes the
gateway subnet
 The gateway needs a public IP address

✔️It can take up to 45 minutes to provision the VPN gateway


Gateway SKU and Generation
Sampling of available SKUs

S2S/VNet-to- P2S IKEv2 Throughput


Gen SKU
VNet Tunnels Connections Benchmark
1 VpnGw1/Az Max. 30 Max. 250 650 Mbps
1 VpnGw2/Az Max. 30 Max. 500 1.0 Gbps
2 VpnGw2/Az Max. 30 Max. 500 1.25 Gbps
1 VpnGw3/Az Max. 30 Max. 1000 1.25 Gbps
2 VpnGw3/Az Max. 30 Max. 1000 2.5 Gbps
2 VpnGw4/Az Max. 30 Max. 5000 5.0 Gbps

 The Gateway SKU affects the connections and the throughput


 Resizing is allowed within the generation
 The Basic SKU (not shown) is legacy and should not be used
Create the Local Network Gateway
 Defines the on-premises
network configuration
 Give the site a name by which Azure can
refer to it
 The local gateway needs a public IP
address
 Specify the IP address prefixes that will be
routed through the gateway to the VPN
device
Configure the On-Premises VPN Device

VPN VIP VPN VIP


Virtual
Network

On-premises
Network 2

 Consult the list of supported VPN devices (Cisco, Juniper, Ubiquiti,


Barracuda Networks)
 A VPN device configuration script may be available
 Remember the shared key for the Azure connection (next step)
 Specify the public IP address (previous step)
Create the VPN Connection
 Once your VPN gateways is created
and the on-premises device is
configured, create a connection object
 Configure a name for the connection
and specify the type as Site-to-site
(IPsec)
 Select the VPN Gateway and the
Local Network Gateway
 Enter the Shared key for the
connection 
High Availability Scenarios
Active/standby (default) Active/active

 VPN gateways are deployed as two instances


 Enable active/active mode for higher availability
Demonstration – VPN Gateways
 Explore the Gateway subnet blade
 Explore the Connected Devices blade
 Explore adding a virtual network gateway
 Explore adding a connection between the virtual networks
Lesson 03: ExpressRoute and Virtual WAN
ExpressRoute and Virtual WAN Overview
 ExpressRoute
 ExpressRoute Capabilities
 Coexisting Site-to-Site and ExpressRoute
 Virtual WANs
ExpressRoute

 Private connections between your on-premises network and Microsoft datacenters


 Connections do not go over the public Internet – partner network
 Secure, reliable, low latency, high speed connections
ExpressRoute Capabilities
 Layer 3 connectivity with redundancy
 Connectivity to all regions within a
geography
 Global connectivity with ExpressRoute
premium add-on
 Across on-premises connectivity with
ExpressRoute Global Reach
 Bandwidth options – 50 Mbps to 100
Gbps
 Billing models – unlimited, metered,
premium
Coexisting Site-to-Site and ExpressRoute

 Use S2S VPN as a secure failover path for ExpressRoute


 Use S2S VPNs to connect to sites that are not connected with ExpressRoute
 Notice two VNet gateways for the same virtual network
Virtual WANs
 Brings together S2S, P2S, and
ExpressRoute
 Integrated connectivity using a hub-
and-spoke connectivity model
 Connect virtual networks and
workloads to the Azure hub
automatically
 Visualize the end-to-end flow within
Azure
 Two types: Basic and Standard
Lesson 04: Module 05 Lab and Review
Lab 05 - Implement Intersite Connectivity
Lab scenario
Contoso has its datacenters in Boston, New York, and Seattle offices connected via a
mesh wide-area network links, with full connectivity between them. You need to
implement a lab environment that will reflect the topology of the Contoso's on-premises
networks and verify its functionality.  

Objectives
Task 1: Provision the lab environment
Task 2: Configure local and global virtual network peering
Task 3: Test intersite connectivity 

Next slide for
an architecture diagram​
Lab 05 – Architecture Diagram
Module Review
• Module Review Questions
• Microsoft Learn Modules (docs.microsoft.com/Learn)
• Distribute your services across Azure virtual networks and integrate them by
using virtual network peering
• Connect your on-premises network to Azure with VPN Gateway
• Connect your on-premises network to the Microsoft global network by using
ExpressRoute

You might also like