Hey everyone, I'm trying to wrap my head around the costs for using Privatelink versus VNET peering in Azure. Here's the scenario I've got in mind: we have two VNets, VNET A and VNET B, located in the same region. I want to access a web server running on a VM in VNET B from a VM in VNET A, and let's say we download 1TB of data from that web server. If I use VNET peering, I believe that incurs 1TB of intra-region data transfer out and 1TB of intra-region data transfer in, correct? Now, if I switch to using a Privatelink endpoint in VNET A to connect to a service load balancer in VNET B without peering, what costs are involved? Is it just the Private Endpoint charge per hour plus the 1TB of inbound data processed? If so, would this make using Privatelink cheaper in this scenario?
1 Answer
When you peer VNets, they have routes to communicate with each other. If you're trying to connect services, like an Azure function in VNET A and a database in VNET B, keep in mind without a private link, that database might still have a public endpoint. Even though the traffic remains on Azure's backbone, it will still be publicly accessible. With private endpoints, you can disable the public endpoint and still connect via the private route, but remember, you'll end up paying for both the VNet peering traffic and the private endpoint traffic as well.
I get that, but I think the public endpoint can still be available even with a private link set up, depending on the firewall settings of the resource.