expressroute-about-virtual-network-gateways

Author: LHL407

articles/expressroute/expressroute-about-virtual-network-gateways.md

@@ -30,19 +30,19 @@ Each virtual network can have only one virtual network gateway per gateway type.
 
 [!INCLUDE [expressroute-gwsku-include](../../includes/expressroute-gwsku-include.md)]
 
-If you want to upgrade your gateway to a higher capacity gateway SKU, you can use the Seamless Gateway Migration tool in either Azure portal or PowerShell. The following upgrades are supported:
+If you want to upgrade your gateway to a higher-capacity gateway SKU, you can use the Seamless Gateway Migration tool in either the Azure portal or PowerShell. The following upgrades are supported:
 
-* Non-Az-enabled SKU on Basic IP to Non-Az-enabled SKU on Standard IP.
-* Non-Az-enabled SKU on Basic IP to Az-enabled SKU on Standard IP.
-* Non-Az-enabled SKU on Standard IP to Az-enabled SKU on Standard IP.
+* Non-Az-enabled SKU on Basic IP to Non-Az-enabled SKU on Standard IP
+* Non-Az-enabled SKU on Basic IP to Az-enabled SKU on Standard IP
+* Non-Az-enabled SKU on Standard IP to Az-enabled SKU on Standard IP
 
 For more information, see [Migrate to an availability zone-enabled gateway](expressroute-howto-gateway-migration-powershell.md).
 
 For all other downgrade scenarios, you need to delete and re-create the gateway, which incurs downtime.
 
 ## <a name="gwsub"></a>Gateway subnet creation
 
-Before you create an ExpressRoute gateway, you must create a gateway subnet. The gateway subnet contains the IP addresses used by the virtual network gateway VMs and services.
+Before you create an ExpressRoute gateway, you must create a gateway subnet. The virtual network gateway virtual machines (VMs) and services use IP addresses that are contained in the gateway subnet.
 
 When you create your virtual network gateway, gateway VMs are deployed to the gateway subnet and configured with the required ExpressRoute gateway settings. Never deploy anything else into the gateway subnet. The gateway subnet must be named "GatewaySubnet" to work properly, because doing so lets Azure know to deploy the virtual network gateway VMs and services into this subnet.
 
@@ -53,7 +53,7 @@ When you create your virtual network gateway, gateway VMs are deployed to the ga
 
 When you create the gateway subnet, you specify the number of IP addresses that the subnet contains. The IP addresses in the gateway subnet are allocated to the gateway VMs and gateway services. Some configurations require more IP addresses than others.
 
-When you're planning your gateway subnet size, refer to the documentation for the configuration that you're planning to create. For example, the ExpressRoute/VPN gateway coexist configuration requires a larger gateway subnet than most other configurations. Furthermore, you might want to make sure your gateway subnet contains enough IP addresses to accommodate possible future configurations.
+When you're planning your gateway subnet size, refer to the documentation for the configuration that you're planning to create. For example, the ExpressRoute/VPN gateway coexistence configuration requires a larger gateway subnet than most other configurations. Furthermore, you might want to make sure your gateway subnet contains enough IP addresses to accommodate possible future configurations.
 
 We recommend that you create a gateway subnet of /27 or larger. If you plan to connect 16 ExpressRoute circuits to your gateway, you *must* create a gateway subnet of /26 or larger. If you're creating a dual stack gateway subnet, we recommend that you also use an IPv6 range of /64 or larger. This setup accommodates most configurations.
 
@@ -69,7 +69,7 @@ Add-AzVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -AddressPrefix 10.0.3.0/2
 
 ### <a name="gatewayfeaturesupport"></a>Feature support by gateway SKU
 
-The following table shows the features supported across each gateway type and the maximum number of ExpressRoute circuit connections supported by each gateway SKU.
+The following table shows the features that each gateway type supports and the maximum number of ExpressRoute circuit connections that each gateway SKU supports.
 
 | Gateway SKU | VPN gateway and ExpressRoute coexistence | FastPath | Maximum number of circuit connections |
 |--|--|--|--|
@@ -87,18 +87,18 @@ The following table shows the features supported across each gateway type and th
 
 ### <a name="zrgw"></a>Zone-redundant gateway SKUs
 
-You can also deploy ExpressRoute gateways in Azure availability zones. This configuration physically and logically separates them into different availability zones, protecting your on-premises network connectivity to Azure from zone-level failures.
+You can also deploy ExpressRoute gateways in Azure availability zones. Physically and logically separating the gateways into availability zones helps protect your on-premises network connectivity to Azure from zone-level failures.
 
 ![Diagram that shows deployment of ExpressRoute gateways in Azure availability zones.](./media/expressroute-about-virtual-network-gateways/zone-redundant.png)
 
-Zone-redundant gateways use specific new gateway SKUs for ExpressRoute gateway.
+Zone-redundant gateways use specific new gateway SKUs for ExpressRoute gateways:
 
 * ErGw1AZ
 * ErGw2AZ
 * ErGw3AZ
 * ErGwScale (preview)
 
-The new gateway SKUs also support other deployment options to best match your needs. When creating a virtual network gateway using the new gateway SKUs, you can deploy the gateway in a specific zone. This type of gateway is referred to as a zonal gateway. When you deploy a zonal gateway, all the instances of the gateway are deployed in the same availability zone.
+The new gateway SKUs also support other deployment options to best match your needs. When you create a virtual network gateway by using the new gateway SKUs, you can deploy the gateway in a specific zone. This type of gateway is called a *zonal gateway*. When you deploy a zonal gateway, all the instances of the gateway are deployed in the same availability zone.
 
 To learn about migrating an ExpressRoute gateway, see [Gateway migration](gateway-migration.md).
 
@@ -135,13 +135,13 @@ The virtual network gateway infrastructure autoscales between the minimum and ma
 
 ### Limitations
 
-* **Basic IP**: ErGwScale doesn't support the *Basic IP SKU*. You need to use a *Standard IP SKU* to configure ErGwScale.
-* **Minimum and maximum scale units**: You can configure the *scale unit* for ErGwScale between 1-40. The *minimum scale unit* can't be lower than 1 and the *maximum scale unit* can't be higher than 40.
-* **Migration scenarios**: You can't migrate from Standard/ErGw1Az or HighPerf/ErGw2Az/UltraPerf/ErGw3Az to ErGwScale in the *public preview*.
+* **Basic IP**: ErGwScale doesn't support the Basic IP SKU. You need to use a Standard IP SKU to configure ErGwScale.
+* **Minimum and maximum scale units**: You can configure the scale unit for ErGwScale between 1 and 40. The *minimum scale unit* can't be lower than 1 and the *maximum scale unit* can't be higher than 40.
+* **Migration scenarios**: You can't migrate from Standard/ErGw1Az or HighPerf/ErGw2Az/UltraPerf/ErGw3Az to ErGwScale in the preview.
 
 ### Pricing
 
-ErGwScale is free of charge during public preview. For information about ExpressRoute pricing, see [Azure ExpressRoute pricing](https://azure.microsoft.com/pricing/details/expressroute/#pricing).
+ErGwScale is free of charge during the preview. For information about ExpressRoute pricing, see [Azure ExpressRoute pricing](https://azure.microsoft.com/pricing/details/expressroute/#pricing).
 
 ### Supported performance per scale unit
 
@@ -162,11 +162,11 @@ ErGwScale is free of charge during public preview. For information about Express
 
 ## Connectivity from VNet to VNet and from VNet to virtual WAN
 
-By default, VNet to VNet and VNet to virtual WAN connectivity is disabled through an ExpressRoute circuit for all gateway SKUs. To enable this connectivity, you must configure the ExpressRoute virtual network gateway to allow this traffic. For more information, see guidance about [virtual network connectivity over ExpressRoute](virtual-network-connectivity-guidance.md). To enable this traffic, see [Enable VNet to VNet or VNet to virtual WAN connectivity through ExpressRoute](expressroute-howto-add-gateway-portal-resource-manager.md#enable-or-disable-vnet-to-vnet-or-vnet-to-virtual-wan-traffic-through-expressroute).
+By default, VNet-to-VNet and VNet-to-virtual-WAN connectivity is disabled through an ExpressRoute circuit for all gateway SKUs. To enable this connectivity, you must configure the ExpressRoute virtual network gateway to allow this traffic. For more information, see guidance about [virtual network connectivity over ExpressRoute](virtual-network-connectivity-guidance.md). To enable this traffic, see [Enable VNet-to-VNet or VNet-to-virtual-WAN connectivity through ExpressRoute](expressroute-howto-add-gateway-portal-resource-manager.md#enable-or-disable-vnet-to-vnet-or-vnet-to-virtual-wan-traffic-through-expressroute).
 
 ## <a name="fastpath"></a>FastPath
 
-ExpressRoute virtual network gateway is designed to exchange network routes and route network traffic. FastPath is designed to improve the data path performance between your on-premises network and your virtual network. When FastPath is enabled, it sends network traffic directly to virtual machines in the virtual network, bypassing the gateway.
+The ExpressRoute virtual network gateway is designed to exchange network routes and route network traffic. FastPath is designed to improve the data path performance between your on-premises network and your virtual network. When FastPath is enabled, it sends network traffic directly to virtual machines in the virtual network, bypassing the gateway.
 
 For more information about FastPath, including limitations and requirements, see [About FastPath](about-fastpath.md).
 
@@ -177,11 +177,11 @@ The ExpressRoute virtual network gateway facilitates connectivity to private end
 > [!IMPORTANT]
 > * The throughput and control plane capacity for connectivity to private endpoint resources might be reduced by half compared to connectivity to non-private endpoint resources.
 > * During a maintenance period, you might experience intermittent connectivity problems to private endpoint resources.
-> * You need to ensure that on-premises configuration, including router and firewall settings, are correctly set up to ensure that packets for the IP 5-tuple transits use a single next hop (Microsoft Enterprise Edge Router) unless there is a maintenance event. If your on-premises firewall or router configuration is causing the same IP 5-tuple to frequently switch next hops, you will experience connectivity problems.
+> * You need to ensure that on-premises configuration, including router and firewall settings, are correctly set up to ensure that packets for the IP 5-tuple transits use a single next hop (Microsoft Enterprise Edge router) unless there's a maintenance event. If your on-premises firewall or router configuration is causing the same IP 5-tuple to frequently switch next hops, you'll experience connectivity problems.
 
 ### Private endpoint connectivity and planned maintenance events
 
-Private endpoint connectivity is stateful. When a connection to a private endpoint gets established over ExpressRoute private peering, inbound and outbound connections get routed through one of the back-end instances of the gateway infrastructure. During a maintenance event, back-end instances of the virtual network gateway infrastructure are rebooted one at a time, which could lead to intermittent connectivity problems.
+Private endpoint connectivity is stateful. When a connection to a private endpoint is established over ExpressRoute private peering, inbound and outbound connections are routed through one of the back-end instances of the gateway infrastructure. During a maintenance event, back-end instances of the virtual network gateway infrastructure are rebooted one at a time, which could lead to intermittent connectivity problems.
 
 To avoid or minimize connectivity problems with private endpoints during maintenance activities, we recommend setting the TCP time-out value to fall between 15 and 30 seconds on your on-premises applications. Test and configure the optimal value based on your application requirements.
 
@@ -196,7 +196,7 @@ See the following pages for more technical resources and specific syntax require
 
 ## VNet-to-VNet connectivity
 
-By default, connectivity between virtual networks is enabled when you link multiple virtual networks to the same ExpressRoute circuit. We don't recommend using your ExpressRoute circuit for communication between virtual networks. Instead, we recommend you use [virtual network peering](../virtual-network/virtual-network-peering-overview.md). For more information about why VNet-to-VNet connectivity isn't recommended over ExpressRoute, see [Connectivity between virtual networks over ExpressRoute](virtual-network-connectivity-guidance.md).
+By default, connectivity between virtual networks is enabled when you link multiple virtual networks to the same ExpressRoute circuit. We don't recommend using your ExpressRoute circuit for communication between virtual networks. Instead, we recommend that you use [virtual network peering](../virtual-network/virtual-network-peering-overview.md). For more information about why VNet-to-VNet connectivity isn't recommended over ExpressRoute, see [Connectivity between virtual networks over ExpressRoute](virtual-network-connectivity-guidance.md).
 
 ### Virtual network peering
 
@@ -208,7 +208,7 @@ A virtual network with an ExpressRoute gateway can have virtual network peering
 
 * For more information about creating ExpressRoute gateways, see [Create a virtual network gateway for ExpressRoute](expressroute-howto-add-gateway-resource-manager.md).
 
-* For more information on how to deploy ErGwScale, see [Configure a virtual network gateway for ExpressRoute using the Azure portal](expressroute-howto-add-gateway-portal-resource-manager.md).
+* For more information about how to deploy ErGwScale, see [Configure a virtual network gateway for ExpressRoute using the Azure portal](expressroute-howto-add-gateway-portal-resource-manager.md).
 
 * For more information about configuring zone-redundant gateways, see [Create a zone-redundant virtual network gateway](../../articles/vpn-gateway/create-zone-redundant-vnet-gateway.md).
 

includes/expressroute-gateway-performance-include.md

@@ -10,7 +10,7 @@
  ms.custom: include file
 ---
 
-The following tables provide an overview of the different types of gateways, their respective limitations, and their expected performance metrics. These numbers are derived from the following testing conditions and represent the max support limits. Actual performance might vary, depending on how closely traffic replicates these testing conditions.
+The following tables provide an overview of the different types of gateways, their respective limitations, and their expected performance metrics. These numbers are derived from the following testing conditions and represent the maximum support limits. Actual performance might vary, depending on how closely traffic replicates these testing conditions.
 
 #### Testing conditions
 
@@ -22,23 +22,23 @@ The following tables provide an overview of the different types of gateways, the
 | **ErGwScale (per scale unit)** | 1 Gbps | 500 | 4,000 |
 
 > [!NOTE]
-> ExpressRoute can facilitate up to 11,000 routes that span virtual network address spaces, on-premises network, and any relevant virtual network peering connections. To ensure stability of your ExpressRoute connection, refrain from advertising more than 11,000 routes to ExpressRoute.
+> ExpressRoute can facilitate up to 11,000 routes that span virtual network address spaces, on-premises networks, and any relevant virtual network peering connections. To ensure stability of your ExpressRoute connection, refrain from advertising more than 11,000 routes to ExpressRoute.
 
 #### Performance results
 
 This table applies to both the Azure Resource Manager and classic deployment models.
 
-| Gateway SKU | Megabits per second | Packets per second | Supported number of VMs in the virtual network <sup>1<sup/> | Flow count limit |
+| Gateway SKU | Megabits per second | Packets per second | Supported number of VMs in the virtual network <sup>1</sup> | Flow count limit |
 |--|--|--|--|--|
 | **Standard/ERGw1Az** | 1,000 | 100,000 | 2,000 | 200,000 |
 | **High Performance/ERGw2Az** | 2,000 | 200,000 | 4,500 | 400,000 |
 | **Ultra Performance/ErGw3Az** | 10,000 | 1,000,000 | 11,000 | 1,000,000 |
 | **ErGwScale (per scale unit)** | 1,000 | 100,000 | 2,000 | 100,000 per scale unit |
 
-<sup>1<sup/> The values in the table are estimates and vary depending on the CPU utilization of the gateway. If the CPU utilization is high and the number of supported VMs gets exceeded, the gateway will start to drop packets.
+<sup>1</sup> The values in the table are estimates and vary depending on the CPU utilization of the gateway. If the CPU utilization is high and the number of supported VMs is exceeded, the gateway will start to drop packets.
 
 > [!IMPORTANT]
-> * Application performance depends on multiple factors, such as end-to-end latency and the number of traffic flows the application opens. The numbers in the table represent the upper limit that the application can theoretically achieve in an ideal environment. Additionally, we perform routine host and OS maintenance on the ExpressRoute Virtual Network Gateway, to maintain reliability of the service. During a maintenance period, the control plane and data path capacity of the gateway is reduced.
+> * Application performance depends on multiple factors, such as end-to-end latency and the number of traffic flows that the application opens. The numbers in the table represent the upper limit that the application can theoretically achieve in an ideal environment. Additionally, we perform routine host and OS maintenance on the ExpressRoute virtual network gateway, to maintain reliability of the service. During a maintenance period, the control plane and data path capacity of the gateway is reduced.
 > * During a maintenance period, you might experience intermittent connectivity problems to private endpoint resources.
 > * ExpressRoute supports a maximum TCP and UDP packet size of 1,400 bytes. Packet sizes larger than 1,400 bytes will get fragmented.
 > * Azure Route Server can support up to 4,000 VMs. This limit includes VMs in virtual networks that are peered. For more information, see [Azure Route Server limitations](/azure/route-server/overview#route-server-limits).

includes/vpn-gateway-gwudr-warning.md

@@ -9,6 +9,6 @@
  ms.author: cherylmc
  ms.custom: include file
 ---
-* User-defined routes with a 0.0.0.0/0 destination and network security groups (NSGs) on the GatewaySubnet *are not supported*. Gateways with this configuration are blocked from being created. Gateways require access to the management controllers in order to function properly. [Border Gateway Protocol (BGP) route propagation](/azure/virtual-network/virtual-networks-udr-overview#border-gateway-protocol) should be set to "Enabled" on the GatewaySubnet to ensure availability of the gateway. If BGP route propagation is set to disabled, the gateway won't function.
+* User-defined routes with a 0.0.0.0/0 destination and network security groups (NSGs) on the gateway subnet *are not supported*. Gateways with this configuration are blocked from being created. Gateways require access to the management controllers in order to function properly. [Border Gateway Protocol (BGP) route propagation](/azure/virtual-network/virtual-networks-udr-overview#border-gateway-protocol) should be enabled on the gateway subnet to ensure availability of the gateway. If BGP route propagation is disabled, the gateway won't function.
 
 * Diagnostics, data path, and control path can be affected if a user-defined route overlaps with the gateway subnet range or the gateway public IP range.