Arraya Insights | August 14, 2020
Microsoft’s Azure Virtual WAN made headlines recently with the announcement of several new features and capabilities on the platform. Several of these features are already generally available while others have only just begun their global rollout. All, however, are worth exploring more in depth, particularly as organizations everywhere continue to rethink the ways in which they manage and support end user connections.
Running Third-Party SD-WAN in Azure
First, let’s look at a feature that’s still relatively new to Azure Virtual WAN. In late July, Microsoft debuted the ability to run third party SD-WAN virtual appliances directly within Azure Virtual WAN for select regions. Rollout is ongoing, however this feature seems to have a lot of potential for organizations looking to reduce networking expenses while also improving performance.
On its own, SD-WAN monitors traffic patterns occurring on organizational networks. If necessary, it can intelligently, automatically re-route traffic off busier paths and onto those less traveled. Back when remote work was mostly associated with those in far-flung branch offices, SD-WAN could make those physical distances less of an obstacle. Bandwidth-hungry workloads, for example video chats or even demanding SaaS apps, could travel between headquarters and satellite offices (and back) without quality concerns. It can do the same now that far-flung satellite offices have been mostly replaced with home offices.
By bringing third party SD-WAN to Azure, Microsoft is allowing organizations to continue to leverage the tools they want, backed by the power of the Microsoft cloud. In this new architecture, Azure regions function as hubs. Users are connected to those hubs via spokes that can take on a number of forms, including SD-WAN architecture from leaders like Cisco Meraki, Check Point, Citrix and VMware VeloCloud. While not yet compatible, Cisco’s Viptela solution is on Microsoft’s road map, with plans to unite the two in the near future. All of these connections can be set up manually through Azure Virtual WAN or, in some cases, automatically using the Virtual WAN CPE partner tool.
What else is new on Azure Virtual WAN?
Integration with third party SD-WAN providers isn’t the only new capability coming to Azure Virtual WAN – or, in many cases, already there. Let’s take these other newly added features (and their impact) one at a time:
- Hub-to-hub connectivity: Those hubs we talked about earlier? Microsoft has taken steps to bring them closer together (figuratively speaking) within the Azure global network. The company recently forged direct links between these various geographic regions, allowing traffic to flow between branches connected to two different Azure regional hubs. Essentially, this architecture lets users or virtual networks (VNets) at two geographically-dispersed branch offices each connect to the Azure hub nearest to them before then connecting to each other. Doing so keeps latency levels down for co-workers or networks connecting from multiple locations within an organization.
- Custom Routing: Arriving earlier this month, Custom Routing is one of the newest capabilities to come online in Azure Virtual WAN. With this feature, Microsoft has given network and cloud admins greater control over their organization’s traffic patterns. Admins can establish unique route tables to set their own, optimized parameters for the way in which packets should traverse the network. Other recent customizations include the ability to group route tables together into logical categories, simplifying management of network virtual appliances and shared services routing scenarios.
- Virtual Network Transit: Azure Virtual WAN now permits traffic to move freely between VNets supporting throughput of up to 50 Gbps (Note: This assumes a total of 2000 VM workloads throughout a virtual WAN environment). The architecture behind this connection looks like this: Individual VNets feed back into a virtual hub. Every virtual hub is spun up around a router which enables transit connectivity between VNets. It’s worth mentioning that routing status for these hubs can be monitored from the Azure portal. Within this portal, admins will find routers attributed with one of four routing statuses: Provisioned, Provisioning, Failed or None. A “None” status could indicate a hub that was spun up prior to this feature going live, thus no router was provisioned. Meanwhile, “Failed” indicates something went wrong during provisioning. A fix can be attempted using the “Reset Router” option in the Azure portal.
- VPN and ExpressRoute Transit: Another new connectivity path available in Azure Virtual WAN exists between a standard VPN and Azure’s ExpressRoute. This results in seamless link between users on a VPN and users on ExpressRoute. In order for this connection to take place, the branch-to-branch flag must be enabled within the Azure portal. Just as with Virtual Network Transit, VPN and ExpressRoute Transit is governed by the virtual hub router. Also as with Virtual Network Transit, VPN and ExpressRoute Transit offer a flexibility that can prove necessary given the widespread, rapid decentralization of workspaces that has occurred this year.
- Full Support for BGP: Azure Virtual WAN’s incoming VPN compatibility offers full support for Border Gateway Protocol (BGP)/APIPA (Automatic Private IP Addressing). When a new VPN is spun up, admins can simply provide the BGP parameters to the site. This lets it know that any connections lined up for that site in Azure will be imbued with BGP compatibility.
Next Steps: Adding intelligent flexibility to your network
As some organizations move toward reopening their physical locations, SD-WAN seems poised to once again play a key role in keeping teams connected, efficiently and securely, despite geographic separation. Advances like those covered above should make Azure Virtual WAN part of any network refresh or modernization conversation. If you’d like to learn more about Azure Virtual WAN, or would like to start talking about what the future may hold for your network, our team is ready to help. We can work with you to analyze your existing environment and, if it’s called for, architect improvement plans guided by your business needs and goals.
Visit https://www.arrayasolutions.com/contact-us/ to connect with our team now.
Follow us to stay up to date on our industry insights and unique IT learning opportunities.