Wednesday, February 21, 2024
HomeCloud ComputingAzure Digital WAN now helps full mesh safe hub connectivity | Azure...

Azure Digital WAN now helps full mesh safe hub connectivity | Azure Weblog


In Might 2023, we introduced the final availability of Routing intent and routing insurance policies for all Digital WAN clients. This characteristic is powered by the Digital WAN routing infrastructure and allows Azure Firewall clients to arrange insurance policies for personal and web visitors. We’re additionally extending the identical routing capabilities to all Firewall options deployed inside Azure Digital WAN together with Community Digital Home equipment and software-as-a-service (SaaS) options that present Firewall capabilities.

Routing Intent additionally completes two secured hub use instances whereby customers can safe visitors between Digital WAN hubs in addition to examine visitors between completely different on-premises (department/ExpressRoute/SD-WAN) that transits by Digital WAN hubs.

Azure Digital WAN (vWAN), networking-as-a-service, brings networking, safety, and routing functionalities collectively to simplify networking in Azure. With ease of use and ease inbuilt, vWAN is a one-stop store to attach, shield, route visitors, and monitor your large space community.

On this weblog, we’ll first describe routing intent use instances, product experiences, and summarize with some extra concerns and assets for utilizing routing intent with Digital WAN.

Use instances for Digital WAN

You should utilize Routing Intent to engineer visitors inside Digital WAN in a number of methods. Listed below are the primary use instances:

Apply routing insurance policies for Digital Networks and on-premises

Clients implementing hub-and-spoke community architectures with massive numbers of routes usually discover their networks onerous to know, preserve, and troubleshoot. In Digital WAN, these routes might be simplified for visitors between Azure Digital Networks and on-premises (ExpressRoute, VPN, and SD-WAN).

Digital WAN makes this simpler for purchasers by permitting clients to configure easy and declarative non-public routing insurance policies. It’s assumed that non-public routing insurance policies can be utilized for all Azure Digital Networks and on-premises networks related to Digital WAN. Additional customizations for Digital Community and on-premises prefixes are at the moment not supported. Personal routing insurance policies instruct Digital WAN to program the underlying Digital WAN routing infrastructure to allow transit between two completely different on-premises (1) by way of a safety answer deployed within the Digital Hub. It additionally allows visitors transiting between two Azure Digital Networks (2) or between an Azure Digital Community and an on-premises endpoint (3) by way of a safety answer deployed within the Digital Hub. The identical visitors use instances are supported for Azure Firewall, Community Digital Home equipment, and software-as-a-service options deployed within the hub.

This image shows a diagram of a single Virtual WAN Hub secured with an integrated security solution. The diagram also shows traffic flows between Virtual Networks and on-premises.
Determine 1: Diagram of a Digital Hub displaying pattern non-public visitors flows (between on-premises and Azure).

Apply routing insurance policies for web visitors

Digital WAN allows you to arrange routing insurance policies for web visitors with a view to promote a default (0.0.0.0/0) path to your Azure Digital Networks and on-premises. Web visitors routing configurations permit you to configure Azure Digital Networks and on-premises networks to ship web outbound visitors (1) to safety home equipment within the hub. You may also leverage Vacation spot-Community Tackle Translation (DNAT) options of your safety equipment if you wish to present exterior customers entry to functions in an Azure Digital Community or on-premises (2).

This image shows a diagram of a single Virtual WAN hub with an integrated security solution. The diagram also shows traffic flows for Destination Network Address Translation and Internet-outbound use cases.
Determine 2: Diagram of a Digital Hub displaying web outbound and inbound DNAT visitors flows.

Apply routing insurance policies for inter-hub cross-region visitors

Digital WAN robotically deploys all Digital Hubs throughout your Digital WAN in a full mesh, offering zero-touch any-to-any connectivity region-to-region and hub-to-hub utilizing the Microsoft world spine. Routing insurance policies program Digital WAN to examine inter-hub and inter-region visitors between two Azure Digital Networks (1), between two on-premises (2), and between Azure Digital Networks and on-premises (3) related to completely different hubs. Each packet coming into or leaving the hub is routed to the safety answer deployed within the Digital Hub earlier than being routed to its ultimate vacation spot.

This image shows a diagram of two Virtual WAN hubs, each with an integrated security solution. The diagram also shows inter-region and inter-hub secure hub use cases.
Determine 3: Diagram of inter-region and inter-hub visitors flows inspected by safety options within the hub.

Person expertise for routing intent

To make use of routing intent, navigate to your Digital WAN hub. Beneath Routing, choose Routing Intent and routing insurance policies.

Configure an Web or Personal Routing Coverage to ship visitors to a safety answer deployed within the hub by deciding on the following hop sort (Azure Firewall, Community Digital Equipment, or SaaS answer) and corresponding subsequent hop useful resource.

This image is a screenshot of the user experience of configuring routing intent and policies through Virtual WAN Portal. The hub is configured to send Internet and Private traffic via Azure Firewall.
Determine 4: Instance configuration of routing intent with each Personal and Web routing coverage in Digital WAN Portal.

Azure Firewall clients may configure routing intent utilizing Azure Firewall Supervisor by enabling the ‘inter-hub’ setting.

This image is a screenshot of the user experience of configuring routing intent and policies through Azure Firewall Manager. The inter-hub setting is toggled to Enabled.
Determine 5: Enabling Routing Intent by Azure Firewall Supervisor.

After configuring routing intent, you may view the efficient routes of the safety answer by navigating to your Digital Hub, then choose Routing, and click on Efficient Routes. The efficient routes of the safety answer present extra visibility to troubleshoot how Digital WAN routes visitors that has been inspected by the Digital hub’s safety answer.

The image is a screenshot of the output when you view the effective routes on Azure Firewall. The screenshot shows a list of routes that
Determine 6: View of getting the efficient routes on a safety answer deployed within the hub.

Earlier than you get began with this characteristic, listed below are some key concerns:

  1. The characteristic caters to customers that contemplate Digital Community and on-premises visitors as non-public visitors. Digital WAN applies non-public routing insurance policies to all Digital Networks and on-premises visitors.
  2. Routing intent is mutually unique with customized routing and static routes within the ‘defaultRouteTable’ pointing to Community Digital Equipment (NVA) deployed in a Digital Community spoke related to Digital WAN. Because of this, use instances the place customers are utilizing customized route tables or NVA-in-spoke use instances aren’t relevant.
  3. Routing Intent advertises prefixes equivalent to all connections to Digital WAN in direction of on-premises networks. Customers might use Route Maps to summarize and combination routes and filter based mostly on outlined match circumstances.

Study extra about Azure Digital WAN

We stay up for persevering with to construct out Azure Digital WAN and including extra capabilities sooner or later. We encourage you to check out the Routing Intent characteristic in Azure Digital WAN and stay up for listening to extra about your experiences to include your suggestions into the product.



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments