Share via

Virtual network gateway in Azure availability zones

Veera 260 Reputation points
2024-09-25T11:05:20.85+00:00

Hi Experts

We are planning to create new VNGW with SKU "VpnGw1AZ" and establish S2S tunnel. I checked in the other QA "https://learn.microsoft.com/en-us/answers/questions/1533095/azure-vpn-gateway-availability-zone-failover-time" it said

"When a VPN Gateway is deployed in an Availability Zone, each zone has only 1 instance. If a zone fails, then connections on that instance will have to reconnect. This could be auto or manual depending on the customer's configuration."

What configuration should be used for tunnel auto-reconnection when provisioning in the VNGW? Additionally, is it possible to simulate zone failover to test the functionality of the VNGW?

Thanks & Regards,

Veera.

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,498 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sai Prasanna Sinde (Quadrant Resource LLC) 1,000 Reputation points Microsoft Vendor
    2024-09-26T07:47:43.8266667+00:00

    Hi @Veera,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    To configure tunnel auto-reconnection in VNGW you can go for active - active mode instead of active standby mode. In active standby mode the during any planned maintenance or unplanned disruption affecting the active instance. The standby instance takes over automatically (failover) and resumes the site-to-site (S2S) VPN or VNet-to-VNet connections. This switch over causes a brief interruption. For planned maintenance, connectivity is restored quickly. For unplanned issues, the connection recovery is longer.

    For your reference: https://learn.microsoft.com/en-us/azure/vpn-gateway/about-active-active-gateways#:%7E:text=For%20planned%20maintenance%2C%20connectivity%20is%20restored%20quickly.%20For%20unplanned%20issues%2C%20the%20connection%20recovery%20is%20longer.%22https://learn.microsoft.com/en-us/azure/vpn-gateway/about-active-active-gateways#:%7E:text=for%20planned%20maintenance%2c%20connectivity%20is%20restored%20quickly.%20for%20unplanned%20issues%2c%20the%20connection%20recovery%20is%20longer.%22

    In active - active mode when a planned maintenance or unplanned event happens to one gateway instance, the IPsec tunnel from that instance to your on-premises VPN device will be disconnected. The corresponding routes on your VPN devices should be removed or withdrawn automatically so that the traffic will be switched over to the other active IPsec tunnel. On the Azure side, the switch over will happen automatically from the affected instance to the other active instance

    For your reference: https://learn.microsoft.com/en-us/azure/vpn-gateway/about-active-active-gateways#:~:text=When%20a%20planned,other%20active%20instance.

    To configure active - active in vpn-gateway: https://learn.microsoft.com/en-us/azure/vpn-gateway/active-active-portal Pre-requisites to configure a active-active mode: https://learn.microsoft.com/en-us/azure/vpn-gateway/about-active-active-gateways#:~:text=You%20can%27t%20configure,Address%20pricing.

    If you have any further queries, do let us know. If the answer is helpful, please click "Accept Answer" and upvote it."

    Thanks.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.