Multihop Routing in Azure


There is some great documentation on how to Configure a Multi-Site VPN connection in Azure. I wanted to configure a similar scenario using a design other than the Full Mesh (single hop) model specified in the MSDN documentation. I also want every Virtual Network (vNet) in my environment to be able to route to any other vNet within the design. I successfully configured Hub & Spoke, Daisy Chain, and Full Mesh models and I thought my configuration specifics might be useful for the community.

I used vNets in all my examples for simplicity and I should point out that these can go across subscriptions. If one of the networks in your scenario happens to be an on premise environment the XML pretty much looks the same, you’ll just need to specify your public IP instead of the gateway IP for VPNGatewayAddress, download the script for your device (which must support dynamic routing), and configure your device for the VPN connection.

To test out one of the configurations complete the following steps:

  • Choose which scenario you want to test (Full Mesh, Hub and Spoke, or Daisy Chain) and download the attached XML file for that scenario
  • Logon to the legacy Azure portal and go to Networks
  • If you have existing vNets, Local Networks, or DNS Servers configured then click Export
    • Manually merge the XML from the scenario you want to test into your existing network configuration XML
  • Select New\Import Configuration
    • Choose the network configuration XML file you want to use and click Open
    • Click Next and OK
  • Select each vNet
    • Click Create Gateway (If it prompts you for a choice pick Dynamic)
    • Make sure this is done for each vNet, it should take 15-20 minutes for each gateway to get created
  • Once all the gateways are provisioned go back to Networks and Click Export
  • Modify the VPNGatewayAddress for each LocalNetworkSite to match the Gateway IP Address for each applicable vNet
    • You can get the Gateway IP Address for each vNet by selecting the vNet under Networks and viewing the Dashboard
  • Select New\Import Configuration
    • Choose the network configuration XML file with the correct Gateway IPs and click Open
    • Click Next and OK
  • Open Azure PowerShell, logon to your subscription, and run the associated Gateway Key PowerShell commands to exchange the keys for each gateway. Note, you should change the shared key in the command to something more secure.
  • After 5 minutes or so go under each vNet and validate that the Gateway status is Connected for each local network
  • To further validate connectivity spin up VMs in each vNet and confirm that they can ping each other after allowing ICMP traffic through any configured firewalls.

Full Mesh

The full mesh, single hop, model is the easiest to configure but can be problematic at scale as each vNet is limited to 10 connections each. Update – We can now create High Performance VPN Gateways which support up to 30 S2S connections. They can be created with PowerShell:

New-AzureVNetGateway –VNetName vNet1 –GatewaySKU HighPerformance –GatewayType DynamicRouting

 

 FullMesh

 

Network Table

Virtual Network Address Space Subnet Name Subnet
vNet1 10.0.0.0/22 vNet1FE 10.0.0.0/24
    vNet1BE 10.0.1.0/24
    GatewaySubnet 10.0.3.240/28
vNet2 10.0.4.0/22 vNet2FE 10.0.4.0/24
    vNet2BE 10.0.5.0/24
    GatewaySubnet 10.0.7.240/28
vNet3 10.0.8.0/22 vNet3FE 10.0.8.0/24
    vNet3BE 10.0.9.0/24
    GatewaySubnet 10.0.11.240/28
vNet4 10.0.12.0/22 vNet4FE 10.0.12.0/24
    vNet4BE 10.0.13.0/24
    GatewaySubnet 10.0.15.240/28

 

Gateway Key Commands

Set-AzureVNetGatewayKey -VNetName vNet1 -LocalNetworkSiteName LocalvNet2 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet1 -LocalNetworkSiteName LocalvNet3 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet1 -LocalNetworkSiteName LocalvNet4 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet2 -LocalNetworkSiteName LocalvNet1 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet2 -LocalNetworkSiteName LocalvNet3 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet2 -LocalNetworkSiteName LocalvNet4 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet3 -LocalNetworkSiteName LocalvNet1 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet3 -LocalNetworkSiteName LocalvNet2 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet3 -LocalNetworkSiteName LocalvNet4 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet4 -LocalNetworkSiteName LocalvNet1 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet4 -LocalNetworkSiteName LocalvNet2 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet4 -LocalNetworkSiteName LocalvNet3 -SharedKey mykey

 

Network Configuration

<NetworkConfiguration xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/ServiceHosting/2011/07/NetworkConfiguration"> <VirtualNetworkConfiguration> <LocalNetworkSites> <LocalNetworkSite name="LocalvNet1"> <AddressSpace> <AddressPrefix>10.0.0.0/22</AddressPrefix> </AddressSpace> <VPNGatewayAddress>104.45.135.1</VPNGatewayAddress> </LocalNetworkSite> <LocalNetworkSite name="LocalvNet2"> <AddressSpace> <AddressPrefix>10.0.4.0/22</AddressPrefix> </AddressSpace> <VPNGatewayAddress>104.45.135.2</VPNGatewayAddress> </LocalNetworkSite> <LocalNetworkSite name="LocalvNet3"> <AddressSpace> <AddressPrefix>10.0.8.0/22</AddressPrefix> </AddressSpace> <VPNGatewayAddress>104.45.135.3</VPNGatewayAddress> </LocalNetworkSite> <LocalNetworkSite name="LocalvNet4"> <AddressSpace> <AddressPrefix>10.0.12.0/22</AddressPrefix> </AddressSpace> <VPNGatewayAddress>104.45.135.4</VPNGatewayAddress> </LocalNetworkSite> </LocalNetworkSites> <VirtualNetworkSites> <VirtualNetworkSite name="vNet1" Location="East US"> <AddressSpace> <AddressPrefix>10.0.0.0/22</AddressPrefix> </AddressSpace> <Subnets> <Subnet name="vNet1FE"> <AddressPrefix>10.0.0.0/24</AddressPrefix> </Subnet> <Subnet name="vNet1BE"> <AddressPrefix>10.0.1.0/24</AddressPrefix> </Subnet> <Subnet name="GatewaySubnet"> <AddressPrefix>10.0.3.240/28</AddressPrefix> </Subnet> </Subnets> <Gateway> <ConnectionsToLocalNetwork> <LocalNetworkSiteRef name="LocalvNet2"> <Connection type="IPsec" /> </LocalNetworkSiteRef> <LocalNetworkSiteRef name="LocalvNet3"> <Connection type="IPsec" /> </LocalNetworkSiteRef> <LocalNetworkSiteRef name="LocalvNet4"> <Connection type="IPsec" /> </LocalNetworkSiteRef> </ConnectionsToLocalNetwork> </Gateway> </VirtualNetworkSite> <VirtualNetworkSite name="vNet2" Location="East US"> <AddressSpace> <AddressPrefix>10.0.4.0/22</AddressPrefix> </AddressSpace> <Subnets> <Subnet name="vNet2FE"> <AddressPrefix>10.0.4.0/24</AddressPrefix> </Subnet> <Subnet name="vNet2BE"> <AddressPrefix>10.0.5.0/24</AddressPrefix> </Subnet> <Subnet name="GatewaySubnet"> <AddressPrefix>10.0.7.240/28</AddressPrefix> </Subnet> </Subnets> <Gateway> <ConnectionsToLocalNetwork> <LocalNetworkSiteRef name="LocalvNet1"> <Connection type="IPsec" /> </LocalNetworkSiteRef> <LocalNetworkSiteRef name="LocalvNet3"> <Connection type="IPsec" /> </LocalNetworkSiteRef> <LocalNetworkSiteRef name="LocalvNet4"> <Connection type="IPsec" /> </LocalNetworkSiteRef> </ConnectionsToLocalNetwork> </Gateway> </VirtualNetworkSite> <VirtualNetworkSite name="vNet3" Location="West US"> <AddressSpace> <AddressPrefix>10.0.8.0/22</AddressPrefix> </AddressSpace> <Subnets> <Subnet name="vNet3FE"> <AddressPrefix>10.0.8.0/24</AddressPrefix> </Subnet> <Subnet name="vNet3BE"> <AddressPrefix>10.0.9.0/24</AddressPrefix> </Subnet> <Subnet name="GatewaySubnet"> <AddressPrefix>10.0.11.240/28</AddressPrefix> </Subnet> </Subnets> <Gateway> <ConnectionsToLocalNetwork> <LocalNetworkSiteRef name="LocalvNet1"> <Connection type="IPsec" /> </LocalNetworkSiteRef> <LocalNetworkSiteRef name="LocalvNet2"> <Connection type="IPsec" /> </LocalNetworkSiteRef> <LocalNetworkSiteRef name="LocalvNet4"> <Connection type="IPsec" /> </LocalNetworkSiteRef> </ConnectionsToLocalNetwork> </Gateway> </VirtualNetworkSite> <VirtualNetworkSite name="vNet4" Location="West US"> <AddressSpace> <AddressPrefix>10.0.12.0/22</AddressPrefix> </AddressSpace> <Subnets> <Subnet name="vNet4FE"> <AddressPrefix>10.0.12.0/24</AddressPrefix> </Subnet> <Subnet name="vNet4BE"> <AddressPrefix>10.0.13.0/24</AddressPrefix> </Subnet> <Subnet name="GatewaySubnet"> <AddressPrefix>10.0.15.240/28</AddressPrefix> </Subnet> </Subnets> <Gateway> <ConnectionsToLocalNetwork> <LocalNetworkSiteRef name="LocalvNet1"> <Connection type="IPsec" /> </LocalNetworkSiteRef> <LocalNetworkSiteRef name="LocalvNet2"> <Connection type="IPsec" /> </LocalNetworkSiteRef> <LocalNetworkSiteRef name="LocalvNet3"> <Connection type="IPsec" /> </LocalNetworkSiteRef> </ConnectionsToLocalNetwork> </Gateway> </VirtualNetworkSite> </VirtualNetworkSites> </VirtualNetworkConfiguration> </NetworkConfiguration>

Hub and Spoke

HubAndSpoke

 

Network Table

Virtual Network Address Space Subnet Name Subnet
vNet1 10.0.0.0/22 vNet1FE 10.0.0.0/24
    vNet1BE 10.0.1.0/24
    GatewaySubnet 10.0.3.240/28
vNet2 10.0.4.0/22 vNet2FE 10.0.4.0/24
    vNet2BE 10.0.5.0/24
    GatewaySubnet 10.0.7.240/28
vNet3 10.0.8.0/22 vNet3FE 10.0.8.0/24
    vNet3BE 10.0.9.0/24
    GatewaySubnet 10.0.11.240/28
vNet4 10.0.12.0/22 vNet4FE 10.0.12.0/24
    vNet4BE 10.0.13.0/24
    GatewaySubnet 10.0.15.240/28
vNet5 10.0.16.0/22 vNet5FE 10.0.16.0/24
    vNet5BE 10.0.17.0/24
    GatewaySubnet 10.0.19.240/28
vNet6 10.0.20.0/22 vNet6FE 10.0.20.0/24
    vNet6BE 10.0.21.0/24
    GatewaySubnet 10.0.23.240/28

 

 

Gateway Key Commands

Set-AzureVNetGatewayKey -VNetName vNet1 -LocalNetworkSiteName LocalvNet3 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet1 -LocalNetworkSiteName LocalvNet4 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet1 -LocalNetworkSiteName LocalvNet256 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet2 -LocalNetworkSiteName LocalvNet5 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet2 -LocalNetworkSiteName LocalvNet6 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet2 -LocalNetworkSiteName LocalvNet134 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet3 -LocalNetworkSiteName LocalvNet12456 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet4 -LocalNetworkSiteName LocalvNet12356 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet5 -LocalNetworkSiteName LocalvNet26134 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet6 -LocalNetworkSiteName LocalvNet25134 -SharedKey mykey

 

 

Network Configuration

<NetworkConfiguration xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/ServiceHosting/2011/07/NetworkConfiguration"> <VirtualNetworkConfiguration> <LocalNetworkSites> <LocalNetworkSite name="LocalvNet12456"> <AddressSpace> <AddressPrefix>10.0.0.0/22</AddressPrefix> <AddressPrefix>10.0.4.0/22</AddressPrefix> <AddressPrefix>10.0.12.0/22</AddressPrefix> <AddressPrefix>10.0.16.0/22</AddressPrefix> <AddressPrefix>10.0.20.0/22</AddressPrefix> </AddressSpace> <VPNGatewayAddress>104.45.135.1</VPNGatewayAddress> </LocalNetworkSite> <LocalNetworkSite name="LocalvNet12356"> <AddressSpace> <AddressPrefix>10.0.0.0/22</AddressPrefix> <AddressPrefix>10.0.4.0/22</AddressPrefix> <AddressPrefix>10.0.8.0/22</AddressPrefix> <AddressPrefix>10.0.16.0/22</AddressPrefix> <AddressPrefix>10.0.20.0/22</AddressPrefix> </AddressSpace> <VPNGatewayAddress>104.45.135.1</VPNGatewayAddress> </LocalNetworkSite> <LocalNetworkSite name="LocalvNet134"> <AddressSpace> <AddressPrefix>10.0.0.0/22</AddressPrefix> <AddressPrefix>10.0.8.0/22</AddressPrefix> <AddressPrefix>10.0.12.0/22</AddressPrefix> </AddressSpace> <VPNGatewayAddress>104.45.135.1</VPNGatewayAddress> </LocalNetworkSite> <LocalNetworkSite name="LocalvNet26134"> <AddressSpace> <AddressPrefix>10.0.4.0/22</AddressPrefix> <AddressPrefix>10.0.0.0/22</AddressPrefix> <AddressPrefix>10.0.8.0/22</AddressPrefix> <AddressPrefix>10.0.12.0/22</AddressPrefix> <AddressPrefix>10.0.20.0/22</AddressPrefix> </AddressSpace> <VPNGatewayAddress>104.45.135.2</VPNGatewayAddress> </LocalNetworkSite> <LocalNetworkSite name="LocalvNet25134"> <AddressSpace> <AddressPrefix>10.0.4.0/22</AddressPrefix> <AddressPrefix>10.0.0.0/22</AddressPrefix> <AddressPrefix>10.0.8.0/22</AddressPrefix> <AddressPrefix>10.0.12.0/22</AddressPrefix> <AddressPrefix>10.0.16.0/22</AddressPrefix> </AddressSpace> <VPNGatewayAddress>104.45.135.2</VPNGatewayAddress> </LocalNetworkSite> <LocalNetworkSite name="LocalvNet256"> <AddressSpace> <AddressPrefix>10.0.4.0/22</AddressPrefix> <AddressPrefix>10.0.16.0/22</AddressPrefix> <AddressPrefix>10.0.20.0/22</AddressPrefix> </AddressSpace> <VPNGatewayAddress>104.45.135.2</VPNGatewayAddress> </LocalNetworkSite> <LocalNetworkSite name="LocalvNet3"> <AddressSpace> <AddressPrefix>10.0.8.0/22</AddressPrefix> </AddressSpace> <VPNGatewayAddress>104.45.135.3</VPNGatewayAddress> </LocalNetworkSite> <LocalNetworkSite name="LocalvNet4"> <AddressSpace> <AddressPrefix>10.0.12.0/22</AddressPrefix> </AddressSpace> <VPNGatewayAddress>104.45.135.4</VPNGatewayAddress> </LocalNetworkSite> <LocalNetworkSite name="LocalvNet5"> <AddressSpace> <AddressPrefix>10.0.16.0/22</AddressPrefix> </AddressSpace> <VPNGatewayAddress>104.45.135.5</VPNGatewayAddress> </LocalNetworkSite> <LocalNetworkSite name="LocalvNet6"> <AddressSpace> <AddressPrefix>10.0.20.0/22</AddressPrefix> </AddressSpace> <VPNGatewayAddress>104.45.135.6</VPNGatewayAddress> </LocalNetworkSite> </LocalNetworkSites> <VirtualNetworkSites> <VirtualNetworkSite name="vNet1" Location="East US"> <AddressSpace> <AddressPrefix>10.0.0.0/22</AddressPrefix> </AddressSpace> <Subnets> <Subnet name="vNet1FE"> <AddressPrefix>10.0.0.0/24</AddressPrefix> </Subnet> <Subnet name="vNet1BE"> <AddressPrefix>10.0.1.0/24</AddressPrefix> </Subnet> <Subnet name="GatewaySubnet"> <AddressPrefix>10.0.3.240/28</AddressPrefix> </Subnet> </Subnets> <Gateway> <ConnectionsToLocalNetwork> <LocalNetworkSiteRef name="LocalvNet3"> <Connection type="IPsec" /> </LocalNetworkSiteRef> <LocalNetworkSiteRef name="LocalvNet4"> <Connection type="IPsec" /> </LocalNetworkSiteRef> <LocalNetworkSiteRef name="LocalvNet256"> <Connection type="IPsec" /> </LocalNetworkSiteRef> </ConnectionsToLocalNetwork> </Gateway> </VirtualNetworkSite> <VirtualNetworkSite name="vNet2" Location="West US"> <AddressSpace> <AddressPrefix>10.0.4.0/22</AddressPrefix> </AddressSpace> <Subnets> <Subnet name="vNet2FE"> <AddressPrefix>10.0.4.0/24</AddressPrefix> </Subnet> <Subnet name="vNet2BE"> <AddressPrefix>10.0.5.0/24</AddressPrefix> </Subnet> <Subnet name="GatewaySubnet"> <AddressPrefix>10.0.7.240/28</AddressPrefix> </Subnet> </Subnets> <Gateway> <ConnectionsToLocalNetwork> <LocalNetworkSiteRef name="LocalvNet5"> <Connection type="IPsec" /> </LocalNetworkSiteRef> <LocalNetworkSiteRef name="LocalvNet6"> <Connection type="IPsec" /> </LocalNetworkSiteRef> <LocalNetworkSiteRef name="LocalvNet134"> <Connection type="IPsec" /> </LocalNetworkSiteRef> </ConnectionsToLocalNetwork> </Gateway> </VirtualNetworkSite> <VirtualNetworkSite name="vNet3" Location="East US"> <AddressSpace> <AddressPrefix>10.0.8.0/22</AddressPrefix> </AddressSpace> <Subnets> <Subnet name="vNet3FE"> <AddressPrefix>10.0.8.0/24</AddressPrefix> </Subnet> <Subnet name="vNet3BE"> <AddressPrefix>10.0.9.0/24</AddressPrefix> </Subnet> <Subnet name="GatewaySubnet"> <AddressPrefix>10.0.11.240/28</AddressPrefix> </Subnet> </Subnets> <Gateway> <ConnectionsToLocalNetwork> <LocalNetworkSiteRef name="LocalvNet12456"> <Connection type="IPsec" /> </LocalNetworkSiteRef> </ConnectionsToLocalNetwork> </Gateway> </VirtualNetworkSite> <VirtualNetworkSite name="vNet4" Location="East US"> <AddressSpace> <AddressPrefix>10.0.12.0/22</AddressPrefix> </AddressSpace> <Subnets> <Subnet name="vNet4FE"> <AddressPrefix>10.0.12.0/24</AddressPrefix> </Subnet> <Subnet name="vNet4BE"> <AddressPrefix>10.0.13.0/24</AddressPrefix> </Subnet> <Subnet name="GatewaySubnet"> <AddressPrefix>10.0.15.240/28</AddressPrefix> </Subnet> </Subnets> <Gateway> <ConnectionsToLocalNetwork> <LocalNetworkSiteRef name="LocalvNet12356"> <Connection type="IPsec" /> </LocalNetworkSiteRef> </ConnectionsToLocalNetwork> </Gateway> </VirtualNetworkSite> <VirtualNetworkSite name="vNet5" Location="West US"> <AddressSpace> <AddressPrefix>10.0.16.0/22</AddressPrefix> </AddressSpace> <Subnets> <Subnet name="vNet5FE"> <AddressPrefix>10.0.16.0/24</AddressPrefix> </Subnet> <Subnet name="vNet5BE"> <AddressPrefix>10.0.17.0/24</AddressPrefix> </Subnet> <Subnet name="GatewaySubnet"> <AddressPrefix>10.0.19.240/28</AddressPrefix> </Subnet> </Subnets> <Gateway> <ConnectionsToLocalNetwork> <LocalNetworkSiteRef name="LocalvNet26134"> <Connection type="IPsec" /> </LocalNetworkSiteRef> </ConnectionsToLocalNetwork> </Gateway> </VirtualNetworkSite> <VirtualNetworkSite name="vNet6" Location="West US"> <AddressSpace> <AddressPrefix>10.0.20.0/22</AddressPrefix> </AddressSpace> <Subnets> <Subnet name="vNet6FE"> <AddressPrefix>10.0.20.0/24</AddressPrefix> </Subnet> <Subnet name="vNet6BE"> <AddressPrefix>10.0.21.0/24</AddressPrefix> </Subnet> <Subnet name="GatewaySubnet"> <AddressPrefix>10.0.23.240/28</AddressPrefix> </Subnet> </Subnets> <Gateway> <ConnectionsToLocalNetwork> <LocalNetworkSiteRef name="LocalvNet25134"> <Connection type="IPsec" /> </LocalNetworkSiteRef> </ConnectionsToLocalNetwork> </Gateway> </VirtualNetworkSite> </VirtualNetworkSites> </VirtualNetworkConfiguration> </NetworkConfiguration>

Daisy Chain

 

DaisyChain

 

Network Table

Virtual Network Address Space Subnet Name Subnet
vNet1 10.0.0.0/22 vNet1FE 10.0.0.0/24
    vNet1BE 10.0.1.0/24
    GatewaySubnet 10.0.3.240/28
vNet2 10.0.4.0/22 vNet2FE 10.0.4.0/24
    vNet2BE 10.0.5.0/24
    GatewaySubnet 10.0.7.240/28
vNet3 10.0.8.0/22 vNet3FE 10.0.8.0/24
    vNet3BE 10.0.9.0/24
    GatewaySubnet 10.0.11.240/28
vNet4 10.0.12.0/22 vNet4FE 10.0.12.0/24
    vNet4BE 10.0.13.0/24
    GatewaySubnet 10.0.15.240/28

 

Gateway Key Commands

Set-AzureVNetGatewayKey -VNetName vNet1 -LocalNetworkSiteName LocalvNet234 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet2 -LocalNetworkSiteName LocalvNet1 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet2 -LocalNetworkSiteName LocalvNet34 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet3 -LocalNetworkSiteName LocalvNet21 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet3 -LocalNetworkSiteName LocalvNet4 -SharedKey mykey

Set-AzureVNetGatewayKey -VNetName vNet4 -LocalNetworkSiteName LocalvNet321 -SharedKey mykey

 

 

Network Configuration

<NetworkConfiguration xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/ServiceHosting/2011/07/NetworkConfiguration"> <VirtualNetworkConfiguration> <LocalNetworkSites> <LocalNetworkSite name="LocalvNet1"> <AddressSpace> <AddressPrefix>10.0.0.0/22</AddressPrefix> </AddressSpace> <VPNGatewayAddress>104.45.135.1</VPNGatewayAddress> </LocalNetworkSite> <LocalNetworkSite name="LocalvNet234"> <AddressSpace> <AddressPrefix>10.0.4.0/22</AddressPrefix> <AddressPrefix>10.0.8.0/22</AddressPrefix> <AddressPrefix>10.0.12.0/22</AddressPrefix> </AddressSpace> <VPNGatewayAddress>104.45.135.2</VPNGatewayAddress> </LocalNetworkSite> <LocalNetworkSite name="LocalvNet21"> <AddressSpace> <AddressPrefix>10.0.4.0/22</AddressPrefix> <AddressPrefix>10.0.0.0/22</AddressPrefix> </AddressSpace> <VPNGatewayAddress>104.45.135.2</VPNGatewayAddress> </LocalNetworkSite> <LocalNetworkSite name="LocalvNet34"> <AddressSpace> <AddressPrefix>10.0.8.0/22</AddressPrefix> <AddressPrefix>10.0.12.0/22</AddressPrefix> </AddressSpace> <VPNGatewayAddress>104.45.135.3</VPNGatewayAddress> </LocalNetworkSite> <LocalNetworkSite name="LocalvNet321"> <AddressSpace> <AddressPrefix>10.0.8.0/22</AddressPrefix> <AddressPrefix>10.0.4.0/22</AddressPrefix> <AddressPrefix>10.0.0.0/22</AddressPrefix> </AddressSpace> <VPNGatewayAddress>104.45.135.3</VPNGatewayAddress> </LocalNetworkSite> <LocalNetworkSite name="LocalvNet4"> <AddressSpace> <AddressPrefix>10.0.12.0/22</AddressPrefix> </AddressSpace> <VPNGatewayAddress>104.45.135.4</VPNGatewayAddress> </LocalNetworkSite> </LocalNetworkSites> <VirtualNetworkSites> <VirtualNetworkSite name="vNet1" Location="East US"> <AddressSpace> <AddressPrefix>10.0.0.0/22</AddressPrefix> </AddressSpace> <Subnets> <Subnet name="vNet1FE"> <AddressPrefix>10.0.0.0/24</AddressPrefix> </Subnet> <Subnet name="vNet1BE"> <AddressPrefix>10.0.1.0/24</AddressPrefix> </Subnet> <Subnet name="GatewaySubnet"> <AddressPrefix>10.0.3.240/28</AddressPrefix> </Subnet> </Subnets> <Gateway> <ConnectionsToLocalNetwork> <LocalNetworkSiteRef name="LocalvNet234"> <Connection type="IPsec" /> </LocalNetworkSiteRef> </ConnectionsToLocalNetwork> </Gateway> </VirtualNetworkSite> <VirtualNetworkSite name="vNet2" Location="East US"> <AddressSpace> <AddressPrefix>10.0.4.0/22</AddressPrefix> </AddressSpace> <Subnets> <Subnet name="vNet2FE"> <AddressPrefix>10.0.4.0/24</AddressPrefix> </Subnet> <Subnet name="vNet2BE"> <AddressPrefix>10.0.5.0/24</AddressPrefix> </Subnet> <Subnet name="GatewaySubnet"> <AddressPrefix>10.0.7.240/28</AddressPrefix> </Subnet> </Subnets> <Gateway> <ConnectionsToLocalNetwork> <LocalNetworkSiteRef name="LocalvNet1"> <Connection type="IPsec" /> </LocalNetworkSiteRef> <LocalNetworkSiteRef name="LocalvNet34"> <Connection type="IPsec" /> </LocalNetworkSiteRef> </ConnectionsToLocalNetwork> </Gateway> </VirtualNetworkSite> <VirtualNetworkSite name="vNet3" Location="West US"> <AddressSpace> <AddressPrefix>10.0.8.0/22</AddressPrefix> </AddressSpace> <Subnets> <Subnet name="vNet3FE"> <AddressPrefix>10.0.8.0/24</AddressPrefix> </Subnet> <Subnet name="vNet3BE"> <AddressPrefix>10.0.9.0/24</AddressPrefix> </Subnet> <Subnet name="GatewaySubnet"> <AddressPrefix>10.0.11.240/28</AddressPrefix> </Subnet> </Subnets> <Gateway> <ConnectionsToLocalNetwork> <LocalNetworkSiteRef name="LocalvNet21"> <Connection type="IPsec" /> </LocalNetworkSiteRef> <LocalNetworkSiteRef name="LocalvNet4"> <Connection type="IPsec" /> </LocalNetworkSiteRef> </ConnectionsToLocalNetwork> </Gateway> </VirtualNetworkSite> <VirtualNetworkSite name="vNet4" Location="West US"> <AddressSpace> <AddressPrefix>10.0.12.0/22</AddressPrefix> </AddressSpace> <Subnets> <Subnet name="vNet4FE"> <AddressPrefix>10.0.12.0/24</AddressPrefix> </Subnet> <Subnet name="vNet4BE"> <AddressPrefix>10.0.13.0/24</AddressPrefix> </Subnet> <Subnet name="GatewaySubnet"> <AddressPrefix>10.0.15.240/28</AddressPrefix> </Subnet> </Subnets> <Gateway> <ConnectionsToLocalNetwork> <LocalNetworkSiteRef name="LocalvNet321"> <Connection type="IPsec" /> </LocalNetworkSiteRef> </ConnectionsToLocalNetwork> </Gateway> </VirtualNetworkSite> </VirtualNetworkSites> </VirtualNetworkConfiguration> </NetworkConfiguration>

NetworkConfig.zip

Comments (4)

  1. Michael Faden says:

    Great blog. 1 question remains. I have an Onprem Site, 1 vnet in West Europe, 1 vnet in North Europe and 1 vnet in East US. I have connected West Europe, North Europe and Onprem Site with each other. East US is available from West Europe and North Europe. Can I configure 2 gateways to reach Onprem Site from East US for fault tolerance?

  2. Arvind S. Iyer says:

    Awesome blog Russ! Very helpful.

  3. Fritz Schlechter says:

    Any way combining the above with sites that can only support Policy based Routing?

  4. Michael Catalfano says:

    Have you had any experience with changing the daisy-chain topology into a ring topology for redundancy sake?  Using your example, say for instance a StS is established between vnets 1 and 4; under normal situations, would Azure be able to select a route in this design?  Likewise, if this vnet 1 and 4 StS were established, and say vnet 2 becomes completely unavailable for whatever reason, would Azure be able to automatically reroute traffic in the opposite direction along the StS ring?

    MS Azure support I've spoken to says that it's not possible and that this feature is not currently slated for development (as of 26-Aug-2015), but I know the community tends to figure out tricks around service limitations such as this.  AWS supports similar virtual network and site-to-site VPN failover/redundancy routing, so the demand is present.

Skip to main content