Open utterances-bot opened 3 years ago
A follow up blog on this is coming, when I get some downtime to finalize it. Theres a key point to mention around doing a VPN over ER that may impact a design decision on using this pattern.
Good news regarding this pattern - while there are two gateways configured here, an ExpressRoute Gateway and a VPN Gateway, there is no double 'bandwidth' charge, as outlined here: https://github.com/MicrosoftDocs/azure-docs/pull/75142#issuecomment-1005974701
My understanding is that since the traffic leaves the VNet via the VPN Gateway and does not traverse any public internet, traffic just routes via the ExpressRoute gateway and out to on-premises. Therefore traffic just leaves the VNet once via the ExpressRoute gateway so there is no double egress bandwidth charge.
This is a wonderful write up Lucian. I love you how you summarize the benefits and considerations at the end.
Great job!
Thanks for this Lucian. Very informative! Just wanted to confirm two things here:
Cheers!
Looks like I've already found the answers as per links below:
https://learn.microsoft.com/en-us/azure/expressroute/site-to-site-vpn-over-microsoft-peering
All good for me Lucian thanks again! :)
Encrypting ExpressRoute for improved security | Lucian Franghiu's blog
An overview (with diagrams) of the currently available ExpressRoute encryption options, with a brief touch on encapsulation.
https://lucian.franghiu.com/encrypting-expressroute-for-improved-security/