Merge pull request #215675 from wtnlee/p2spoolsbranch

jborsecnik · web-flow · commit 51185ce8772d · 2022-10-24T14:56:21.000-07:00
P2spoolsbranch
diff --git a/articles/virtual-wan/TOC.yml b/articles/virtual-wan/TOC.yml
@@ -101,12 +101,8 @@
       href: about-client-address-pools.md
     - name: P2S global and hub profiles
       href: global-hub-profile.md
-    - name: P2S client address pools
-      items:
-      - name: About address pools
-        href: about-client-address-pools.md
-      - name: User groups - assign client-specific addresses
-        href: user-groups-about.md
+    - name: User groups - assign client-specific addresses 
+      href: user-groups-about.md
   - name: Virtual hub settings
     href: hub-settings.md
   - name: Gateway settings
diff --git a/articles/virtual-wan/about-client-address-pools.md b/articles/virtual-wan/about-client-address-pools.md
@@ -12,35 +12,60 @@ ms.author: cherylmc
 ---
 # About client address pools for point-to-site configurations
 
-This article describes Virtual WAN guidelines and requirements for allocating client address spaces when the virtual hub's point-to-site **Gateway scale units** are 40 or greater.
+This article describes Virtual WAN guidelines and requirements for allocating client address spaces.
 
-Point-to-site VPN gateways in the Virtual WAN hub are deployed with multiple instances. Each instance of a point-to-site VPN gateway can support up to 10,000 concurrent point-to-site user connections. As a result, for scale units greater than 40, Virtual WAN needs to deploy extra capacity, which requires a minimum  number of address pools allocated for different scale units.
+## Background
 
-For instance, if a scale unit of 100 is chosen, 5 instances are deployed for the point-to-site VPN gateway in a virtual hub. This deployment can support 50,000 concurrent connections and **at least** 5 distinct address pools.
+Point-to-site VPN gateways in the Virtual WAN hub are deployed with one or more highly-available gateway instances. Each instance of a point-to-site VPN gateway can support up to 10,000 concurrent connections.
 
-**Available scale units**
+As a result, for scale units greater than 40 (support for more than 10,000 concurrent connections), Virtual WAN deploys an extra gateway instance to service every 10,000 additional connecting users.
 
-| Scale unit | Maximum supported clients | Minimum number of address pools |
-|--- |--- |--- |
-| 40 | 20000 | 2 |
-| 60 | 30000 | 3 |
-| 80 | 40000 | 4 |
-| 100 | 50000 | 5 |
-| 120 | 60000 | 6 |
-| 140 | 70000 | 7 |
-| 160 | 80000 | 8 |
-| 180 | 90000 | 9 |
-| 200 | 100000 | 10 |
+When a user connects to Virtual WAN, the connection is automatically load-balanced to all backend gateway instances. To ensure each Gateway instance can service connections, each gateway instance must have at least one unique address pool.
+
+For instance, if a scale unit of 100 is chosen, 5 gateway instances are deployed. This deployment can support 50,000 concurrent connections and **at least** 5 distinct address pools must be specified.
+
+## Address pools and multi-pool/user groups
+
+> [!NOTE] 
+> There is no minimum scale unit required for the multi-pool/user group feature as long as sufficient address pools are allocated as described below.
 
+When a gateway is configured with the [multi-pool/user group feature](user-groups-about.md), multiple connection configurations are installed on the same Point-to-site VPN Gateway. Users from any group can connect to any gateway instance, meaning each connection configuration needs to have at least one address pool for every backend gateway instance.
+
+For instance, if a scale unit of 100 is chosen (5 gateway instances) on a gateway with three separate connection configurations, each configuration will need at least 5 address pools (total of 15 pools).
+
+| Connection Configuration  | Associated User Groups | Minimum number of address pools |
+| --- | --- | ---|
+| Configuration 1| Finance, Human Resources | 5 |
+| Configuration 2| Engineering, Product Management| 5|
+| Configuration 3| Marketing | 5|
+
+**Available scale units**
+
+The following table summarizes the available scale unit choices for Point-to-site VPN Gateway.
+
+| Scale unit | Gateway Instances| Maximum supported clients | Minimum number of address pools per connection configuration|
+|--- |--- |--- | --- |
+1-20| 1| 500-10000 | 1|
+| 40 | 2| 20000 | 2 |
+| 60 |  3|30000 | 3 |
+| 80 | 4| 40000 | 4 |
+| 100 | 5 | 50000 | 5 |
+| 120 | 6| 60000 | 6 |
+| 140 | 7 | 70000 | 7 |
+| 160 | 8 | 80000 | 8 |
+| 180 | 9 | 90000 | 9 |
+| 200 | 10 |100000 | 10 |
+ 
 ## <a name="specify-address-pools"></a>Specifying address pools
 
 Point-to-site VPN address pool assignments are done automatically by Virtual WAN. See the following basic guidelines for specifying address pools.
 
-* One gateway instance allows for a maximum of 10,000 concurrent connections. As such, each address pool should contain at least 10,000 unique RFC1918 IP addresses.
+* One gateway instance allows for a maximum of 10,000 concurrent connections. As such, each address pool should contain at least 10,000 unique IPv4 addresses. If less than 10,000 addresses are assigned to each instance  incoming connections will be rejected after all allocated IP addresses have been assigned.
 * Multiple address pool ranges are automatically combined and assigned to a **single** gateway instance. This process is done in a round-robin manner for any gateway instances that have less than 10,000 IP addresses. For example, a pool with 5,000 addresses can be combined automatically by Virtual WAN with another pool that has 8,000 addresses and is assigned to a single gateway instance.
 * A single address pool is only assigned to a single gateway instance by Virtual WAN.
 * Address pools must be distinct. There can be no overlap between address pools.
 
+
 > [!NOTE] 
 > If an address pool is associated to a gateway instance that is undergoing maintenance, the address pool cannot be re-assigned to another instance.
 
