In Might 2023, we introduced the final availability of Routing intent and routing insurance policies for all Digital WAN clients. This characteristic is powered by the Digital WAN routing infrastructure and allows Azure Firewall clients to arrange insurance policies for personal and web visitors. We’re additionally extending the identical routing capabilities to all Firewall options deployed inside Azure Digital WAN together with Community Digital Home equipment and software-as-a-service (SaaS) options that present Firewall capabilities.
Routing Intent additionally completes two secured hub use instances whereby customers can safe visitors between Digital WAN hubs in addition to examine visitors between completely different on-premises (department/ExpressRoute/SD-WAN) that transits by Digital WAN hubs.
Azure Digital WAN (vWAN), networking-as-a-service, brings networking, safety, and routing functionalities collectively to simplify networking in Azure. With ease of use and ease inbuilt, vWAN is a one-stop store to attach, shield, route visitors, and monitor your large space community.
On this weblog, we’ll first describe routing intent use instances, product experiences, and summarize with some extra concerns and assets for utilizing routing intent with Digital WAN.
Use instances for Digital WAN
You should utilize Routing Intent to engineer visitors inside Digital WAN in a number of methods. Listed below are the primary use instances:
Apply routing insurance policies for Digital Networks and on-premises
Clients implementing hub-and-spoke community architectures with massive numbers of routes usually discover their networks onerous to know, preserve, and troubleshoot. In Digital WAN, these routes might be simplified for visitors between Azure Digital Networks and on-premises (ExpressRoute, VPN, and SD-WAN).
Digital WAN makes this simpler for purchasers by permitting clients to configure easy and declarative non-public routing insurance policies. It’s assumed that non-public routing insurance policies can be utilized for all Azure Digital Networks and on-premises networks related to Digital WAN. Additional customizations for Digital Community and on-premises prefixes are at the moment not supported. Personal routing insurance policies instruct Digital WAN to program the underlying Digital WAN routing infrastructure to allow transit between two completely different on-premises (1) by way of a safety answer deployed within the Digital Hub. It additionally allows visitors transiting between two Azure Digital Networks (2) or between an Azure Digital Community and an on-premises endpoint (3) by way of a safety answer deployed within the Digital Hub. The identical visitors use instances are supported for Azure Firewall, Community Digital Home equipment, and software-as-a-service options deployed within the hub.
Apply routing insurance policies for web visitors
Digital WAN allows you to arrange routing insurance policies for web visitors with a view to promote a default (0.0.0.0/0) path to your Azure Digital Networks and on-premises. Web visitors routing configurations permit you to configure Azure Digital Networks and on-premises networks to ship web outbound visitors (1) to safety home equipment within the hub. You may also leverage Vacation spot-Community Tackle Translation (DNAT) options of your safety equipment if you wish to present exterior customers entry to functions in an Azure Digital Community or on-premises (2).
Apply routing insurance policies for inter-hub cross-region visitors
Digital WAN robotically deploys all Digital Hubs throughout your Digital WAN in a full mesh, offering zero-touch any-to-any connectivity region-to-region and hub-to-hub utilizing the Microsoft world spine. Routing insurance policies program Digital WAN to examine inter-hub and inter-region visitors between two Azure Digital Networks (1), between two on-premises (2), and between Azure Digital Networks and on-premises (3) related to completely different hubs. Each packet coming into or leaving the hub is routed to the safety answer deployed within the Digital Hub earlier than being routed to its ultimate vacation spot.
Person expertise for routing intent
To make use of routing intent, navigate to your Digital WAN hub. Beneath Routing, choose Routing Intent and routing insurance policies.
Configure an Web or Personal Routing Coverage to ship visitors to a safety answer deployed within the hub by deciding on the following hop sort (Azure Firewall, Community Digital Equipment, or SaaS answer) and corresponding subsequent hop useful resource.
Azure Firewall clients may configure routing intent utilizing Azure Firewall Supervisor by enabling the ‘inter-hub’ setting.
After configuring routing intent, you may view the efficient routes of the safety answer by navigating to your Digital Hub, then choose Routing, and click on Efficient Routes. The efficient routes of the safety answer present extra visibility to troubleshoot how Digital WAN routes visitors that has been inspected by the Digital hub’s safety answer.
Earlier than you get began with this characteristic, listed below are some key concerns:
- The characteristic caters to customers that contemplate Digital Community and on-premises visitors as non-public visitors. Digital WAN applies non-public routing insurance policies to all Digital Networks and on-premises visitors.
- Routing intent is mutually unique with customized routing and static routes within the ‘defaultRouteTable’ pointing to Community Digital Equipment (NVA) deployed in a Digital Community spoke related to Digital WAN. Because of this, use instances the place customers are utilizing customized route tables or NVA-in-spoke use instances aren’t relevant.
- Routing Intent advertises prefixes equivalent to all connections to Digital WAN in direction of on-premises networks. Customers might use Route Maps to summarize and combination routes and filter based mostly on outlined match circumstances.
Study extra about Azure Digital WAN
We stay up for persevering with to construct out Azure Digital WAN and including extra capabilities sooner or later. We encourage you to check out the Routing Intent characteristic in Azure Digital WAN and stay up for listening to extra about your experiences to include your suggestions into the product.
