Merge pull request #280629 from cherylmc/active-active

include

Author: JamesJBarnett

articles/vpn-gateway/vpn-gateway-about-vpn-gateway-settings.md

@@ -4,7 +4,7 @@ description: Learn about VPN Gateway resources and configuration settings.
 author: cherylmc
 ms.service: vpn-gateway
 ms.topic: conceptual
-ms.date: 02/29/2024
+ms.date: 07/11/2024
 ms.author: cherylmc 
 ms.custom: devx-track-azurepowershell
 ms.devlang: azurecli
@@ -17,7 +17,6 @@ The values in this article specifically apply to VPN gateways (virtual network g
 
 * For values that apply to -GatewayType 'ExpressRoute', see [Virtual network gateways for ExpressRoute](../expressroute/expressroute-about-virtual-network-gateways.md).
 * For zone-redundant gateways, see [About zone-redundant gateways](about-zone-redundant-vnet-gateways.md).
-* For active-active gateways, see [About highly available connectivity](vpn-gateway-highlyavailable.md).
 * For Virtual WAN gateways, see [About Virtual WAN](../virtual-wan/virtual-wan-about.md).
 
 ## <a name="gwtype"></a>Gateways and gateway types
@@ -57,6 +56,14 @@ If you already have a policy-based gateway, you aren't required to change your g
 
 [!INCLUDE [Route-based and policy-based table](../../includes/vpn-gateway-vpn-type-table.md)]
 
+## <a name="active"></a>Active-active VPN gateways
+
+You can create an Azure VPN gateway in an active-active configuration, where both instances of the gateway VMs establish S2S VPN tunnels to your on-premises VPN device.
+
+[!INCLUDE [active-active gateways](../../includes/vpn-gateway-active-active-gateway-include.md)]
+
+For information about using active-active gateways in a highly available connectivity scenario, see [About highly available connectivity](vpn-gateway-highlyavailable.md).
+
 ## <a name="connectiontype"></a>Connection types
 
 In the [Resource Manager deployment model](../azure-resource-manager/management/deployment-models.md), each configuration requires a specific virtual network gateway connection type. The available Resource Manager PowerShell values for `-ConnectionType` are:

articles/vpn-gateway/vpn-gateway-highlyavailable.md

@@ -5,7 +5,7 @@ description: Learn about highly available configuration options using Azure VPN
 author: cherylmc
 ms.service: vpn-gateway
 ms.topic: article
-ms.date: 06/23/2023
+ms.date: 07/11/2024
 ms.author: cherylmc
 
 ---
@@ -50,11 +50,7 @@ You can create an Azure VPN gateway in an active-active configuration, where bot
 
 :::image type="content" source="./media/vpn-gateway-highlyavailable/active-active.png" alt-text="Diagram shows an on-premises site with private I P subnets and on-premises V P N connected to two active Azure V P N gateway to connect to subnets hosted in Azure.":::
 
-In this configuration, each Azure gateway instance has a unique public IP address, and each will establish an IPsec/IKE S2S VPN tunnel to your on-premises VPN device specified in your local network gateway and connection. Note that both VPN tunnels are actually part of the same connection. You'll still need to configure your on-premises VPN device to accept or establish two S2S VPN tunnels to those two Azure VPN gateway public IP addresses.
-
-Because the Azure gateway instances are in active-active configuration, the traffic from your Azure virtual network to your on-premises network will be routed through both tunnels simultaneously, even if your on-premises VPN device may favor one tunnel over the other. For a single TCP or UDP flow, Azure attempts to use the same tunnel when sending packets to your on-premises network. However, your on-premises network could use a different tunnel to send packets to Azure.
-
-When a planned maintenance or unplanned event happens to one gateway instance, the IPsec tunnel from that instance to your on-premises VPN device will be disconnected. The corresponding routes on your VPN devices should be removed or withdrawn automatically so that the traffic will be switched over to the other active IPsec tunnel. On the Azure side, the switch over will happen automatically from the affected instance to the active instance.
+[!INCLUDE [active-active gateways](../../includes/vpn-gateway-active-active-gateway-include.md)]
 
 ### Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks
 

includes/vpn-gateway-active-active-gateway-include.md

@@ -0,0 +1,14 @@
+---
+ ms.topic: include
+ author: cherylmc
+ ms.service: vpn-gateway
+ ms.date: 07/11/2024
+ ms.author: cherylmc
+
+---
+
+In this configuration, each Azure gateway instance has a unique public IP address, and each will establish an IPsec/IKE S2S VPN tunnel to your on-premises VPN device specified in your local network gateway and connection. Both VPN tunnels are actually part of the same connection. You'll still need to configure your on-premises VPN device to accept or establish two S2S VPN tunnels to those two Azure VPN gateway public IP addresses.
+
+Because the Azure gateway instances are in active-active configuration, the traffic from your Azure virtual network to your on-premises network will be routed through both tunnels simultaneously, even if your on-premises VPN device might favor one tunnel over the other. For a single TCP or UDP flow, Azure attempts to use the same tunnel when sending packets to your on-premises network. However, your on-premises network could use a different tunnel to send packets to Azure.
+
+When a planned maintenance or unplanned event happens to one gateway instance, the IPsec tunnel from that instance to your on-premises VPN device will be disconnected. The corresponding routes on your VPN devices should be removed or withdrawn automatically so that the traffic will be switched over to the other active IPsec tunnel. On the Azure side, the switch over will happen automatically from the affected instance to the active instance.