From eb4a0a91da780de6a27210a8b6304624931ae32d Mon Sep 17 00:00:00 2001 From: Anavi N Date: Mon, 19 Aug 2019 11:06:43 -0700 Subject: [PATCH 1/7] Create vnet-peering --- .../hybrid-networking/vnet-peering | 85 +++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 docs/reference-architectures/hybrid-networking/vnet-peering diff --git a/docs/reference-architectures/hybrid-networking/vnet-peering b/docs/reference-architectures/hybrid-networking/vnet-peering new file mode 100644 index 00000000000..d9f33aafa85 --- /dev/null +++ b/docs/reference-architectures/hybrid-networking/vnet-peering @@ -0,0 +1,85 @@ +--- +title: Choosing between VNet Peering and VPN Gateways +titleSuffix: Azure Reference Architectures +description: +author: anavinahar +ms.date: 08/19/2019 +ms.topic: reference-architecture +ms.service: architecture-center +ms.subservice: reference-architecture +ms.custom: networking +--- + + +As customers adopt Azure and the cloud, they need fast, private, and secure connectivity across regions and Azure Virtual Networks (VNets). Based on the type of workload, customer needs vary. For example, if you want to ensure data replication across geographies you need a high bandwidth, low latency connection. Azure offers connectivity options for VNet that cater to varying customer needs, and you can connect VNets via VNet peering or VPN gateways. +It is not surprising that VNet is the fundamental building block for any customer network. VNet lets you create your own private space in Azure, or as I call it your own network bubble. VNets are crucial to your cloud network as they offer isolation, segmentation, and other key benefits. Read more about VNet’s key benefits in our documentation “What is Azure Virtual Network?” +VNet peering +VNet peering enables you to seamlessly connect Azure virtual networks. Once peered, the VNets appear as one, for connectivity purposes. The traffic between virtual machines in the peered virtual networks is routed through the Microsoft backbone infrastructure, much like traffic is routed between virtual machines in the same VNet, through private IP addresses only. No public internet is involved. You can peer VNets across Azure regions, too – all with a single click in the Azure Portal. +VNet peering - connecting VNets within the same Azure region +Global VNet peering - connecting VNets across Azure regions + +To learn more, look at our documentation overview "Virtual network peering" and "Create, change, or delete a virtual network peering." +VPN gateways +A VPN gateway is a specific type of VNet gateway that is used to send traffic between an Azure virtual network and an on-premises location over the public internet. You can also use a VPN gateway to send traffic between VNets. Each VNet can have only one VPN gateway. + +To learn more, look at our documentation overview "What is VPN Gateway?" and "Configure a VNet-to-VNet VPN gateway connection by using the Azure portal." +Which is best for you? +While we offer two ways to connect VNets, based on your specific scenario and needs, you might want to pick one over the other. +VNet Peering provides a low latency, high bandwidth connection useful in scenarios such as cross-region data replication and database failover scenarios. Since traffic is completely private and remains on the Microsoft backbone, customers with strict data policies prefer to use VNet Peering as public internet is not involved. Since there is no gateway in the path, there are no extra hops, ensuring low latency connections. +VPN Gateways provide a limited bandwidth connection and is useful in scenarios where encryption is needed, but bandwidth restrictions are tolerable. In these scenarios, customers are also not as latency-sensitive. +VNet Peering and VPN Gateways can also co-exist via gateway transit +Gateway transit enables you to use a peered VNet’s gateway for connecting to on-premises instead of creating a new gateway for connectivity. As you increase your workloads in Azure, you need to scale your networks across regions and VNets to keep up with the growth. Gateway transit allows you to share an ExpressRoute or VPN gateway with all peered VNets and lets you manage the connectivity in one place. Sharing enables cost-savings and reduction in management overhead. +With gateway transit enabled on VNet peering, you can create a transit VNet that contains your VPN gateway, Network Virtual Appliance, and other shared services. As your organization grows with new applications or business units and as you spin up new VNets, you can connect to your transit VNet with VNet peering. This prevents adding complexity to your network and reduces management overhead of managing multiple gateways and other appliances. + +To learn more about the powerful and unique functionality of gateway transit, refer to our blog post "Create a transit VNet using VNet peering." +Differences between VNet Peering and VPN Gateways + + +VNet Peering +VPN Gateways +Cross-region support? +Yes – via Global VNet Peering + +Yes +Cross-Azure Active Directory tenant support? +Yes, learn how to set it up in our documentation "Create a virtual network peering." +Yes, see our documentation on VNet-to-VNet connections. +Cross-subscription support? +Yes, see our documentation "Resource Manager, different subscriptions." +Yes, see our documentation "Configure a VNet-to-VNet VPN gateway connection by using the Azure portal." +Cross-deployment model support? +Yes, see our documentation "different deployment models, same subscription." + +Yes, see our documentation "Connect virtual networks from different deployment models using the portal." +Limits +You can keep up to 500 VNets with one VNet as seen in the documentation on Networking Limits. +Each VNet can only have one VPN Gateway. VPN Gateways depending on the SKU have type different number of tunnel supported. +Pricing +Ingress/Egress charged. +Gateway + Egress charged. + +Encrypted? +Software level encryption is recommended +Yes, custom IPsec/IKE policy can be created and applied to new or existing connections. +Bandwidth limitations? +No bandwidth limitations. +Varies based on type of Gateway from 100 Mbps to 1.25Gps. + +Private? +Yes, no Public IP endpoints. Routed through Microsoft backbone and is completely private. No public internet involved. +Public IP involved. +Transitive relationship +If VNet A is peered to VNet B, and VNet B is peered to VNet C, VNet A and VNet C cannot currently communicate. Spoke to spoke communication can be achieved via NVAs or Gateways in the hub VNet. See an example in our documentation. +If VNet A, VNet B, and VNet C are connected via VPN Gateways and BGP is enabled in the VNet connections, transitivity works. +Typical customer scenarios +Data replication, database failover, and other scenarios needing frequent backups of large data. +Encryption specific scenarios that are not latency sensitive and do not need high throughout. +Initial setup time +It took me 24.38 seconds, but you should give it a shot! +30 mins to set it up +FAQ link +VNet peering FAQ +VPN gateway FAQ +Conclusion +Azure offers VNet peering and VNet gateways to connect VNets. Based on your unique scenario, you might want to pick one over the other. We recommend VNet peering within region/cross-region scenarios. +We always love to hear from you, so please feel free to provide any feedback via our forums. From 9a4beef1b3687f342fdbaa561d17f388da192de9 Mon Sep 17 00:00:00 2001 From: Anavi N Date: Mon, 19 Aug 2019 11:12:23 -0700 Subject: [PATCH 2/7] Rename vnet-peering to vnet-peering.md --- .../hybrid-networking/{vnet-peering => vnet-peering.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename docs/reference-architectures/hybrid-networking/{vnet-peering => vnet-peering.md} (100%) diff --git a/docs/reference-architectures/hybrid-networking/vnet-peering b/docs/reference-architectures/hybrid-networking/vnet-peering.md similarity index 100% rename from docs/reference-architectures/hybrid-networking/vnet-peering rename to docs/reference-architectures/hybrid-networking/vnet-peering.md From 87f9f4c25ff6268d828e74974e899e07a4daca6f Mon Sep 17 00:00:00 2001 From: Anavi N Date: Mon, 19 Aug 2019 11:30:13 -0700 Subject: [PATCH 3/7] Update vnet-peering.md --- .../hybrid-networking/vnet-peering.md | 21 ++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/docs/reference-architectures/hybrid-networking/vnet-peering.md b/docs/reference-architectures/hybrid-networking/vnet-peering.md index d9f33aafa85..8abaea77f43 100644 --- a/docs/reference-architectures/hybrid-networking/vnet-peering.md +++ b/docs/reference-architectures/hybrid-networking/vnet-peering.md @@ -10,29 +10,36 @@ ms.subservice: reference-architecture ms.custom: networking --- +# Choosing betwen VNet Peering and VPN Gateways As customers adopt Azure and the cloud, they need fast, private, and secure connectivity across regions and Azure Virtual Networks (VNets). Based on the type of workload, customer needs vary. For example, if you want to ensure data replication across geographies you need a high bandwidth, low latency connection. Azure offers connectivity options for VNet that cater to varying customer needs, and you can connect VNets via VNet peering or VPN gateways. It is not surprising that VNet is the fundamental building block for any customer network. VNet lets you create your own private space in Azure, or as I call it your own network bubble. VNets are crucial to your cloud network as they offer isolation, segmentation, and other key benefits. Read more about VNet’s key benefits in our documentation “What is Azure Virtual Network?” -VNet peering + +## VNet peering + VNet peering enables you to seamlessly connect Azure virtual networks. Once peered, the VNets appear as one, for connectivity purposes. The traffic between virtual machines in the peered virtual networks is routed through the Microsoft backbone infrastructure, much like traffic is routed between virtual machines in the same VNet, through private IP addresses only. No public internet is involved. You can peer VNets across Azure regions, too – all with a single click in the Azure Portal. -VNet peering - connecting VNets within the same Azure region -Global VNet peering - connecting VNets across Azure regions +- VNet peering - connecting VNets within the same Azure region +- Global VNet peering - connecting VNets across Azure regions To learn more, look at our documentation overview "Virtual network peering" and "Create, change, or delete a virtual network peering." -VPN gateways + +## VPN gateways A VPN gateway is a specific type of VNet gateway that is used to send traffic between an Azure virtual network and an on-premises location over the public internet. You can also use a VPN gateway to send traffic between VNets. Each VNet can have only one VPN gateway. To learn more, look at our documentation overview "What is VPN Gateway?" and "Configure a VNet-to-VNet VPN gateway connection by using the Azure portal." -Which is best for you? + +## Which is best for you? While we offer two ways to connect VNets, based on your specific scenario and needs, you might want to pick one over the other. VNet Peering provides a low latency, high bandwidth connection useful in scenarios such as cross-region data replication and database failover scenarios. Since traffic is completely private and remains on the Microsoft backbone, customers with strict data policies prefer to use VNet Peering as public internet is not involved. Since there is no gateway in the path, there are no extra hops, ensuring low latency connections. VPN Gateways provide a limited bandwidth connection and is useful in scenarios where encryption is needed, but bandwidth restrictions are tolerable. In these scenarios, customers are also not as latency-sensitive. -VNet Peering and VPN Gateways can also co-exist via gateway transit + +## VNet Peering and VPN Gateways can also co-exist via gateway transit Gateway transit enables you to use a peered VNet’s gateway for connecting to on-premises instead of creating a new gateway for connectivity. As you increase your workloads in Azure, you need to scale your networks across regions and VNets to keep up with the growth. Gateway transit allows you to share an ExpressRoute or VPN gateway with all peered VNets and lets you manage the connectivity in one place. Sharing enables cost-savings and reduction in management overhead. With gateway transit enabled on VNet peering, you can create a transit VNet that contains your VPN gateway, Network Virtual Appliance, and other shared services. As your organization grows with new applications or business units and as you spin up new VNets, you can connect to your transit VNet with VNet peering. This prevents adding complexity to your network and reduces management overhead of managing multiple gateways and other appliances. To learn more about the powerful and unique functionality of gateway transit, refer to our blog post "Create a transit VNet using VNet peering." -Differences between VNet Peering and VPN Gateways + +## Differences between VNet Peering and VPN Gateways VNet Peering From eea4add0fac424655c715448020beaf2c7dbc311 Mon Sep 17 00:00:00 2001 From: Anavi N Date: Mon, 19 Aug 2019 13:12:48 -0700 Subject: [PATCH 4/7] Update vnet-peering.md --- .../hybrid-networking/vnet-peering.md | 59 +++++-------------- 1 file changed, 15 insertions(+), 44 deletions(-) diff --git a/docs/reference-architectures/hybrid-networking/vnet-peering.md b/docs/reference-architectures/hybrid-networking/vnet-peering.md index 8abaea77f43..7bbf229713a 100644 --- a/docs/reference-architectures/hybrid-networking/vnet-peering.md +++ b/docs/reference-architectures/hybrid-networking/vnet-peering.md @@ -40,50 +40,21 @@ With gateway transit enabled on VNet peering, you can create a transit VNet that To learn more about the powerful and unique functionality of gateway transit, refer to our blog post "Create a transit VNet using VNet peering." ## Differences between VNet Peering and VPN Gateways - - -VNet Peering -VPN Gateways -Cross-region support? -Yes – via Global VNet Peering - -Yes -Cross-Azure Active Directory tenant support? -Yes, learn how to set it up in our documentation "Create a virtual network peering." -Yes, see our documentation on VNet-to-VNet connections. -Cross-subscription support? -Yes, see our documentation "Resource Manager, different subscriptions." -Yes, see our documentation "Configure a VNet-to-VNet VPN gateway connection by using the Azure portal." -Cross-deployment model support? -Yes, see our documentation "different deployment models, same subscription." - -Yes, see our documentation "Connect virtual networks from different deployment models using the portal." -Limits -You can keep up to 500 VNets with one VNet as seen in the documentation on Networking Limits. -Each VNet can only have one VPN Gateway. VPN Gateways depending on the SKU have type different number of tunnel supported. -Pricing -Ingress/Egress charged. -Gateway + Egress charged. - -Encrypted? -Software level encryption is recommended -Yes, custom IPsec/IKE policy can be created and applied to new or existing connections. -Bandwidth limitations? -No bandwidth limitations. -Varies based on type of Gateway from 100 Mbps to 1.25Gps. - -Private? -Yes, no Public IP endpoints. Routed through Microsoft backbone and is completely private. No public internet involved. -Public IP involved. -Transitive relationship -If VNet A is peered to VNet B, and VNet B is peered to VNet C, VNet A and VNet C cannot currently communicate. Spoke to spoke communication can be achieved via NVAs or Gateways in the hub VNet. See an example in our documentation. -If VNet A, VNet B, and VNet C are connected via VPN Gateways and BGP is enabled in the VNet connections, transitivity works. -Typical customer scenarios -Data replication, database failover, and other scenarios needing frequent backups of large data. -Encryption specific scenarios that are not latency sensitive and do not need high throughout. -Initial setup time -It took me 24.38 seconds, but you should give it a shot! -30 mins to set it up +| Item |VNet Peering |VPN Gateways | +|----------|-----------|------------| +|Cross-region support? |Yes – via Global VNet Peering |Yes | +|Cross-Azure Active Directory tenant support?|Yes, learn how to set it up in our documentation "Create a virtual network peering." |Yes, see our documentation on VNet-to-VNet connections. | +|Cross-sibscription support?|Yes, see our documentation "Resource Manager, different subscriptions."|Yes, see our documentation "Configure a VNet-to-VNet VPN gateway connection by using the Azure portal."| +|Cross-deployment model support?|Yes, see our documentation "different deployment models, same subscription."| Yes, see our documentation "Connect virtual networks from different deployment models using the portal."| +|Limits|You can keep up to 500 VNets with one VNet as seen in the documentation on Networking Limits.|Each VNet can only have one VPN Gateway. VPN Gateways depending on the SKU have type different number of tunnel supported.| +|Pricing| Ingress/Egress charged.|Gateway + Egress charged.| +|Encrypted?|Software level encryption is recommended|Yes, custom IPsec/IKE policy can be created and applied to new or existing connections.| +|Bandwidth limitations?|No bandwidth limitations.|Varies based on type of Gateway from 100 Mbps to 1.25Gps.| +|Private?|Yes, no Public IP endpoints. Routed through Microsoft backbone and is completely private. No public internet involved.|Public IP involved.| +|Transitive relationship|If VNet A is peered to VNet B, and VNet B is peered to VNet C, VNet A and VNet C cannot currently communicate. Spoke to spoke communication can be achieved via NVAs or Gateways in the hub VNet. See an example in our documentation.| If VNet A, VNet B, and VNet C are connected via VPN Gateways and BGP is enabled in the VNet connections, transitivity works.| +|Typical customer scenarios| Data replication, database failover, and other scenarios needing frequent backups of large data.| Encryption specific scenarios that are not latency sensitive and do not need high throughout.| +| Initial setup time| It took me 24.38 seconds, but you should give it a shot!|30 mins to set it up| + FAQ link VNet peering FAQ VPN gateway FAQ From b166bc7d660ab404c7bfdc0839d652865f04854d Mon Sep 17 00:00:00 2001 From: Anavi N Date: Mon, 19 Aug 2019 13:42:19 -0700 Subject: [PATCH 5/7] Update vnet-peering.md --- .../hybrid-networking/vnet-peering.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/docs/reference-architectures/hybrid-networking/vnet-peering.md b/docs/reference-architectures/hybrid-networking/vnet-peering.md index 7bbf229713a..66bacc984f2 100644 --- a/docs/reference-architectures/hybrid-networking/vnet-peering.md +++ b/docs/reference-architectures/hybrid-networking/vnet-peering.md @@ -53,11 +53,9 @@ To learn more about the powerful and unique functionality of gateway transit, re |Private?|Yes, no Public IP endpoints. Routed through Microsoft backbone and is completely private. No public internet involved.|Public IP involved.| |Transitive relationship|If VNet A is peered to VNet B, and VNet B is peered to VNet C, VNet A and VNet C cannot currently communicate. Spoke to spoke communication can be achieved via NVAs or Gateways in the hub VNet. See an example in our documentation.| If VNet A, VNet B, and VNet C are connected via VPN Gateways and BGP is enabled in the VNet connections, transitivity works.| |Typical customer scenarios| Data replication, database failover, and other scenarios needing frequent backups of large data.| Encryption specific scenarios that are not latency sensitive and do not need high throughout.| -| Initial setup time| It took me 24.38 seconds, but you should give it a shot!|30 mins to set it up| +|Initial setup time| It took me 24.38 seconds, but you should give it a shot!|30 mins to set it up| +|FAQ link| VNet peering FAQ| VPN gateway FAQ| -FAQ link -VNet peering FAQ -VPN gateway FAQ -Conclusion +## Conclusion Azure offers VNet peering and VNet gateways to connect VNets. Based on your unique scenario, you might want to pick one over the other. We recommend VNet peering within region/cross-region scenarios. We always love to hear from you, so please feel free to provide any feedback via our forums. From 15caec3f9e16c664d14eef8820a8838bb204cc0a Mon Sep 17 00:00:00 2001 From: Derek Date: Tue, 3 Dec 2019 13:54:50 -0600 Subject: [PATCH 6/7] Prep for release Minor content cleanup and TOC update. --- .../hybrid-networking/vnet-peering.md | 11 ++++++++--- docs/toc.yml | 2 ++ 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/docs/reference-architectures/hybrid-networking/vnet-peering.md b/docs/reference-architectures/hybrid-networking/vnet-peering.md index 66bacc984f2..390d70e520e 100644 --- a/docs/reference-architectures/hybrid-networking/vnet-peering.md +++ b/docs/reference-architectures/hybrid-networking/vnet-peering.md @@ -10,7 +10,7 @@ ms.subservice: reference-architecture ms.custom: networking --- -# Choosing betwen VNet Peering and VPN Gateways +# Choosing between VNet Peering and VPN Gateways As customers adopt Azure and the cloud, they need fast, private, and secure connectivity across regions and Azure Virtual Networks (VNets). Based on the type of workload, customer needs vary. For example, if you want to ensure data replication across geographies you need a high bandwidth, low latency connection. Azure offers connectivity options for VNet that cater to varying customer needs, and you can connect VNets via VNet peering or VPN gateways. It is not surprising that VNet is the fundamental building block for any customer network. VNet lets you create your own private space in Azure, or as I call it your own network bubble. VNets are crucial to your cloud network as they offer isolation, segmentation, and other key benefits. Read more about VNet’s key benefits in our documentation “What is Azure Virtual Network?” @@ -18,33 +18,38 @@ It is not surprising that VNet is the fundamental building block for any custome ## VNet peering VNet peering enables you to seamlessly connect Azure virtual networks. Once peered, the VNets appear as one, for connectivity purposes. The traffic between virtual machines in the peered virtual networks is routed through the Microsoft backbone infrastructure, much like traffic is routed between virtual machines in the same VNet, through private IP addresses only. No public internet is involved. You can peer VNets across Azure regions, too – all with a single click in the Azure Portal. + - VNet peering - connecting VNets within the same Azure region - Global VNet peering - connecting VNets across Azure regions To learn more, look at our documentation overview "Virtual network peering" and "Create, change, or delete a virtual network peering." ## VPN gateways + A VPN gateway is a specific type of VNet gateway that is used to send traffic between an Azure virtual network and an on-premises location over the public internet. You can also use a VPN gateway to send traffic between VNets. Each VNet can have only one VPN gateway. To learn more, look at our documentation overview "What is VPN Gateway?" and "Configure a VNet-to-VNet VPN gateway connection by using the Azure portal." ## Which is best for you? + While we offer two ways to connect VNets, based on your specific scenario and needs, you might want to pick one over the other. VNet Peering provides a low latency, high bandwidth connection useful in scenarios such as cross-region data replication and database failover scenarios. Since traffic is completely private and remains on the Microsoft backbone, customers with strict data policies prefer to use VNet Peering as public internet is not involved. Since there is no gateway in the path, there are no extra hops, ensuring low latency connections. VPN Gateways provide a limited bandwidth connection and is useful in scenarios where encryption is needed, but bandwidth restrictions are tolerable. In these scenarios, customers are also not as latency-sensitive. ## VNet Peering and VPN Gateways can also co-exist via gateway transit + Gateway transit enables you to use a peered VNet’s gateway for connecting to on-premises instead of creating a new gateway for connectivity. As you increase your workloads in Azure, you need to scale your networks across regions and VNets to keep up with the growth. Gateway transit allows you to share an ExpressRoute or VPN gateway with all peered VNets and lets you manage the connectivity in one place. Sharing enables cost-savings and reduction in management overhead. With gateway transit enabled on VNet peering, you can create a transit VNet that contains your VPN gateway, Network Virtual Appliance, and other shared services. As your organization grows with new applications or business units and as you spin up new VNets, you can connect to your transit VNet with VNet peering. This prevents adding complexity to your network and reduces management overhead of managing multiple gateways and other appliances. To learn more about the powerful and unique functionality of gateway transit, refer to our blog post "Create a transit VNet using VNet peering." ## Differences between VNet Peering and VPN Gateways + | Item |VNet Peering |VPN Gateways | |----------|-----------|------------| |Cross-region support? |Yes – via Global VNet Peering |Yes | |Cross-Azure Active Directory tenant support?|Yes, learn how to set it up in our documentation "Create a virtual network peering." |Yes, see our documentation on VNet-to-VNet connections. | -|Cross-sibscription support?|Yes, see our documentation "Resource Manager, different subscriptions."|Yes, see our documentation "Configure a VNet-to-VNet VPN gateway connection by using the Azure portal."| +|Cross-subscription support?|Yes, see our documentation "Resource Manager, different subscriptions."|Yes, see our documentation "Configure a VNet-to-VNet VPN gateway connection by using the Azure portal."| |Cross-deployment model support?|Yes, see our documentation "different deployment models, same subscription."| Yes, see our documentation "Connect virtual networks from different deployment models using the portal."| |Limits|You can keep up to 500 VNets with one VNet as seen in the documentation on Networking Limits.|Each VNet can only have one VPN Gateway. VPN Gateways depending on the SKU have type different number of tunnel supported.| |Pricing| Ingress/Egress charged.|Gateway + Egress charged.| @@ -57,5 +62,5 @@ To learn more about the powerful and unique functionality of gateway transit, re |FAQ link| VNet peering FAQ| VPN gateway FAQ| ## Conclusion + Azure offers VNet peering and VNet gateways to connect VNets. Based on your unique scenario, you might want to pick one over the other. We recommend VNet peering within region/cross-region scenarios. -We always love to hear from you, so please feel free to provide any feedback via our forums. diff --git a/docs/toc.yml b/docs/toc.yml index f432d0beb0d..251e9144619 100644 --- a/docs/toc.yml +++ b/docs/toc.yml @@ -592,6 +592,8 @@ items: items: - name: Choose a hybrid network architecture href: reference-architectures/hybrid-networking/index.md + - name: Choosing between VNet Peering and VPN Gateways + href: reference-architectures/hybrid-networking/vnet-peering.md - name: VPN href: reference-architectures/hybrid-networking/vpn.md - name: ExpressRoute From cc7b77b279a56775caa1dcf551d01718dfb46502 Mon Sep 17 00:00:00 2001 From: Derek Date: Tue, 3 Dec 2019 14:29:29 -0600 Subject: [PATCH 7/7] Update vnet-peering.md --- .../hybrid-networking/vnet-peering.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/reference-architectures/hybrid-networking/vnet-peering.md b/docs/reference-architectures/hybrid-networking/vnet-peering.md index 390d70e520e..5caf532d609 100644 --- a/docs/reference-architectures/hybrid-networking/vnet-peering.md +++ b/docs/reference-architectures/hybrid-networking/vnet-peering.md @@ -22,15 +22,15 @@ VNet peering enables you to seamlessly connect Azure virtual networks. Once peer - VNet peering - connecting VNets within the same Azure region - Global VNet peering - connecting VNets across Azure regions -To learn more, look at our documentation overview "Virtual network peering" and "Create, change, or delete a virtual network peering." +To learn more, look at our documentation overview ["Virtual network peering"](https://docs.microsoft.com/azure/virtual-network/tutorial-connect-virtual-networks-portal) and ["Create, change, or delete a virtual network peering."](https://docs.microsoft.com/azure/virtual-network/virtual-network-manage-peering) ## VPN gateways A VPN gateway is a specific type of VNet gateway that is used to send traffic between an Azure virtual network and an on-premises location over the public internet. You can also use a VPN gateway to send traffic between VNets. Each VNet can have only one VPN gateway. -To learn more, look at our documentation overview "What is VPN Gateway?" and "Configure a VNet-to-VNet VPN gateway connection by using the Azure portal." +To learn more, look at our documentation overview ["What is VPN Gateway?"](https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpngateways) and ["Configure a VNet-to-VNet VPN gateway connection by using the Azure portal."](https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal) -## Which is best for you? +## Which is best for you While we offer two ways to connect VNets, based on your specific scenario and needs, you might want to pick one over the other. VNet Peering provides a low latency, high bandwidth connection useful in scenarios such as cross-region data replication and database failover scenarios. Since traffic is completely private and remains on the Microsoft backbone, customers with strict data policies prefer to use VNet Peering as public internet is not involved. Since there is no gateway in the path, there are no extra hops, ensuring low latency connections. @@ -39,9 +39,10 @@ VPN Gateways provide a limited bandwidth connection and is useful in scenarios w ## VNet Peering and VPN Gateways can also co-exist via gateway transit Gateway transit enables you to use a peered VNet’s gateway for connecting to on-premises instead of creating a new gateway for connectivity. As you increase your workloads in Azure, you need to scale your networks across regions and VNets to keep up with the growth. Gateway transit allows you to share an ExpressRoute or VPN gateway with all peered VNets and lets you manage the connectivity in one place. Sharing enables cost-savings and reduction in management overhead. + With gateway transit enabled on VNet peering, you can create a transit VNet that contains your VPN gateway, Network Virtual Appliance, and other shared services. As your organization grows with new applications or business units and as you spin up new VNets, you can connect to your transit VNet with VNet peering. This prevents adding complexity to your network and reduces management overhead of managing multiple gateways and other appliances. -To learn more about the powerful and unique functionality of gateway transit, refer to our blog post "Create a transit VNet using VNet peering." +To learn more about the powerful and unique functionality of gateway transit, refer to our blog post ["Create a transit VNet using VNet peering."](https://azure.microsoft.com/blog/create-a-transit-vnet-using-vnet-peering/) ## Differences between VNet Peering and VPN Gateways