I'm trying to get a clear picture of the costs associated with using Privatelink compared to VNET peering in Azure. Let's say we have two virtual networks: VNET A and VNET B, both in the same region. I want to access a web server hosted on a VM in VNET B from a VM in VNET A. If I download 1TB of data from the web server on VM B using VNET peering, would that actually result in a charge for 1TB of data transfer out and another 1TB for the data transfer in? Now, if I use a Privatelink endpoint in VNET A connecting to a Privatelink service in VNET B (again without VNET peering), what charges would I incur? Is it just the Private Endpoint cost per hour plus the 1TB Inbound Data Processed? If that's the case, it seems like using Privatelink would be cheaper. Can anyone clarify?
3 Answers
I initially thought you were going to compare Service Endpoints and Privatelink costs, which is something my old company struggled with. It seems you're focused on the general traffic costs, which depend on your exact setup.
Can you provide more context? What specific service in VNET B are you referring to and how is it set up?
When you're peering VNets, you're basically creating routes between them. If you're connecting to services like an Azure Function in VNET A and a database in VNET B without a private link, the database will have a public endpoint. Even if the traffic stays on Azure's backbone, that public endpoint is still accessible. Private endpoints ensure that the public endpoint is disabled on the database, but you can still reach it through Azure's backbone. So, you'll be paying for traffic across the VNets and also for the private endpoint traffic. It can get a bit complicated!
That makes sense! So, the traffic charges add up in both cases, but Privatelink gives you better security with the public endpoint option.
Sure! Let's consider the setup: VM A is in VNET A and VM B is in VNET B. VM B is running a web server. I'm looking at two scenarios – one where VM A downloads 1TB from VM B through VNET peering and the other where it uses a Privatelink endpoint to access a Privatelink service, now with an Azure load balancer in front of VM B.