You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-wan/about-client-address-pools.md
+41-16Lines changed: 41 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,35 +12,60 @@ ms.author: cherylmc
12
12
---
13
13
# About client address pools for point-to-site configurations
14
14
15
-
This article describes Virtual WAN guidelines and requirements for allocating client address spaces when the virtual hub's point-to-site **Gateway scale units** are 40 or greater.
15
+
This article describes Virtual WAN guidelines and requirements for allocating client address spaces.
16
16
17
-
Point-to-site VPN gateways in the Virtual WAN hub are deployed with multiple instances. Each instance of a point-to-site VPN gateway can support up to 10,000 concurrent point-to-site user connections. As a result, for scale units greater than 40, Virtual WAN needs to deploy extra capacity, which requires a minimum number of address pools allocated for different scale units.
17
+
## Background
18
18
19
-
For instance, if a scale unit of 100 is chosen, 5 instances are deployed for the point-to-site VPN gateway in a virtual hub. This deployment can support 50,000 concurrent connections and **at least** 5 distinct address pools.
19
+
Point-to-site VPN gateways in the Virtual WAN hub are deployed with one or more highly-available gateway instances. Each instance of a point-to-site VPN gateway can support up to 10,000 concurrent connections.
20
20
21
-
**Available scale units**
21
+
As a result, for scale units greater than 40 (support for more than 10,000 concurrent connections), Virtual WAN deploys an extra gateway instance to service every 10,000 additional connecting users.
22
22
23
-
| Scale unit | Maximum supported clients | Minimum number of address pools |
24
-
|--- |--- |--- |
25
-
| 40 | 20000 | 2 |
26
-
| 60 | 30000 | 3 |
27
-
| 80 | 40000 | 4 |
28
-
| 100 | 50000 | 5 |
29
-
| 120 | 60000 | 6 |
30
-
| 140 | 70000 | 7 |
31
-
| 160 | 80000 | 8 |
32
-
| 180 | 90000 | 9 |
33
-
| 200 | 100000 | 10 |
23
+
When a user connects to Virtual WAN, the connection is automatically load-balanced to all backend gateway instances. To ensure each Gateway instance can service connections, each gateway instance must have at least one unique address pool.
24
+
25
+
For instance, if a scale unit of 100 is chosen, 5 gateway instances are deployed. This deployment can support 50,000 concurrent connections and **at least** 5 distinct address pools must be specified.
26
+
27
+
## Address pools and multi-pool/user groups
28
+
29
+
> [!NOTE]
30
+
> There is no minimum scale unit required for the multi-pool/user group feature as long as sufficient address pools are allocated as described below.
34
31
32
+
When a gateway is configured with the [multi-pool/user group feature](user-groups-about.md), multiple connection configurations are installed on the same Point-to-site VPN Gateway. Users from any group can connect to any gateway instance, meaning each connection configuration needs to have at least one address pool for every backend gateway instance.
33
+
34
+
For instance, if a scale unit of 100 is chosen (5 gateway instances) on a gateway with three separate connection configurations, each configuration will need at least 5 address pools (total of 15 pools).
35
+
36
+
| Connection Configuration | Associated User Groups | Minimum number of address pools |
Point-to-site VPN address pool assignments are done automatically by Virtual WAN. See the following basic guidelines for specifying address pools.
38
62
39
-
* One gateway instance allows for a maximum of 10,000 concurrent connections. As such, each address pool should contain at least 10,000 unique RFC1918 IP addresses.
63
+
* One gateway instance allows for a maximum of 10,000 concurrent connections. As such, each address pool should contain at least 10,000 unique IPv4 addresses. If less than 10,000 addresses are assigned to each instance incoming connections will be rejected after all allocated IP addresses have been assigned.
40
64
* Multiple address pool ranges are automatically combined and assigned to a **single** gateway instance. This process is done in a round-robin manner for any gateway instances that have less than 10,000 IP addresses. For example, a pool with 5,000 addresses can be combined automatically by Virtual WAN with another pool that has 8,000 addresses and is assigned to a single gateway instance.
41
65
* A single address pool is only assigned to a single gateway instance by Virtual WAN.
42
66
* Address pools must be distinct. There can be no overlap between address pools.
43
67
68
+
44
69
> [!NOTE]
45
70
> If an address pool is associated to a gateway instance that is undergoing maintenance, the address pool cannot be re-assigned to another instance.
0 commit comments