You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-network-manager/concept-connectivity-configuration.md
+20-4Lines changed: 20 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ author: mbender-ms
5
5
ms.author: mbender
6
6
ms.service: azure-virtual-network-manager
7
7
ms.topic: concept-article
8
-
ms.date: 06/26/2024
8
+
ms.date: 04/08/2025
9
9
---
10
10
11
11
# Connectivity configuration in Azure Virtual Network Manager
@@ -23,18 +23,34 @@ A mesh network is a topology in which all the virtual networks in the [network g
23
23
A common use case of a mesh network topology is to allow some spoke virtual networks in a hub and spoke topology to directly communicate to each other without the traffic going through the hub virtual network. This approach reduces latency that might otherwise result from routing traffic through a router in the hub. Additionally, you can maintain security and oversight over the direct connections between spoke networks by implementing Network Security Groups rules or security administrative rules in Azure Virtual Network Manager. Traffic can also be monitored and recorded using virtual network flow logs.
24
24
25
25
26
-
By default, the mesh is a regional mesh, therefore only virtual networks in the same region can communicate with each other. **Global mesh** can be enabled to establish connectivity of virtual networks across all Azure regions. A virtual network can be part of up to two connected groups. Virtual network address spaces can overlap in a mesh configuration, unlike in virtual network peerings. However, traffic to the specific overlapping subnets is dropped, since routing is non-deterministic.
26
+
By default, the mesh is a regional mesh, therefore only virtual networks in the same region can communicate with each other. **Global mesh** can be enabled to establish connectivity of virtual networks across all Azure regions. A virtual network can be part of up to two connected groups. Virtual network address spaces can overlap in a mesh configuration, unlike in virtual network peerings. However, traffic to the specific overlapping subnets is dropped, since routing is nondeterministic.
27
27
28
28
:::image type="content" source="./media/concept-configuration-types/mesh-topology.png" alt-text="Diagram of a mesh network topology.":::
29
29
30
-
###Connected group
30
+
## Connected group
31
31
32
-
When you create a mesh topology or direct connectivity in the hub and spoke topology, a new connectivity construct is created called *Connected group*. Virtual networks in a connected group can communicate to each other just like if you were to connect virtual networks together manually. When you look at the effective routes for a network interface, you'll see a next hop type of **ConnectedGroup**. Virtual networks connected together in a connected group don't have a peering configuration listed under *Peerings* for the virtual network.
32
+
When you create a mesh topology or direct connectivity in the hub and spoke topology, a new connectivity construct is created called *Connected group*. Virtual networks in a connected group can communicate with each other just like manually connected virtual networks. When you look at the effective routes for a network interface, you'll see a next hop type of **ConnectedGroup**. Virtual networks connected together in a connected group don't have a peering configuration listed under *Peerings* for the virtual network.
33
33
34
34
> [!NOTE]
35
35
> * If you have conflicting subnets in two or more virtual networks, resources in those subnets *won't* be able to communicate to each other even if they're part of the same mesh network.
36
36
> * A virtual network can be part of up to **two** mesh configurations.
37
37
38
+
### Enable a high scale connected group in Azure Virtual Network Manager
39
+
40
+
Azure Virtual Network Manager's high scale connected group feature allows you to extend your network capacity. Use the following steps to enable this feature to support up to 20,000 private endpoints across the connected group:
41
+
42
+
#### Prepare Each Virtual Network in the Connected Group
43
+
44
+
1. Review [Increase Private Endpoint virtual network limits](../private-link/increase-private-endpoint-virtual network-limits.md) for detailed guidance on increasing Private Endpoint virtual network limits. Note that enabling or disabling this feature will trigger a one-time connection reset. It's recommended to perform these changes during a maintenance window.
45
+
1. Register the feature flag of `Microsoft.Network/EnableMaxPrivateEndpointsVia64kPath` for each subscription containing an Azure Virtual Network Manager instance or a virtual network in your connected group. This registration is essential for unlocking the extended private endpoint capacity. For more information, see [How to enable Azure preview features documentation](../azure-resource-manager/management/preview-features.md).
46
+
1. In each virtual network within your connected group, configure the **Private Endpoint Network Policies** to either `Enabled` or `RouteTableEnabled`. This setting ensures your virtual networks are ready to support the high scale functionality. For detailed guidance, see [Manage network policies for private endpoints documentation](../private-link/disable-private-endpoint-network-policy.md).
47
+
48
+
#### Configure Mesh Connectivity for High Scale
49
+
50
+
1. In your mesh connectivity configuration, locate and select the checkbox for **Enable private endpoints high scale**. This option activates the high scale feature for your connected group.
51
+
1. Verify every virtual network in your connected group is configured with high scale private endpoints. The Azure portal validates the settings across the entire group. If a virtual network without the high scale configuration is added later, it won't be able to communicate with private endpoints in other virtual networks.
52
+
1. After verifying all virtual networks are properly configured, deploy the settings. This finalizes the setup of your high scale connected group.
53
+
38
54
## Hub and spoke topology
39
55
40
56
A hub-and-spoke is a network topology in which you have a virtual network selected as the hub virtual network. This virtual network gets bi-directionally peered with every spoke virtual network in the configuration. This topology is useful for when you want to isolate a virtual network but still want it to have connectivity to common resources in the hub virtual network.
0 commit comments