You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-wan/virtual-wan-faq.md
+12-8Lines changed: 12 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: See answers to frequently asked questions about Azure Virtual WAN n
4
4
author: cherylmc
5
5
ms.service: virtual-wan
6
6
ms.topic: conceptual
7
-
ms.date: 05/20/2022
7
+
ms.date: 10/13/2022
8
8
ms.author: cherylmc
9
9
# Customer intent: As someone with a networking background, I want to read more details about Virtual WAN in a FAQ format.
10
10
---
@@ -96,7 +96,7 @@ There are two options to add DNS servers for the P2S clients. The first method i
96
96
97
97
### For User VPN (point-to-site)- how many clients are supported?
98
98
99
-
The table below describes the number of concurrent connections and aggregate throughput of the Point-to-site VPN Gateway supported at different scale units.
99
+
The table below describes the number of concurrent connections and aggregate throughput of the Point-to-site VPN gateway supported at different scale units.
@@ -188,6 +188,8 @@ All virtual WAN APIs are OpenAPI. You can go over the documentation [Virtual WAN
188
188
189
189
Virtual WAN partners automate IPsec connectivity to Azure VPN end points. If the Virtual WAN partner is an SD-WAN provider, then it's implied that the SD-WAN controller manages automation and IPsec connectivity to Azure VPN end points. If the SD-WAN device requires its own end point instead of Azure VPN for any proprietary SD-WAN functionality, you can deploy the SD-WAN end point in an Azure VNet and coexist with Azure Virtual WAN.
190
190
191
+
Virtual WAN supports [BGP Peering](create-bgp-peering-hub-portal.md) and also has the ability to [deploy NVA's into a virtual WAN hub](how-to-nva-hub.md).
192
+
191
193
### How many VPN devices can connect to a single hub?
192
194
193
195
Up to 1,000 connections are supported per virtual hub. Each connection consists of four links and each link connection supports two tunnels that are in an active-active configuration. The tunnels terminate in an Azure virtual hub VPN gateway. Links represent the physical ISP link at the branch/VPN device.
@@ -204,6 +206,8 @@ An Azure Virtual WAN connection is composed of 2 tunnels. A Virtual WAN VPN gate
204
206
205
207
The Gateway Reset button should be used if your on-premises devices are all working as expected, but the site-to-site VPN connection in Azure is in a Disconnected state. Virtual WAN VPN gateways are always deployed in an Active-Active state for high availability. This means there's always more than one instance deployed in a VPN gateway at any point of time. When the Gateway Reset button is used, it reboots the instances in the VPN gateway in a sequential manner so your connections aren't disrupted. There will be a brief gap as connections move from one instance to the other, but this gap should be less than a minute. Additionally, note that resetting the gateways won't change your Public IPs.
206
208
209
+
This scenario only applies to the S2S connections.
210
+
207
211
### Can the on-premises VPN device connect to multiple hubs?
208
212
209
213
Yes. Traffic flow, when commencing, is from the on-premises device to the closest Microsoft network edge, and then to the virtual hub.
@@ -218,7 +222,7 @@ Yes, you can connect your favorite network virtual appliance (NVA) VNet to the A
218
222
219
223
### Can I create a Network Virtual Appliance inside the virtual hub?
220
224
221
-
A Network Virtual Appliance (NVA) can't be deployed inside a virtual hub. However, you can create it in a spoke VNet that is connected to the virtual hub and enable appropriate routing to direct traffic per your needs.
225
+
A Network Virtual Appliance (NVA) can be deployed inside a virtual hub. For steps, see [About NVA's in a Virtual WAN hub](about-nva-hub.md).
222
226
223
227
### Can a spoke VNet have a virtual network gateway?
224
228
@@ -266,9 +270,9 @@ When VPN sites connect into a hub, they do so with connections. Virtual WAN supp
266
270
267
271
Yes, NAT traversal (NAT-T) is supported. The Virtual WAN VPN gateway will NOT perform any NAT-like functionality on the inner packets to/from the IPsec tunnels. In this configuration, ensure the on-premises device initiates the IPsec tunnel.
268
272
269
-
### I don't see the 20-Gbps setting for the virtual hub in portal. How do I configure that?
273
+
### How can I configure a scale unit to a specific setting like 20-Gbps?
270
274
271
-
Navigate to the VPN gateway inside a hub on the portal, then click on the scale unit to change it to the appropriate setting.
275
+
Go to the VPN gateway inside a hub on the portal, then click on the scale unit to change it to the appropriate setting.
272
276
273
277
### Does Virtual WAN allow the on-premises device to utilize multiple ISPs in parallel, or is it always a single VPN tunnel?
274
278
@@ -303,7 +307,7 @@ If a virtual hub learns the same route from multiple remote hubs, the order in w
303
307
1. Longest prefix match.
304
308
1. Local routes over interhub.
305
309
1. Static routes over BGP: This is in context to the decision being made by the virtual hub router. However, if the decision maker is the VPN gateway where a site advertises routes via BGP or provides static address prefixes, static routes may be preferred over BGP routes.
306
-
1. ExpressRoute (ER) over VPN: ER is preferred over VPN when the context is a local hub. Transit connectivity between ExpressRoute circuits is only available through Global Reach. Therefore, in scenarios where ExpressRoute circuit is connected to one hub and there is another ExpressRoute circuit connected to a different hub with VPN connection, VPN may be preferred for inter-hub scenarios.
310
+
1. ExpressRoute (ER) over VPN: ER is preferred over VPN when the context is a local hub. Transit connectivity between ExpressRoute circuits is only available through Global Reach. Therefore, in scenarios where ExpressRoute circuit is connected to one hub and there is another ExpressRoute circuit connected to a different hub with VPN connection, VPN may be preferred for inter-hub scenarios. However, you can [configure virtual hub routing preference](howto-virtual-hub-routing-preference.md) to change the default preference.
307
311
1. AS path length (Virtual hubs prepend routes with the AS path 65520-65520 when advertising routes to each other).
308
312
309
313
### Does the Virtual WAN hub allow connectivity between ExpressRoute circuits?
@@ -316,7 +320,7 @@ When multiple ExpressRoute circuits are connected to a virtual hub, routing weig
316
320
317
321
### Does Virtual WAN prefer ExpressRoute over VPN for traffic egressing Azure
318
322
319
-
Yes. Virtual WAN prefers ExpressRoute over VPN for traffic egressing Azure.
323
+
Yes. Virtual WAN prefers ExpressRoute over VPN for traffic egressing Azure. However, you can configure virtual hub routing preference to change the default preference. For steps, see [Configure virtual hub routing preference](howto-virtual-hub-routing-preference.md).
320
324
321
325
### When a Virtual WAN hub has an ExpressRoute circuit and a VPN site connected to it, what would cause a VPN connection route to be preferred over ExpressRoute?
322
326
@@ -356,7 +360,7 @@ For the point-to-site User VPN scenario with internet breakout via Azure Firewal
356
360
357
361
### What is the recommended API version to be used by scripts automating various Virtual WAN functionalities?
358
362
359
-
A minimum version of 05-01-2020 (May 1 2020) is required.
363
+
A minimum version of 05-01-2022 (May 1, 2022) is required.
0 commit comments