You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/vpn-gateway/about-active-active-gateways.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ description: Learn about active-active VPN gateways, including configuration and
5
5
author: cherylmc
6
6
ms.service: azure-vpn-gateway
7
7
ms.topic: concept-article
8
-
ms.date: 07/22/2024
8
+
ms.date: 08/08/2024
9
9
ms.author: cherylmc
10
10
11
11
---
@@ -24,18 +24,18 @@ To avoid this interruption, you can always create your gateway in **active-activ
24
24
25
25
### Active-active design
26
26
27
-
In an active-active configuration, both instances of the gateway VMs establish S2S VPN tunnels to your on-premises VPN device, as shown the following diagram:
27
+
In an active-active configuration for a S2S connection, both instances of the gateway VMs establish S2S VPN tunnels to your on-premises VPN device, as shown the following diagram:
28
28
29
29
:::image type="content" source="./media/vpn-gateway-highlyavailable/active-active.png" alt-text="Diagram shows an on-premises site with private IP subnets and an on-premises gateway connected to two VPN gateway instances.":::
30
30
31
-
In this configuration, each Azure gateway instance has a unique public IP address, and each will establish an IPsec/IKE S2S VPN tunnel to your on-premises VPN device specified in your local network gateway and connection. Both VPN tunnels are actually part of the same connection. You'll still need to configure your on-premises VPN device to accept or establish two S2S VPN tunnels to those two Azure VPN gateway public IP addresses.
31
+
In this configuration, each Azure gateway instance has a unique public IP address, and each will establish an IPsec/IKE S2S VPN tunnel to your on-premises VPN device specified in your local network gateway and connection. Both VPN tunnels are actually part of the same connection. You'll still need to configure your on-premises VPN device to accept or establish two S2S VPN tunnels, one for each gateway VM instance. P2S connections using active-active mode don't require any special additional configuration.
32
32
33
33
Because the Azure gateway instances are in an active-active configuration, the traffic from your Azure virtual network to your on-premises network are routed through both tunnels simultaneously, even if your on-premises VPN device might favor one tunnel over the other. For a single TCP or UDP flow, Azure attempts to use the same tunnel when sending packets to your on-premises network. However, your on-premises network could use a different tunnel to send packets to Azure.
34
34
35
35
When a planned maintenance or unplanned event happens to one gateway instance, the IPsec tunnel from that instance to your on-premises VPN device will be disconnected. The corresponding routes on your VPN devices should be removed or withdrawn automatically so that the traffic will be switched over to the other active IPsec tunnel. On the Azure side, the switch over will happen automatically from the affected instance to the other active instance.
36
36
37
37
> [!NOTE]
38
-
> If only one tunnel is connected, or both the tunnels are connected to one instance in active-active mode, the tunnel will go down during maintenance.
38
+
> [!INCLUDE [establish two tunnels](../../includes/vpn-gateway-active-active-tunnel.md)]
For S2S connections with an active-active mode VPN gateway, if you only configure your VPN device to accept or establish a tunnel to one gateway VM instance (instead of both instances), the tunnel will go down during maintenance. If your VPN device doesn't support this type of configuration, we don't recommend that you configure your gateway for active-active mode.
0 commit comments