I'm curious about the best approaches for connecting two or more Hub VNets across multiple regions, particularly from a well-architected perspective. My question arises from the context of a global organization that operates multiple branches worldwide. I've identified a couple of options like VNet Peering and establishing VPN connections between the hubs and VNets. However, I'm looking for further insights, especially since I'm not considering Azure VWAN or SDWAN solutions.
4 Answers
If you're looking for scalable global transit, VWAN is typically the way to go. While plain peering or VPN connections work, managing a multi-region hub-to-hub mesh manually can quickly become chaotic.
If you deploy an NVA, VNet peering could work. But if you're not using an NVA, VPN tunnels would be your only option, though it can get complicated quickly. VWAN is really the best solution for your scenario, providing a streamlined approach.
Absolutely, VNet Peering combined with VPN Gateways is the standard way to connect two VNets. If you include firewalls or NVAs in your hubs, make sure to route the connections through them first for optimal traffic flow. Also, using a Gateway Load Balancer can ensure that NVA is injected effectively into the network path.
I understand you're avoiding VWAN and SDWAN, but I'd really recommend considering VWAN. It simplifies managing multiple hubs and spokes, especially when dealing with various VPN connections in different hubs. If VWAN is a no-go for you, I suggest using Terraform or Bicep to manage infrastructure; it can help streamline your setup. Also, check out Azure Virtual Network Manager—it's useful for what you're trying to achieve!
Totally agree! Just remember that virtual networks aren't transitive, meaning you can't route traffic directly from A to B to C without a Network Virtual Appliance (NVA) or a firewall. It’s not feasible to go from one spoke to another through multiple hubs unless you're using VWAN or VPN Gateways.