We're currently using Azure's Virtual WAN with site-to-site VPN, where multiple virtual networks (VNets) are connected to a central hub. As we start to set up our ExpressRoute circuit, I'm curious if there's a way to transition gradually. For instance, can we initially connect only our development environment VNets to ExpressRoute while still keeping the others on VPN? Additionally, we have on-premise address spaces that all Azure VNets connect to, so it's unclear if simply advertising different prefixes through ExpressRoute or VPN would be effective. Any thoughts or suggestions?
5 Answers
It really depends on whether you've segmented your on-prem environments into different VRFs. If so, you could leak routes into each environment from Azure, and into the ExpressRoute VRF for the on-prem stuff. It’s the only method I can think of that might work! Plus, there are route maps in Virtual WAN that could help, but I haven't used them myself.
I've got a similar setup and I'm planning to add ExpressRoute soon, but I'm taking my time to think this through. Following this discussion closely because I need some insights too!
What about creating a secondary Virtual WAN that uses ExpressRoute and just moving the development VNets over? I haven’t tried it, but it might work!
If you set up the ExpressRoute and prefer it for some connections, it could be interesting. You can adjust the routing over time, maybe even do it section by section. But, you're right about the overlapping on-prem addresses—that complicates things.
Have you thought about managing this through your on-premises edge device? You could import/export only specific networks to test with ExpressRoute, assuming your edge device supports those capabilities. Just a thought!
Exactly! I'm concerned about the overlapping addresses. If VNET A connects to on-prem address A and X, and VNET B connects to address B and X, I’d only want to route VNET A traffic through ExpressRoute. That could be tricky!
That sounds like a plan! But can we pull it off without downtime? It’s not a big deal for dev environments, but the production ones might be tricky.