Connecting various On Premise Sites ( on MPLS & backup on Internet VPN) to workloads spread across 3 different Azure Regoins

Amanjit Saini 20 Reputation points
2024-04-02T12:36:44.03+00:00

hi there ,

We have set of 12 different locations connected to Central DC via MPLS cloud and back up as Internet VPN. The DC will be decommissioned and all workloads will be moved to Azure cloud in 3 different regions . Requirement is to have these locations connected to these workloads in Azure. Each location will access workload in VNet based in its allocated nearest Region. Looking for a best way to do this.. Is it recommend to leverage MPLS provider cloud exchange solution to run Express routes to all 3 different regions from there . And for backup we use S2S tunnels directly from site over Internet . Or does Azure Virtual WAN fits in here

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,389 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,158 questions
Azure ExpressRoute
Azure ExpressRoute
An Azure service that provides private connections between Azure datacenters and infrastructure, either on premises or in a colocation environment.
323 questions
0 comments
Accepted answer
  1. ChaitanyaNaykodi-MSFT 23,031 Reputation points Microsoft Employee
    2024-04-02T16:45:28.3133333+00:00

    @Amanjit Saini

    Thank you for reaching out.

    I understand you have 12 different on-prem locations connected to Central DC via MPLS cloud and back up as Internet VPN. And now you are going to decommission the Central DC and move the workloads to Azure in 3 different regions. The requirement is to connect the 12 on-prem locations to an allocated Azure Region and establish connectivity via Virtual networks i.e. Azure Express Route and/or Azure VPN.

    Depending on your requirements and based on my understanding above I think Virtual WAN will be better suited for this architecture. Although even though if you plan to use Azure WAN solution here you will have to connect the 12 on-prem locations to Azure Using Express Route/ VPN.

    Following will be the advantage of using Azure WAN in this scenario.

    User's image

    • Virtual WAN provides large-scale site-to-site and express route connectivity. Virtual WAN supports up to 20-Gbps aggregate throughput both for VPN and ExpressRoute. More details here
    • The three regions can depict a WAN hub and it will be easier to establish Hub to Hub connectivity and Any-to-any connectivity
    • Easy to deploy and maintain NVA's in the WAN Hub along with Azure Firewall to sanitize the traffic and help secure the assets.

    As Azure WAN brings different network functionalities together and are easy to maintain and implement, I think this will be a better suited service for your scenario.

    You can go through following tutorials which can help in understanding more advantages of Azure WAN.

    Hope this helps! Please let me know if you have any additional questions. Thank you!

    ​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Luis Arias 4,871 Reputation points
    2024-04-02T16:50:18.4566667+00:00

    Hi Amanjit,

    This decision will also depends on different specific aspects such as application latency, budget , others. In general let me share you this comparison :

    Azure ExpressRoute Azure Virtual WAN
    Connectivity Direct to Azure Through Azure hub
    Configuration Can be configured in different ways, including CloudExchange Colocation, Point-to-point Ethernet Connection, Any-to-any (IPVPN) Connection, and ExpressRoute Direct Automates site-to-site configuration and connectivity between on-premises sites and an Azure hub
    Internet Dependence No Yes
    Reliability High Depends on internet quality
    Backup Connectivity VPNs VPNs
    Use Case Primary connectivity to Azure Connecting branches and Azure

    In your case, you could leverage the MPLS provider cloud exchange solution to run ExpressRoute to all 3 different Azure regions. For backup, you can use Site-to-Site (S2S) VPN tunnels directly from the site over the Internet. Alternatively, Azure Virtual WAN could also fit in here, providing automated connectivity and configuration, and allowing each location to access workloads in its nearest Azure region.

    References:

    If the information helped address your question, please Accept the answer.

    Luis

    0 comments
  2. Mark Davis 20 Reputation points
    2024-04-23T11:53:37.0133333+00:00

    We had a similar situation where we wanted to get away from a provider's MPLS solution. We went with vWan. We have hubs in 6 regions for our on-prem locations to connect to and utilize the microsoft backbone for all production traffic. All these locations also have a dmvpn backup solution.

    0 comments