You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-wan/virtual-wan-connectivity.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,14 +14,14 @@ In this article, you learn about the various connection options available to con
14
14
15
15
## IPsec tunnels using virtual network gateways
16
16
17
-
In this option, you can use IPsec tunnels to connect Virtual WANs by deploying a virtual network gateway in each virtual hub withing your virtual WAN environment.
17
+
In this option, you can use IPsec tunnels to connect Virtual WANs by deploying a virtual network gateway in each virtual hub withing your Virtual WAN environment.
18
18
19
19
20
-
Because the virtual network gateway ASN is always 65515, you can't have BGP over IPsec due to BGP loop prevention mechanism as the remote virtual hub will receive routes from the source virtual hub with 65515 in the AS-PATH and BGP will drop that. Therefore, if you want to connect two different virtual WANs, the tunnels must use static routing.
20
+
Because the virtual network gateway ASN is always 65515, you can't have BGP over IPsec due to BGP loop prevention mechanism as the remote virtual hub will receive routes from the source virtual hub with 65515 in the AS-PATH and BGP will drop that. Therefore, if you want to connect two different Virtual WANs, the tunnels must use static routing.
21
21
22
-
:::image type="content" source="./media/virtual-wan-connectivity/vwan-connectivity-using-vpn-gateway.png" alt-text="Diagram shows virtual WAN connectivity using virtual network gateways." lightbox="./media/virtual-wan-connectivity/vwan-connectivity-using-vpn-gateway.png":::
22
+
:::image type="content" source="./media/virtual-wan-connectivity/vwan-connectivity-using-vpn-gateway.png" alt-text="Diagram shows Virtual WAN connectivity using virtual network gateways." lightbox="./media/virtual-wan-connectivity/vwan-connectivity-using-vpn-gateway.png":::
23
23
24
-
This option is ideal if you want to connect two virtual WANs using virtual network gateways. However, it has the following limitations:
24
+
This option is ideal if you want to connect two Virtual WANs using virtual network gateways. However, it has the following limitations:
25
25
26
26
- No BGP support.
27
27
- Max throughput per tunnel is 2.3 Gbps, depending on ciphers. For more information, see [What is the max throughput supported in a single tunnel?](virtual-wan-faq.md#packets)
@@ -32,9 +32,9 @@ If you're already using SD-WAN network virtual appliances (NVAs) to connect your
32
32
33
33
In this scenario, you must replace ASNs 65520 and 65515 with the ones used by your SD-WAN to avoid BGP loop prevention. This approach is similar to the first connectivity option, but here you have the flexibility to perform BGP manipulation on third-party appliances.
34
34
35
-
:::image type="content" source="./media/virtual-wan-connectivity/vwan-connectivity-using-sdwan-nva.png" alt-text="Diagram shows virtual WAN connectivity using SD-WAN devices in the virtual hubs." lightbox="./media/virtual-wan-connectivity/vwan-connectivity-using-sdwan-nva.png":::
35
+
:::image type="content" source="./media/virtual-wan-connectivity/vwan-connectivity-using-sdwan-nva.png" alt-text="Diagram shows Virtual WAN connectivity using SD-WAN devices in the virtual hubs." lightbox="./media/virtual-wan-connectivity/vwan-connectivity-using-sdwan-nva.png":::
36
36
37
-
This option is ideal if you want to connect two virtual WANs using SD-WAN NVAs. However, it comes with the following limitations:
37
+
This option is ideal if you want to connect two Virtual WANs using SD-WAN NVAs. However, it comes with the following limitations:
38
38
39
39
- Only certain SD-WAN NVAs can be deployed into Virtual WAN hubs. For more information, see [NVAs in a Virtual WAN hub](about-nva-hub.md).
40
40
- SD-WAN NVAs can't be combined with other NVAs in Virtual WAN hubs.
@@ -46,9 +46,9 @@ This option is similar to the previous one, except you place the SD-WAN NVA in a
46
46
47
47
This approach is suitable for scenarios where SD-WAN NVAs can't be deployed into Virtual WAN hubs but still support BGP. As in the second option, you must replace ASNs 65520 and 65515 with those used by your SD-WAN to avoid BGP loop prevention.
48
48
49
-
:::image type="content" source="./media/virtual-wan-connectivity/vwan-connectivity-using-spoke-sdwan.png" alt-text="Diagram shows virtual WAN connectivity using SD-WAN devices in spoke virtual networks." lightbox="./media/virtual-wan-connectivity/vwan-connectivity-using-spoke-sdwan.png":::
49
+
:::image type="content" source="./media/virtual-wan-connectivity/vwan-connectivity-using-spoke-sdwan.png" alt-text="Diagram shows Virtual WAN connectivity using SD-WAN devices in spoke virtual networks." lightbox="./media/virtual-wan-connectivity/vwan-connectivity-using-spoke-sdwan.png":::
50
50
51
-
This option is ideal if you want to connect two virtual WANs using SD-WAN NVAs in the spoke virtual networks because virtual hub doesn't support them. However, this option comes with the following limitations:
51
+
This option is ideal if you want to connect two Virtual WANs using SD-WAN NVAs in the spoke virtual networks because virtual hub doesn't support them. However, this option comes with the following limitations:
52
52
53
53
- Complexity to set up and maintain.
54
54
- SD-WAN NVAs can be more expensive than virtual network gateways.
0 commit comments