Highly Available Cross-Premises and VNet-to-VNet Connectivity

15th June, 2017

A couple of days ago, Microsoft announced that New Azure VPN Gateways is now 6x faster which is fantastic news.

It gets even better when you start digging a little deeper and understand not only have they becomes faster but you can now create an Azure VPN gateway in an active-active configuration, where both instances of the gateway VMs will establish S2S VPN tunnels to your on-premises VPN device, as shown the following diagram;

Taking this to the next step, the most reliable option is then combine the active-active gateways on both your network and Azure, as shown in the diagram below;

Here you create and setup the Azure VPN gateway in an active-active configuration, and create two local network gateways and two connections for your two on-premises VPN devices. The result is a full mesh connectivity of 4 IPsec tunnels between your Azure virtual network and your on-premises network.

The same active-active configuration can also apply to Azure VNet-to-VNet connections. You can create active-active VPN gateways for both virtual networks, and connect them together to form the same full mesh connectivity of 4 tunnels between the two VNets, as shown in the diagram below:

This ensures there are always a pair of tunnels between the two virtual networks for any planned maintenance events, providing even better availability.

For those who are interested in taking this to the next level and  considering Highly Available Cross-Premises Connections then please do look at the Microsoft article ‘Configure active-active S2S VPN connections with Azure VPN Gateways’ and if you would like help and assistance then please do contact us.