Virtual WAN: A management service that we can use to deploy, manage, and monitor resources for connecting networks together. This is a global resource and does not live in a particular network.
vWAN Hubs: Regional virtual network hubs that provide central connectivity and routing. A virtual hub is a Microsoft-managed virtual network. The hub contains various service endpoints to enable connectivity. From your on-premises network (vpnsite), you can connect to a VPN gateway inside the virtual hub, connect ExpressRoute circuits to a virtual hub, or even connect mobile users to a point-to-site gateway in the virtual hub. The hub is the core of your network in a region. Multiple virtual hubs can be created in the same region. A hub gateway isn’t the same as a virtual network gateway that you use for ExpressRoute and VPN Gateway. For example, when using Virtual WAN, you don’t create a site-to-site connection from your on-premises site directly to your VNet. Instead, you create a site-to-site connection to the hub. The traffic always goes through the hub gateway. This means that your VNets don’t need their own virtual network gateway. Virtual WAN lets your VNets take advantage of scaling easily through the virtual hub and the virtual hub gateway.
vWAN HUB Connections: Connections between a hub and a VNet in the same region. A vNet can only be connected to one hub.
Hub-to-Hub Connections: Connectivity between hubs in different regions for global reach. Hubs are all connected to each other in a virtual WAN. This implies that a branch, user, or VNet connected to a local hub can communicate with another branch or VNet using the full mesh architecture of the connected hubs. You can also connect VNets within a hub transiting through the virtual hub, as well as VNets across hub, using the hub-to-hub connected framework.
Branch-to-Hub Connections: Site-to-site VPN connections from on-premises locations to the hub.
User VPN Connections: Point-to-site VPN connections from remote users to the hub.
When a new vWAN is created, virtual hub routers are deployed into it. The virtual hub router is the central component that manages all routing between vNETs and gateways.
A Routing Infrastructure Unit (RIU) is a unit of scale that defines both the aggregate throughput of the virtual hub router and the aggregate number of virtual machines that can be deployed in all connected VNets.
By default, the virtual hub router will deploy 2 RIUs with no extra cost. The 2 units support 3 Gbps of throughput and 2000 connections across all connected vNETs.
You can add additional RIUs in increments of 1 Gbps of throughput and 1000 VM connections.
There is an additional cost of .10/RIU above the 2 that are included.
You can connect remote networks to the vWAN hub using site-to-site VPN connections or ExpressRoute.
To deploy a site to site VPN connection, we need to deploy a Site-to-Site VPN Gateway into our vWAN hub by specifying the number of gateway scale units we want. The number that we specify for the Gateway Scale Units defines the aggregate maximum throughput for the VPN connections.
S2S VPN Gateway instances in a vWAN hub are always deployed in an active-active configuration for high availability.
a VPN Gateway in a vWAN hub is limited to 30 connections while 20 Gateway Scale Units in a vWAN hub can support up to 1000 connections.
If multiple paths exist for a destination subnet, the virtual hub router uses the following logic to determine the route to the destination:
Routes with the longest prefix match are always preferred
Static routes are preferred over routes learned via BGP
The best path is selected based on the route preference configured (ExpressRoute-learned route, VPN-learned route, or the route with the shortest BGP AS-Path Length)
