{"id":21671,"date":"2019-11-06T15:02:05","date_gmt":"2019-11-06T15:02:05","guid":{"rendered":"https:\/\/aidanfinn.com\/?p=21671"},"modified":"2019-11-06T15:02:05","modified_gmt":"2019-11-06T15:02:05","slug":"microsoft-ignite-2019-global-transit-network-architectures-with-azure-virtual-wan","status":"publish","type":"post","link":"https:\/\/aidanfinn.com\/?p=21671","title":{"rendered":"Microsoft Ignite 2019  &#8211; Global Transit Network Architectures With Azure Virtual WAN"},"content":{"rendered":"<p>Speakers:<\/p>\n<ul>\n<li>Reshmi Yandapalli (main speaker), Principal Program Manager<\/li>\n<li>Ben Peeri, KPMG customer story<\/li>\n<\/ul>\n<p>Lots more content in the hidden slides in the download.<\/p>\n<h2>Scale<\/h2>\n<p>Usual stats. Interesting note: a new POP being built almost every day.<\/p>\n<p>Azure WAN: Global Transit Architecture<\/p>\n<h2>The Beginning<\/h2>\n<ul>\n<li>HQ\/Bigger Office<\/li>\n<li>Branhc office(s)<\/li>\n<li>Users<\/li>\n<li>Private WAN<\/li>\n<li>Shared services<\/li>\n<\/ul>\n<p>Start with HQ. Users multiply. VLANs multiply. Locations multiply. WAN grows. You grow:<\/p>\n<ul>\n<li>Need to simplify network<\/li>\n<li>Need ease of use<\/li>\n<li>Need operational savings.<\/li>\n<\/ul>\n<h2>Azure Virtual WAN<\/h2>\n<ul>\n<li>Managed hub &amp; spoke architecture, with hub being Azure and spokes being offices.<\/li>\n<li>Public (VPN) and private (ExpressRoute) connectivity.<\/li>\n<li>Global Scale:<\/li>\n<li>20 Gbps S2S VPN and 20 Gbps ER = 20 Gbps user VPN<\/li>\n<li>10K users per hub<\/li>\n<li>1000 sites per hub<\/li>\n<li>1 hub per region<\/li>\n<li>Transit routing<\/li>\n<li>Cloud Network Orchestration<\/li>\n<li>Automated large-sale branch\/SDWAN CPE connectivity<\/li>\n<\/ul>\n<h2>Connectivity<\/h2>\n<p>What if you had many regions \u2013 many hubs. And what if you wanted any branch to access any Azure VNet, regardless of local vWAN hub? In other words, connect to a hub, and use the Azure WAN to seamlessly reach the destination. So you build hub\/spoke in different Azure regions, each with a vWAN hub. And a branch connects to the closest vWAN hub, and can get to any Azure VNet via transitive routing between vWAN hubs across the Azure WAN.<\/p>\n<ul>\n<li>Simplified network<\/li>\n<li>Ease of use<\/li>\n<li>Operational savings<\/li>\n<\/ul>\n<p>This is called Global Transit Architecture over Azure Virtual WAN.<\/p>\n<h2>Azure Virtual WAN \u2013 What\u2019s New<\/h2>\n<ul>\n<li>Any-to-Any connectivity (Preview, soon GA)<\/li>\n<li>ExpressRoute and User VPN GA<\/li>\n<li>ExpressRoute encryption<\/li>\n<li>Multi-link Azure Path Selection<\/li>\n<li>Custom IPsec<\/li>\n<li>Connect VNG VPN to Virtual WAN<\/li>\n<li>Availble in Gov Cloud &amp; China<\/li>\n<li>Azure Firewall integration (Preview) \u2013 this is the big announcement IMO<\/li>\n<li>Pricing \u2013 reduced<\/li>\n<li>New partnerships coming soon\n<ul>\n<li>Arista,<\/li>\n<li>Aruba<\/li>\n<li>Cisco<\/li>\n<li>F5<\/li>\n<li>OpenSystems<\/li>\n<li>VeroCloud<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Global Transit Architecture \u2013 A Customer Example<\/h2>\n<ul>\n<li>4 regions, 70 countries with 100\u2019s of sites. 34 VNets, 2 ExpressRoute Premium circuits.<\/li>\n<li>Challenges: scale issues, routing complexity, ER VNet limits<\/li>\n<\/ul>\n<p>The before and after architecture diagrams are totally different \u2013 after is much more simple.<\/p>\n<h2>Azure Virtual WAN Types<\/h2>\n<p>Basic:<\/p>\n<ul>\n<li>VPN only\n<ul>\n<li>Branch to Azure<\/li>\n<li>Branch to Branch<\/li>\n<\/ul>\n<\/li>\n<li>Connect VNet\n<ul>\n<li>DIY VNet peering, VNet to VNet non-transitive via hub<\/li>\n<li>Hubs are not connected<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Standard = Basic + Following<\/p>\n<ul>\n<li>Stuff<\/li>\n<\/ul>\n<h2>Multi-Link Support in VPN Site<\/h2>\n<p>Support dual links of different types\/ISPs. Azure sees the link information. The branch partner can do path selection across these links.<\/p>\n<p>Barracuda CloudGen Firewall is the first to support this. You get always-on Azure in the branch.<\/p>\n<h2>ExpressRoute<\/h2>\n<ul>\n<li>GA in Standard Virtual WAN.<\/li>\n<li>Up to 20 Gbps aggregate per hub.<\/li>\n<li>Private connectivity \u2013 requires premium circuit.<\/li>\n<li>In Global Reach Location<\/li>\n<li>ExpressRoute VPN Interconnect<\/li>\n<li>Integrated with Azure Monitor<\/li>\n<\/ul>\n<h2>EXPRESSROUTE + VPN Path Selection<\/h2>\n<p>Path selection between ER and VPN. Fortinet can do this.<\/p>\n<h2>Customer Story \u2013 Ben Peeri, KPMG<\/h2>\n<p>No notes here \u2013 sales story.<\/p>\n<h2>User VPN<\/h2>\n<ul>\n<li>Available in Standard Virtual WAN<\/li>\n<li>Up to 20 Gbps aggregate and 10K users per hub<\/li>\n<li>Cloud based secure remote access\n<ul>\n<li>Works with OpenVON and IKEv2 client<\/li>\n<li>Cert based and RADIU authentication<\/li>\n<\/ul>\n<\/li>\n<li>Any-to-Any\n<ul>\n<li>User to branch, user to Azure VNet<\/li>\n<\/ul>\n<\/li>\n<li>More<\/li>\n<\/ul>\n<h2>Azure Firewall<\/h2>\n<ul>\n<li>Firewall in virtual hub<\/li>\n<li>Centralized policy and route management\n<ul>\n<li>VNet to Internet through Azure Firewall<\/li>\n<li>Branch to Internet through Azure Firewall<\/li>\n<li>Managed through Azure Firewall Manager<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Azure MSP Program<\/h2>\n<p>Announced in July. Focused on networking. Offerings in Azure Marketplace.<\/p>\n<h2>Pricing<\/h2>\n<ul>\n<li>Connection Unit\n<ul>\n<li>Site-to-site VPN \/ ExpressRoute: No reduced<\/li>\n<li>User VPN<\/li>\n<\/ul>\n<\/li>\n<li>Scale Unit \u2013 aggregate throughput\n<ul>\n<li>1 VPN scale unit<\/li>\n<li>1 ER scale unit<\/li>\n<\/ul>\n<\/li>\n<li>Virtual Hub (Effective CYQ1 2020)\n<ul>\n<li>Basic vWAN hub: no charge<\/li>\n<li>Standard hub<\/li>\n<li>Data processing intra region<\/li>\n<li>Data processing inter region<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Speakers: Reshmi Yandapalli (main speaker), Principal Program Manager Ben Peeri, KPMG customer story Lots more content in the hidden slides in the download. Scale Usual stats. Interesting note: a new POP being built almost every day. Azure WAN: Global Transit Architecture The Beginning HQ\/Bigger Office Branhc office(s) Users Private WAN Shared services Start with HQ. &hellip; <a href=\"https:\/\/aidanfinn.com\/?p=21671\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Microsoft Ignite 2019  &#8211; Global Transit Network Architectures With Azure Virtual WAN&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":18983,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[5],"tags":[170,400,283,80,282,401],"class_list":["post-21671","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure","tag-azure","tag-azure-wan","tag-expressroute","tag-networking","tag-vpn","tag-wan"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/aidanfinn.com\/wp-content\/uploads\/2015\/09\/73014722_47abcbcc7f_z_d1.jpg","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/21671","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=21671"}],"version-history":[{"count":1,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/21671\/revisions"}],"predecessor-version":[{"id":21672,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/21671\/revisions\/21672"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/media\/18983"}],"wp:attachment":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=21671"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=21671"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=21671"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}