Communication between vWAN Hubs in same region

Raviraj Velankar 66 Reputation points
2023-01-03T15:55:28.957+00:00

Hello,

As per Azure documentation, it is now possible to create two vWAN Hubs (not secured hubs) in same region and which are part of same vWAN resource. Following are the queries

  1. When we create two vWAN Hubs in same region (part of same vWAN resource) whether these two Hubs connected to each other by default (hub-to-hub link)
  2. Whether Vnet in Hub1 can communication to Vnet in Hub2 when there is no Express Route Circuit connected to either of the Hub
  3. As per understanding, there is a separate default route table per vWAN Hub hence is it possible to prevent communication between two different virtual networks which are part of differnet Hubs.

Example - Vnet1 associated to Hub1 and Vnet2 associated to Hub2, can we prevent communication between these two vnets. Since hubs are inter-connected using Hub-to-Hub links hence would like to know how we can prevent the communication, or it is not feasible

Azure Virtual WAN
Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
187 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. ChaitanyaNaykodi-MSFT 22,776 Reputation points Microsoft Employee
    2023-01-03T23:06:34.15+00:00

    @Raviraj Velankar ,

    Thank you for reaching out. Based on your questions above.

    When we create two vWAN Hubs in same region (part of same vWAN resource) whether these two Hubs connected to each other by default (hub-to-hub link)

    Yes, the hubs are connected by default. This is currently documented here -> When multiple hubs exist, hub-to-hub routing (also known as inter-hub) is enabled by default in Standard Virtual WAN.

    Whether Vnet in Hub1 can communication to Vnet in Hub2 when there is no Express Route Circuit connected to either of the Hub

    Yes, this type of connectivity can be established. You can go through this connectivity model where VNet-to-hub-hub-to-VNet (h) connectivity is possible.
    In case of Secured Virtual Hubs if the hubs are deployed in the same region, then firewall can inspect the traffic. Inter-hub inspection for Virtual WAN hubs that are in different Azure regions is available on a limited basis. For a list of available regions, please email previewinterhub@microsoft.com.

    As per understanding, there is a separate default route table per vWAN Hub hence is it possible to prevent communication between two different virtual networks which are part of different Hubs.

    Yes, I think it is possible to isolate VNETS by associating Virtual Networks to a specific route table and propagating routes from default route table. You can refer to following documentation for more information setting up this scenario.
    https://learn.microsoft.com/en-us/azure/virtual-wan/scenario-isolate-vnets
    https://learn.microsoft.com/en-us/azure/virtual-wan/scenario-isolate-vnets-custom

    Hope this Helps! Please let me know if you have any additional questions. Thank you!