Unlike a traditional hub and spoke when you have site to site VPN with azure with multiple virtual networks. Azure Express route gives you an additional option to create up-to to 10 connections directly with the express route circuit. Where the virtual network can be from different subscriptions. It makes life much easier when you have multiple business units within Azure with different subscriptions. Once you have the express route circuit provisioned and available you can start creating authorizations and connections. VNET peerings and virtual network gateways have their own costs per region. In this architecture no peering is made unless there is a requirement between spokes as the express route will act kind of a hub in this architecture.
Open the express route circuit is up and ready and create an authorization and get the authorization key and the resource ID. It will change to status Available once you create it.
Create a Virtual Network Gateway – where you need a gateway to create a connection between express route circuit and gateway to have virtual resources within the gateway.
Once you have the gateway choose the gateway and redeem the connection with the Keys captured above
Good to have for naming conventions –
- Connection
- Address space
- Subnets
- Virtual Network Gateway
- Virtual Network
- Virtual Network Gateway Public IP Name
- Resource groups
- Boot Diagnostics
- Network Security Groups
- Subscriptions
- Test Server Name
- Test Server IP
Virtual Network Gateway Peering Cost with Express Route –
Hub and Spoke without Express Route Examples – Thanks to the internet for below images
Spoke 1 to Spoke 2 Connectivity with Hub.
Sample Image for Virtual Network planning –
Interesting post, thanks for sharing
Most Welcome
If your DCs are in prod sub, how could other subscriptions access this? Would you still have to peer the test or dev subscriptions with production?
I highly recommend for Hub and spoke , Watch this video. Mentioned Article is a unique scenario not to be applied for most of the traditional environments
https://www.youtube.com/watch?v=h5K4oGXAYeg
Does it also supports vnet created in other regions? Ex we are majorly operating in US and we have express route and all circuits are created in there only. Now if I want to expand some other region may be India, will I be able to use the existing circuits? Or have to create new express route only?
Regards,
Logan
Hi Sateshwaran
Do you have any guidance for adding a new express route to an existing setup with existing virtual network gateways which contain production site to site VPN connections? I have two pre existing virtual network gateways – UK West and UK South which currently already have site to site ipsec VPN connections and also vnet to vnet connections associated to them. I want to migrate to Express route for all of these existing connections, but wish to do so with minimal downtime. Could you give any pointers based on your experience? Thank you so much if you can
Thanks for the article. Do you know if there is an ability to limit bandwidth to a quarter of the pipe for each subscription, meaning limiting the usage bandwidth so that the pipe is not clogged?